Terraform and Makefile for Operations
As we keep advancing on Terraform and use it in the production environment, we start using some advanced commands for the same. Or some times even to start the process on a new host, we need to run from initialization to plan to apply. There may be a time when some steps might get miss due to human fatigue, or when sometimes a person who does not understand terraform, needs to run a taint with a terraform. In such a scenario, Makefile can be of great help—one of the basic orchestrators.
This solution is good for running terraform in platforms like any Linux server, Windows, or Mac OS. Also, we can use it in Ansible Tower or Gitlab. But if you have Terraform Enterprise, then this won’t be a good solution. You use this solution to enforce that terraform needs to run in a particular way as a part of good practice.
Let us consider the scenario where we manage the environment through terraform workspace, and we run it using the “-var-file” argument. Link to follow along the example Let's say the ENV is DEV, and we need to plan and output a file and then apply. We can prepare a plan target like this:
plan: check@terraform fmt@echo “Pulling the required modules…”@terraform get@echo ‘Switching to the [$(value ENV)] environment …’@terraform workspace select $(value ENV)@terraform plan \-var-file=”env/$(value ENV).tfvars” \-out $(value ENV).planAnd then we can do“ENV=dev make plan”
Then similarly prepare the apply target like:
apply: check@echo ‘Switching to the [$(value ENV)] environment …’@terraform workspace select $(value ENV)@echo “Will be applying the following to [$(value ENV)]environment:”@terraform show -no-color $(value ENV).plan@terraform apply $(value ENV).plan@rm $(value ENV).plan
Now that was one of the normal operations we do for terraform. Let’s check out if we want to do something as terraform taint. So tainting a single resource in terraform we would first use a terraform taint add pass resource type and its name in the argument. Then prepare a terraform plan and store it in a file and terraform plan for that plan file.
Now to run the same thing using Makefile, the command will be:
“ENV=dev restype=aws_subnet resname=public_subnet[0]”
And the equivalent makes target definition will be:
taint: check@terraform fmt@echo “Pulling the required modules…”@terraform get@echo ‘Switching to the [$(value ENV)] environment …’@terraform workspace select $(value ENV)@terraform taint \“$(value restype).$(value resname)”@ENV=$(value ENV) restype=$(value restype) resname=$(value resname) make targetplan@ENV=$(value ENV) make apply
So with a single line command, it will go and do all the steps that it takes to taint a resource.
In Conclusion, Running Terraform with Makefile makes things easy and also ensure for less mistake and you can make sure any infra change goes through the correct process. This will make operations of provisioning simpler.
Similarly, I have created make targets for destroy, target destroy, target plan, and others. Check out the repo here.
