Files
awesome-kubernetes/v2-docs/terraform.md

160 KiB
Raw Blame History

Hashicorp Terraform & Packer. Kubernetes Boilerplates

!!! info "Architectural Context" Detailed reference for Hashicorp Terraform & Packer. Kubernetes Boilerplates in the context of Hardened Infrastructure.

Standard Reference

Artificial Intelligence

Azure Kubernetes Service

AI Infrastructure

Cloud Infrastructure

Infrastructure as Code

AI Generation

Testing Practices

  • AI Meets Terraform: Prompt Strategies for Test Generation [COMMUNITY-TOOL] — Outlines specific prompting strategies to automatically draft tests for Terraform modules. Synthesizes automated validation frameworks like terraform test with generative AI outputs to ensure infrastructure stability.

Kubernetes Distributions

Bare-Metal and Edge

  • poseidon/typhoon 2042 [EN CONTENT] [ADVANCED LEVEL] [ENTERPRISE-STABLE] — Typhoon is a bare-metal and multi-cloud Kubernetes distribution focused on simplicity. Built entirely with Terraform and running on Flatcar Container Linux, it provides a stable setup that operates efficiently without heavy proprietary layers.

Cloud Native Foundation

Kubernetes

Private Clusters

  • (2022) ==K3s Private Cluster 🌟== 121 [HCL CONTENT] [ADVANCED LEVEL] 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] — An open-source code repository outlining how to automate secure, private K3s Kubernetes cluster installations using Terraform scripts. Illustrates resource definitions and networking setups for edge deployments.

Cloud Providers

Azure

Infrastructure as Code (1)

  • build5nines.com: Terraform: Create an AKS Cluster 🌟 [COMMUNITY-TOOL] — Step-by-step walkthrough explaining the provisioning of fully functioning AKS clusters using Terraform HCL. Provides modular templates containing standard configurations for nodes, subnets, and identity profiles. Excellent for starting GitOps infrastructure-as-code patterns.

Cloud Security

Infrastructure as Code (2)

Static Analysis

  • (2023) terrascan 🌟 [GO CONTENT] [COMMUNITY-TOOL] — An open-source static code analysis engine that scans IaC configurations (Terraform, CloudFormation, Kubernetes manifests) to uncover structural vulnerabilities and policy misalignments. Employs a comprehensive set of OPA/Rego policies for preemptive security verification.

Microsoft Defender

Terraform Provisioning

  • (2023) techcommunity.microsoft.com: Simplifying Onboarding to Microsoft Defender for Cloud with Terraform [HCL CONTENT] [COMMUNITY-TOOL] — This technical guide details the automation and integration pipelines required to onboard multi-subscription environments to Microsoft Defender for Cloud via Terraform. It focuses on setting up baseline security posture management (CSPM), configuring automatic agent provisioning, and unifying regulatory compliance metrics. Leveraging standard HCL blueprints eliminates drift in organizational security enforcement.

Offensive Security

Infrastructure Exploitation

  • (2022) offensive-terraform.github.io: Offensive Terraform Modules 🌟 [HCL CONTENT] [ADVANCED LEVEL] [COMMUNITY-TOOL] — An advanced library of offensive security modules for Terraform. Designed to assist security engineers, pentesters, and purple teams in provisioning misconfigured clouds to evaluate threat detection capabilities and automated compliance tools.

Container Orchestration

AKS

Helm Provisioning

Infrastructure Provisioning

  • (2023) learnk8s.io/terraform-aks 🌟 [HCL CONTENT] [ADVANCED LEVEL] [DOCUMENTATION] [COMMUNITY-TOOL] — An extensive architecture masterclass covering declarative provisioning of AKS environments with Terraform. Explores Azure CNI networking models, system pool isolation, private endpoints, and integration with Entra ID. Perfect for teams designing standard enterprise Kubernetes infrastructures.

