Hi,
I’m working on a project where terraform doesn’t provision everything.
For example, VPCs will be created and provisioned by a separate team than databases team does (least privilege principle)
The solution the team came up with was to create a separate module with separate tfstate files.
- Networking Parent-module (providers.tf, vpc.tf) → team-1 provision this
- Database Parent-modules (providers.tf, rds.tf) → team-2 provision this
- Compute Parent-modules (providers.tf, ec2.tf) → team-3 provision this
Currently, (for example) in providers.tf, I keep repeating this in every parent module.
provider "aws" {
region = "us-east-1"
}
Now I’m looking for ways to make it better. Like, provide a single file with all the variables defined there, outside the parent modules. But I don’t know how to structure/reference it. I know variables won’t work because I need to define value rather than address it somewhere else. Local is a possibility, but how do I tell locals to go somewhere and pull those values.
Also, if you have any solution to this issue, please share it with me.