This tutorial demonstrates using the Astro Terraform Provider to automate the onboarding process for a new team by creating and managing an Astro workspace and deployment.

We recently <a href="https://www.astronomer.io/docs/astro/release-notes?__hstc=181257784.4cd43b24e00de7ab7bf7c7673191368a.1717451742456.1722518094200.1722538840801.155&amp;__hssc=181257784.4.1722538840801&amp;__hsfp=214951083#automate-airflow-resource-and-infrastucture-management-with-the-astro-terraform-provider" target="_blank" rel="noopener">released</a> the official <a href="https://registry.terraform.io/providers/astronomer/astro" target="_blank" rel="noopener">Astro Terraform Provider</a>. <a href="https://www.terraform.io/" target="_blank" rel="noopener">Terraform</a> is the industry-standard infrastructure-as-code tool to automate the creation and management of infrastructure.

The Astro Terraform provider brings significant value to organizations by enabling automated, consistent, and scalable management of your Astro infrastructure, reducing manual errors and improving efficiency. The provider currently supports several resources including clusters, workspaces, deployments, and team to workspace role mappings.

Getting Started With the Astro Terraform Provider

In this tutorial, I will guide you through using the Astro Terraform provider to automate the onboarding of a new team by creating and managing an Astro workspace and deployment. By the end of this tutorial, you will have a fully automated setup that is reproducible and easily scalable to more teams.

Create Your Terraform Working Directory

Create a folder for your Terraform project e.g. my-data-platform and save the following code in a file named terraform.tf:

Insert your organization's ID on line 11. The working directory will contain all your Terraform code, and all Terraform commands will be run from this directory.

Initialize the Terraform Working Directory

Run terraform init and you'll see Terraform downloading and installing the Astro Terraform provider to your local machine:

The versions and hashes of providers are stored in a (generated) file .terraform.lock.hcl. Store this file in version control.

Authenticating with Astro

For any automated action on Astro, you need an <a href="https://www.astronomer.io/docs/astro/automation-authentication?__hstc=181257784.4cd43b24e00de7ab7bf7c7673191368a.1717451742456.1722518094200.1722538840801.155&amp;__hssc=181257784.4.1722538840801&amp;__hsfp=214951083#step-1-create-an-api-token" target="_blank" rel="noopener">API token</a> to authenticate. API tokens exist on different levels. Since we're going to create a workspace, we need an <a href="https://www.astronomer.io/docs/astro/organization-api-tokens?__hstc=181257784.4cd43b24e00de7ab7bf7c7673191368a.1717451742456.1722518094200.1722538840801.155&amp;__hssc=181257784.4.1722538840801&amp;__hsfp=214951083" target="_blank" rel="noopener">Organization API token</a> with <a href="https://www.astronomer.io/docs/astro/user-permissions?__hstc=181257784.4cd43b24e00de7ab7bf7c7673191368a.1717451742456.1722518094200.1722538840801.155&amp;__hssc=181257784.4.1722538840801&amp;__hsfp=214951083#organization-roles" target="_blank" rel="noopener">Organization Owner permissions</a>. Create a token and ensure it's configured as an environment variable ASTRO_API_TOKEN when running Terraform commands:

export ASTRO_API_TOKEN=...

Define Resources in Terraform

In a file main.tf, define two resources, an astro_workspace and an astro_deployment. These resources will represent an Astro workspace and Astro deployment, defined in Terraform code:

One of the key characteristics (and benefits) of using Terraform is that it's declarative. Take for example the line workspace_id = astro_workspace.my_first_tf_workspace.id; this tells Terraform to configure the workspace ID in the deployment. This means the workspace must be created first, producing an ID which is a generated value and unknown at the time of writing. We don't have to instruct Terraform to create resources in a certain order, we only have to instruct what to create. The resources above can be defined in any order. Terraform takes the relationships between resources into account when deciding the order of creating resources.

Define Outputs

And (optionally) in a file outputs.tf, define values you'd like to log after creating the infrastructure. We'll output the workspace and deployment IDs:

Showing output values is not necessary in this case, but provides us (humans) information about created resources.

Preview the Terraform changes

You should now have 3 files:

1. terraform.tf
2. main.tf
3. outputs.tf (optional)

Run <a href="https://developer.hashicorp.com/terraform/cli/commands/plan" target="_blank" rel="noopener">terraform plan</a> to let Terraform create an execution plan and preview the infrastructure changes that Terraform will make. You'll see the following text:

The key message to look for is "Plan: 2 to add, 0 to change, 0 to destroy.", which validates that we're about to create two resources, which are the workspace and deployment as defined in main.tf.

Apply the Terraform Plan

Next, run terraform apply and select yes to execute the plan. This creates the Astro resources and will print their ids, as we defined in outputs.tf:

Cleaning Up Terraform-Created Resources

Finally, to clean up the resources, run terraform destroy and select yes:

The output shows two destroyed resources which are the workspace and deployment that we first created.

Conclusion

Terraform is an invaluable tool to platform teams who manage infrastructure for development teams. Just by running terraform apply, we created a workspace and deployment in seconds. Since those resources are defined in code, we can repeat those steps for additional teams and get new teams up and running quickly. Manually configuring such resources in a UI is error-prone and time-consuming so it always a good idea to automate infrastructure when you plan on repeating work more than once.

For more information about the Astro Terraform provider, check out:

• <a href="https://registry.terraform.io/providers/astronomer/astro/latest/docs" target="_blank" rel="noopener">https://registry.terraform.io/providers/astronomer/astro/latest/docs</a>
• <a href="https://github.com/astronomer/terraform-provider-astro" target="_blank" rel="noopener">https://github.com/astronomer/terraform-provider-astro</a>

Additionally, Astronomer offers several other tools to support infrastructure automation:

• Astro CLI: <a href="/docs/astro/cli/overview?__hstc=181257784.4cd43b24e00de7ab7bf7c7673191368a.1717451742456.1722518094200.1722538840801.155&amp;__hssc=181257784.4.1722538840801&amp;__hsfp=214951083" target="_blank" rel="noopener">/docs/astro/cli/overview</a>
• Astro REST API: <a href="/docs/api?__hstc=181257784.4cd43b24e00de7ab7bf7c7673191368a.1717451742456.1722518094200.1722538840801.155&amp;__hssc=181257784.4.1722538840801&amp;__hsfp=214951083" target="_blank" rel="noopener">/docs/api</a>
• Deployments as code: <a href="/docs/astro/manage-deployments-as-code?__hstc=181257784.4cd43b24e00de7ab7bf7c7673191368a.1717451742456.1722518094200.1722538840801.155&amp;__hssc=181257784.4.1722538840801&amp;__hsfp=214951083" target="_blank" rel="noopener">/docs/astro/manage-deployments-as-code</a>
• Astro GitHub integration: <a href="/docs/astro/deploy-github-integration?__hstc=181257784.4cd43b24e00de7ab7bf7c7673191368a.1717451742456.1722518094200.1722538840801.155&amp;__hssc=181257784.4.1722538840801&amp;__hsfp=214951083" target="_blank" rel="noopener">/docs/astro/deploy-github-integration</a>