Blog

Static Analysis of Terraform code with Checkov

by Pedro Santos

April 23, 2022

In the previous post about terraform, I make a case for testing your Terraform code with Go and Terratest. For this post, I’ll be making a case for static analysis tools. Static analysis tools for Terraform are a powerful mechanism to help your team follow industry best-practices. Conversely, your organization’s infrastructure team can leverage static analysis tools and custom checks to document and enforce company-wide policies. These tools operate on the Terraform code or in the Terraform plan.

read more

Extending Terraform with custom providers

by Pedro Santos

April 19, 2022

Note: this is a fairly advanced topic. It assumes you have some experience with Go and understand the Terraform state and resource life-cycle. One of Terraform’s most significant drawbacks is that there is no clean way of injecting custom functionalities. The canonical solution for injecting custom functionality is to use a local_exec provisioner combined with a shell script. In my opinion, this functionality is not enough for the following reasons:

read more

Testing Terraform code with Go and Terratest

by Pedro Santos

April 18, 2022

As a cloud engineer, I love Terraform. With Terraform, I don’t have to worry about keeping track of infrastructure changes or compute dependencies between each component. Terraform is also cloud-agnostic, so all the Terraform knowledge I’ve accrued over the years can quickly transfer between cloud providers and even into Kubernetes clusters. While Terraform protects the user against many common mistakes, errors still creep up. An error I’ve encountered many times was a network security group misconfiguration that prevented VMs from communicating inside a Vnet.

read more