Skip to content

Terraform Overview

What Is Terraform?

Terraform is an infrastructure-as-code (IaC) tool that lets you define and provision cloud infrastructure using declarative configuration files. It supports all major cloud providers — AWS, GCP, and Azure — through a consistent workflow of plan, apply, and destroy.

Omnistrate also supports OpenTofu as a drop-in replacement for Terraform. Throughout this guide, references to "Terraform" apply equally to OpenTofu unless stated otherwise.

Key Concepts

Providers are plugins that interact with cloud APIs. Each provider (AWS, GCP, Azure) exposes a set of resources you can manage — compute instances, databases, networking, storage, IAM roles, and more.

Resources are the individual infrastructure components you declare in your Terraform configuration — an S3 bucket, an RDS instance, a VPC, a GCP Pub/Sub topic, etc.

Variables are input parameters that make your Terraform configuration reusable. You declare variables with types and defaults, then pass values at deployment time.

Outputs are values exported from your Terraform configuration after apply completes — endpoints, ARNs, connection strings, IP addresses. Other components in your Plan can consume these outputs.

State is the mapping between your declared configuration and real-world infrastructure. Omnistrate manages Terraform state automatically for every deployment.

Why Use Terraform with Omnistrate?

Provision Managed Cloud Services

Use Terraform to provision managed services — RDS databases, ElastiCache clusters, S3 buckets, DynamoDB tables, GCP Cloud SQL instances, Azure Cosmos DB — as part of your SaaS Product topology. These resources are provisioned alongside your Helm chart, Operator, or container-based deployments.

Build Multi-Cloud SaaS Products

Define cloud-specific Terraform stacks for AWS, GCP, and Azure within a single Plan specification. Omnistrate selects the correct stack based on where the deployment runs, so you can offer your SaaS Product across all three clouds from one specification.

Connect Infrastructure to Application Layers

Terraform outputs (endpoints, ARNs, connection strings) can be injected into Helm chart values, environment variables, or other resource configurations. This lets you wire managed cloud services directly into your application without manual configuration.

Automate Customer-Specific Infrastructure

Each customer deployment gets its own isolated Terraform state and resources. Omnistrate handles per-tenant provisioning, updates, and teardown automatically — you define the infrastructure once, and every customer gets their own instance.

How Terraform Works on Omnistrate

Terraform as a Resource

In Omnistrate, a Terraform stack is defined as a Resource within your Plan specification — just like a Helm chart or an Operator. You reference a Git repository containing your Terraform configuration, and Omnistrate executes the stack during the deployment lifecycle.

A typical Terraform resource is marked as internal: true, meaning it is not directly exposed to your customers. Instead, other resources (Helm charts, Operators) depend on it and consume its outputs.

Lifecycle Management

Omnistrate manages the full Terraform lifecycle:

  • Create: Runs terraform apply when a customer deployment is provisioned
  • Update: Runs terraform apply with updated variables when configuration changes
  • Delete: Runs terraform destroy when a customer deployment is torn down

State is managed per deployment, ensuring complete isolation between customers.

System Parameter Injection

Omnistrate injects system parameters directly into your Terraform templates at deployment time. These provide runtime context such as:

  • Region and availability zone information
  • VPC and subnet IDs from the deployment cell
  • Unique deployment identifiers for resource naming
  • Cloud provider network configuration

For the full list, see System Parameters.

Common Use Cases

Managed Databases as Dependencies

Provision RDS, Cloud SQL, or Azure Database instances through Terraform and pass connection endpoints to your application via output mapping.

Storage and Messaging Infrastructure

Create S3 buckets, GCS buckets, SQS queues, Pub/Sub topics, or Azure Service Bus resources that your application needs at runtime.

Networking and Security

Set up security groups, firewall rules, VPC peering, or private endpoints as part of the deployment — ensuring each customer's infrastructure meets your security requirements.

IAM and Access Control

Create cloud-specific IAM roles, service accounts, or managed identities that your application workloads assume for secure access to cloud services.

Getting Started

The process for building a Terraform-based resource on Omnistrate follows these steps:

  1. Write your Terraform configuration: Define the cloud resources you need in standard .tf files
  2. Store in a Git repository: Push your Terraform stack to a GitHub repository (public or private)
  3. Define the resource in your Plan specification: Reference the Git repository and configure per-cloud-provider stacks
  4. Map outputs to dependent resources: Use output references to pass Terraform outputs to Helm charts or other resources
  5. Build and deploy: Use the Omnistrate CLI to build your Plan and test in a development environment

Here is a minimal example that provisions an S3 bucket and passes its ARN to a Helm chart:

name: My SaaS Product
deployment:
  hostedDeployment:
    awsAccountId: "<AWS_ACCOUNT_ID>"
    awsBootstrapRoleAccountArn: arn:aws:iam::<AWS_ACCOUNT_ID>:role/omnistrate-bootstrap-role

services:
  - name: infraTerraform
    internal: true
    terraformConfigurations:
      configurationPerCloudProvider:
        aws:
          terraformPath: /terraform/aws
          gitConfiguration:
            reference: refs/heads/main
            repositoryUrl: https://github.com/your-org/your-terraform-repo.git

  - name: MyApp
    dependsOn:
      - infraTerraform
    helmChartConfiguration:
      chartName: my-app
      chartVersion: 1.0.0
      chartRepoName: my-repo
      chartRepoURL: https://charts.example.com
      chartValues:
        s3BucketARN: "{{ $infraTerraform.out.s3_bucket_arn }}"

Next Steps