DEV Community

Cover image for Writing Python scripts to automate infrastructure in Terraform
Scofield Idehen
Scofield Idehen

Posted on • Originally published at blog.learnhub.africa

Writing Python scripts to automate infrastructure in Terraform

Infrastructure as code (IaC) manages infrastructure through machine-readable definition files rather than physical hardware configuration. This allows infrastructure to be quickly provisioned, managed, and scaled using code.

Terraform by HashiCorp is a popular open-source infrastructure as a code software tool that provides a consistent CLI and API workflow to manage cloud services, servers, databases, and more from providers like AWS, Azure, and Google Cloud.

Terraform configuration files describe the components needed to run a single application or your entire data center. It handles provisioning and changing resources safely and efficiently.

Deploying cloud-based Python web apps with Streamlit sharing

Check this out: Deploying cloud-based Python web apps with Streamlit sharing

However, regularly running Terraform workflows manually via the CLI can become tedious over time, especially for large infrastructure and frequent updates. This is where automation with Python comes into play.

Python is an accessible programming language commonly used for a wide range of automation tasks. By combining Python scripts with Terraform CLI commands and output values, we can automate our infrastructure workflows for efficiency and consistency.

This allows managing infrastructure-as-code at scale for reduced costs and better reliability.
In this comprehensive guide, we will cover:

  • Prerequisites for using Python with Terraform
  • Executing Terraform functionality like init, plan, and apply from within Python
  • Working with Terraform output values in Python scripts
  • An end-to-end automation walkthrough with Python driving our Terraform config
  • Additional capabilities like testing, modularization, and integration workflows

Prerequisites

To effectively leverage Terraform from Python scripts for infrastructure automation, some key skills are required:

Python Knowledge
You need to be familiar with Python basics like:

  • Variables
  • Control structures like loops and conditionals
  • Functions and modules
  • Importing libraries

Installing Terraform

Terraform CLI should be installed on your system with Python. This allows executing terraform commands from the terminal and scripts.

  • For Linux/MacOS: Have curl and unzip commands available
  • For Windows: Install 7zip for extracting archives
  • Download the package

Next, download the appropriate Terraform package (.zip for Windows, .gz for Linux/Mac) from the Terraform downloads page.

Select a package based on your OS (amd64 for 64-bit operating systems).

  • Extract the Terraform binary

A. For Linux/Mac:

$ tar xvfz terraform_{VERSION}_linux_amd64.zip
Enter fullscreen mode Exit fullscreen mode

This will extract the terraform executable.

B. For Windows, use 7zip or similar.

  • Move Terraform to /usr/local/bin

For easy usage, move Terraform binary file to a location on the OS PATH. Common location is /usr/local/bin/:

$ sudo mv terraform /usr/local/bin/
Enter fullscreen mode Exit fullscreen mode
  • Confirm installation

Check Terraform was installed correctly by checking the version:

$ terraform -v
Terraform v1.1.7
Enter fullscreen mode Exit fullscreen mode

The terraform binary can now be executed directly from the command line and accessed by scripts.

Configuring Terraform Projects

You must have Terraform provider and resource blocks already defined for your infrastructure, such as AWS, Azure, or Google Cloud. Resources like compute instances, databases, and networking must be configured in .tf files for Python to work with.

Infrastructure Concepts
Some infrastructure knowledge is also helpful to ensure you define the right Terraform project architecture and workflows to automate with Python.

Executing Terraform in Python Subprocesses
A common way Python scripts can integrate with external programs and binaries is by using the subprocess module. It allows executing shell commands like terraform and working with the results in Python code.

Here are some key Terraform capabilities we can drive using subprocesses:

  • Initialize Working Directory

The init command reads configuration files and downloads providers needed to provision the infrastructure.

  • Validate Configurations

validate can be used to check for errors in .tf files before applying changes.

  • Plan Infrastructure Changes

To safely preview changes before altering real resources, the Terraform plan shows a diff based on the current state.

  • Apply Changes

The apply command provisions real infrastructure based on your .tf configurations. Resources are created, updated, or destroyed.

  • Destroy Infrastructure

If you no longer require provisioned infrastructure, destroy can dismantle them based on previous applies.

By wrapping these critical Terraform commands in Python subprocess calls, we automate key IaC workflows programmatically. Subprocess attributes also let us parse outputs, check return codes, and handle errors.

  • Working with Terraform Outputs in Python

A key ability enabled by integrating Terraform and Python is to access the output values from Terraform directly applied to Python variables.

Some examples include:

  • Resource identifiers like instance id's
  • DNS names
  • Security group id's

We can assign useful output values like:
instance_id = terraform_output['instance_id']

And easily utilize them for subsequent scripts like:

  • Interpolating id's into other resources
  • Tagging resources in AWS
  • Adding new instances to load balancer pools automatically

Output value integration unlocks many automation use cases by linking Python logic with live infrastructure state data.

Automation Walkthrough

Now let's walk through a sample automation scenario to see Python and Terraform integration in action:

Our goal is to quickly spin up reusable, best-practice infrastructure. We want to provision an auto-scaled compute cluster in AWS along with networking, load balancing and full monitoring.

We have modular Terraform config files with resources defined as code for each component like EC2, ALB, CloudWatch etc. Our Python script will automatically tie these all together for one command deployment.

The script flow is:

  1. Initialize Terraform working directory
  2. This scans the provider and resource blocks in .tf modules so Terraform understands everything we want to build.
  3. Provision infrastructure
  4. Next we kick off a terraform apply which executes our configurations by communicating to the AWS API and creating real resources like servers, databases, VPCs and so on.
  5. Get resource attributes from state
  6. Once done, we access useful Terraform output values from the newly created infrastructure. For example - VPC id, subnet id's and all EC2 instance id's which were dynamically created.
  7. Configure dependencies
  8. Using the retrieved resource attributes and id's, we can now automatically configure additional dependencies without manual lookup or changing code. For example, we add all EC2 instances to an Auto Scaling group and load balancer for high availability.

To wrap up, destroy the infrastructure to avoid ongoing costs since we were just running a temporary automation test.

By chaining all of these steps driven by the Python script calling Terraform modules, we have an easy way to repeatedly deploy best-practice environments customized to your needs.

Additional Automation Capabilities

There are many more ways Python scrips can provide automation support for Terraform modules beyond the workflow above:

Testing and Validation
Python allows easy integration of unit tests to validate infrastructure changes before deploying. We can also run assertions on output data to ensure resources have been deployed properly.

Reuse and Orchestration
Common modules can be packaged as Python functions for reuse across infrastructure projects. And build orchestration pipelines managing infrastructure code testing > approval > deployment.

State Manipulation
For advanced scenarios, Terraform state can be directly accessed from the Python API for data manipulation or backup.

Conclusion

Python is a versatile way to unlock automation benefits for infrastructure-as-code projects using Terraform for cloud, on-prem, and hybrid environments. Key takeaways:

  • Automate repetitive Terraform workflows like init, plan, and apply
  • Access live state data through output variables in Python
  • Chain together workflows across modules for one-step deployment
  • Reuse Terraform code for consistency and reliability
  • Leverage the Python ecosystem for testing, CI/CD, and reuse

The possibilities for programming infrastructure management are vast to streamline operations.

With robust tooling like Terraform and Python supporting infrastructure-as-code methodologies, teams can codify and automate the provisioning and management of infrastructure at scale for reduced costs and improved efficiency.

If you find this post exciting, find more exciting posts on Learnhub Blog; we write everything tech from Cloud computing to Frontend Dev, Cybersecurity, AI, and Blockchain.

Resource

Top comments (0)