Production Hardening

Continuous Integration

Azure DevOps

Troubleshooting

GitOps

AKS (1)

Flux CD

Infrastructure

CICD

IaC

  • (2021) thomasthornton.cloud: Deploy Terraform using Azure DevOps [YAML / TERRAFORM CONTENT] [COMMUNITY-TOOL] [GUIDE] — Demonstrates how to build automated, highly secure Terraform pipelines inside Azure DevOps. Explores handling sensitive state files safely within Azure Blob Storage backends and setting up secure Service Connections to authenticate with resource groups.

IaC (1)

Landing Zones

Terraform Integration

Infrastructure as Code (3)

Azure (1)

Product Updates

  • (2024) techcommunity.microsoft.com: Terraform on Azure February 2024 Update [COMMUNITY-TOOL] — Synthesizes the roadmap enhancements for the AzAPI provider, AzureRM provider, and Azure Verified Modules in early 2024. Addresses advancements in direct ARM resource coverage, nested deployment strategies, and dynamic properties support. Solves critical day-0 resource support barriers.

Enterprise Architecture

DevOps Platforms

  • (2024) gruntwork.io [GO CONTENT] [ADVANCED LEVEL] [COMMUNITY-TOOL] — Gruntwork provides an enterprise library of reusable, tested, and secure infrastructure blueprints for AWS and Kubernetes environments. Shakes off custom setup overhead by delivering production-grade networking, database, cluster, and deployment architectures.

Modular Design

Architecture Catalog

Networking

Azure Landing Zones

  • (2023) azureviking.com: Terraform Module: azurerm-alz-subnet [HCL CONTENT] [COMMUNITY-TOOL] — Examines the configuration profile of the azurerm-alz-subnet modular design pattern. It automates delegating subnets, configuring custom route tables, and binding specific Network Security Groups (NSGs). Essential for engineering scalable landing zone network boundaries.

Packer

Documentation

  • (2026) packer.io docs [DOCUMENTATION] [COMMUNITY-TOOL] — Official technical documentation cataloging Packer configuration blocks, builders, dynamic provisioners, and post-processor components. Essential for building secure, immutable virtual machine images.

Guides and Tutorials

  • (2024) learn.hashicorp.com: Write Packer template for AWS [DOCUMENTATION] [COMMUNITY-TOOL] — A step-by-step developer tutorial detailing the configuration of Amazon Machine Images (AMIs) using Packer HCL2 configurations. Demonstrates provisioner patterns, shell scripts, and AMI cleanups.

Machine Image Automation

  • (2026) packer.io [GO CONTENT] [COMMUNITY-TOOL] — The premier open-source tool for building declarative, reproducible virtual machine and cloud infrastructure images. Unifies provisioning scripts across AWS, GCP, Azure, and local hypervisor systems using structured configurations.

Policy as Code

Sentinel

  • (2023) learn.hashicorp.com: Enforce Policy with Sentinel [SENTINEL CONTENT] [DOCUMENTATION] [COMMUNITY-TOOL] — Focuses on implementing HashiCorp Sentinel policy-as-code rules within Terraform workflows. Shows how to configure structural rules to prevent non-compliant infrastructure provisioning during CI/CD execution stages. Ideal for automated governance pipelines.

Terraform

AWS Provider

Resource Management
  • (2022) learn.hashicorp.com: Configure Default Tags for AWS Resources 🌟 [HCL CONTENT] [COMMUNITY-TOOL] [GUIDE] — Step-by-step guide illustrating how to configure global default tags at the AWS provider level in Terraform. This standardizes cloud resource tagging across entire environments, solving critical enterprise governance, cost-allocation, and security auditing requirements natively.

Application Operations

AppOps
  • (2022) shipa.io: Terraform meets AppOps 🌟 [HCL CONTENT] [COMMUNITY-TOOL] — Focuses on bridging the gap between platform engineers and application developers using the Shipa Terraform provider. It introduces AppOps concepts, showing how to define application structures, security policies, and resource bounds natively within Terraform without exposing raw Kubernetes manifests. Shipa was acquired by Clastix, showing the dynamic evolution of Application Platform standards.

