Managing Terraform Runs from the Lazsa Platform Interface

You can add, execute, and manage your Terraform runs from a deployment stage within a feature of your product in the Lazsa Platform.

This topic provides a comprehensive guide on managing Terraform runs from the Lazsa interface, the necessary prerequisites, detailed steps for setting up and executing runs, and how to monitor and control the process from start to finish.

Contents

Before you begin

To successfully execute Terraform runs from within the Lazsa Platform, ensure the following prerequisites are met:

  • Terraform Cloud workspace settings
    In the general settings of your Terraform workspace, select the appropriate execution mode (Organization Default, Remote, or Local). Also, disable the following auto-apply settings.

    • Auto-apply API, CLI, & VCS Runs

    • Auto-apply run triggers

    When you disable these options in Terraform, you see the confirmation options for your Terraform runs in Lazsa. You can either confirm and execute the run from the platform interface, or discard it if required.

  • Connection details in Lazsa
    Save the connection details of your Terraform Cloud instance that you want to access for executing runs from within the Lazsa Platform. See Configure Terraform Connection Details.

    To run Terraform scripts using your Git repository, save the connection details of your desired repository tool.
    See Configure Source Code Repository Connection Details.

    Also, create a configuration by selecting the repositories that you want to use to execute Terraform runs.
    See the Terraform with a source code repository section in the Configure Terraform Connection Details topic.

  • Jenkins connection
    The Lazsa Platform uses Jenkins to execute your Terraform runs. Save the connection details of your Jenkins account.
    See Configure Connection Details of DevOps CI/CD Pipeline Tool.

  • Deployment stage configuration
    While configuring a deployment stage within a product feature, select the following in the stage configuration:

    • Terraform deployment mode

    • The desired Terraform connection configuration

    • The desired continuous integration tool configuration

  • Terraform scripts
    You can execute and manage your Terraform scripts from the Lazsa Platform interface. Ensure that your scripts are prepared and ready for execution. Also, the credentials passed through the Terraform scripts must have the necessary privileges to provision the required infrastructure resources. For example, if the script is designed to create, modify, or delete resources (such as EC2 instances in AWS), the credentials provided must have the appropriate permissions in the target environment to successfully execute these operations. Without the correct permissions, the script may fail to provision infrastructure or make changes.

Supported methods of Terraform script execution

On the Deployment tab of a deployment stage, on the Terraform Service tab, click +New Run. Depending on whether you want to run a script using your configured Terraform Cloud workspace or from a Git repository, click the following options:

  • Terraform Workspace

    In this method, you utilize your pre-configured Terraform Cloud workspace, which is already linked to your VCS provider, working directory, and execution settings. In this method, Terraform Cloud handles state management. From Lazsa, you can trigger these Terraform runs, allowing you to manage and monitor the creation, modification, and deletion of resources from the platform interface.

    Creating a new Terraform run execution from Lazsa

  • Terraform Script from Git Repo

    This method allows you to run Terraform scripts stored in your Git repository by integrating with Jenkins. You can run Terraform scripts stored in your Git repository by using the following execution methods:

    • Standalone: In this mode, Jenkins pulls the code from the Git repository and executes Terraform scripts directly.

    • Terraform Cloud: In this mode, you can use Jenkins in conjunction with Terraform Cloud, where the scripts are executed within a Terraform Cloud workspace. Here, your local or on-premises resources, such as memory and CPU, are not consumed during the execution process as Terraform Cloud handles the entire execution in its environment.

    In the method, it is your responsibility to manage the execution process, state files, and CI/CD flow. This gives you maximum flexibility.

Executing Terraform runs via Terraform Cloud workspace

If you select the Terraform Workspace option to create a Terraform run execution, on the Terraform Workspace screen, do the following:

  1. Provide name
    Provide a unique and descriptive name to your Terraform run execution. This execution acts as an umbrella under which you can execute multiple related Terraform runs within a workspace. This helps in managing your runs better.
    For example, let's use an execution to manage runs to create an EC2 instance by creating a VPC, and an ELB in an AWS Account. Let's name this execution as VPC-EC2-ELB-DataStreamPro.

  2. Select Terraform instance
    Select the desired Terraform Cloud instance from the list of configured instances. Ensure that this instance is active and accessible from within the Lazsa Platform.

  3. Get workspaces
    To fetch all available workspaces from the selected Terraform Cloud instance, click Get Workspaces.

