This repository serves as a centralized registry for reusable infrastructure and configuration management definitions to be used across FNL projects.
- Resources should be named using the following convention:
"${stack-name}-${environment}-description"- The
stack-nameargument is the name of the application - The
environmentargument is the name of the target tier (consider usingterraform.workspacein project repositories) - The
descriptionargument describes the resource (i.e. "s3-log-bucket" or "opensearch") - Keep in mind that some resources require globally unique names. Use the
descriptionargument to ensure global uniqueness when this is the case (S3 buckets, for example)
- Creating
IAM Rolesin modules is recommended, butIAM Policiesattached to theseIAM Rolesshould be defined in project repositories. - For use cases where it makes sense to create
IAM Policiesin a module (i.e. AssumeRole scenarios), use the IAM Policy Document data source to define theIAM Policies.
- Creating
Security Groupsin modules is recommended, butSecurity Group Rulesattached to theseSecurity Groupsshould be defined in project repositories.
- Terraform Modules stored in the
terraform/modules/directory should have the following folder structure:
|-- terraform
| |-- modules
| | |-- resource1
| | | |-- data.tf
| | | |-- locals.tf
| | | |-- main.tf
| | | |-- outputs.tf
| | | |-- variables.tf
| | | |-- README.md
| | |-- resource2
| | | |-- data.tf
| | | |-- locals.tf
| | | |-- main.tf
| | | |-- outputs.tf
| | | |-- variables.tf
| | | |-- README.md
- v1.5:
- update to the ecs terraform module to fix an error with setting the permissions boundary ARN in upper tier environments.
- updated naming as "${var.resource_prefix}-<resource_name/description>" which allows us to provide the resource_prefix at the project level.