In this guide, we are setting up a CI/CD pipeline using Terraform Cloud, a cloud-based service offered by HashiCorp for managing infrastructure as code. We are also using GitHub to host our code repository and AWS to provision and manage our infrastructure.

What is CI/CD?
CI/CD stands for Continuous Integration/Continuous Deployment.
A CI/CD pipeline is an automated process for building, testing, and deploying software applications. It aims to enable developers to quickly and efficiently release software changes to production. There are several CI/CD tools available, and the choice of tool depends on the specific needs of the organization and the development workflow. The process involves automatically building, testing, and deploying code changes, which helps to catch errors and bugs early in the development cycle and speed up the release cycle.

Terraform Cloud can be used in a CI/CD pipeline to automate infrastructure changes. By setting up a pipeline, you can automate building, testing, and deploying infrastructure code. It also provides a centralized platform for managing infrastructure changes, giving teams greater control and visibility.

Pre-requisites

• A GitHub account: To host your code and integrate it with Terraform Cloud.
• An AWS account: To provision and manage your infrastructure using Terraform.
• Terraform installed: To create and manage your infrastructure code.
• A Terraform Cloud account: To use it as a CI/CD tool to check your build.

Objectives

• Create a GitHub repository
• Clone the repo to your local environment
• Set up a Terraform Cloud account
• Create a workspace
• Connect your GitHub repo to the workspace
• Add AWS credentials as environment variables
• Log into Terraform Cloud in your local environment
• Write your code and push it up to your remote repo

Let’s begin by creating a repository in your GitHub account.

Choose the .gitignore file template for Terraform. This specifies files and directories that should be ignored by Git when working with Terraform projects. The template includes commonly ignored files such as .tfstate and .tfplan files, the .terraform directory, crash log files, and various configuration files. By ignoring these files, the .gitignore file helps keep the Git repository clean and focused on essential code files. It also helps to prevent sensitive information like access keys, passwords, or API tokens from being accidentally committed to the repository.

Next, we will configure some Branch Protection Rules. With branch protection rules, we can ensure consistent workflows, limit access, mandate checks before merging, and enforce particular merge types.
These rules play a crucial role in preventing accidental overwrites or changes to the main branch, as well as unauthorized changes to the codebase.

Click on the “Settings” tab located near the top-right corner of the page, next to the “Insights” tab.

On the left-hand side of the Settings page, click on the “Branches” option.

This will take you to the Branches settings page where we’ll configure various options related to branch protection rules and branch merging for the repository.

Click on the “Add rule” button located on the right-hand side of the page.

A branch name pattern is a naming convention for Git branches that uses regular expressions to specify rules for the format of branch names, such as requiring a specific prefix or format. This helps enforce consistency and organization across a codebase.

Customize your branch protection rules according to your preferences.

Excellent! With your repository created and branch protection rules set, it’s time to clone it to your local development environment. You can do this by clicking on the “Code” button and selecting the “HTTPS” option. After that, simply copy the URL.

Open your terminal and enter the command “git clone” followed by pasting the copied HTTPS URL.

Now that you have cloned the repository to your local environment, it’s time to configure the CI/CD workflow!

If you don’t have a Terraform Cloud account yet, you can sign up for free by clicking on this link.

Once you have registered, create an organization.

Then create a Workspace and select the “Version Control Workflow” option.

Choose GitHub.com as the version control provider.

Authorize Terraform Cloud to access your GitHub account.

Choose the repository that you created previously.

After completing the repository selection process, Terraform Cloud will redirect you back to its platform. From there, click on the repository you just selected.

Finally, configure the settings by providing a name for the Workspace and selecting the default project.

Congratulations! Your Workspace has been successfully created. Continue to the workspace overview.

To securely store your AWS credentials in your Terraform Cloud workspace, you can set them up as environment variables in your configuration. This is widely considered to be a best practice for storing sensitive information. By using environment variables, you can ensure that your credentials are kept private and are not exposed directly in your code or in other configuration files. With Terraform Cloud, you can easily set up your AWS Access Key and Secret Access Key variables as environment variables in your workspace, which can then be used in your Terraform code to access and manage your AWS resources.

Click “Configure variables”.

Click “Add variable”.

Create an environment variable for your AWS Access Key ID and set it as sensitive.