  4. Select workspace
    From the list of fetched workspaces, select the one you wish to use for this run execution. For example, select the workspace VPC_AWS_DataStreamPro. This Terraform workspace has already been duly configured with your VCS provider details, working directory, execution mode, and other necessary settings.

    Creating Terraform workspace run

  5. Add execution
    To add the execution entry and execute it later, click Add.

    Add Terraform run execution

    To execute the run immediately, click Execute, provide a name to your Terraform run, and proceed to execute it.

  6. Managing execution
    After you add a run execution, it is listed on the Terraform Service tab.
    Terraform run execution added

    Click Execute and then provide a name to the run. Let's call it Run-1.
    Provide name to Terraform run

  7. After you execute the run, the run ID, run name, and the name of the user who executed the run are displayed along with the initial status Plan Queued.

    Terraform run executed

  8. As the Terraform run proceeds, the status keeps changing as listed in the following table. Click the button to refresh the run status and view the latest information.

    Run Status Meaning
    Plan Queued This status denotes the pending stage of the plan run. Terraform Cloud processes each workspace's runs in the order they were queued and a run remains queued until every run before it has completed in Terraform Cloud.
    Planning The plan is in progress.
    Planned and Finished The plan succeeded with no changes. The run output already matches the current infrastructure state, so Terraform apply doesn't need to do anything.
    Planned

    The plan succeeded and the run may proceed to the apply stage.

    If the auto-apply setting is enabled on your Terraform workspace, the run automatically proceeds to the apply stage.

    If the auto-apply setting is disabled on your Terraform workspace, the run needs confirmation from the operator.

    • To proceed with the run, click Confirm and Apply.
      Terraform run needs confirmation from operator

    • To reject the apply, click Discard Run.
      If you discard the run, the run status changes to Discarded. This means you chose not to continue this run.
    Apply Queued This status denotes the pending stage of the apply run. A run remains queued until every run before it has completed in Terraform Cloud.
    Applying The Terraform apply is in progress, which means the actions proposed in your plan to create, update, or delete resources are being executed.
    Applied The run was successfully applied, which means resources were created, updated, or destroyed as specified in your plan.
    Errored The run execution failed. You can check the error details and take appropriate action.

     

    Note:

    You cannot destroy a Terraform Cloud workspace run from the Lazsa Platform interface. You can destroy it from the Terraform Cloud interface.

  9. Show runs triggered from Lazsa
    Turn on this toggle to view only the records of runs that have been executed through the Lazsa Platform in the specified Terraform Cloud workspace. When this option is disabled , you see records of all runs including those executed externally as well as those initiated through Lazsa. This option helps in managing and maintaining a clear overview of Terraform operations conducted through Lazsa, making it easier to monitor and control your infrastructure changes.

  10. More actions

    Additionally, click the ellipsis (...) adjacent to the accordion to perform the following actions:

    1. View resource summary
      After the run shows the Applied status, click the ellipsis in the upper right corner of your execution, and then click Get Resources to view details of all the resources that were created, updated, or deleted during the run. This screen provides a comprehensive list of each resource, including key attributes such as resource type, IDs, and configurations. This allows you to easily review and verify the infrastructure changes made by the Terraform run, ensuring everything has been provisioned as expected.

      If any Kubernetes clusters are created during the run, the details of those clusters are shown on the resources summary screen. You can use these Kubernetes clusters for your technology deployments through the Lazsa Platform.

      Details of reources created, updated, or deleted through Terraform run

    2. Remove execution

      Click this option to remove the execution details from the Lazsa Platform interface. You can still access your run details from the Terraform Cloud UI.


Executing Terraform runs using a Git repository

If you select the Terraform Script from Git Repo option to create a Terraform run, on the Terraform Script from Git Repo screen, do the following:

  1. Provide name
    Provide a unique name to your Terraform run execution. This run execution acts as an umbrella under which you can execute multiple related Terraform runs within a workspace. This helps in managing your runs better. For example, we will use this execution to manage runs to deploy an NGINX server on an EC2 instance by creating a VPC, and an ELB in an AWS Account. Let us name this execution as VPC-EC2-ELB-DataStreamPro.

  2. Select configured script source
    In the Configured Script Source list, select the desired configuration. While configuring a deployment stage, you must select the required Terraform script source configurations. Then the Configured Script Source list shows all the available source code repository configurations created for Terraform run execution.
    See the Terraform with a source code repository section in the Configure Terraform Connection Details topic.

