DevOps
Terraform for Arista EOS and CloudVision Studios
Automate Arista EOS switches with Terraform: aristanetworks/cvp provider, CloudVision Studios, configlet management, and EVPN fabric automation.
1 min read
DevOps
Terraform for Network Automation: Cisco, Junos, and Arista
Manage network devices with Terraform: Cisco IOS XE / NX-OS, Juniper Junos, and Arista EOS providers. VLANs, BGP, and config drift detection.
LLuca Berton1 min read
Network OSes — Cisco IOS XE / NX-OS, Juniper Junos, Arista EOS — are increasingly managed through declarative configuration. Each major vendor now ships an official Terraform provider. This guide shows how to use them for VLANs, interfaces, and BGP, and how to combine Terraform with vendor controllers (Cisco Catalyst Center, Juniper Mist, Arista CloudVision) for source-of-truth network IaC.
Provider Cheat Sheet
#| Vendor | Provider | Auth |
|---|---|---|
| Cisco IOS XE | CiscoDevNet/iosxe | RESTCONF / NETCONF |
| Cisco NX-OS | CiscoDevNet/nxos | RESTCONF |
| Cisco ACI | CiscoDevNet/aci | API |
| Juniper Junos | Juniper/junos | NETCONF over SSH |
| Arista EOS | aristanetworks/ceoslab / aristanetworks/cloudvision | eAPI / CVP |
Cisco IOS XE Example
#terraform {
required_providers {
iosxe = {
source = "CiscoDevNet/iosxe"
version = "~> 0.5"
}
}
}
provider "iosxe" {
username = var.username
password = var.password
url = "https://core-sw-1.lab.example.com"
}
resource "iosxe_vlan" "data" {
vlan_id = 100
name = "DATA"
}
resource "iosxe_interface_ethernet" "gi1_0_1" {
type = "GigabitEthernet"
name = "1/0/1"
description = "uplink-A"
enabled = true
switchport_mode_access_vlan = iosxe_vlan.data.vlan_id
}Juniper Junos Example
#terraform {
required_providers {
junos = {
source = "Juniper/junos"
version = "~> 0.16"
}
}
}
provider "junos" {
alias = "edge"
ip = "edge-fw-1.lab.example.com"
username = "terraform"
sshkey_pem = file("~/.ssh/id_ed25519")
}
resource "junos_security_zone" "trust" {
provider = junos.edge
name = "trust"
}
resource "junos_routing_instance" "vrf_blue" {
provider = junos.edge
name = "VRF-BLUE"
type = "virtual-router"
route_distinguisher = "65000:100"
}Arista EOS via CloudVision
#terraform {
required_providers {
cvp = {
source = "aristanetworks/cloudvision"
version = "~> 1.5"
}
}
}
provider "cvp" {
host = "cvp.lab.example.com"
username = var.cvp_user
password = var.cvp_password
}
resource "cvp_configlet" "site_dns" {
name = "site-dns"
config = <<-EOT
ip name-server 10.0.0.53
ip name-server 10.0.0.54
EOT
}Drift Detection
#Network drift is the killer use case. Run Terraform in plan -detailed-exitcode mode in CI nightly:
terraform plan -detailed-exitcode
# 0 = no changes, 2 = drift detectedCombined with PagerDuty/Slack notifications, you get an alert when someone made a CLI-level change that wasn't through Terraform.
Best Practices
#- Never replace the existing config wholesale — manage one VRF, one VLAN block, or one BGP neighbor at a time.
- Combine with Ansible/Nornir for one-off operational tasks; Terraform for declared state.
- Source-of-truth lives in Git, not on the device.
- Use
lifecycle { prevent_destroy = true }on uplink interfaces — a bad apply must not blackhole a site. - Run plans in a sandbox topology (Containerlab / EVE-NG) before touching prod.
Related
##Terraform#Networking#Cisco#Juniper#Arista
Related articles
DevOps
Terraform for Cisco IOS XE: Network Automation
Automate Cisco IOS XE devices with Terraform: ciscodevnet/iosxe provider, RESTCONF/NETCONF, configuration drift management, and CI-driven changes.
1 min read
DevOps
Terraform for Cisco NX-OS Data Center Switches
Automate Cisco Nexus NX-OS data-center switches with Terraform: VXLAN EVPN, vPC, leaf-spine fabrics, and ACI-adjacent automation.
1 min read
DevOps
Terraform for Juniper Junos Network Automation
Automate Juniper Junos devices with Terraform: junipernetworks/junos provider, NETCONF, commit-confirmed workflows, and EVPN-VXLAN fabrics.
1 min read