Terraform

TFSwitch

TFEnv

[[1build]] happens to use Terraform Cloud

Providers

Providers can be set on the downstream modules by using the following

providers = {
  aws.target  = aws.uw2
  aws.primary = aws.uw2
}

Backend

The Terraform state should not be stored locally and ideally should have a remote backend

Below is an example with AWS using S3 and DynamoDB for locking

terraform {
  # variables can't be used here
  backend "s3" {
    bucket         = "development-1b-terraform-state"
    key            = "development/terraform.tfstate"
    region         = "us-west-2"
    dynamodb_table = "development-1b-terraform-state"
    encrypt        = true
  }
}

[[AWS]]

IAM Policies

AWS policies can be a bit fickle and should be coupled with IAM policy documents to get the most use out of them

data "aws_iam_policy_document" "allow_e2e_access" {
  provider = aws.target
  statement {
    sid    = "AllowE2ES3Access"
    effect = "Allow"

    resources = [
      "arn:aws:s3:::1b-management-e2e-reports",
      "arn:aws:s3:::1b-management-e2e-reports/*",
    ]

    actions = [
      "s3:PutObject",
    ]
  }
  statement {
    sid    = "AllowE2ECloudWatchAccess"
    effect = "Allow"

    resources = ["*"]

    actions = [
      # used to upload data points for Latency and Uptime
      "cloudwatch:PutMetricData",
    ]
  }
}

resource "aws_iam_policy" "allow_e2e_access" {
  provider    = aws.target
  name        = "allow-e2e-access"
  description = "Allows e2e access to the AWS resources it needs"
  policy      = data.aws_iam_policy_document.allow_e2e_access.json
}

Flags

Parallelism

Article on using parallelism to speed things up: link

Parallelism can be increased from its default value of 10 to greatly reduce wait times

terraform plan --parallelism=100

In order to avoid having to pass in the flag every time, an environment variable can be used instead

TF_CLI_ARGS_plan="--parallelism=100"

Lifecycle

Ignore specific changes

lifecycle {
	ignore_changes = [
		tags,
	]
}

PreviousHelm NextPrometheus

Last updated 3 years ago

hashtag

hashtagTerraform

hashtagTFSwitcharrow-up-right

hashtagTFEnvarrow-up-right

hashtagProviders

hashtagBackend

hashtag[[AWS]]

hashtagFlags

hashtagLifecycle