I’m sort of the main infrastructure/DevOps person in my organization, and recently, I started using Terraform to codify our infrastructure. I also launched a new product from within the organization whose infrastructure is completely managed by Terraform.
Currently, I have the Terraform config in a separate repo in the group I maintain for DevOps activities (dockerfiles, Chef cookbooks, Helm charts, and now Terraform config), but I’m wondering if this is really good practice…
On the one hand, Terrraform deserves a separate repo, because it’s a separate, cross-cutting domain, affecting both backend and frontend (potentially. Depending on the config.), so it shouldn’t be mixed in with program code.
On the other hand, placing Terraform configs in the same repo allows better and more concise overview/auditing, since everything is available in one place to define the state of the system, without having to clone multiple repos.
So my question is: what’s the current best practice, should I place Terraform config in with my app code, or keep it in a separate repository?
The same question goes for managing multiple apps, should config be placed in the app repositories and versioned there (with versioning mixed in with app code versioning), or in a separate repository (where versioning is mixed in with all other infrastructure, not just the app being audited)?