Architectural Patterns

DevOps Strategy
  • (2023) hub.qovery.com: Terraform is Not the Golden Hammer [NONE CONTENT] [ADVANCED LEVEL] [COMMUNITY-TOOL] — An analytical post from Qovery breaking down the limits of Terraform for application-level provisioning. It advocates for a hybrid model where Terraform manages baseline core infrastructure, while specialized platforms orchestrate dynamic application life cycles and continuous delivery, preventing HCL bloat and long plan execution times.
  • (2022) masterpoint.io: Three Terraform Use-cases You Need to Start Implementing [HCL CONTENT] [COMMUNITY-TOOL] — Identifies three high-impact, underrated integration architectures for Terraform: orchestrating external APIs (e.g., Auth0, Datadog), bootstrapping GitHub/GitLab repository configurations, and running multi-account AWS topologies. Proves Terraform's value as a general-purpose configuration broker.

Architecture and Design

Azure Resource Manager

  • (2024) techcommunity.microsoft.com: Announcing AzAPI Dynamic Properties [HCL CONTENT] [ADVANCED LEVEL] [COMMUNITY-TOOL] — Discusses the addition of dynamic properties to the AzAPI provider. This architectural release allows operators to define loosely structured JSON parameters within resource configurations. It natively supports newly published Azure features without waiting for upstream provider updates.

Best Practices

Software Engineering
  • (2022) serhii.vasylenko.info: Some Techniques to Enhance Your Terraform Proficiency [HCL CONTENT] [COMMUNITY-TOOL] — Collection of advanced techniques for managing state, organizing directory layouts, and utilizing local-exec or external data sources judiciously. It focuses on maintaining modularized, clean dry code (DRY) principles when authoring enterprise-grade HCL pipelines.

CICD Integration

Azure (2)
  • (2022) thomasthornton.cloud: Deploy Terraform using GitHub Actions to Azure [YAML CONTENT] [COMMUNITY-TOOL] — A detailed playbook showing how to securely log into Azure with OpenID Connect (OIDC) through GitHub Actions to provision Azure resources. Eliminates the security risk of storing long-lived service principal credentials in repository secrets.
Best Practices (1)
  • (2023) globaldatanet.com: Terraform CI/CD Best Practices [NONE CONTENT] [COMMUNITY-TOOL] — Comprehensive breakdown of architectural requirements for enterprise-grade IaC CI/CD. Emphasizes mandatory drift detection mechanisms, dynamic resource isolation, PR-based linting, cost forecasting integrations, and strictly separated state environments.
Buildkite
  • (2022) buildkite.com: Manage your CI/CD resources as Code with Terraform [HCL CONTENT] [COMMUNITY-TOOL] — Guide demonstrating how to use Terraform to provision and configure Buildkite pipelines, agents, and clusters. This establishes a true Pipeline-as-Code architecture, allowing platform engineers to standardize, audit, and replicate delivery runners systematically.
GitHub Actions
Quality Assurance
  • (2023) terrateam.io: Terraform Pre-Commit Hooks [YAML CONTENT] [COMMUNITY-TOOL] — A blueprint for integrating local pre-commit hooks (such as tflint, terraform fmt, and tfsec) into development workflows. This shifts left infrastructure validation and code quality, ensuring syntax validation, style compliance, and security scanning occur prior to repository commit.

CLI Operations

Resource Destruction

Cloud Providers (1)

AWS
Azure (3)
Google Cloud
  • (2024) cloud.google.com: Terraform blueprints and modules for Google Cloud 🌟 [HCL CONTENT] [ADVANCED LEVEL] [DOCUMENTATION] [COMMUNITY-TOOL] — Official reference portal for Google Cloud's opinionated Terraform blueprints and modules. Provides enterprise-grade architectures for security baselines, serverless deployments, multi-tier VPC patterns, and GKE deployments.

