Implementing Infrastructure Testing using Terratest & InSpec for Terraform-Managed Infrastructure

Task Overview

This task aims to implement infrastructure testing using Terratest and InSpec for Terraform-managed infrastructure. The infrastructure will be provisioned in AWS, and automated tests will validate the deployment for security, compliance, and functionality before it is promoted to production.

Tech Stack

• Cloud Provider: AWS
• Infrastructure as Code (IaC): Terraform
• Infrastructure Testing: Terratest (for Go-based unit tests), InSpec (for compliance & security)
• CI/CD Tool: Jenkins/GitHub Actions
• Version Control: GitHub/GitLab
• Scripting: Shell, Go, Ruby (for InSpec)
• Configuration Management: Ansible (if required)
• Monitoring & Logging: AWS CloudWatch, ELK Stack (optional)

Task Implementation Steps

1. Set Up the Terraform Project

1.1 Define Terraform Configuration

• Create a Terraform module to provision AWS resources such as:
  • VPC, Subnets
  • Security Groups
  • EC2 instances
  • RDS database
  • Load Balancer (ALB)
  • IAM roles & policies

provider "aws" {
  region = "us-east-1"
}

resource "aws_vpc" "main" {
  cidr_block = "10.0.0.0/16"
}

resource "aws_subnet" "subnet1" {
  vpc_id                  = aws_vpc.main.id
  cidr_block              = "10.0.1.0/24"
  map_public_ip_on_launch = true
}

resource "aws_instance" "web" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"
  subnet_id     = aws_subnet.subnet1.id
  tags = {
    Name = "Terraform-Test-Instance"
  }
}

    

1.2 Initialize and Validate Terraform Code

terraform init
terraform validate
terraform plan
terraform apply -auto-approve

    

2. Implement Terratest for Infrastructure Testing

Terratest is used to write test cases in Go to validate Terraform provisioning.

2.1 Install Dependencies

go mod init terraform-test
go get github.com/gruntwork-io/terratest/modules/terraform

    

2.2 Write Terratest Code (test_terraform.go)

package test

import (
    "testing"
    "github.com/stretchr/testify/assert"
    "github.com/gruntwork-io/terratest/modules/terraform"
)

func TestTerraformInfrastructure(t *testing.T) {
    terraformOptions := &terraform.Options{
        TerraformDir: "../terraform",
    }

    defer terraform.Destroy(t, terraformOptions)
    terraform.InitAndApply(t, terraformOptions)

    instanceID := terraform.Output(t, terraformOptions, "instance_id")
    assert.NotEmpty(t, instanceID, "EC2 Instance ID should not be empty")
}

    

2.3 Run Terratest

go test -v test_terraform.go

    

3. Implement Compliance & Security Testing using InSpec

InSpec is used to ensure that the infrastructure complies with security and compliance best practices.

3.1 Install InSpec

gem install inspec

    

3.2 Create InSpec Profile

inspec init profile aws-security-checks
cd aws-security-checks

    

3.3 Define InSpec Tests (controls/aws.rb)

control 'aws-instance-check' do
  impact 1.0
  title 'Ensure AWS EC2 instance is secure'
  describe aws_ec2_instance(name: 'Terraform-Test-Instance') do
    it { should exist }
    its('state') { should eq 'running' }
    its('instance_type') { should eq 't2.micro' }
    its('image_id') { should eq 'ami-0c55b159cbfafe1f0' }
  end
end

    

3.4 Run InSpec Tests

inspec exec aws-security-checks -t aws://

    

4. Automate Infrastructure Testing in CI/CD

Infrastructure tests (Terratest & InSpec) should run automatically when a change is pushed.

4.1 Configure Jenkins Pipeline

pipeline {
    agent any

    environment {
        AWS_DEFAULT_REGION = 'us-east-1'
    }

    stages {
        stage('Checkout') {
            steps {
                git 'https://github.com/user/repo.git'
            }
        }
        stage('Terraform Init & Plan') {
            steps {
                sh 'terraform init'
                sh 'terraform plan'
            }
        }
        stage('Terraform Apply') {
            steps {
                sh 'terraform apply -auto-approve'
            }
        }
        stage('Run Terratest') {
            steps {
                sh 'go test -v test_terraform.go'
            }
        }
        stage('Run InSpec Tests') {
            steps {
                sh 'inspec exec aws-security-checks -t aws://'
            }
        }
        stage('Destroy Infrastructure') {
            steps {
                sh 'terraform destroy -auto-approve'
            }
        }
    }
}

    

5. Review Test Results and Deploy

• If all tests pass, infrastructure is deployed to staging.
• If tests fail, review logs and fix errors before reapplying.
• Once validated, infrastructure is promoted to production.

Project Deliverables

• Terraform Code (`main.tf`, `variables.tf`, `outputs.tf`)
• Terratest Code (`test_terraform.go`)
• InSpec Tests (`aws-security-checks/controls/aws.rb`)
• CI/CD Pipeline (`Jenkinsfile`)

Summary

• Terraform provisions AWS infrastructure
• Terratest validates infrastructure correctness
• InSpec ensures compliance & security
• Jenkins CI/CD automates the testing workflow

This project ensures robust, secure, and tested infrastructure deployment in AWS.