Skip to content
This repository has been archived by the owner on Apr 12, 2021. It is now read-only.
/ terraform-rewindio-example Public archive

A sample repo showing the general layout of our Terraform repos

License

MIT license
29 stars 18 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

rewindio/terraform-rewindio-example

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
.github
.github
 
 
backend
backend
 
 
tfvars
tfvars
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 

Repository files navigation

terraform-rewindio-example

An example repo showing the general layout of most of our Terraform repos at Rewind and illustrating how the Terraform Github actions are configured.

This repo is an example to accompany the blog post Automated Terraform Deployments to AWS with Github Actions

Usage

Create a backend.tfvars file with your backend configuration. It should look something like:

bucket               = "terraform-state-bucket"
key                  = "terraform.tfstate"
workspace_key_prefix = "terraform-workspaces"
dynamodb_table       = "terraform_state_lock"
region               = "us-east-1"
profile              = "production"

external_ip_allow_list = [""]

Instructions on configuring dynamoDB for state locking are in the terraform docs. profile is the name of an AWS credentials profile that has access to the bucket for storing sate.

Once the workspace and backend file is configured, you can init and plan as usual

terraform init -backend-config ./backend.tfvars
terraform workspace new st-test-results-bucket_us-east-1
terraform apply -var-file ./backend.tfvars -var-file tfvars/staging/st-test-results-bucket_us-east-1.tfvars

Github actions

The .github/workflows folder contains the workflows for enabling terraform control via a github workflow. It requires the following secrets be set on the repo

  • deploy_user_PAT - this is a Github access token for a user that has read access to repos. This handles the case where terraform private modules are being used
  • AWS_ACCESS_KEY_ID_STAGING, AWS_SECRET_ACCESS_KEY_STAGING, AWS_ACCESS_KEY_ID_PRODUCTION, AWS_SECRET_ACCESS_KEY_PRODUCTION - AWS credentials for a staging and production account

The plan workflow will trigger on any new pull request to the repo and run a plan for any workspaces specified in the matrix strategy

    strategy:
      matrix:
        workspace: [st-test-results-bucket_us-east-1,
                    pd-test-results-bucket_us-east-1]

It expects to find tfvars files under tfvars/staging or tfvars/production that match the names of the workspaces.

The apply workflow is triggered by comments to the pull request of the form

terraform apply <directive>

use terraform help as a pull request comment to see the available directives

About

A sample repo showing the general layout of our Terraform repos

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

29 stars

Watchers

12 watching

Forks

18 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages