This post provides a tour of HCP Boundary and HCP Vault through the eyes of Terraform. The goal is to set up just-in-time access to AWS EC2 instances for on-call engineers. When an alarm is triggered in AWS due to high CPU utilization on an EC2 instance a Lambda function is invoked to configure access in Boundary for on-call engineers. When the alarm is cleared the access is removed. Vault is used for credential injection, so that on-call engineers are able to access EC2 instances without requiring access to any static credentials.

This blog post is the writeup of my talk at HashiTalks 2024 on the Terraform test framework. I discuss a layered approach to testing where we begin by using declarative validation in our Terraform modules and follow this up with successively more advanced tests. I will also discuss the need for policy-as-code because not everything makes sense as tests, some things should be policies.

I have written a lot about the new Terraform testing framework, but there is one piece of the puzzle that I have written almost nothing about: Terraform Cloud. In this post I will go through how to publish a module to a private Terraform Cloud registry and enable testing for the module. I will also show you the new test generation using AI.

I continue my exploration of the new Terraform testing framework with this post where I demonstrate how to run permutations of a given test using GitHub Actions. Specifically I’ll dive into an example where our module depend on a different module, and we are required to support a given number of recent versions of this module.

This post follows up on my comprehensive guide to testing in Terraform. The testing framework is new and untested (pun not intended), but it already offers a lot of possibilities that will lead to better Terraform modules. In this post I will explore all the options that are available in the new run block and the new terraform test command.

What to do when you are not allowed to use recursive module calls in your declarative infrastructure-as-code? Use imperative infrastructure-as-code!

You have many options to use when it comes to testing and validating your Terraform configurations and modules. The newest addition to these options is the native Terraform testing framework. This in combination with custom conditions, check blocks, and policies allow for creating robust infrastructure-as-code. This post is a comprehensive guide to testing and validation in Terraform.

This week I attended HashiConf in San Francisco. In this post I summarize my experience and what I thought about the conference!

In this post I compare how to import resources into your Terraform state using the traditional CLI-driven method with the new method using import blocks. This is a new feature in Terraform 1.5 and as we will see an improvement over the traditional method.

What’s up with the new Terraform Cloud pricing model?