Terraform: What is Infrastructure as Code?

What is Terraform?

Terraform is an Infrastructure as Code (IaC) tool developed by HashiCorp that enables managing cloud infrastructure by writing declarative code rather than manually clicking through administration consoles. Instead of provisioning a server through the AWS or Azure web interface, you describe the desired state of your infrastructure in HCL (HashiCorp Configuration Language) configuration files, and Terraform handles creating, modifying, or deleting the resources needed to reach that state.

Terraform's declarative approach is fundamentally different from imperative scripts. Rather than describing steps to follow ("create a server, then attach a disk, then configure the network"), you describe the desired final state ("I want a server with a 100 GB disk in this network"). Terraform automatically calculates the execution plan — the actions needed to transition from the current state to the desired state — and executes it after validation.

Terraform's power lies in its multi-cloud portability. With over 3,000 providers (AWS, Azure, GCP, DigitalOcean, Cloudflare, GitHub, and even SaaS services like Datadog or PagerDuty), you can manage your entire infrastructure — cloud, DNS, CDN, monitoring, versioning — from a single tool and language. At KERN-IT, Terraform is the reference tool for automating client project infrastructure provisioning.

Why Terraform Matters

Infrastructure as Code via Terraform solves fundamental problems that teams face in manual infrastructure management.

• Reproducibility: infrastructure is defined in Git-versioned code. Recreating an identical environment (development, staging, production) is done in a single command, eliminating configuration drift between environments.
• Automation and speed: manually provisioning complex infrastructure can take hours or days. Terraform does it in minutes, with perfect precision and no oversights.
• Implicit documentation: Terraform code is itself the documentation of your infrastructure. No more maintaining network diagrams or server inventories — the code is the source of truth.
• Change management: the terraform plan command shows exactly what will change before applying modifications. This pre-review drastically reduces the risk of production errors.
• Team collaboration: infrastructure code is peer-reviewed via pull requests on GitHub, exactly like application code. Errors are caught before deployment.
• State management: Terraform's state file keeps a precise record of the real infrastructure state, enabling accurate incremental modifications without side effects.

How It Works

Terraform follows a three-step lifecycle: init, plan, apply. The terraform init command initialises the working directory, downloads required providers, and configures the state storage backend. The terraform plan command compares the desired state (the code) with the current state (the state file) and generates an execution plan detailing resources to create, modify, or delete. The terraform apply command executes the plan after confirmation.

HCL code is organised in resource blocks. Each resource represents an infrastructure element: an EC2 instance, an S3 bucket, a DNS record, a security group. Variables parameterise configurations, modules encapsulate reusable patterns, and outputs expose useful information (IP addresses, URLs) after deployment.

The state file is a JSON file that records the mapping between resources defined in code and actual resources in the cloud. It is typically stored in a remote backend (S3, Azure Blob, Terraform Cloud) to enable team collaboration and avoid conflicts. State locking prevents two people from modifying infrastructure simultaneously.

Terraform modules are reusable packages that encapsulate common infrastructure patterns. The Terraform Registry offers thousands of community modules for the most frequent use cases, and teams can create their own internal modules to standardise their configurations.

Concrete Example

At KERN-IT, when a new client project requires cloud infrastructure, the team starts by defining the architecture in Terraform code. For a typical Django web application, the code provisions: a Linux server with the appropriate CPU and memory specification, a security group restricting access to HTTP (80), HTTPS (443), and SSH (22) ports, a managed PostgreSQL database, a storage bucket for static files, and DNS records for the client's domain.

The code is stored in a dedicated GitHub repository, reviewed by a colleague via pull request, and applied through a CI/CD pipeline. When the client needs a staging environment identical to production, it is simply a matter of changing a variable (environment = "staging") and applying the same code. The environment is created in minutes, with exactly the same configuration as production.

When traffic increases and the client needs a more powerful server, a modification to the instance_type variable in Terraform code, a PR review, and a terraform apply are all it takes to migrate to a more performant instance, with minimal downtime and rollback possible by reverting the commit.

Implementation

1. Install Terraform: download and install the Terraform CLI. Configure cloud provider credentials (AWS, Azure, GCP) via environment variables.
2. Structure the project: organise code into logical files (main.tf, variables.tf, outputs.tf) and reusable modules. Use workspaces to manage environments.
3. Configure the remote backend: store the state file in a cloud backend (S3 + DynamoDB for locking on AWS) to enable team collaboration.
4. Write configurations: define resources in HCL, parameterise with variables, and create modules for repeated patterns.
5. Integrate with CI/CD: configure GitHub Actions to run terraform plan on pull requests and terraform apply after merge, with a manual approval step for production.
6. Adopt best practices: version code with Git, use modules for reuse, validate with terraform validate and tflint, and maintain up-to-date documentation of variables and outputs.

Associated Technologies and Tools

• AWS / Azure / GCP: the main cloud providers managed by Terraform for resource provisioning.
• Docker: often used alongside Terraform — Terraform provisions the infrastructure, Docker containerises the applications running on it.
• GitHub Actions: CI/CD pipeline for automating Terraform execution (plan on PR, apply on merge).
• Ansible: configuration management tool that complements Terraform — Terraform creates servers, Ansible configures them.
• Grafana: monitoring tool that watches over infrastructure provisioned by Terraform.
• Terraform Cloud: HashiCorp's SaaS service adding team collaboration, centralised state management, and policy checks.

Conclusion

Terraform is the reference tool for Infrastructure as Code, and mastering it has become an essential skill for any team managing cloud infrastructure. By transforming infrastructure management from a manual, risky process into a coded, reviewed, and automated workflow, Terraform brings the reproducibility, traceability, and reliability that modern projects demand. At KERN-IT, we use Terraform to provision and manage infrastructure for our client projects, ensuring that every environment is reproducible, documented, and deployed with the same rigour as application code.