I try to create a foundation for my DevOps workshop where my previous story by utilizing terraform to create Infrastructure as Code (IAC). Love it and it is reusable in a sense that we could really deploy it for real project / production. The thing is in my previous deployment I use my local laptop environment to actually deploy the terraform for AWS. However the DevOps approach require us to able to distribute the capability to actually develop the codes (this case is for infra team, and also in the same manner the developer codes — CICD approach).
So with that in mind, I try to explore some options for implementing the CICD for this particular infra approach (IAC). The easiest one, as I am using the AWS environment is just to use existing AWS Developer tools. AWS CodePipeline & CodeBuild
To create such environment, I have in mind to actually use Github as my repository (just a simple public one for this testing) and AWS Dev Tools. The summary is as follow:
Create Github repository for code access (this enable central repository for my codes)
Create S3 & DynamoDB for remote terraform state file storing (this enable for any terraform action distributed, as the state is centralized in S3 and interlocking key managed by storing data LockID in DynamoDB)
Enable AWS STS (Security Token Service) on particular region where I want to put my codePipeline and codeBuild on.
Create codeBuild and test individually (without codePipeline)
Create codePipeline and use the codeBuild operation.
as last operation, I could still do clean up from my laptop (as my terraform use remote repos for tfstate).
Within today testing, I could see the bright usage of this terraform + codePipeline & codeBuild approach especially within DevOps teams. It is surely are able to work around multiple PIC to manage this codes, and actually build a real CICD.
Though this test are still quite raw, but it have a promising future. The things that I need to do further is to add testing section so that I could ensure that the codes and the infrastructure that I created are correctly deployed. Last but not least, maybe for future reference (and multi-cloud approach) I could try to use 3rd party CICD approach (Jenkins maybe?)
To join our community Slack 🗣️ and read our weekly Faun topics 🗞️, click here⬇