Stage 4 · Provision
Infrastructure as Code
Terraform, Bicep, ARM — building repeatable, auditable, and version-controlled infrastructure.
Prerequisite
Docker + Ansible basics.
What this course leaves you with
- Codify infrastructure with Terraform and Bicep
- Manage state, drift, and policy safely
- Provision reproducible environments on demand
Why this stage matters — Infrastructure is code — now design the systems it will run.
Progress
0 of 54 lessons complete. Progress is stored locally in your browser so you can pick the path back up later.
course completion
Terraform Fundamentals
Core concepts, state management, and module design.
- 01Core ConceptsResources, providers, state, and the execution plan.6 min
- 02State ManagementRemote backends, locking, workspaces, and state migration.7 min
- 03Module DesignComposition, versioning, registry, and testing modules.8 min
- 04Variables, Outputs & Data SourcesType constraints, validation, sensitive values, and dynamic blocks.6 min
- 05Provisioners & Local-execWhen to use them, alternatives, and the null_resource pattern.5 min
- 06Testing TerraformTerratest, kitchen-terraform, and plan validation in CI.7 min
Advanced Terraform Patterns
Scaling Terraform for organizations and complex environments.
- 01Monorepo vs Multi-RepoStructuring Terraform codebases for teams.6 min
- 02Environment PromotionDev → Staging → Prod pipelines with terragrunt or native workspaces.7 min
- 03Drift Detection & RemediationAutomated drift detection, prevention, and self-healing.6 min
- 04Policy as Code with OPARega/Rego, Sentinel, and enforcing standards at plan time.7 min
- 05Importing Existing InfrastructureTerraform import, moved blocks, and refactoring strategies.6 min
- 06Multi-Cloud TerraformProvider aliases, shared modules, and cross-cloud dependencies.7 min
Bicep & ARM Templates for Azure
Native Azure IaC — Bicep for authoring, ARM for deployment.
- 01Bicep BasicsSyntax, parameters, variables, modules, and loops.6 min
- 02Bicep Modules & RegistriesPrivate registries, versioning, and module composition.6 min
- 03ARM Template Deep DiveTemplate structure, functions, deployment modes, and linked templates.7 min
- 04Bicep vs ARMTranspilation, debugging, and when to use which.5 min
- 05Azure Policy & BlueprintsGovernance at scale, initiative definitions, and remediation tasks.7 min
- 06What-If OperationsPreview deployments, confirmation, and safe production changes.5 min
GitOps Workflows
ArgoCD, Flux, and declarative infrastructure delivery.
- 01GitOps PrinciplesDeclarative, versioned, pulled, and continuously reconciled.5 min
- 02ArgoCD Deep DiveApplications, projects, app-of-apps, and progressive delivery.8 min
- 03Flux v2Kustomize, HelmRelease, image automation, and multi-tenancy.7 min
- 04Secrets in GitOpsSealedSecrets, External Secrets Operator, and SOPS.7 min
- 05Policy Enforcement in GitOpsKyverno, Gatekeeper, and admission control.6 min
- 06GitOps ObservabilitySync status, drift detection, and deployment metrics.5 min
Terraform at Scale
Patterns for keeping large Terraform estates safe, reusable, and governable.
- 01Module VersioningSemantic versions, private registries, dependency constraints, and safe upgrade paths.7 min
- 02Remote State ArchitectureBackend layout, state locking, state data boundaries, and blast-radius reduction.7 min
- 03Workspace StrategyCLI workspaces, directory-per-environment, Terragrunt, and when each model fails.6 min
- 04Plan Review AutomationPR comments, JSON plans, infracost diffs, and detecting destructive changes in CI.7 min
- 05Policy GuardrailsOPA, Sentinel, Conftest, and enforcing tags, regions, and encryption before apply.8 min
- 06Terratest ContractsGo-based Terratest suites, fixture environments, retries, and teardown reliability.8 min
Continuous Delivery & GitOps
Delivering infrastructure changes through reconciled, progressive, and auditable pipelines.
- 01ArgoCD ApplicationSetsCluster generators, app-of-apps, sync waves, and self-healing reconciliation.8 min
- 02Flux Image AutomationImageRepository, ImagePolicy, ImageUpdateAutomation, and Git-based promotion.7 min
- 03Progressive DeliveryArgo Rollouts, Flagger, canaries, blue-green deployments, and metric gates.8 min
- 04Encrypted SecretsSealed Secrets, Mozilla SOPS, age keys, and External Secrets Operator workflows.7 min
- 05Environment Promotion PipelinesDev-to-prod promotion with immutable artifacts, approvals, and provenance checks.7 min
- 06Delivery ObservabilityDORA metrics, deployment traces, reconciliation alerts, and rollback audit trails.6 min
Terraform State Operations
Managing Terraform state safely during imports, migrations, and drift response.
- 01Remote Backends & LockingS3, Azure Storage, GCS, Terraform Cloud, DynamoDB locks, and lease recovery.8 min
- 02State File StructureResource addresses, instances, lineage, serials, sensitive values, and backend metadata.7 min
- 03Import & Moved Blocksterraform import, import blocks, moved blocks, and preserving addresses during refactors.8 min
- 04Workspace & Stack BoundariesWorkspaces, directory layouts, state data sources, and minimizing cross-stack coupling.7 min
- 05Drift Response Runbooksterraform plan -refresh-only, manual changes, ignore_changes, and safe reconciliation workflows.7 min
- 06State RecoveryState backups, force-unlock, state rm, state mv, and restoring from backend versioning.8 min
Modules & Composition
Designing reusable Terraform modules with stable interfaces and upgrade paths.
- 01Module Interface DesignInput types, validation blocks, optional attributes, outputs, and compatibility contracts.8 min
- 02Module Composition PatternsRoot modules, child modules, for_each composition, dependency inversion, and wrapper modules.8 min
- 03Private Module RegistryTerraform Registry protocol, Git sources, semantic versions, and release automation.7 min
- 04Module Documentationterraform-docs, examples, READMEs, generated inputs, and runnable usage contracts.6 min
- 05Module Upgrade StrategyVersion constraints, changelogs, deprecation windows, moved blocks, and upgrade playbooks.7 min
- 06Composition with Terragruntinclude blocks, dependency outputs, generate blocks, and when Terragrunt adds operational risk.7 min
Validation, Policy & Secrets
Catching unsafe infrastructure changes before apply without leaking credentials.
- 01terraform validate & planSyntax validation, plan files, detailed exit codes, JSON output, and CI gating.7 min
- 02TFLint RulesProvider-specific rulesets, custom checks, naming conventions, and plugin configuration.6 min
- 03Terratest IntegrationGo tests, fixture environments, retries, assertions, and deterministic teardown patterns.8 min
- 04Checkov & Static AnalysisMisconfiguration scanning, suppressions, SARIF reports, and baseline management.7 min
- 05OPA & Sentinel GuardrailsRego policies, Sentinel policies, Conftest, cost checks, and mandatory tag enforcement.8 min
- 06Vault & Provider SecretsVault data sources, dynamic credentials, sensitive outputs, and avoiding plaintext tfvars.8 min