Bonus: Terraform for API Infrastructure – Infrastructure as Code

🔗 Knowledge graph – Terraform completes the DevOps trinity

Docker Bonus

Containerized apps need infrastructure

K8s Bonus

Clusters can be provisioned with Terraform

CI/CD Bonus

Terraform fits perfectly in pipelines

Day 19

Chatbot APIs need API Gateways

Day 21

Portfolio system infrastructure as code

Cloud Providers

AWS, Azure, GCP all supported

Shared link: Docker containerizes your apps. Kubernetes orchestrates them. CI/CD automates deployment. Terraform provisions the underlying infrastructure – VPCs, subnets, API Gateways, and databases. Together, they form the complete DevOps toolkit .

🏗️ What is Terraform? Infrastructure as Code (IaC)

📌 Define your entire infrastructure in code

Terraform by HashiCorp is an Infrastructure as Code (IaC) tool that lets you define cloud and on-prem resources in human-readable configuration files. These files can be versioned, reused, and shared [citation:4].

Core concepts:

Declarative configuration: You declare the desired state, Terraform figures out how to achieve it [citation:2].
Providers: Plugins that interact with APIs (AWS, Azure, GCP, Kubernetes, etc.) [citation:4].
State: Terraform tracks the current state of your infrastructure to plan changes [citation:2].
Idempotency: Running the same configuration multiple times produces the same result [citation:2].

Analogy: Imagine building a house. Manual infrastructure is like hiring separate contractors for plumbing, electrical, and roofing – all working independently. Terraform is like having a complete architectural blueprint that coordinates everything. Change one line, and the entire house updates accordingly .

🎯 Why Terraform for API Infrastructure?

Traditional API Management

Click-ops in console (error-prone)
No version control for infrastructure
Environment drift (dev ≠ prod)
Manual disaster recovery
Separate workflows for infra and APIs

Terraform-Managed APIs

APIs as code – fully versioned [citation:6]
GitOps workflows with pull requests
Identical dev/staging/prod environments
One-command disaster recovery
Unified workflow – APIs + infrastructure together [citation:6]

Key benefit: Terraform detects configuration drift automatically – if someone manually changes a resource, Terraform will alert you and can revert it to the desired state .

🔄 The Core Terraform Workflow

Write Configuration

Define resources in `.tf` files using HCL (HashiCorp Configuration Language).

# main.tf
provider "aws" {
  region = "us-east-1"
}
resource "aws_api_gateway_rest_api" "my_api" {
  name = "MyAPI"
  description = "My API managed by Terraform"
}
                        

Initialize (terraform init)

Sets up the working directory, downloads providers, and initializes backend [citation:1].

$ terraform init Initializing provider plugins... Terraform has been successfully initialized!

Plan (terraform plan)

Creates an execution plan showing what will change – a dry run [citation:1].

$ terraform plan Plan: 1 to add, 0 to change, 0 to destroy.

Apply (terraform apply)

Executes the plan to create/update resources [citation:1].

$ terraform apply Apply complete! Resources: 1 added.

📡 Case Study: Deploy a Serverless API with Terraform

This is a complete example of deploying an API using AWS API Gateway + Lambda, all managed by Terraform [citation:7].

1. Lambda Function Code

# hello.js
module.exports.handler = async (event) => {
  return {
    statusCode: 200,
    body: JSON.stringify({ message: "Hello from Lambda!" })
  };
}
                    

2. Package Lambda

data "archive_file" "lambda_zip" {
  type        = "zip"
  source_dir  = "${path.module}/hello-world"
  output_path = "${path.module}/hello-world.zip"
}
resource "aws_s3_object" "lambda_code" {
  bucket = aws_s3_bucket.lambda_bucket.id
  key    = "hello-world.zip"
  source = data.archive_file.lambda_zip.output_path
}
                    

3. Lambda Function

resource "aws_lambda_function" "hello" {
  function_name = "hello-world"
  s3_bucket     = aws_s3_bucket.lambda_bucket.id
  s3_key        = aws_s3_object.lambda_code.key
  handler       = "hello.handler"
  runtime       = "nodejs20.x"
  role          = aws_iam_role.lambda_exec.arn
}
                    

4. API Gateway

resource "aws_apigatev2_api" "api" {
  name          = "hello-api"
  protocol_type = "HTTP"
}
resource "aws_apigatewayv2_integration" "lambda" {
  api_id           = aws_apigatewayv2_api.api.id
  integration_type = "AWS_PROXY"
  integration_uri  = aws_lambda_function.hello.invoke_arn
}
                    

Result: One `terraform apply` creates S3 bucket, Lambda function, IAM roles, API Gateway, and permissions – a complete serverless API in minutes .

📄 OpenAPI + Terraform – The Ultimate Combo

You can define your API specification in OpenAPI (Swagger) and have Terraform deploy it [citation:3].