Collaborative Workflows

Team Patterns
  • (2022) blog.gruntwork.io: How to use Terraform as a team [NONE CONTENT] [COMMUNITY-TOOL] — A fundamental exploration of team architecture around Terraform, exploring state locking, remote backends (such as S3 + DynamoDB or Consul), directory isolation strategies, pull request validation, and CI/CD gitops workflows necessary to prevent conflicting configurations in enterprise projects.

Configuration Management

Ansible Integration
  • (2022) ansible.com: Providing Terraform with that Ansible Magic 🌟🌟 [YAML CONTENT] [COMMUNITY-TOOL] — Details the integration patterns combining Terraform's infrastructure provisioning with Ansible's rich OS-level configuration management. Highlights the usage of Ansible providers, dynamic inventory parsing, and orchestration hand-offs.
Provisioners
  • (2024) terraform.io: Creation-Time Provisioners 🌟 [HCL CONTENT] [ADVANCED LEVEL] [DOCUMENTATION] [COMMUNITY-TOOL] — Explains the lifecycle of creation-time and destroy-time provisioners. Detail-oriented documentation on how failures impact resource creation state and how destroy-time provisions execute prior to resource teardown. Essential reading for robust state management.

Configuration Patterns

Core Platform

  • (2026) terraform.io [GO CONTENT] [COMMUNITY-TOOL] — The main portal for HashiCorp Terraform's configuration engine, provider indexes, and state systems. Serves as the key reference point for declarative configuration syntaxes across multiple cloud platform topologies.
  • (2020) Terraform 0.13 Beta released! [ADVANCED LEVEL] [COMMUNITY-TOOL] — A historical release milestone introducing custom provider namespaces and enabling key functions like count and for_each inside module blocks. Established modern syntactic patterns for high-density dynamic IaC structures.

DRY Configurations

  • (2024) terragrunt.gruntwork.io [GO CONTENT] [ADVANCED LEVEL] [COMMUNITY-TOOL] — A thin, powerful wrapper that keeps Terraform configurations DRY (Don't Repeat Yourself). It natively supports multi-environment state definitions, dynamic configuration inheritance, dependency orchestration, and multi-account platform management.

Documentation (1)

  • (2021) terraform-infraestructura.readthedocs.io [SPANISH CONTENT] [DOCUMENTATION] [COMMUNITY-TOOL] — A comprehensive community-driven Spanish reference guide detailing basic and advanced Terraform usage patterns. Explores modular development strategies, state encryption, and multi-workspace deployment scenarios.

Enterprise Architecture (1)

AWS Control Tower
  • (2023) trek10.com: Control Tower: Then vs Now [NONE CONTENT] [ADVANCED LEVEL] [COMMUNITY-TOOL] — Analyzes the evolution of AWS Control Tower and its relationship with Infrastructure-as-Code engines like Terraform. Explores dynamic account factory patterns (AFT), multi-account cloud landing zones, and automated compliance frameworks.
Azure Landing Zones (1)
  • (2022) techcommunity.microsoft.com: Implement Azure landing zones with HashiCorp Terraform [HCL CONTENT] [ADVANCED LEVEL] [COMMUNITY-TOOL] — A comprehensive architectural playbook for implementing Microsoft's Cloud Adoption Framework (CAF) Azure landing zones using official Terraform modules. Explains enterprise governance configurations, management groups, subscription topologies, and baseline security networks.

Enterprise Integration

Enterprise Modules

  • (2024) techcommunity.microsoft.com: Introducing Azure Verified Modules! 🌟 [HCL CONTENT] [COMMUNITY-TOOL] — Introduces the official Azure Verified Modules (AVM) framework designed to enforce design compliance, reliable version control, and security standards across Bicep and Terraform. This structural shift standardizes module outputs and validation pipelines to eliminate custom template sprawl. Highly recommended for enterprise scale.

Enterprise Strategy

  • (2022) deloitte.com: Infrastructure as Code (IaC) con Terraform [SPANISH CONTENT] [COMMUNITY-TOOL] — A Deloitte corporate analysis examining security auditing and compliance loops in enterprise environments utilizing Terraform. Highlights risk management structures, budget tracking, and pipeline policies.

