Base infra to be used as a model
- Terraform cloud account;
- AWS account (Account ID);
- Terraform cloud account configured on the CLI (
terraform login
) - "Workspace" creation:
$ cd .terraform/aws/example-org/
$ terraform workspace new test
$ terraform workspace list
On TF cloud:
- Change execution model on Terraform cloud from "Remote" to "Local":
$ terraform init
- Execute
terraform plan
considering the environment/workspace:
$ terraform plan -var-file "./envs/terraform-$(terraform workspace show).tfvars"
Acquiring state lock. This may take a few moments...
Terraform used the selected providers to generate the following execution plan. Resource actions are
indicated with the following symbols:
+ create
Terraform will perform the following actions:
# module.vpc.module.vpc.aws_eip.nat[0] will be created
+ resource "aws_eip" "nat" {
+ allocation_id = (known after apply)
+ association_id = (known after apply)
+ carrier_ip = (known after apply)
+ customer_owned_ip = (known after apply)
+ domain = (known after apply)
+ id = (known after apply)
+ instance = (known after apply)
+ network_border_group = (known after apply)
+ network_interface = (known after apply)
+ private_dns = (known after apply)
+ private_ip = (known after apply)
+ public_dns = (known after apply)
+ public_ip = (known after apply)
+ public_ipv4_pool = (known after apply)
+ tags = {
+ "Name" = "example-dev-us-east-1a"
+ "managed-by" = "terraform"
+ "module" = "VPC"
+ "project" = "example"
+ "squad" = "example"
+ "stage" = "dev"
}
+ tags_all = {
+ "Name" = "example-dev-us-east-1a"
+ "managed-by" = "terraform"
+ "module" = "VPC"
+ "project" = "example"
+ "squad" = "example"
+ "stage" = "dev"
}
+ vpc = true
}
...
...
...
...
# module.vpc.module.vpc.aws_vpc.this[0] will be created
+ resource "aws_vpc" "this" {
+ arn = (known after apply)
+ assign_generated_ipv6_cidr_block = false
+ cidr_block = "10.104.64.0/18"
+ default_network_acl_id = (known after apply)
+ default_route_table_id = (known after apply)
+ default_security_group_id = (known after apply)
+ dhcp_options_id = (known after apply)
+ enable_classiclink = (known after apply)
+ enable_classiclink_dns_support = (known after apply)
+ enable_dns_hostnames = false
+ enable_dns_support = true
+ id = (known after apply)
+ instance_tenancy = "default"
+ ipv6_association_id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_network_border_group = (known after apply)
+ main_route_table_id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "Name" = "example-dev"
+ "managed-by" = "terraform"
+ "module" = "VPC"
+ "project" = "example"
+ "squad" = "example"
+ "stage" = "dev"
}
+ tags_all = {
+ "Name" = "example-dev"
+ "managed-by" = "terraform"
+ "module" = "VPC"
+ "project" = "example"
+ "squad" = "example"
+ "stage" = "dev"
}
}
Plan: 20 to add, 0 to change, 0 to destroy.
───────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these
actions if you run "terraform apply" now.
- Apply the changes:
$ terraform apply -var-file "./envs/terraform-$(terraform workspace show).tfvars" --auto-approve
- Put those steps on a pipeline (e.g.: https://learn.hashicorp.com/tutorials/terraform/github-actions);
- Review the approach of using
Roles
: