Skip to content

MichielVanDerWinden/aws-tf-reference

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Terraform Reference Architecture for AWS

License: MIT

Warning: This code is provided as-is — it is not meant to be executed verbatim. No support is provided in any way.

Introduction

This is a very basic implementation of a Terraform codebase for infrastructure on AWS. Because this codebase acts as an example, everything is left as generic and default as possible. The only thing that can potentially be called opinionated is the file/folder structure.

The folder structure is set up with a few goals in mind:

  • Each part of the infrastructure is its own module in the modules folder;
  • Each environment is separated in the environments folder with their own default tags;
  • Each part of an environment gets its own statefile as to reduce the blast radius;
  • In order to not repeat myself, symlinks of the provider.tf file are created in places where it's needed.

Getting started

Terraform & shell configuration

To get started you first have to install Terraform on your machine. Installation instructions for all platforms can be found here.

To make life a little easier you can add this alias in whatever shell configuration you have:

alias tf="terraform"

Setting up statefile management

Before you can start working with setting up environments using Terraform you have to set up everything needed for state management. This is a one time process for each new AWS account.

cd modules/state
tf init
tf apply

Terraform will ask to name the new S3 bucket where the statefile will be stored. Further information can be found in modules/state/README.md.

After this initial setup you can delete the modules/state/.terraform folder.

Security groups

Security Groups are defined within the VPC module because this makes it easier to reference them into each other and tighten security.

Each VPC has a Name tag associated which is used in datasources inside of other modules.

data "aws_security_group" "this" {
  tags = {
    Name = "..."
  }
}

This returns the ID of the security group:

security_groups = [ data.aws_security_group.this.id ]

Atlantis setup

To automate planning and applying your terraform code, we can use Atlantis. An example repo-side atlantis.yaml file has been provided in this repo, and any best practices concerning the server-side setup can be found in this accompanying repo.

Following this setup, your terraform infrastructure can be easily, securely and quickly deployed to all your AWS accounts from your own Github (or other VCS) infra repo.

About

A reference architecture for AWS using Terraform

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • HCL 100.0%