Marking a variable as sensitive in Terraform Cloud hides its value from the user interface and API responses, providing an additional layer of security for sensitive data such as access keys, secrets, and passwords.

Create another environment variable for the AWS Secret Access Key and set it as sensitive as well.

After adding the environment variables, open your IDE and run “terraform login” command. Then, when prompted, type “yes” to request an API token.

To access a token, click on the provided URL.

You will be redirected to your Terraform Cloud account. Provide a description for the token, and then click on “Generate token”.

Copy the generated token and paste it into the terminal. This should log you into Terraform Cloud.

Great news! Our CI/CD workflow is now fully configured!

To activate our CI/CD pipeline, let’s write some code. Remember to commit and save changes before pushing the code to the remote GitHub repository.

To maintain stability of the codebase, it’s recommended to write code in a branch instead of modifying the main or master branch directly. Be sure to create and write code within the branch in your environment. This approach allows us to work on features or bug fixes in isolation without affecting the codebase’s stability. Once the changes are complete, they can be merged back into the main branch via a pull and merge request, following proper review and testing.

When you execute the command “git push”, you will be prompted to set the upstream branch.

To set the upstream branch, you can run the command “git push — set-upstream origin ”. Then, enter your GitHub username and password to push your code to the remote repository.

(I had previously executed the code above, but I made some modifications to the code and pushed it to the remote repository).

You will notice a recent push in your branch on the GitHub remote repository. To proceed, click “Compare & pull request”.

Initiate the pull request by clicking “Create pull request”.

Once the pull request has been reviewed and approved, it’s time to merge it into the main branch. Usually, a pull request is approved by someone responsible for reviewing and approving changes to the codebase, such as a senior developer or team lead with expertise in the affected code. However, in our case where we are working on our own repository, we’ll proceed with the merge ourselves.

Click “Confirm merge”.

You should receive a prompt indicating that it has been merged. This prompt confirms that your changes have been incorporated into the codebase and are now a part of the project’s main branch.

Head over to your Terraform Cloud workspace, and you’ll notice that it automatically triggered a plan after merging the changes. Locate the corresponding run and click on it to review the details. This step will allow you to verify that the changes you made were successfully applied.

Once the plan execution is complete, you’ll be presented with a summary of the changes that will be made to your resources, including any additions, deletions, or modifications. Take a moment to review these changes and ensure they align with your expectations. Proceed to confirm and apply the changes to enact them in your infrastructure.

Provide a comment or explanation for the upcoming apply action, then click “Confirm Plan”.

As the apply operation runs, you’ll be able to see which resources are currently being updated and which ones have already been updated. This information is crucial for monitoring the progress of the apply operation and verifying that it completes successfully.

To confirm the successful completion of the apply operation, verify that the changes you made to your code have been accurately reflected in your resources. In my case, I modified the instance types from t2.micro to t3.micro and I can see that in my EC2 Instance Dashboard in the AWS console.

To destroy your infrastructure, head over to your Terraform Cloud workspace and click on “Settings” located on the left-hand side of the screen. From there, you can initiate the process of tearing down your infrastructure.

Navigate to the “Destruction and Deletion” tab. From there, click on “Queue destroy plan”.

To initiate the destruction of your infrastructure, simply enter the name of the workspace and then queue the destroy plan.

The final step is to confirm and apply the destruction process to tear down your infrastructure.

Once the process is complete, you’ll see which resources were successfully destroyed, including the total count of resources that were torn down.

I hope this guide has provided you with a clear and concise overview of how to set up a CI/CD pipeline using Terraform Cloud and GitHub. By following these steps, you can automate the deployment of your infrastructure and reduce the likelihood of errors or inconsistencies in your codebase.

Thank you for following along with this step-by-step guide. Feel free to follow and connect with me on LinkedIn for more Cloud/DevOps content! Happy Terraforming! ☁️👩🏼‍💻☁️

👋 If you find this helpful, please click the clap 👏 button below a few times to show your support for the author 👇

🚀Join FAUN Developer Community & Get Similar Stories in your Inbox Each Week

Create a CI/CD Pipeline with Terraform Cloud, GitHub, and AWS was originally published in FAUN Publication on Medium, where people are continuing the conversation by highlighting and responding to this story.