# api-spec.yaml (OpenAPI 2.0/3.0)
swagger: "2.0"
info:
  title: "MyAPI"
  version: "1.0"
paths:
  /hello:
    get:
      responses:
        200:
          description: "OK"
                    

# terraform configuration
resource "aws_api_gateway_rest_api" "api" {
  name = "my-openapi-api"
  body = file("api-spec.yaml")  # Terraform parses OpenAPI!
}
            

Benefits: Your API contract lives in Git alongside your infrastructure. Changes go through code review. The same spec can generate client SDKs and documentation [citation:3].

🔌 Custom Terraform Providers – Manage Any API

Don't have an official provider? You can build your own for any REST API [citation:4].

Why build a custom provider?

Manage internal services (e.g., your Day 19 chatbot) via Terraform
Integrate niche SaaS platforms
Unify infrastructure + application configuration

How it works

Terraform providers are Go binaries that translate HCL into API calls. You implement CRUD operations for each resource [citation:4].

// Example: Resource schema for a "person" in a custom API
resource "person" "example" {
  name = "John"
  age  = 30
}
// The provider translates this to:
POST /api/persons { "name": "John", "age": 30 }
            

Real-world example: The Gravitee Terraform Provider lets you manage API gateways, policies, and subscriptions as code [citation:6].

🌍 Managing Multiple Environments (dev/staging/prod)

Terraform workspaces let you manage the same infrastructure across environments [citation:5].

# Create workspaces
terraform workspace new dev
terraform workspace new staging
terraform workspace new prod
# Switch and apply
terraform workspace select dev
terraform apply -var-file="dev.tfvars"
            

Best practice: Use separate variable files per environment (`dev.tfvars`, `prod.tfvars`) and keep the same core configuration .

🔒 Security – Secrets, State, and Policies

Remote State

Store state in S3, Azure Storage, or Terraform Cloud – not locally [citation:5].

State Locking

Prevents concurrent modifications that could corrupt state.

Sensitive Variables

Use `sensitive = true` and never hardcode secrets.

Policy as Code

Use Sentinel (Terraform Cloud) or OPA to enforce compliance.

⚙️ CI/CD + Terraform – Automated Infrastructure

Combine Terraform with your CI/CD pipelines (Bonus 3) for fully automated infrastructure deployments [citation:5][citation:10].

# GitHub Actions workflow for Terraform
name: Terraform Deploy
on:
  push:
    branches: [ main ]
    paths:
      - 'terraform/**'
jobs:
  terraform:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Setup Terraform
        uses: hashicorp/setup-terraform@v2
      - name: Terraform Init
        run: terraform init
      - name: Terraform Plan
        run: terraform plan
      - name: Terraform Apply
        run: terraform apply -auto-approve
            

Best practice: Run `terraform plan` on pull requests, and `apply` on merge to main [citation:5][citation:10].

🧪 Testing Infrastructure Code

Treat infrastructure as software – test it! [citation:8]

terraform validate

Checks syntax and internal consistency.

terraform fmt

Auto-formats code to canonical style.

tflint

Linter for best practices and potential errors.

terraform-compliance

BDD-style tests for infrastructure [citation:8].

8 hands-on Terraform exercises

🏗️ Exercise 1: Install Terraform

Install Terraform, run `terraform version`. Create a simple `main.tf` with a local file resource.

☁️ Exercise 2: Deploy AWS S3 bucket

Configure AWS provider. Create an S3 bucket with tags. Apply and verify in console.

📡 Exercise 3: Lambda + API Gateway

Follow the case study above to deploy a serverless "Hello World" API.

📄 Exercise 4: OpenAPI integration

Create an OpenAPI spec file. Use `aws_api_gateway_rest_api` with `body = file()`.

🌍 Exercise 5: Workspaces

Create dev and prod workspaces. Use different variable files for each.

🔒 Exercise 6: Remote state

Configure S3 backend for remote state. Add state locking with DynamoDB.

⚙️ Exercise 7: CI/CD integration

Create a GitHub Actions workflow that runs `terraform plan` on PR.

🧪 Exercise 8: Testing

Install tflint and terraform-compliance. Write a simple compliance test.

📄 Client Proposal – Infrastructure as Code Migration

🏗️ Terraform Infrastructure as Code – Proposal

What I'll deliver:

✅ Complete infrastructure defined as Terraform code
✅ Version-controlled infrastructure (GitHub/GitLab)
✅ Automated CI/CD pipeline for infrastructure changes
✅ API Gateway + backend resources defined in code
✅ Multi-environment setup (dev/staging/prod)
✅ Security scanning and compliance testing
✅ Remote state management with locking

Business benefits:

Disaster recovery in minutes – not days
Eliminate configuration drift
Auditable, peer-reviewed infrastructure changes
Replicate entire environments with one command

Investment: $3,000 setup + $500/mo management

📚 Resources

🏆

Master of Infrastructure Automation

You've completed all 4 bonus modules and the entire 22-day masterclass.

From Docker containers to Kubernetes orchestration, CI/CD pipelines, and now Terraform infrastructure – you've mastered the complete DevOps toolkit.

✅ Docker – Containerization

✅ Kubernetes – Orchestration

✅ CI/CD – Automated pipelines

✅ Terraform – Infrastructure as Code

✅ 22 days of core automation

✅ Enterprise-ready architect

From automation novice to DevOps master in 22+4 days