Gitlab and Terraform together

Posted on September 5, 2022 by Adrian Wyssmann ‐ 2 min read

gitlab terraform iac

My source code repository for private stuff is Gitlab and while working with Terraform, I want to have the state store remotely rather than locally. What are the options?

Gitlab Terraform state vs. Terraform cloud

A quick search landed me at GitLab-managed Terraform state. So GitLab provides a Terraform HTTP backend, to securely store your state files with minimal configuration and allow you together

  • Version your Terraform state files.
  • Encrypt the state file both in transit and at rest.
  • Lock and unlock states.
  • Remotely execute terraform plan and terraform apply commands.

Cool exactly what I want. But I searched further and found Configuring GitLab.com Access using Terraform Cloud. Looking at the docu the setup sounds pretty easy. So I choose the latter to give it a try.

Setting it up

Getting Terraform Cloud to work with Gitlab is very well documented and quite easy

  1. On Terraform Cloud, in your workspace you add a new VCS Provider

    The VSC provider, will point to gitlab.com. I also will provide you a Redirect URI which you will use in the next step

  2. On GitLab, Create a New Application for Terraform

    Applications is a way to define what app can use GitLab as an OAuth provider, and specify what they are allowed to do.

    So you will allow Terraform Cloud to use the API. You also provide the Redirect URI from step 1.

  3. On Terraform Cloud, you finish to set up of your provider, by adding Application ID and Application Secret provided in Step 2.

    You will have to authorize the access once and then you are set.

See them working together

Once the setup is done, Terraform Cloud will detect changes on the source code on the branches you have defined in the Source - in my case I focus on main only.

tf cloud vcs settings
Terraform cloud VCS settings

I’ve set it to manually apply, which means only terraform plan will be executed automatically and then it will wait that I apply the changes explicitly. But you also could enable automatic apply if you want to.

In the Workspace overview you get various information about the runs and the state:

tf cloud workspace
Terraform cloud workspaces gives an nice overview of the current state and last run

Form here you can dig further and get more details on the resources in the states or about the past runs.

Conclusion

If you work with Terraform and you are looking for a good way to store your state remotely, Terraform Cloud is a cool and free way to do so, which is great for personal projects.

← Chezmoi - a very cool tool to manage your dotfiles
What is ZSH and why I prefer it over bash →