I’m setting up a new terraform project from scratch using the aws provider, attempting to follow some best practices that I’ve read. I currently have only a ‘terraform-live’ repo, which hosts code for different aws accounts:
- security (for IAM users)
There’s around five in total. All have been setup using public modules so far, and each account is roughly the same (IAM roles, cloudtrail setup, guardduty, that kind of thing). Each folder has its own backend configured. So none of the state is shared among them. Each state backend is an S3 bucket in the account.
I’d love some advice on how to proceed now that I want to deploy applications. The applications are in different repositories, and will build and push docker images to ECR. I’d like to deploy these using Fargate (or just regular ECS).
Some questions I have:
- how much of the ECS infrastructure would you manage in this terraform-live repository? All the way to task definitions?
- historically i’ve kept infrastructure related to an application very close to the application, usually in the same repo. can a pattern like that be applied with modules?
- how could an efficient way of deploying development branches in the dev environment be achieved without needing to commit/push changes to the terraform-live repository?
Sorry if the post comes off a bit disjointed, having a hard time wrapping my brain around it currently!