Read our newest book, Fundamentals of DevOps and Software Delivery, for free!

How to deploy production-grade infrastructure in a fraction of the time using Gruntwork with Terraform Cloud and Terraform Enterprise

Headshot of Ben Whaley

Ben Whaley

MAY 18, 2020 | 6 min read
Featured Image of How to deploy production-grade infrastructure in a fraction of the time using Gruntwork with Terraform Cloud and Terraform Enterprise
At Gruntwork, we’re well known for our Terraform expertise, including our open source tools such as Terragrunt and Terratest, our book, Terraform: Up & Running, and our IaC Library that contains dozens of battle-tested Terraform modules to help you launch production-grade infrastructure in a fraction of the time it would otherwise take. Somewhat lesser known is the fact that Gruntwork is compatible with two popular HashiCorp products: Terraform Cloud (TFC) and Terraform Enterprise (TFE). You can use TFC & TFE to deploy modules from our infrastructure-as-code library directly from the UI. You can even retain the familiar and efficient Terragrunt command-line experience while leaning on TFC & TFE to build your infrastructure.In this post, we’ll briefly introduce the workflows you can use to integrate Gruntwork and TFC/TFE. We’ll also point you to our production deployment guide where you can find all the details.

While the open source edition of Terraform is quite powerful and flexible as a standalone project, some organizations need better support for teams of engineers. HashiCorp, the developers of Terraform, offer a hosted version of Terraform with a multitude of premium features, including:
Terraform Cloud is free for small teams, with various pricing tiers for some of the advanced features. Terraform Enterprise is a self-hosted distribution of Terraform Cloud, that allows you to have your own private Terraform Cloud instance, with additional enterprise-grade features like audit logging and single sign-on.

There are two primary ways to use Gruntwork with TFC and TFE:
  • 1.Call a Gruntwork module from your own Terraform configuration, leveraging our library to do all the heavy lifting, and dramatically simplifying your own code.
  • 2.Use Terragrunt to execute remote runs on TFC or TFE, allowing you to leverage the myriad benefits of Terragrunt, such as keeping your code and variables, CLI args, etc DRY, and adding support for applying changes across multiple accounts/modules/environments.

When writing Terraform code, you can include a set of outside resources by using a module. Modules can be included from a variety of sources, such as from the local filesystem, from a Terraform Registry, or from a Git URL.
provider "aws" { region = "us-east-1" }module "vpc" { source = "git::git@github.com:gruntwork-io/module-vpc.git//modules/vpc-app?ref=v0.8.7" aws_region = "us-east-1" vpc_name = "my-vpc" cidr_block = "10.0.0.0/16" num_nat_gateways = 3 }
The Terraform configuration above creates a production-grade, multi-tier VPC with just a few lines of code. Such is the power of modules: they can reduce a highly complex cloud configuration to just a few simple inputs by using a module from the Gruntwork IaC Library. (Note: this module is private and only accessible to Gruntwork subscribers.)To use this with TFC or TFE, you’d simply:
  • 1.Create a workspace, connect it to the version control system (such as GitHub, GitLab, or Bitbucket) that contains your Terraform configuration.

Connecting TFC to an infrastructure-modules repository

2. Set up your AWS API credentials and add an SSH key with access to the Gruntwork GitHub repository.

Setting up AWS credentials as environment variables

3. Once connected, you can queue runs in the TFC or TFE UI. It will execute the Terraform plan and apply stages, during which it will clone Gruntwork’s module-vpc using the provided SSH key for authentication, and apply the configuration to your account.

TFC plan results for the Gruntwork VPC module

That’s all it takes to create a production-grade VPC using Gruntwork with TFC! Check out our deployment guide for more detailed step-by-step instructions, including how to connect your version control system, configure SSH keys, and more.

The TFC and TFE UI runs only Terraform commands, but Terragrunt expects you to run it directly, and it, in turn, will run Terraform. Therefore, it currently is not possible to use the TFC UI to trigger Terragrunt.However, you can set up Terraform to run remote operations such as plan and apply. That is, you use Terragrunt to organize your code and keep it DRY, and you can configure it so that when you run terragrunt apply on your computer (or on a CI server), it runs terraform apply in TFC rather than on your local system.

Using Terragrunt to invoke TFC/TFE against your cloud provider

This all works thanks to the magic of Terraform remote backends. This feature of Terraform allows you to designate a remote URL and workspace on which will store the state and execute the plan and apply operations. The logs will stream to the local command line, but the run history will be retained within TFC/TFE, giving you the freedom of the local CLI while retaining the benefits of the controlled, hosted environment.The screenshot below shows the plan output for the same VPC module shown above, but this time in a terminal window after running terragrunt apply on the command line:

Plan output from the `terragrunt apply` command

The TFC UI shows the same plan, allowing you to approve the plan either on the command line, or in the UI. This might be useful if you needed an approval workflow, where one engineer runs plan, and another approves the plan and moves forward with the apply.
We have all the details you need to configure Terragrunt with TFC and TFE in the guide, including details on how to configure the remote backend, how to send variable inputs to TFC, and more.

Terraform Cloud and Terraform Enterprise are powerful products from HashiCorp that allow organizations even greater control over their infrastructure. Gruntwork’s module library saves organizations from spending thousands of hours writing undifferentiated infrastructure code, allowing them to focus on developing and deploying their applications instead. Terragrunt adds a host of features to Terraform to help organize your code and simplify re-usability. It’s easy to use them in parallel using the techniques described above.Special thanks to Yevgeniy Brikman for his help in identifying these patterns and providing feedback on this content.
Share
Grunty
Resources

Explore our latest blog

Get the most up-to-date information and trends from our DevOps community.
TerraformResouces Image

Promotion Workflows with Terraform

How to configure GitOps-driven, immutable infrastructure workflows for Terraform using Gruntwork Patcher.
avatar

Jason Griffin

October 3, 2023 7 min read
TerraformResouces Image

The Impact of the HashiCorp License Change on Gruntwork Customers

How to configure GitOps-driven, immutable infrastructure workflows for Terraform using Gruntwork Patcher.
avatar

Josh Padnick

October 3, 2023 7 min read