  3. Select repository that contains Terraform code
    The Select Repo list shows all the available repositories from the selected script source configuration. Select the desired repository that contains your Terraform script and which you want to use for script execution.

  4. Specify working directory
    Specify the working directory within the selected source code repository. This is the directory from which the Terraform command is executed. This defaults to the root of your repository and is typically set to a subdirectory matching the environment when multiple environments exist within the same repository.

  5. Select source code branch
    Select the desired branch of your Git repository where your Terraform script is located.

  6. Select Terraform version
    Select a version of Terraform that should be used to run your script. By specifying the Terraform version in Lazsa, you ensure that your script runs consistently and as intended, avoiding any potential issues or incompatibilities that could arise if a different version were used.

  7. Terraform Script Execution Mode

    Depending on your requirement and preference, choose one of the following options and follow the next steps mentioned in the respective sections.

    Standalone (To run Terraform scripts directly using Git with Jenkins)

    The standalone mode allows you to run Terraform scripts directly without relying on Terraform Cloud. This mode is particularly useful when you prefer or need to manage your Terraform executions independently, require a cost-effective solution, or prefer to integrate directly with your existing Git-based workflows without the overhead of Terraform Cloud.

    After you select the Standalone execution mode, do the following:

    1. Cloud platform account
      In the Cloud Platform Account list, select your desired cloud platform account where you want to create, update, or delete resources through your Terraform script. Your configured cloud platform accounts that you have selected while configuring the deployment stage are available in this list to choose from.

    2. Configure variables
      In this section, you have the flexibility to define variables in two categories: Terraform and Environment.

      • Terraform variables
        Terraform variables are used to pass configuration settings directly into your Terraform scripts. These variables can define aspects like instance types, region names, or any other parameter that your Terraform code uses to manage infrastructure. By specifying these variables you can customize the behavior of your scripts according to your environment or requirements. For example, you might define a variable for the number and type of EC2 instances you want to provision.

      • Environment variables
        Environment variables provide configuration settings that are passed to the runtime environment where your Terraform scripts are executed. These might include variables that affect how the Terraform binary operates or other system-level configurations needed during the execution.

        Save your required variables in the key-value format. You can also mark a variable as Sensitive to make it write-only and prevent viewing its value in the Lazsa Platform interface as well as in the Terraform Cloud UI.

        Marking variable as Sensitive
        Sensitive variables are those that contain confidential, sensitive, or personally identifiable information, such as passwords, API keys, or private tokens. Marking a variable as sensitive shows the tag to the key and ensures that its value is protected. This protects sensitive information from the risk of accidental exposure.

        In the following screen capture, the key-name variable has been marked as sensitive and hence, its value is not visible in the UI.

        Configuring variables for Terraform run

    3. Do one of the following:

      • To add the execution entry and execute it later, click Add.

      • To execute the run immediately, click Execute, provide a name to your Terraform run, and then execute the run.

    4. After you add a run execution, it is listed on the Terraform Service tab. Click the icon to access your configured source code repository.

      Terraform run with Git repository ready for execution

      Click Execute and then provide a name to the run. Let's call it Run-1.

      Provide a name to Terraform run

    5. After you execute the run, the run ID, run name, and name of user who executed the run are displayed along with the run status Planning. The Lazsa Platform uses Jenkins as the automation server to execute this run. So, you see the Jenkins logo next to the Git repository icon. Click the Jenkins logo to view details in the Jenkins UI.


      Terraform run executed

    6. As the run proceeds, the status keeps changing as listed in the following table. Click the button to refresh the run status. You can click the ellipsis (...) next to the Actions column in the run details row to view the output preview of each run status.

      Run Status Meaning
      Planning

      The plan is in progress.
      Planned and Finished The plan succeeded with no changes. The run output already matches the current infrastructure state, so Terraform apply doesn't need to do anything.
      Planned

      The plan succeeded and the run may proceed to the apply stage. At this stage, do one of the following:

      • View the plan output
        Click View Output and then click Plan Output to preview the changes your Terraform run will make to your infrastructure. You can review the impact of the proposed changes before they are applied, helping you to understand how your infrastructure will be affected.

        Based on the plan output, you can decide whether to proceed with executing the run or discard it if something doesn't look right. This helps prevent unintended changes or errors in your infrastructure.

        The output looks similar to the following:

        Preview of changes Terraform run will make to your infrastructure

      • Confirm and apply the run
        To proceed with the run, click Confirm and Apply.

