# Sumdog terraform upgrade ## Description current state During the initial work on the upgrade version of terraform(prepare code source to be ready with v12.0 version of terraform), we encountered several obstacles. One of them is the lack of remote state defined in the terrraform repository. This problem is described here: https://hackmd.io/WuZOQHjXSI2eO0SuNHHxyQ. Manual standard update of terraform version is time-consuming, may hide many hidden dependencies and possible hindrances. We prepared the plan for the terraform upgrade, we have started work on this task, but this cdk idea came to our mind while we were working on it, and we think it's worth keeping in mind because of the possible future benefits that may better fit Yours needs. ## Alternative to manual version upgrade During our work we came up with an alternative to this solution, namely using [cdk(Cloud Development Kit from AWS)](https://aws.amazon.com/cdk/) or [cdktf(Cloud Development Kit for terraform from Hashicorp)](https://github.com/hashicorp/terraform-cdk). Both of the two solutions described above allow you to define the infrastructure using the programming language we use. There are several potential advantages of choosing this solution: * greater readability. * code understandable for people not familiar with HCL syntax * application code and infrastructure code can be combined into one repository * probably shorter migration time than in case of manual version upgrade * probably be easier to maintain The cdktf solution allows converting existing terraform templates to a programming language of our choice(available languages: TypeScript, Python, Java, C#, and Go (experimental)) https://www.hashicorp.com/blog/announcing-cdk-for-terraform-0-5 An example of existing converted code using the above command. ```bash= import ...gen.providers.aws as aws # The following providers are missing schema information and might need manual adjustments to synthesize correctly: aws. # For a more precise conversion please use the --provider flag in convert. data_terraform_remote_state_pgadmin_prod = cdktf.DataTerraformRemoteStateS3(self, "pgadmin_prod", backend="s3", config=[{ "bucket": "terraform.sumdog.com", "key": "pgadmin", "region": "us-east-1" } ], workspace="prod" ) aws.vpc.SecurityGroup(self, "analysis_sg", description="Security group for the analysis RDS instance", egress=[{ "cidr_blocks": ["0.0.0.0/0"], "description": "Access to any resource", "from_port": 0, "protocol": "-1", "to_port": 0 } ], ingress=[{ "cidr_blocks": "45.87.212.184/32", "description": "Access to postgres service port for Fran", "from_port": 5432, "protocol": "tcp", "to_port": 5432 }, { "description": "Access to postgres service port from PgAdmin instance", "from_port": 5432, "protocol": "tcp", "security_groups": [data_terraform_remote_state_pgadmin_prod.outputs.security_group_id ], "to_port": 5432 } ], name="block-sg", tags={ "environment": "${default-firewall}", "service": "${firewall-service}" }, vpc_id=231231232 ) ``` At the moment AWS cdk does not provide an option to automatically convert between existing tf schemas and cdk, but it is not excluded that such an option will be released in the near future, the same as the support for Ruby language. It may be worth waiting a while until then :)