# Terraform

##

## Terraform

### [TFSwitch](https://tfswitch.warrensbox.com/Install/)

### [TFEnv](https://github.com/tfutils/tfenv)

\[\[1build]] happens to use Terraform Cloud

#### Providers

Providers can be set on the downstream modules by using the following

```hcl
providers = {
  aws.target  = aws.uw2
  aws.primary = aws.uw2
}
```

#### Backend

The Terraform state should *not* be stored locally and ideally should have a remote backend

Below is an example with AWS using S3 and DynamoDB for locking

```hcl
terraform {
  # variables can't be used here
  backend "s3" {
    bucket         = "development-1b-terraform-state"
    key            = "development/terraform.tfstate"
    region         = "us-west-2"
    dynamodb_table = "development-1b-terraform-state"
    encrypt        = true
  }
}
```

#### \[\[AWS]]

**IAM Policies**

AWS policies can be a bit fickle and should be coupled with IAM policy documents to get the most use out of them

```hcl
data "aws_iam_policy_document" "allow_e2e_access" {
  provider = aws.target
  statement {
    sid    = "AllowE2ES3Access"
    effect = "Allow"

    resources = [
      "arn:aws:s3:::1b-management-e2e-reports",
      "arn:aws:s3:::1b-management-e2e-reports/*",
    ]

    actions = [
      "s3:PutObject",
    ]
  }
  statement {
    sid    = "AllowE2ECloudWatchAccess"
    effect = "Allow"

    resources = ["*"]

    actions = [
      # used to upload data points for Latency and Uptime
      "cloudwatch:PutMetricData",
    ]
  }
}

resource "aws_iam_policy" "allow_e2e_access" {
  provider    = aws.target
  name        = "allow-e2e-access"
  description = "Allows e2e access to the AWS resources it needs"
  policy      = data.aws_iam_policy_document.allow_e2e_access.json
}
```

#### Flags

**Parallelism**

Article on using parallelism to speed things up: [link](https://titanwolf.org/Network/Articles/Article?AID=6857de21-468a-4cb1-82c7-e3c79022aa22)

Parallelism can be increased from its default value of `10` to greatly reduce wait times

```
terraform plan --parallelism=100
```

In order to avoid having to pass in the flag every time, an environment variable can be used instead

```bash
TF_CLI_ARGS_plan="--parallelism=100"
```

#### Lifecycle

Ignore specific changes

```hcl
lifecycle {
	ignore_changes = [
		tags,
	]
}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.harrison.kim/notes/terraform.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.