This document describes the steps required to demo an opinionated workflow deploying and managing AWS resources using Terraform Enterprise.
In order to complete this demo, you need to have:
- a Terraform Enterprise account
- a git account
How to decide if you should use git repos, workspaces or modules? It depends on what is the objective of the deployment.
Logical resources that won't change often.
- Example: changes in names, tags, instance types
- Use: Single git repository, multiple workspaces with environment-based variables
- Reference: Follow the steps described below
- Example: Security group rules, routing table rules
- Use: Multiple git repositories with restricted access, multiple workspaces with environment-based variables
- Reference: Follow the steps described below
Groups of resources deployed together frequently
- Example: AWS Lambda Apps, Common logging logic (Cloudwatch), LAMP apps
- Use: TFE Module Registry
- Reference: https://github.com/stenio123/terraform-lambda-example
-
Fork the following repositories: terraform-aws-vpcexample terraform-aws-securitygroupexample-dev terraform-aws-securitygroupexample-prod terraform-aws-ec2appexample
-
Create the following TFE workspaces:
- NetworkingDev -> referencing terraform-aws-vpcexample
- Terraform Variables: none required
- Environment Variables: AWS keys
- NetworkingProd -> referencing terraform-aws-vpcexample
- Terraform Variables: none required
- Environment Variables: AWS keys
- SecurityGroupDev -> referencing terraform-aws-securitygroupexample-dev
- Terraform Variables: tfe_org (name of your TFE org), vpc_workspace (name of workspace with vpc group - e.g. NetworkingDev)
- Environment Variables: AWS keys
- SecurityGroupProd -> referencing terraform-aws-securitygroupexample-prod
- Terraform Variables: tfe_org (name of your TFE org), vpc_workspace (name of workspace with vpc group - e.g. NetworkingProd)
- Environment Variables: AWS keys
- AppDev -> referencing terraform-aws-ec2appexample
- Terraform Variables: tfe_org (name of your TFE org), vpc_workspace (name of workspace with vpc group - e.g. NetworkingDev, and sg_workspace - eg SecurityDev)
- Environment Variables: Azure keys
- Run each in sequence
- Open AWS, validate resources created
- Update port in terraform-aws-securitygroupexample-dev, commit, push, accept TF apply
- Open Azure, validate security group changed
- Lambda function/Slack integration that deletes ec2 instances once tagged TTL expires: AWS ec2 ReaperBot
- Lambda function that deletes TFE workspaces once variable TTL expires: TFE Workspace Reaper