Getting Started - SRE

Written on 07/11/2020
Terraform Academy TEam

Lessons from Real SREs: What They Wish They Knew Starting Out with Terraform and AWS

 

 

Site Reliability Engineering (SRE) is as much about culture and tooling as it is about infrastructure. For engineers new to Infrastructure as Code (IaC) and cloud operations, the learning curve can be steep—especially when transitioning from theory to practice in real AWS environments using tools like Terraform.

 

This article compiles firsthand insights from SRE professionals, Reddit discussions, and real-world use cases to highlight the key lessons, common mistakes, and actionable tips for getting started the right way.

 

 

 

 

1. Don’t Just Learn Terraform at Work — Build Real Environments

 

 

Tip: Many SREs regret not building their own cloud infrastructure outside of work sooner. While tutorials help, working with real AWS accounts and writing Terraform modules from scratch reveals complexities no simulated environment can offer.

 

 

Suggested Practice:

 

 

Use Terraform to build a basic but realistic environment:

provider "aws" {

  region = "us-east-1"

}

 

resource "aws_vpc" "main" {

  cidr_block = "10.0.0.0/16"

}

 

resource "aws_subnet" "public" {

  vpc_id     = aws_vpc.main.id

  cidr_block = "10.0.1.0/24"

}

 

resource "aws_instance" "web" {

  ami           = "ami-0c94855ba95c71c99" # Update based on region

  instance_type = "t3.micro"

  subnet_id     = aws_subnet.public.id

}

Working directly in your own AWS account (ideally a sandbox) helps bridge the gap between static IaC files and the dynamic nature of cloud infrastructure.

 

 

 

 

2. Write Code with Scale in Mind — Even as a Beginner

 

 

Early mistakes often include using hard-coded values, flat files, or inconsistent naming. Many SREs recommend adopting best practices from the start, such as:

 

  • Using Terraform modules to encapsulate reusable infrastructure components.
  • Parameterizing with input variables.
  • Setting up remote state (e.g., S3 + DynamoDB) even for small projects.
  • Applying naming conventions that reflect environments (dev, prod, etc.).

 

 

 

 

 

3. Embrace Version Control and Change History

 

 

“I wish I treated infrastructure like application code from the start.”

This sentiment is echoed across multiple SRE discussions. Keep all Terraform configuration in Git. Use pull requests to propose changes and track history. Tools like terraform plan and terraform fmt should be part of your CI pipeline from day one.

 

 

 

 

4. Understand Terraform State Before It Becomes a Problem

 

 

Early use of Terraform often ignores how critical terraform.tfstate is. State corruption, drift, and manual tampering are frequent beginner mistakes.

 

Recommendation:

 

  • Use remote state (e.g., Terraform Cloud, AWS S3) for team-based work.
  • Protect state files with version locking and access controls.
  • Avoid editing state manually unless you fully understand the implications.

 

 

 

 

 

5. Learn from Mistakes, Not Just Documentation

 

 

Common early mistakes pulled from SRE communities:

 

  • Accidentally destroying production due to missing -target or incorrect state.
  • Reapplying resources repeatedly due to improper lifecycle use.
  • Creating circular dependencies by combining modules too tightly.
  • Over-relying on tutorials and failing to validate output against the live environment.

 

 

Reading Reddit threads such as /r/devops, /r/terraform, and /r/aws often reveals edge cases and pitfalls that official docs don’t always cover.

 

 

 

 

6. Use Tags, Outputs, and Documentation as First-Class Citizens

 

 

A well-structured Terraform project includes:

 

  • Tags for cost tracking, ownership, and compliance.
  • Outputs that expose useful information to other modules or teams.
  • Internal README files in every module directory to explain design choices.

 

 

 

 

 

7. Practice Deployment Hygiene

 

 

  • Use terraform plan before every apply.
  • Avoid terraform destroy without backups or review.
  • Sanitize environment variables and credentials with .gitignore and secrets managers.

 

 

 

 

 

Final Advice

 

 

Start small, but build like it’s production.

Real confidence in Terraform and AWS doesn’t come from reading—it comes from breaking, fixing, and rebuilding. Build your own projects, mirror production design patterns, and actively engage with the IaC and SRE community.

 

You will make mistakes. The key is learning in a controlled, sandboxed environment so they don’t cost you in production later.

 

 

 

Recommended Resources: