06/14/23

Terraform Providers: An Introduction

A look at advantages, risks, and challenges

4 Min Read

When it comes to managing infrastructure as code, Terraform stands as a notable tool among developers and operations teams alike. A core concept in Terraform that enables its wide-ranging functionality is the use of Providers. Terraform Providers act as the bridge between Terraform and the various services it manages, translating the HashiCorp Configuration Language (HCL) code into API calls to create, read, update, and delete resources.

Terraform Providers: Connecting to Your Infrastructure

A Terraform Provider is essentially a plugin that Terraform installs and runs to manage resources. Each provider plugin is responsible for understanding API interactions and exposing resources for a particular platform or service, such as AWS, Azure, Google Cloud, or even third-party services like GitHub and Datadog.

You specify the required providers in your Terraform configuration file. For example, to use AWS, you would include something like:

terraform { required_providers { aws = { source = "hashicorp/aws" version = "~> 3.0" } } }

This code block tells Terraform to use the AWS provider from HashiCorp's registry, with a version compatible with 3.0.

Understanding Provider Blocks

Once you've declared the required providers, you need to configure them using provider blocks. Here's how you would do it for AWS:

provider "aws" { region = "us-west-2" }

In this case, the region attribute is specific to the AWS provider. Each provider has its own set of configurable attributes, which are detailed in the respective provider's documentation.

Built-in vs. Third-Party Providers

Terraform maintains a collection of officially-supported providers. These providers cover a wide range of popular platforms and services, including the big three cloud providers (AWS, Azure, and GCP), and other services like Kubernetes, Docker, and more.

Beyond the officially-supported providers, the Terraform community has built numerous third-party providers that extend Terraform's capabilities to lesser-known or niche platforms.

Challenges with Terraform Providers

While Terraform Providers are powerful, they're not without their challenges:

Undocumented resources: Many Terraform providers have lacking documentation and only showcase simple examples, making production-ready use cases hard to reason about. This can in some cases lead to unknown security issues.

Understanding the provider's API: Each provider encapsulates the API of the service it interfaces with. As a result, using a provider effectively requires an understanding of that service's API and the specific way the provider implements it.

Keeping providers up-to-date: Providers must be kept up-to-date with the services they interface with. This can become a challenge when managing providers across large, distributed codebases. This is one area where alternative tools like Encore simplifies, by providing an always up-to-date interface for the services enabled via the Backend Framework.

Cross-provider dependencies: Handling dependencies between resources managed by different providers can be complex.

Terraform Providers offer a flexible way to manage a vast range of resources across different platforms and services. Understanding them is key to leveraging the power of Terraform. Despite their challenges, they remain a cornerstone of many DevOps practices for teams using Terraform.

Encore as an alternative to Terraform

Encore Interface

Encore is a modern alternative, aimed at teams looking for a more developer-centric and cohesive approach to infrastructure management. It works by providing an Backend Framework that lets developers declare infrastructure as part of the application code, in a cloud-agnostic way. This avoids many of the drawbacks of Terraform, by keeping both application code and infrastructure declarations in one code base and one programming language.

Benefits & Key Features

  • Cross-cloud Support: Encore makes applications cloud-portable by default, and lets you deploy your application to both AWS and GCP without any code changes.
  • Preview Environments: Encore provides automated Preview Environments for each Pull Request, making it simple to validate changes with faster feedback loops.
  • Developer Experience: Encore focuses on simplifying development by removing boilerplate and unlike Terraform does not require you to manually write infrastructure configuration in a proprietary language.
  • Built-in Distributed Tracing: Applications built with Encore are automatically instrumented with distributed tracing and key performance metrics, aiding in debugging and performance monitoring.

Limitations

  • Language specific: With Encore your application code and infrastructure declarations are all in the same programming language. The drawback is that not all programming languages are supported yet. Currently Encore supports Go, with TypeScript and Python support coming soon. See the docs for the latest information.

Suitable For

Teams that want to concentrate on developing their application and prefer not to spend time on complex DevOps processes and manual setup of their infrastructure.

When to consider Encore

Try Encore

Ready to escape the maze of complexity?

Encore is the development platform for building robust type-safe distributed systems with declarative infrastructure.