Terraform
Terraform
[[1build]] happens to use Terraform Cloud
Providers
Providers can be set on the downstream modules by using the following
providers = {
aws.target = aws.uw2
aws.primary = aws.uw2
}Backend
The Terraform state should not be stored locally and ideally should have a remote backend
Below is an example with AWS using S3 and DynamoDB for locking
terraform {
# variables can't be used here
backend "s3" {
bucket = "development-1b-terraform-state"
key = "development/terraform.tfstate"
region = "us-west-2"
dynamodb_table = "development-1b-terraform-state"
encrypt = true
}
}[[AWS]]
IAM Policies
AWS policies can be a bit fickle and should be coupled with IAM policy documents to get the most use out of them
data "aws_iam_policy_document" "allow_e2e_access" {
provider = aws.target
statement {
sid = "AllowE2ES3Access"
effect = "Allow"
resources = [
"arn:aws:s3:::1b-management-e2e-reports",
"arn:aws:s3:::1b-management-e2e-reports/*",
]
actions = [
"s3:PutObject",
]
}
statement {
sid = "AllowE2ECloudWatchAccess"
effect = "Allow"
resources = ["*"]
actions = [
# used to upload data points for Latency and Uptime
"cloudwatch:PutMetricData",
]
}
}
resource "aws_iam_policy" "allow_e2e_access" {
provider = aws.target
name = "allow-e2e-access"
description = "Allows e2e access to the AWS resources it needs"
policy = data.aws_iam_policy_document.allow_e2e_access.json
}Flags
Parallelism
Article on using parallelism to speed things up: link
Parallelism can be increased from its default value of 10 to greatly reduce wait times
terraform plan --parallelism=100In order to avoid having to pass in the flag every time, an environment variable can be used instead
TF_CLI_ARGS_plan="--parallelism=100"Lifecycle
Ignore specific changes
lifecycle {
ignore_changes = [
tags,
]
}Last updated