      • Discard the run
        To reject the apply, click Discard Run.
        If you discard the run, the run status changes to Discarded. This means you chose not to continue this run.
      Applying The Terraform apply is in progress, which means the actions proposed in your plan to create, update, or delete resources are being executed.
      Applied

      The run was successfully applied, which means resources were created, updated, or destroyed as specified in your plan.

      View the apply output
      Click View Output and then click Apply Output to view the infrastructure changes applied through the Terraform run. The output looks similar to the following:

      Changes made to infrastructure through Terraform run
      Destroyed If you destroy resources, the run status changes to Destroyed. This means that all the resources defined in a particular run have been successfully deleted or destroyed as per the Terraform configuration. Click View Output to review the detailed output of the destroy operation. This output includes information about what resources were deleted, any errors or warnings encountered during the process, and the final state of the infrastructure after the destroy operation. It's useful for verifying that the teardown was completed as expected and for auditing purposes.
      Errored The run execution failed. You can check the error details and take appropriate action.

      7.  

    7. More actions
      Additionally, click the ellipsis (...) adjacent to the accordion to perform the following actions:

      More actions for Terraform execution

      • Edit execution
        Edit execution details. You can modify the run execution name, edit existing variables and add new variables.

      • Get state file
        Click this option to view the current state of your infrastructure as managed by Terraform. The state file includes detailed information about all the resources that were created, modified, or deleted during the run. It provides a snapshot of the infrastructure's configuration, including resource IDs, properties, and dependencies, which Terraform uses to track and manage your infrastructure across future runs.

      • Destroy resources
        When you click Destroy, Terraform will begin the process of tearing down or removing all the resources that were previously created during the apply phase. This action effectively reverses the deployment, ensuring that the infrastructure is completely removed from your environment. It's typically used when you no longer need the resources or want to clean up your environment.

      • Remove execution from Lazsa
        Click this option to remove the execution from the Lazsa Platform interface.

    Terraform Cloud (To use Terraform Cloud only for script execution)

    In this mode, Terraform scripts are executed within a Terraform Cloud workspace. The scripts are pulled from the specified Git repository and run directly in Terraform Cloud, which also manages the state files, variables, and outputs associated with the infrastructure. The Lazsa Platform uses Jenkins as an automation server to execute these runs. This mode eliminates the need to manage authentication tokens between Terraform and your VCS because Terraform Cloud is used only for script execution.

    After you select the Terraform Cloud execution mode, do the following:

    1. Select Terraform Cloud account
      Select the desired Terraform Cloud configuration from the list of configured instances. This must be your active Terraform Cloud instance and it must be accessible from the Lazsa Platform.

    2. Provide cloud platform identifier (optional)

      This is a label or tag that you provide to easily recognize and distinguish your cloud platform when configuring a run using a Git repository and Terraform Cloud. This identifier is useful when managing multiple platforms or environments within Lazsa. It simplifies organization and reduces the chance of confusion when working with different cloud resources.

    3. Enter workspace name

      Specify the name of the Terraform Cloud workspace that you want to create.

    4. Configure variable set

      The variable sets that you have selected while saving the Terraform Cloud connection details in Lazsa are available in this list. Select the desired sets. Using these variable sets ensures consistency across different runs and environments. They typically include common configurations or sensitive data (like credentials or region settings) that should be uniform across all executions within a product. By using these predefined variable sets, you reduce the risk of errors and ensure that critical settings are applied consistently.

    5. Configure variables

      Configure additional variables to customize the behavior of the Terraform scripts according to the unique requirements of each run. This flexibility allows for fine-tuning and adapting to specific use cases without altering the base configurations provided by the variable sets.

      In this section, you have the flexibility to define variables in two categories: Terraform and Environment.

      • Terraform variables
        Terraform variables are used to pass configuration settings directly into your Terraform scripts. These variables can define aspects like instance types, region names, or any other parameter that your Terraform code uses to manage infrastructure. By specifying these variables you can customize the behavior of your scripts according to your environment or requirements. For example, you might define a variable for the number and type of EC2 instances you want to provision.

      • Environment variables
        Environment variables provide configuration settings that are passed to the runtime environment where your Terraform scripts are executed. These might include variables that affect how the Terraform binary operates or other system-level configurations needed during the execution.

        Save your required variables in the key-value format. You can also mark a variable as Sensitive to make it write-only and prevent viewing its value in the Lazsa Platform interface as well as in the Terraform Cloud UI.