Environment Strategy

  • (2022) blog.gruntwork.io: How to manage multiple environments with Terraform 🌟 [HCL CONTENT] [ADVANCED LEVEL] [COMMUNITY-TOOL] — Gruntwork's seminal architectural analysis on environment segregation. Contrasts the structural advantages and pitfalls of Terraform Workspaces versus directory-based segregation (using separate state backends per environment). A foundational reference for multitenant platforms.

Foundational Concepts

  • (2024) learn.hashicorp.com: What is Infrastructure as Code with Terraform? 🌟 [DOCUMENTATION] [COMMUNITY-TOOL] — Official tutorial series introducing declarative infrastructure orchestration practices using Terraform's syntax structures. Highlights resource lifecycle actions, dry-run generation, state tracking databases, and execution plan verification.
  • (2021) acloudguru.com: How to use Terraform outputs and inputs [COMMUNITY-TOOL] — Breaks down modular programming semantics within HashiCorp Configuration Language (HCL). Detail-oriented guidelines explaining how to safely route resource attributes using input variables and export outputs.

Guides and Tutorials (1)

  • (2021) techbeatly.com: 10 Free Courses to Learn Terraform [COMMUNITY-TOOL] — A comprehensive index of top-tier tutorials covering declarative infrastructure management with Terraform. Focuses on modules, workspace isolation techniques, and API provider connections for operations engineering cohorts.
  • (2021) trek10.com: Beginner's Guide to Using Terraform with AWS 🌟 [COMMUNITY-TOOL] — An entry-level guide mapping AWS VPC, security group, and EC2 provisioning steps using clean Terraform providers. Helps operations engineers transition to declarative infrastructure patterns.

Kubernetes Integration

AWS EKS
  • (2024) spacelift.io: How to Provision an AWS EKS Kubernetes Cluster with Terraform [HCL CONTENT] [ADVANCED LEVEL] [COMMUNITY-TOOL] — Step-by-step structural blueprint for provisioning an AWS Elastic Kubernetes Service (EKS) cluster using Terraform modules. Explains security group management, VPC architecture mapping, IAM Roles for Service Accounts (IRSA), and node group scaling configuration.
  • (2023) learnk8s.io/terraform-eks 🌟 [HCL CONTENT] [COMMUNITY-TOOL] [GUIDE] — Structured hands-on guide focusing specifically on provisioning AWS EKS clusters using Terraform. Illustrates network design rules, security boundary management, and managing Kubernetes provider authentication with AWS CLI session tokens.
Azure OpenShift
Google GKE
  • (2023) learnk8s.io/terraform-gke 🌟 [HCL CONTENT] [COMMUNITY-TOOL] [GUIDE] — Comprehensive configuration guide targeting Google Kubernetes Engine (GKE) deployments. Teaches the configuration of VPC subnet networks, programmatic node auto-scaling, and secure control-plane endpoints using the google-beta provider.
Linode LKE
Multi-Cloud
  • (2023) learn.hashicorp.com: Deploy Federated Multi-Cloud Kubernetes Clusters [HCL CONTENT] [ADVANCED LEVEL] [COMMUNITY-TOOL] [GUIDE] — High-complexity blueprint illustrating how to orchestrate multi-cloud, federated Kubernetes cluster topologies across AWS, Azure, and Google Cloud with Terraform. Emphasizes virtual network peering, standardizing routing tables, and deploying Consul for federated service mesh connectivity.
Providers
  • (2023) architect.io: Get started with the Terraform Kubernetes provider [HCL CONTENT] [COMMUNITY-TOOL] [GUIDE] — Practical guide introducing the official Terraform Kubernetes provider. Shows how to programmatically declare native resource manifests, including Deployments, Services, and ConfigMaps directly within HCL syntax, avoiding raw YAML file management.
  • (2023) learnk8s.io/kubernetes-terraform: Creating Kubernetes clusters with Terraform [HCL CONTENT] [COMMUNITY-TOOL] [GUIDE] — Deep technical walkthrough modeling how to bootstrap and configure Kubernetes infrastructure using Terraform. Highlights direct provider orchestration, handling connection state securely, and aligning networking configuration layers between cloud providers and Kubernetes control planes.
  • (2023) releasehub.com: Terraform Kubernetes Deployment: A Detailed Walkthrough [HCL CONTENT] [COMMUNITY-TOOL] [GUIDE] — Steps through the process of setting up and configuring Kubernetes clusters and application deployments using the Kubernetes provider. Walks developers through defining cluster nodes, deploying containerized runtimes, and routing external application endpoints.

