Get started with IaCM
Welcome to the Harness IaCM onboarding guide. Discover how Harness streamlines and secures your infrastructure management with Infrastructure as Code Management (IaCM).
What is IaCM?
IaC automates infrastructure management via code. IaCM enhances this by ensuring consistent, accountable, and repeatable deployments. Harness boosts IaCM with real-time cost estimation, automated policy enforcement, and drift detection, ensuring efficient provisioning and compliance with standards.
Prerequisites
Before beginning the walkthroughs in this guide, ensure you have:
- Access to a Harness account.
- Access to a Git provider with your OpenTofu or Terraform file.
- Access to a Cloud Provider such as AWS or Google Cloud Platform.
- An organization and project set up on the Harness Platform.
Go to What's Supported in IaCM for more information on supported Cloud Providers and Code/Git providers.
Sample terraform
The following example OpenTofu/Terraform (.tf) file declares:
- Provider Configuration: Specifies the AWS provider and sets the region to "us-east-1". Go to AWS Regions & Availability Zones for a complete region list.
- Resource Definition: Creates an EC2 instance with the identifier
my_first_ec2_instance. - AMI: Utilizes ami-123abc321cba18, go to AWS EC2 User Guide to find your AMI image ID.
- Instance Type: Configures the instance to use a t2.micro. Go to the AWS t2 instances list.
Tags: To facilitate easy identification and management within AWS resources, a tag name with the valuemy_first_ec2_instanceis applied.
provider "aws" {
region = "us-east-1"
}
resource "aws_instance" "my_first_ec2_instance" {
ami = "ami-123abc321cba18"
instance_type = "t2.micro" # Got to https://aws.amazon.com/ec2/instance-types/t2/ for a full T2 instance type list.
tags = {
Name = "my_first_ec2_instance"
}
}
Go to OpenTofu Documentation or Terraform Documentation for more information on currently supported workspace types.
Harness supports all OpenTofu versions, and Terraform MPL versions up to 1.5.x, any BSL versions (from 1.6.0) are not supported. Follow this OpenTofu migration guide to transition from Terraform to OpenTofu and leverage the benefits of this open-source alternative.
Set up your workspace
A workspace is a named environment for storing OpenTofu or Terraform configurations and resources. Connect your Cloud Provider and Code Repository through Connectors to manage infrastructure changes and updates with Harness IaCM pipelines.
Harness recommends configuring your connector before creating your workspace, however, you can also add new connectors during the Create Workspace flow.
Add connectors
To configure your connectors before you create a Workspace, go to the following interactive guides:
- Cloud Provider connector
- Git repository connector
- Step-by-step
When adding any connector, start by:
- Signing in to app.harness.io.
- In the module pane, select Infrastructure.
- Select Project Setup, and then select Connectors.
- Select New Connector.
- Select the appropriate Connector, e.g. Cloud Provider, Code Repository.
Add a cloud provider connector
Using AWS as an example, after following the initial five steps to reach the Connectors panel:
- Select a provider, e.g. AWS.
- Name your connector and select Continue.
- Add your Cloud Provider Access Key and Secret Key.
Your secret key can be stored in a secret manager (default: Harness Built-in Secret Manager).
- Select the Connectivity Mode.
- Harness recommends selecting Connect through Harness Platform.
- Continue to the final step to confirm your Cloud Provider connection is verified successfully.
- Select Finish.
Go to Connect your Cloud Provider for more information regarding connecting your Cloud Provider.
Add a Git repository connector
Using GitHub as an example, after following the initial five steps to reach the Connectors panel:
- Select a code provider, e.g. GitHub.
- Name your connector and select Continue.
- Select Repository and add your GitHub Repository URL.
- In the Credentials step, add your GitHub Username.
- Select Create or Select a Secret.
- Go to Manage your Personal Access Tokens (PAT) for more information on finding or generating a GitHub secret.
- Select New Secret Text, then enter your Secret Name and Secret Value.
- Select Save.
- Select Enable API access.
- Under API Authentication, select Create or Select a Secret and choose the secret you created in Step 5.
