Terraform Explained: Why Your Cloud Infrastructure Needs a Blueprint
Let’s be real for a second.
We’ve all been there. You start a new project on Google Cloud or AWS. You’re excited. You log into the console, click "Create Instance," pick a region (probably europe-west1 because latency to Nairobi matters), open a few ports on the firewall, and your app is live. You feel like a genius.
But then, three months later, you need to replicate that environment for staging. Or worse, you accidentally delete a firewall rule and take down production. You try to remember what settings you clicked. Was it n1-standard-1 or e2-micro? Did I allow port 8080 or just 80?
Suddenly, you’re not a Cloud Engineer anymore. You’re just a guy trying to remember where he put the keys.
This is the "Jua Kali" approach to the cloud. It works until it doesn't.
In the professional world, we don't click buttons. We write code. We use Terraform. And today, I’m going to teach you exactly what that is using the universal language of Mjengo (Construction).
The Problem: The "Freestyling Fundi"
Imagine you bought a plot in Ruiru and you want to build a house. You hire a local Fundi. You go to the site, point at the ground, and say, "Weka ukuta hapa" (put a wall here).
The next day, you come back. The wall is there, but it’s crooked. The kitchen is where the bathroom should be. If you wanted to build an identical house next door, you couldn't. You’d have to stand there and shout instructions all over again. There is no documentation. There is no version control. It’s just vibes.
This is what happens when you manage cloud infrastructure manually via the Console. It’s prone to human error, it’s not reproducible, and it’s a nightmare to scale.
The Solution: The Architect’s Blueprint (IaC)
Now, imagine the professional way. You hire an Architect. They don't touch a single brick. Instead, they produce a Blueprint.
This blueprint defines everything. The dimensions, the materials, the plumbing, the electrical wiring. You can hand this blueprint to any construction crew, and they will build the exact same house. Whether it's in Ruiru, Mombasa, or Kisumu—if the blueprint is the same, the house is the same.
This is Infrastructure as Code (IaC). And Terraform is the tool we use to write the blueprint.
Core Concepts
Terraform might look intimidating with its .tf files and HashiCorp Configuration Language (HCL), but it maps perfectly to construction concepts. Let's break it down.
1. The Provider (The Contractor)
Before you break ground, you need to know who is doing the work. Are you hiring a crew that knows how to build on Google Cloud (GCP)? Or are you hiring a crew for AWS?
In Terraform, this is the Provider.
# provider.tf
provider "google" {
project = "my-awesome-project"
region = "us-central1"
}
This block tells Terraform: "Hey, we are hiring the Google Cloud crew. All instructions following this are for them."
2. Resources (The Building Blocks)
This is the meat of the project. A resource is a specific thing you want to build. In a mjengo, it's a wall, a window, or a water tank. In the cloud, it's a Virtual Machine, a Storage Bucket, or a Database.
For example, creating a bucket to store images:
# main.tf
resource "google_storage_bucket" "image_store" {
name = "my-app-images-bucket"
location = "US"
}
resource: The keyword that screams "I want to build something!"
google_storage_bucket: The type of material we are using.
image_store: The internal nickname we give it (like calling a room "Master Bedroom").
3. Variables (Customizing the House)
Imagine you have a perfect blueprint for a 3-bedroom house. Client A wants the walls painted blue. Client B wants them white. You don't draw a whole new blueprint. You just change the "Paint Specification."
Variables allow you to make your code reusable.
# variables.tf
variable "environment" {
description = "Are we in dev or prod?"
type = string
}
# main.tf
resource "google_compute_instance" "server" {
name = "app-server-${var.environment}"
machine_type = var.environment == "prod" ? "e2-standard-4" : "e2-micro"
}
4. State (The Site Logbook)
This is the most critical concept. When a construction crew builds a wall, they tick it off in the logbook. "Wall A is done."
Terraform keeps a file called terraform.tfstate. This is the brain. It remembers what has already been built in the cloud.
If you run the code today, it builds a database.
If you run the exact same code tomorrow, Terraform looks at the State File, sees the database exists, and does nothing.
It is smart enough to know the difference between "Build a new house" and "The house is already there." This prevents you from accidentally billing yourself for 50 duplicate servers.
The Workflow: Plan vs. Apply
So, how do you actually run this thing? It’s a two-step dance that saves you from disaster.
Step 1: terraform plan (The Site Visit)
You run this command in your terminal. Terraform reads your code, looks at your Google Cloud account, and compares them.
It then prints out a report: "Okay boss. Based on this blueprint, I need to add 2 servers, change 1 firewall rule, and destroy 1 old bucket."
It hasn't touched anything yet. It is asking for permission. This is your chance to catch mistakes before they happen.
Step 2: terraform apply (Groundbreaking)
If the plan looks good, you run terraform apply. The Google Cloud "crew" gets to work. APIs are called, resources are spun up, and within minutes, your infrastructure is live.
Why this actually matters
I'm currently rebuilding the infrastructure for my e-commerce platform, Merch-KE, entirely in Terraform. Why go through the effort?
Sleep: I sleep better knowing that if I accidentally deleted my entire project today, I could run terraform apply and have the entire platform back online in 15 minutes.
Audit Trails: Every change is a commit in GitHub. I can see exactly who changed the firewall rule and when.
Speed: I don't waste time clicking menus. I write code, I push, it deploys.
Stop treating your cloud infrastructure like a Jua Kali side hustle. Get a blueprint. Learn Terraform.
(If you want to see what a production-ready Terraform structure looks like, check out the merch-ke-infra repo on my GitHub. It’s a work in progress, but the architecture is there.)
