Blog

Terraform antipattern: Resource Modules

by Pedro Santos

March 12, 2026

Say you’re working for a medium to large company that is using infrastructure-as-code (IaC) to manage their infrastructure. Seeing so many different ways of deploying the same resources with conflicting levels of compliance, you come up with a solution. You’d like to create a unified approach to deploy IaC resources by creating resource modules. Resource modules are thin wrappers around the resource following your organization’s best practices. This keeps everyone’s configuration DRY and consistent across your organization.

Life is too short to learn Bash

by Pedro Santos

February 5, 2023

As an experienced software developer, I often find that writing scripts in sh or Bash can be a challenging task. Issues such as missing environment variables, the difficulty of using tools like xargs and jq, and the need to constantly re-learn how to write a for loop make the process frustrating. Although these issues are not inherent limitations of the language, other programming languages can also call external programs and make decisions based on their output.

Static Analysis of Terraform code with Checkov

by Pedro Santos

April 23, 2022

In the previous post about terraform, I make a case for testing your Terraform code with Go and Terratest. For this post, I’ll be making a case for static analysis tools. Static analysis tools for Terraform are a powerful mechanism to help your team follow industry best-practices. Conversely, your organization’s infrastructure team can leverage static analysis tools and custom checks to document and enforce company-wide policies.

These tools operate on the Terraform code or in the Terraform plan. Hence, they are faster to run than an end-to-end test in Terratest. Instead of working on the Terraform infrastructure as a whole, static analysis tools focus on each resource individually.

Extending Terraform with custom providers

by Pedro Santos

April 19, 2022

Note: this is a fairly advanced topic. It assumes you have some experience with Go and understand the Terraform state and resource life-cycle.

One of Terraform’s most significant drawbacks is that there is no clean way of injecting custom functionalities. The canonical solution for injecting custom functionality is to use a local_exec provisioner combined with a shell script. In my opinion, this functionality is not enough for the following reasons:

Testing Terraform code with Go and Terratest

by Pedro Santos

April 18, 2022

As a cloud engineer, I love Terraform. With Terraform, I don’t have to worry about keeping track of infrastructure changes or compute dependencies between each component. Terraform is also cloud-agnostic, so all the Terraform knowledge I’ve accrued over the years can quickly transfer between cloud providers and even into Kubernetes clusters.

While Terraform protects the user against many common mistakes, errors still creep up. An error I’ve encountered many times was a network security group misconfiguration that prevented VMs from communicating inside a Vnet. The Terraform code was syntactically correct but did not work as intended.