Language Features

Advanced HCL
  • (2021) blog.gruntwork.io: Terraform tips & tricks: loops, if-statements, and gotchas [HCL CONTENT] [ADVANCED LEVEL] [COMMUNITY-TOOL] — A comprehensive technical guide to loops (count, for_each, and for expressions) and conditional logic in Terraform. It provides pragmatic patterns for creating dynamic, configurable infrastructure blocks, while calling out state-related pitfalls and edge cases.

Licensing

Open Source Strategy

Migration Tools

Monorepo Management

  • (2024) ==mineiros-io/terramate== 3587 [GO CONTENT] [ADVANCED LEVEL] 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] — Terramate provides code generation, orchestration, and change detection for multi-directory Terraform repositories. Resolves state bloat in Monorepos by generating DRY code dynamically while ensuring strict state isolation across multiple workspaces.

Networking (1)

Azure DNS
  • (2023) azureviking.com: Terraform module: Azure DNS Private Resolver [HCL CONTENT] [COMMUNITY-TOOL] — Step-by-step documentation detailing a custom Terraform module for provisioning Azure DNS Private Resolvers. Explores building private-to-on-premise hybrid cloud DNS routing setups without running active VM-based DNS servers.

Newsletters and Media

  • (2026) weekly.tf: Terraform Weekly [COMMUNITY-TOOL] — A leading weekly newsletter covering the evolution of Terraform, Terramate, OpenTofu, and modern provider integrations. Highlights key patterns, security alerts, and utility code bases within cloud automation ecosystems.

Provider Development

Reference Guide

Resource Portals

  • (2025) ==github.com/shuaibiyy/awesome-terraform== 6510 [MARKDOWN CONTENT] 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] — A curated, high-density directory containing community-vetted tools, modules, frameworks, and resource links related to Terraform. Tracks dynamic tools like Terragrunt, TFLint, Terrascan, and infracost, helping practitioners stay updated with state-of-the-art IaC additions.

Security

Secrets Management

Security and Compliance

Serverless

AWS (1)
  • (2023) learn.hashicorp.com: y Serverless Applications with AWS Lambda and API Gateway 🌟 [HCL CONTENT] [COMMUNITY-TOOL] [GUIDE] — A comprehensive technical blueprint for provisioning serverless microservices on AWS using Terraform. It guides architects through configuring AWS Lambda functions, integrating them with API Gateway REST APIs, and securing endpoints. By treating serverless configuration as code, it ensures deterministic and repeatable deployments of serverless applications.
AWS Lambda

State Management

Refactoring
  • (2023) terraform.io: Refactoring [HCL CONTENT] [ADVANCED LEVEL] [DOCUMENTATION] [COMMUNITY-TOOL] — Official documentation on the moved block in HCL, illustrating native state refactoring techniques without manual state manipulation. This allows technical teams to safely rename resources, move them into submodules, and update configuration layouts while guaranteeing drift-free infrastructure plans.
  • (2022) youtube: Using Azure Storage for Terraform State - Best Practices | Ned in the cloud [COMMUNITY-TOOL] — Analyzes the operational best practices for configuring Azure Blob Storage as a secure, distributed backend for Terraform state files. Highlights state locking configurations using Azure Tables, security hardening via SAS tokens, and RBAC policies. Emphasizes backup structures and state isolation architectures.

