Using Terraform's Built-In Analysis Capabilities

Lab Steps

lock
Logging in to the Amazon Web Services Console
lock
Opening the AWS Cloud9 IDE
lock
Understanding the Infrastructure as Code Project
lock
Using Terraform's Built-In Analysis Capabilities
lock
Working with TFLint
lock
Working With Terrascan
lock
Configuring the Jenkins Automation Server
lock
Triggering Jenkins Builds
lock
Creating and Subscribing to an SNS Topic
lock
Receiving Build Alerts
Need help? Contact our support team

Here you can find the instructions for this specific Lab Step.

If you are ready for a real environment experience please start the Lab. Keep in mind that you'll need to start from the first step.

Introduction

Terraform ships with built-in commands that perform static analysis functions. Core to Terraform's workflow is the separation of creating an execution plan and actually applying the plan to the environment. The execution plan describes what changes need to happen in the environment to match the desired state described in the configuration files. The terraform plan command generates an execution plan. If any errors are detected, the output of the command will state them. The plan command is essentially performing a kind of static analysis. The terraform apply command takes the execution plan and actually applies the changes. 

There are also a couple other Terraform commands that perform static analysis and you will use them in this Lab Step.

 

Instructions

1. Install the Terraform CLI by issuing the following commands:

Copy code
wget https://releases.hashicorp.com/terraform/0.11.3/terraform_0.11.3_linux_amd64.zip -O /tmp/tf.zip
sudo unzip /tmp/tf.zip -d /usr/local/bin

 

2. Check the formatting of the configuration files to see if they follow the canonical Terraform style:

Copy code
terraform fmt -check

alt

The output lists files that are not in the canonical Terraform style are listed. The format (fmt) command recursively looks for Terraform configuration files. Adding the -diff option outputs the changes that need to be made to make the files canonical.

 

3. Print the exit code of the last command

Copy code
echo $?

alt

The fmt command with the check option, returns a non-zero exit code if it finds any files that are not formatted correctly. This can be used in automation; for example, in a pre-commit hook in your source control system or in a continuous integration pipeline to ensure proper formatting.

 

4. Canonically style the configuration files:

Copy code
terraform fmt

The fmt command without any options automatically modifies any configuration files to match the canonical style. This can also be useful as a pre-commit hook, if desired.

 

5. Click on the main.tf editor tab, and click Reload if you are prompted about changes to the file:

alt

 

6. Validate the configuration and working directory:

Copy code
terraform validate

alt

The validate command performs syntax checks, such as checking for valid structure in the file, properly spelled keywords, and valid resource references. fmt also checks for valid structure, such as matching opening and closing braces, but will not detect anything more. As the output shows, validate also performs some checks dependencies and ensures configuration variables are defined. There is a missing dependency in this case; the AWS provider plugin is not installed.

 

7. Attempt to generate a Terraform execution plan by entering the following command:

Copy code
terraform plan

alt

The plan command detects the same issue and reports the same output as validate in red. This is because the plan command includes the same code as the validate command.

 

8. Initialize the working directory to correct the error:

Copy code
terraform init

alt

Terraform initializes the directory by downloading the AWS provider plugin into a .terraform subdirectory. The provider plugin wraps the AWS API calls that Terraform needs to manage AWS resources.

 

9. Re-attempt to generate a Terraform execution plan:

Copy code
terraform plan

alt

Terraform has detected an invalid resource that is a result of misspelling gateway as getaway.

 

10. Edit the main.tf file to replace the two occurrences of aws_internet_getaway with aws_internet_gateway.

There is one on line 33 and one on line 43:

alt

 

11. Save the main.tf file by clicking on FileSave in the upper menu:

alt

 

12. Return to the terminal tab, and generate a Terraform execution plan:

Copy code
terraform plan

alt

The command writes a lot of output describing the plan to create the environment described by the configuration files. The lines in the image summarize the plan to add 14 resources. Note that no errors or warnings are reported. A non-zero exit code is returned if any errors are detected. If you were really creating the infrastructure, you would proceed to use Terraform's apply command to create the environment. Depending on the configuration and resources involved, the apply command can take several minutes.

 

Summary

In this Lab Step, you learned about the built-in static analysis capabilities in Terraform. You should also have an understanding of the scope and extent of the built-in checks performed by the built-in commands.