What is Infrastructure as Code (IaC) and how do I use Terraform for server provisioning?
Infrastructure as Code (IaC) treats server configuration as source code — defining infrastructure in declarative files that can be version-controlled, reviewed, and deployed repeatably. Terraform is the most popular IaC tool that provisions servers, networks, DNS, and storage across any provider using a unified language (HCL).
DETAILED EXPLANATION:
Without IaC: you click through a UI or run manual commands to create servers — no audit trail, no reproducibility, configuration drift between environments. With Terraform: define desired infrastructure state in .tf files, run terraform apply, Terraform figures out what needs to be created/modified/deleted.
Terraform workflow:
1. terraform init — download provider plugins
2. terraform plan — show what will change (dry run)
3. terraform apply — make changes
4. terraform destroy — remove all managed resources
State file (terraform.tfstate) tracks what Terraform has created.
WHEN TO USE:
- Provisioning multiple servers with identical configuration
- Creating reproducible dev/staging/prod environments
- Disaster recovery — rebuild entire infrastructure from code
- Documenting infrastructure as readable code
STEP-BY-STEP — Provision a DigitalOcean/Vultr VPS with Terraform:
# main.tf
terraform {
required_providers {
digitalocean = {
source = "digitalocean/digitalocean"
version = "~> 2.0"
}
}
}
provider "digitalocean" {
token = var.do_token
}
variable "do_token" {}
resource "digitalocean_droplet" "web" {
name = "web-server-01"
region = "blr1" # Bangalore
size = "s-2vcpu-4gb"
image = "ubuntu-22-04-x64"
ssh_keys = [data.digitalocean_ssh_key.main.id]
user_data = <<-EOF
#!/bin/bash
apt update && apt install -y nginx
systemctl start nginx
EOF
}
output "server_ip" {
value = digitalocean_droplet.web.ipv4_address
}
# Run
terraform init
terraform plan
terraform apply -var="do_token=YOUR_API_TOKEN"
FLOW:
[ .tf files (desired state) ] → terraform plan → diff vs current state → terraform apply → [ Actual Infrastructure matches desired ]
KEY POINTS:
- Store .tfstate in remote backend (S3/GCS) for team collaboration
- Use workspaces for dev/staging/prod environments
- Sensitive variables in terraform.tfvars (add to .gitignore)
- Ansible handles software configuration; Terraform handles infrastructure provisioning
COMMON MISTAKES:
- Committing tfstate to Git (contains sensitive data — IPs, keys)
- Running terraform destroy on production accidentally
- Not using terraform plan before apply
QUICK FIX:
Terraform state mismatch → terraform refresh to sync state with reality, then re-plan
DIFFICULTY: Advanced
RELATED: VPS Hosting, Docker, CI/CD, Cloud Infrastructure
DETAILED EXPLANATION:
Without IaC: you click through a UI or run manual commands to create servers — no audit trail, no reproducibility, configuration drift between environments. With Terraform: define desired infrastructure state in .tf files, run terraform apply, Terraform figures out what needs to be created/modified/deleted.
Terraform workflow:
1. terraform init — download provider plugins
2. terraform plan — show what will change (dry run)
3. terraform apply — make changes
4. terraform destroy — remove all managed resources
State file (terraform.tfstate) tracks what Terraform has created.
WHEN TO USE:
- Provisioning multiple servers with identical configuration
- Creating reproducible dev/staging/prod environments
- Disaster recovery — rebuild entire infrastructure from code
- Documenting infrastructure as readable code
STEP-BY-STEP — Provision a DigitalOcean/Vultr VPS with Terraform:
# main.tf
terraform {
required_providers {
digitalocean = {
source = "digitalocean/digitalocean"
version = "~> 2.0"
}
}
}
provider "digitalocean" {
token = var.do_token
}
variable "do_token" {}
resource "digitalocean_droplet" "web" {
name = "web-server-01"
region = "blr1" # Bangalore
size = "s-2vcpu-4gb"
image = "ubuntu-22-04-x64"
ssh_keys = [data.digitalocean_ssh_key.main.id]
user_data = <<-EOF
#!/bin/bash
apt update && apt install -y nginx
systemctl start nginx
EOF
}
output "server_ip" {
value = digitalocean_droplet.web.ipv4_address
}
# Run
terraform init
terraform plan
terraform apply -var="do_token=YOUR_API_TOKEN"
FLOW:
[ .tf files (desired state) ] → terraform plan → diff vs current state → terraform apply → [ Actual Infrastructure matches desired ]
KEY POINTS:
- Store .tfstate in remote backend (S3/GCS) for team collaboration
- Use workspaces for dev/staging/prod environments
- Sensitive variables in terraform.tfvars (add to .gitignore)
- Ansible handles software configuration; Terraform handles infrastructure provisioning
COMMON MISTAKES:
- Committing tfstate to Git (contains sensitive data — IPs, keys)
- Running terraform destroy on production accidentally
- Not using terraform plan before apply
QUICK FIX:
Terraform state mismatch → terraform refresh to sync state with reality, then re-plan
DIFFICULTY: Advanced
RELATED: VPS Hosting, Docker, CI/CD, Cloud Infrastructure