Technology Review

  • (2021) acloudguru.com: 5 things we love about Terraform [NONE CONTENT] [COMMUNITY-TOOL] — A high-level exploratory analysis of Terraform's core strengths, emphasizing declarative execution, provider ecosystem, open-source footprint, and safe planning dry-runs. Excellent introductory synthesis for onboarding cloud engineers to declarative IaC.

Terraform Cloud

Agent Architecture
  • (2023) learn.hashicorp.com: Manage Private Environments with Terraform Cloud Agents [HCL CONTENT] [ADVANCED LEVEL] [COMMUNITY-TOOL] [GUIDE] — Explains how to configure, run, and scale Terraform Cloud Agents within private, isolated networks. This architecture allows safe orchestration of on-premise or secure VPC environments from the SaaS control plane without opening inbound firewall rules.

Troubleshooting (1)

Operations
  • (2022) acloudguru.com: How to troubleshoot 5 common Terraform errors [NONE CONTENT] [COMMUNITY-TOOL] — Technical guide diagnosing and resolving typical Terraform failures including locked states, provider version mismatches, cycle errors, API rate limiting, and missing dependency declarations. Equips operators with structural debugging patterns.

Updates and Releases

Platform Engineering

AI Integration

Agentic Engineering

  • Terraform & OpenTofu Skill for AI Agents 1881 [ADVANCED LEVEL] [EMERGING] [ENTERPRISE-STABLE] — An experimental, open-source repository establishing unified Model Context Protocol (MCP) skills or AI tools for Terraform and OpenTofu. Empowers AI agents to dynamically generate, parse, validate, and execute infrastructure-as-code definitions with semantic awareness.

CI-CD Pipelines

Infrastructure as Code (4)

Azure DevOps (1)
  • Automate Terraform Testing with Azure DevOps Pipelines [ADVANCED LEVEL] [ENTERPRISE-STABLE] — Provides a complete implementation walkthrough for embedding robust automated test suites (including tftest and checkov) inside Azure DevOps pipelines. Demonstrates how to validate infrastructure compliance and dry-run infrastructure updates early in the pipeline.
  • Azure DevOps Terraform Pipeline (Complete Guide + YAML Examples) [ADVANCED LEVEL] [ENTERPRISE-STABLE] — A production-grade, step-by-step tutorial on building a fully secure and automated Terraform deployment pipeline within Azure DevOps. Provides robust, reusable YAML template definitions, including state locking configurations, plan validations, and multi-environment promotions.

FinOps

Infrastructure as Code (5)

  • (2024) InfraCost + Terraform PRs: Making Cost Awareness Effortless 🌟🌟🌟🌟 [ENTERPRISE-STABLE] — Highlights how integrating Infracost into Terraform pull request workflows drives continuous cost awareness and optimization directly at the developer level. Prevents budget shocks by showing real-time, side-by-side cost differentials before code is merged.

Secret Management

HashiCorp Vault

Enterprise Operations

  • (2023) learn.hashicorp.com: Codify Management of Vault Enterprise Using Terraform [HCL CONTENT] [ADVANCED LEVEL] [DOCUMENTATION] [COMMUNITY-TOOL] — Illustrates the process of managing Vault Enterprise deployments declaratively using Terraform. This workflow structures namespaces, policy definitions, authentication backend mappings, and secret engines configuration to ensure auditability and compliance.

Security (1)

Certificates

TLS Automation

Secrets Management (1)

GitOps Secrets

  • (2026) ==sops: Simple and flexible tool for managing secrets 🌟== 21861 [EN CONTENT] [ADVANCED LEVEL] 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] — SOPS is an editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats, encrypting with AWS KMS, GCP KMS, Azure Key Vault, HashiCorp Vault, age, and PGP. Widely integrated in GitOps workflows, it allows versioning encrypted configuration files without exposing secret data.

💡 Explore Related: IaC | Oauth | Kubernetes Security