Terraform Multi-Account, Env & User AWS Template
The goal of this template is to create universal modules that can be used multiple times for the AWS Infrastructure with multiple environments. In addition, the Terraform state and lock is managed centrally for each environment using the remote backend (S3-Bucket and DynamoDB). This ensures parallel work on the Infrastructure.
Disclaimer
This template was created in collaboration with Jan Degen and with the help of publicly accessible platforms such a terraform.io and stackoverflow.
Prerequisites
- Pull template from GitHub.
- Create AWS-IAM-Roles in each of environment which have deployment privileges to deploy in their respective accounts. These roles must have account’s AWS ID as their trusted entity.
- arn:aws:iam::x:role/Terraform
You should have at least two AWS accounts/profiles
Initial Setup
Please note, that the initial setup should only be done the first time the structure is being setup on the AWS account. Once this setup has been completed, it is not necessary to repeat the initial setup.
After you have setup the backend, you can start with the creation and deployments of the infrastructure.
Setup AWS
Setup all AWS profiles in .aws/config and .aws/credentials
Init Provider For Remote Backend
Go to /terraform-aws-template/terraform/remote-backend/provider.tf and add following attributes:
Init Remote Backend
run following commands:
cd /terraform-aws-template/terraform/remote-backend
terraform init
terraform applyCopy the output generated as part of terraform apply into a file named backend-config.hcl and save it in /terraform-aws-template/terraform/infrastructure. This file will act as backend configuration for rest of your infrastructure.
Add profile name from .aws/credentials for you account in backend-config.hcl
Init Remote Backend Config and Environments
run following commands:
cd /terraform-aws-template/terraform/infrastructure
terraform init -backend-config=backend-config.hcl
terraform workspace new <env-name>Init Environment Variables
go to /terraform-aws-template/terraform/infrastructure/env_vars and add to <env-name>.tfvars all project and environments required variables.
Deployment
The process for deploying infrastructure for all accounts is the same:
cd /terraform-aws-template/terraform/infrastructure
terraform workspace select <env-name>
terraform plan -var-file="env_vars/<env-name>.tfvars
terraform apply -var-file="env_vars/<env-name>.tfvarsDevelopment
- Infrastructure
/terraform-aws-template/terraform/infrastructure/
- there you can initialize the source of module and provide required variables
2. Modules terraform-aws-template/modules/
- there you can define module resource creation
Module 00_generic
This module contains AWS Services that are required repeatedly when creating other modules. Like IAM-Roles, Policies, Bucket, …
Random.tf Class
With the help of random.tf, a four-digit alphanumeric string is generated for the unique identifier of the AWS Services that created via Terraform.
Summary
- create modules withing the modules directory
- separate creation of components
- call the module within the infrastructure directory
- add environments variables to tfvars-file located in env_vars
- manage AWS infrastructure by multiple users through remote backend
- manage multiple environments through environments variables and workspace
Try it out, explore it and have fun.
