IT Get in touch

Terraform 0.12: HCL2 and mature multi-cloud Infrastructure as Code

Terraform 0.12 (22 May 2019) by HashiCorp: introduces HCL2 with rich types, first-class expressions, for_each and dynamic blocks. The release consolidating Terraform as de facto standard for multi-cloud IaC.

Open SourceWeb
Open SourceWeb TerraformHashiCorpIaCHCLCloudMulti-CloudOpen Source
Linux Services & Systems

Linux Services & Systems

Domains, hosting, certified email, email infrastructure, network services and Linux systems. Open Source infrastructure support and management.

Discover →

The multi-cloud IaC pioneer

Terraform — launched by HashiCorp in 2014 — is an Infrastructure as Code tool with a distinctive characteristic over Puppet, Chef, Ansible: it does not manage OS configuration but cloud resource provisioning (VMs, networks, storage, buckets, managed DBs, DNS records, keys, IAM policies). It operates as an “orchestrator” of cloud APIs.

Terraform’s model is declarative with state: the user describes desired resource state; Terraform compares with a state file (local or remote) tracking current state; computes a plan with necessary actions (create, update, destroy) and applies them via API.

HCL and 0.11

In versions 0.6 - 0.11, Terraform uses HCL 1 (HashiCorp Configuration Language v1) as DSL. HCL1 is pragmatic but limited: no rich types (only string, flat map), limited loops (count but no for_each), clumsy string concatenation syntax, unclear error messages.

At scale, with dozens or hundreds of resources across environments (dev/staging/prod) and clouds (AWS/Azure/GCP), HCL1 limitations become significant. Teams adopt patterns like Terragrunt (for DRY) or custom generators to compensate.

Terraform 0.12

Terraform 0.12 was released on 22 May 2019 after nearly a year of beta. It is the release that turns HCL into a fully typed configuration language.

Main novelties:

HCL2

New parser/language, clean semantics. Expressions are no longer interpolated strings ("${var.foo}") but first-class: var.foo, aws_instance.web.id, local.env == "prod" ? "large" : "small".

Rich types

Variables, outputs and resources accept explicit type constraints:

variable "subnets" {
    type = list(object({
        cidr     = string
        az       = string
        public   = bool
    }))
    default = []
}

for_each

Finally a decent iterator for creating resources. The old count was problematic for stateful resources because it used positional indices; for_each uses logical keys, much more robust under modifications:

resource "aws_s3_bucket" "bucket" {
    for_each = toset(["logs", "images", "docs"])
    bucket   = "myapp-${each.key}"
}

dynamic blocks

Dynamic generation of nested blocks (e.g. security group rules):

resource "aws_security_group" "web" {
    name = "web"
    dynamic "ingress" {
        for_each = var.allowed_ports
        content {
            from_port   = ingress.value
            to_port     = ingress.value
            protocol    = "tcp"
            cidr_blocks = ["0.0.0.0/0"]
        }
    }
}

Error messages

Rewritten to be explanatory: pointing to the error file and line, suggesting fixes, showing context.

Backward compatibility

0.12 requires explicit upgrade of 0.11 configurations via terraform 0.12upgrade (automatic tool that rewrites syntax). For many teams this was a carefully planned migration phase.

Providers

As of May 2019 the Terraform provider ecosystem is rich:

  • AWS Provider — over 500 resource types
  • Azure Provider — broad, maintained by HashiCorp with Microsoft
  • Google Cloud Provider — similar
  • Kubernetes Provider — K8s resource provisioning via Terraform
  • DigitalOcean, Vultr, Hetzner, Linode — secondary clouds
  • Cloudflare, Fastly — CDN/DNS
  • VMware, OpenStack — on-premise
  • GitHub, GitLab — repo/organisation management

Providers are distributed via Terraform Registry (launched 2017), integrated with Terraform’s initialisation.

Remote state

Terraform’s state file contains sensitive information (resource IDs, sometimes secrets) and must be shared across team members. As of 2019 remote state options include:

  • Terraform Cloud (HashiCorp, SaaS) — free up to 5 users
  • S3 + DynamoDB (AWS) — popular pattern for locking
  • GCS + Cloud Storage locking
  • Azure Storage
  • Consul (HashiCorp) — for on-premise deployment

Competitors

Terraform in 2019 is the de facto standard of multi-cloud IaC, but not without competitors:

  • AWS CloudFormation — native AWS, JSON/YAML, limited to AWS
  • Pulumi (2017 startup) — IaC in general-purpose languages (TypeScript, Python, Go, C#)
  • Crossplane (Upbound, 2018) — Kubernetes-native IaC
  • Google Cloud Deployment Manager — YAML, limited to GCP

Terraform retains leadership thanks to real multi-cloud and the vast provider ecosystem.

OpenTofu (future evolution)

In 2019 Terraform is solidly MPL 2.0. In August 2023 HashiCorp will change the licence to Business Source License (BSL), de facto excluding some commercial uses. The community responds with the OpenTofu fork (Linux Foundation, 2023-2024) preserving MPL 2.0. This scenario is in the future relative to 2019 but is relevant to the overall trajectory.

In the Italian context

As of 2019 Terraform is widely adopted in Italian DevOps teams:

  • Banks and insurance — IaC for AWS/Azure in cloud migration phase
  • Italian software houses — IaC for client environments
  • PA and healthcare — starting cloud projects with IaC
  • Startups — de facto standard

0.12 requires migration work but offers clear value; adoption proceeds rapidly.

References: Terraform 0.12 (22 May 2019), HashiCorp. HCL2 — HashiCorp Configuration Language v2. MPL 2.0 licence (in 2019; switch to BSL in 2023). Terraform Registry (2017). AWS, Azure, GCP, Kubernetes providers.

Need support? Under attack? Service Status
Need support? Under attack? Service Status