        Marking variable as Sensitive
        Sensitive variables are those that contain confidential, sensitive, or personally identifiable information, such as passwords, API keys, or private tokens. Marking a variable as sensitive shows the tag to the key and ensures that its value is protected. This protects sensitive information from the risk of accidental exposure.

        In the following screen capture, the private_key_path variable and the public_key_path variable have been marked as sensitive and hence, their value is not visible in the UI.

      Configuring variables for Terraform run

    6. Do one of the following:

      • To add the execution entry and execute it later, click Add.

      • To execute the run immediately, click Execute, provide a name to your Terraform run, and then execute the run.

    7. After you add a run execution, it is listed on the Terraform Service tab. Click the icon to access your configured source code repository.

      Terraform run with Git repository in Terraform workspace ready for execution

      Click Execute and then provide a name to the run. Let's call it Run-1.

      Provide a name to Terraform run

    8. After you execute the run, the run ID, run name, and name of user who executed the run are displayed along with the run status Planning. The Lazsa Platform uses Jenkins as the automation server to execute this run. So, you see the Jenkins logo next to the Git repository icon. Click the Jenkins logo to view details in the Jenkins UI.

      Terraform run executed

    9. As the run proceeds, the statuses keep changing as listed in the following table. Click the button to refresh the run status. You can click the ellipsis (...) next to the Actions column in the run details row to view the output preview of each run status.

      Run Status Meaning
      Planning

      The plan is in progress.
      Planned and Finished The plan succeeded with no changes. The run output already matches the current infrastructure state, so Terraform apply doesn't need to do anything.
      Planned

      The plan succeeded and the run may proceed to the apply stage. At this stage, do one of the following:

      • View the plan output
        Click View Output and then click Plan Output to preview the changes your Terraform run will make to your infrastructure. You can review the impact of the proposed changes before they are applied, helping you to understand how your infrastructure will be affected.

        Based on the plan output, you can decide whether to proceed with executing the run or discard it if something doesn't look right. This helps prevent unintended changes or errors in your infrastructure.

        The output looks similar to the following:

        Preview of changes Terraform run will make to your infrastructure

      • Confirm and apply the run
        To proceed with the run, click Confirm and Apply.

      • Discard the run
        To reject the apply, click Discard Run.
        If you discard the run, the run status changes to Discarded. This means you chose not to continue this run.
      Applying The Terraform apply is in progress, which means the actions proposed in your plan to create, update, or destroy resources are being executed.
      Applied

      The run was successfully applied, which means resources were created, updated, or destroyed as specified in your plan.

      View the apply output
      Click View Output and then click Apply Output to view the infrastructure changes applied through the Terraform run. The output looks similar to the following:

      Changes made to infrastructure through Terraform run
      Destroyed If you destroy resources, the run status changes to Destroyed. This means that all the resources defined in a particular run have been successfully deleted or destroyed as per the Terraform configuration. Click View Output to review the detailed output of the destroy operation. This output includes information about what resources were deleted, any errors or warnings encountered during the process, and the final state of the infrastructure after the destroy operation. It's useful for verifying that the teardown was completed as expected and for auditing purposes.
      Errored The run execution failed. You can check the error details and take appropriate action.

    10. More actions
      Additionally, click the ellipsis (...) adjacent to the accordion to perform the following actions:

      More actions for Terraform execution

      • Edit execution
        Edit execution details. You can modify the run execution name, edit existing variables and add new variables.

      • Get state file
        Click this option to view the current state of your infrastructure as managed by Terraform. The state file includes detailed information about all the resources that were created, modified, or deleted during the run. It provides a snapshot of the infrastructure's configuration, including resource IDs, properties, and dependencies, which Terraform uses to track and manage your infrastructure across future runs.

      • Destroy resources
        When you click Destroy, Terraform will begin the process of tearing down or removing all the resources that were previously created during the apply phase. This action effectively reverses the deployment, ensuring that the infrastructure is completely removed from your environment. It's typically used when you no longer need the resources or want to clean up your environment.

      • Remove execution from Lazsa
        Click this option to remove the execution details from the Lazsa Platform interface. You can still access your run details from the Terraform Cloud UI.

Thus, managing Terraform runs through the Lazsa Platform offers a powerful and flexible way to automate and control your infrastructure deployments. Whether you’re leveraging Terraform Cloud or integrating with a Git repository and Jenkins, you can seamlessly manage your Terraform scripts, monitor execution status, and maintain complete oversight of your infrastructure, all within a single, cohesive platform.

Related Topics Link IconRecommended Topics