- Apply the selected secret and continue.
- Select the Connectivity Mode.
- Harness recommends selecting Connect through Harness Platform.
- Continue to the final step to confirm your GitHub connection is verified successfully.
- Select Finish.
Go to Connect your Code Repository for more information regarding connecting your Code Repository.
For easier access and token management, use the OIDC (OpenID Connect) option in the Credentials panel. This allows your connector to assume roles with permissions set in your Cloud Provider, updated only by authorized users. For more details, visit the Use OIDC tab.
Create your workspace
Once you have configured your connectors, you can create a Workspace and select them in the New Workspace panel:
For first-time use, use our migration tool to create new workspaces and import your existing Terraform projects into the Harness Platform.
- Interactive guide
- Step-by-step
The new workspace wizard is currently pending release and will be available soon!
- In the module pane, select Infrastructure.
- Select an existing project or create a new project.
- Select Workspaces, and then select New Workspace.
- Select Create new Workspace.
Complete the fields as follows:
- Name - Type a unique name to identify the Workspace.
- Description: Type an optional description to help identify the Workspace.
- Connector: Select the connector to use during provisioning.
- Workspace Type: Select the IaC type you want to use. IaCM currently supports Terraform and OpenTofu.
- Provisioner Version: Select the OpenTofu/Terraform version the configuration supports. This version determines which version of OpenTofu or Terraform to use during execution.
Harness IaCM currently supports integration with all OpenTofu versions
For Terraform, we support all MPL versions up to 1.5.x, any BSL versions (from 1.6.0) are not supported.
Go to OpenTofu migration to migrate from Terraform to OpenTofu.
- Repository: Specify the Git configuration for the Terraform configuration files. You should specify the Harness Git connector, repository branch, and file path to the configuration files in the repository.
- Select Add workspace details.
- Select Save.
Add connectors while creating a workspace
Add a pipeline
A pipeline structures workflows to manage tasks like planning infrastructure changes, enforcing policies, and approvals. Learn more about Harness Pipelines. You can also add pipelines through the Harness Platform or use a code-first approach with YAML.
Provision with Cost Estimation
You can include cost estimation as part of the workspace setup and in conjunction with the provision operation in your pipeline. This is part of the tofu or terraform plan step in your pipeline, which provides you with an approximate cost of the infrastructure changes you are making. Go to cost estimation for more details.
- Interactive guide
- Step-by-step
Start by adding the pipeline:
- Select the Infrastructure module.
- Select Pipelines, then select Create a Pipeline.
- Enter a Name, then select Start.
- This will create a blank pipeline for you to add stages to.
- Click Add Stage and select Infrastructure.
- Name the stage to describe what it should do, then select Set Up Stage.
- Go to the Workspace and select the Workspace you want the pipeline to run on. Remember, the Workspace is configured with your Git and Cloud Provider connectors, which will determine where your infrastructure changes are applied.
- Go to the Execution, where a selection of Operations will be presented.
- Select Provision, then select Use Operation.
- Select Save.
The Provision operation adds three Terraform plugin steps: init, plan, and apply. Go to Tofu/Terraform Plugins for more information about supported OpenTofu/Terraform commands.
Add an Approval step (optional)
You can add the Approval step to prompt a review of the previous pipeline before proceeding to the next. The most common use case would be to add the Approval step between the plan and apply steps to ensure you are happy with the infrastructure changes and estimated costs (if cost estimation is enabled on your Workspace) that come with them before applying them.
- Interactive guide
- Step-by-step
- From the Pipeline > Execution tab, click on + between
planandapply.
- Click Add Step.
- Under IACM, select IACM Approval.
- Name the approval step and click Apply Changes.
- Select Save, then Run your pipeline.
Go to pipeline approval steps for more details about approval steps and how they work.
Conclusion
This guide introduced you to the core functionalities and setup of Harness IaCM, from creating workspaces to configuring pipelines. For further learning and performance analysis, explore the Project Setup guides and Reporting & Insights guides to enhance your infrastructure management with Harness.