Terraform Tips:
Securing Infrastructure-
as-Code with Terratest
– Part 3

Testing in the IaC context ensures that Terraform modules work as intended before they are
deployed in production. It helps to:

•  Detect errors early on
•  Improve code maintainability
•  Increase the reliability of deployments

Automated testing prevents changes to the infrastructure from leading to unexpected problems – and thus to costly downtime.

While traditional testing focuses on business logic, testing infrastructure code often requires the
provision of real cloud resources. However, a complete end-to-end test is usually too time
consuming and costly. Pure unit tests, on the other hand, are not sufficient.

The solution: divide your architecture into modules and test them individually. This creates an
iterative, cost-efficient development approach that detects errors early on and ensures quality.

During testing, resources are created and deleted. To avoid accidental deletions, it is
recommended to use a separate development environment that is separate from Dev, Stage, and
Live.

Best practices:

•  Each test should be independent and not use a shared state.
•  Use separate service accounts for each test run.
•  Example directory structure:

First, install Go and set up Terratest according to QuickStart. Then you can run your tests with the command "go test" and check whether the infrastructure is provisioned as expected.

In your test files, you define assertions that check the resources created – similar to manual
checks (e.g. "Is port 22 open?").

Typical assertions:

• Existence of certain resources (e.g., EC2 instance, security group)
• Properties of the resources (e.g., SSH access allowed)
• Validation of the module's outputs

Examples for AWS, Google, and Azure can be found here.

After writing the tests, they are executed using go test. The tool provides immediate feedback on
whether the infrastructure has been deployed correctly. Errors are displayed immediately, which
makes troubleshooting much easier.

To make tests an integral part of your workflow, integrate them into your CI/CD pipeline – e.g.
with GitHub Actions.

•  Use unique prefixes/suffixes for resources to decouple parallel test runs.
•  Use a remote backend (GCP Storage or AWS S3) for the Terraform state.
•  Set fixed test timeouts to avoid hanging jobs.
•  Automate clean-up with "terraform destroy" to avoid unnecessary costs.

Here is a simple example of a GitHub Actions configuration.

Testing is a key component of a reliable and scalable infrastructure-as-code strategy. Whether
you are just getting started with Terraform or want to optimise existing processes, automated
testing and its integration into CI/CD ensure the quality and stability of your infrastructure.

What is Terratest?
Terratest is a Go-based framework for automated testing of Terraform modules and
infrastructure-as-code deployments.

How do you test Terraform modules?
Terraform modules can be tested with tools such as Terratest by deploying, verifying, and then
destroying infrastructure.

Why is Terraform testing important?
Automated testing detects errors early and prevents faulty infrastructure deployments.