Hi, I am exploring Terraform Cloud and wanted to get the best practices for it.
I am a user of terraform with state management in S3 and terraform plan and apply running via gitlab pipeline stages. I have kept the reusable code in modules and via a driver project I am invoking module for different environments. The environments also I am keeping in same driver project like below.
main.tf
variables.tfvars
backend.tf
provider.tf
/src/terraform/any_driver_project_specific_files.tf
/env
/dev/variables.tfvars
/uat/variables.tfvars
Now when I have to apply in dev, I can use it from feature branch, while for applying in at, I can just cut a tag in gitlab like uat-vX.X.X and it does pickup the correct env. The benefits I get from that approach is my inupt variables are defined along with my terraform code.
I tried to do the same with TFC, where in:
- created a common workspace to provision environment based workspaces via
tfe_variable and tfe_workspace
module manage_workspaces {
source = "app.terraform.io/awake416/manage_workspaces/tfe"
version = "0.0.2"
// source = "../../../manage_workspaces/" *[1]*
// module source https://github.com/awake416/terraform-tfe-manage_workspaces
env = "dev"
prefix = "manage_aws_organizations"
oauth_token_id = var.oauth_token_id
aws_access_key_id = var.aws_access_key_id
aws_secret_access_key = var.aws_secret_access_key
}
resource tfe_variable functional_ous {
hcl = true
key = "functional_ous"
value = jsonencode(var.functional_ous)
category = "terraform"
description = "List of functional OUs"
workspace_id = module.manage_workspaces.workspace_id
}
More details are here - GitHub - awake416/manage_aws_organizations: This repo is used to manage aws organizations. This can create and add new accounts to org. Master account needs to be created manually.
But I found a few issues like:
- if input variables are maps, I have to pre-process them like manage_aws_organizations/workspaces.tf at main · awake416/manage_aws_organizations · GitHub
- I have to create variables using terraform in workspace and then run apply from UI in case of remote runs.
Now I need guidance as to how other’s are doing it? are they not switching to tfc remote? are they still using s3 backend? How are they integrating with gitlab for higher environments?
1 - is this the right way to test modules before publishing them to a private registry?
Apart from these, I liked the new tfc UI for apply and good job done by the team.
2.
