This example was conceived as an infrastructure for one AWS account with one region and division into dev, management and prod environments. But it can be extended for multiple regions, aws accounts and other clouds.
Current files structure:
ansible/ansible.cfg
ansible/group_vars/all.yml
ansible/inventory
ansible/playbooks/users.yml
ansible/roles/users/README.md
ansible/roles/users/defaults/main.yml
ansible/roles/users/handlers/main.yml
ansible/roles/users/tasks/main.yml
terraform/environments/aws-account-id/backend.hcl
terraform/environments/aws-account-id/global/management/.gitkeep
terraform/environments/aws-account-id/us-east-2/dev/ec2/instance/example/main.tf
terraform/environments/aws-account-id/us-east-2/dev/ec2/instance/example/output.tf
terraform/environments/aws-account-id/us-east-2/dev/ec2/instance/example/terragrunt.hcl
terraform/environments/aws-account-id/us-east-2/dev/ec2/instance/example/variables.tf
terraform/environments/aws-account-id/us-east-2/dev/vpc/default/main.tf
terraform/environments/aws-account-id/us-east-2/dev/vpc/default/output.tf
terraform/environments/aws-account-id/us-east-2/dev/vpc/default/terragrunt.hcl
terraform/environments/aws-account-id/us-east-2/management/ec2/key_pair/terraform/main.tf
terraform/environments/aws-account-id/us-east-2/management/ec2/key_pair/terraform/terragrunt.hcl
terraform/environments/aws-account-id/us-east-2/management/s3/terraform_state/main.tf
terraform/environments/aws-account-id/us-east-2/management/s3/terraform_state/output.tf
terraform/environments/aws-account-id/us-east-2/management/s3/terraform_state/terragrunt.hcl
terraform/environments/aws-account-id/us-east-2/management/vpc/default/main.tf
terraform/environments/aws-account-id/us-east-2/management/vpc/default/terragrunt.hcl
terraform/environments/aws-account-id/us-east-2/prod/vpc/default/main.tf
terraform/environments/aws-account-id/us-east-2/prod/vpc/default/terragrunt.hcl
terraform/environments/aws-account-id/us-east-2/region.hcl
terraform/environments/terragrunt.hcl
terraform/modules/aws/ec2/ami/main.tf
terraform/modules/aws/ec2/ami/outputs.tf
terraform/modules/aws/ec2/ami/variables.tf
terraform/modules/aws/ec2/terraform_key_pair/main.tf
Time track:
- Filipp Frizzy 28.25h
Terraform and Terragrunt
In this setup I use terraform with terragrunt for provisioning whole infrastructure.
Terraform can store it's state in files or in remote backend via S3 or Terraform Cloud.
For command work we should use only remote state. In this setup I use AWS S3 terraform_state bucket + DynamoDB for locking.
This require some initial preparation:
cd terraform/environments/aws-account-id/us-east-2/management/s3/terraform_state/
terraform init
terraform apply
sed -i "s/terraform_state_bucket/$(terraform output terraform_state_s3_bucket_name|sed 's/\"//g')/g" ../../../../backend.hcl
terragrunt init
- How to Build an End to End Production-Grade Architecture on AWS
- A Comprehensive Guide to Terraform
- How to manage Terraform state
- Terragrunt: how to keep your Terraform code DRY and maintainable
- Automate Terraform with GitHub Actions
- Terraform up and running
- How to create reusable infrastructure with Terraform modules
- How to use Terraform as a team
- A comprehensive guide to managing secrets in your Terraform code
- 5 Lessons Learned From Writing Over 300,000 Lines of Infrastructure Code