Skip to content

dfds/infrastructure-modules

Repository files navigation

Build Status

infrastructure-modules

Terraform modules for infrastructure

Containers to run this: https://hub.docker.com/u/dfdsdk

Terraform Best Practices

Terraform Files

  • main.tf
  • outputs.tf
  • vars.tf

Terraform Module Folder Structure

We recommend a folder structure for Terraform modules like so:

module-category
 └ module-name
    └ README.md
    └ main.tf
    └ outputs.tf
    └ vars.tf

Example:

security
 └ iam-account-alias
    └ README.md
    └ main.tf
    └ outputs.tf
    └ vars.tf
 └ org-account
    └ README.md
    └ main.tf
    └ outputs.tf
    └ vars.tf
network
 └ ...

Test/QA

Find compatible AMI images

EKS_CLUSTER_VERSION=1.28
REGION=eu-west-1

# For regular nodes
aws ssm get-parameter --name /aws/service/eks/optimized-ami/$EKS_CLUSTER_VERSION/amazon-linux-2/recommended/image_id --region $REGION --query "Parameter.Value" --output text

# For GPU nodes:
aws ssm get-parameter --name /aws/service/eks/optimized-ami/$EKS_CLUSTER_VERSION/amazon-linux-2-gpu/recommended/image_id --region $REGION  --query "Parameter.Value" --output text

Release process

Branch protection is not enabled on this repo. Instead we rely on release tags to ensure we do not commit straight to production.

When creating a new release, it's important to ensure only the intended changes are included, not changes others may have committed to master without also creating a release.

Before creating the release, you should compare the commit you want to release against the latest release, and ensure only intended changes are included.

In this example, I am comparing the lastest release (0.1.35) against the commit I plan to release (75bec8f).

https://github.com/dfds/infrastructure-modules/compare/0.1.35..75bec8f

Pre-Commit Hooks (Optional)

This repo defines Git pre-commit hooks intended for use with pre-commit.

  • Install pre-commit. E.g. brew install pre-commit. https://pre-commit.com/#install
  • Run pre-commit install in the repo.
  • That’s it! Now every time you commit a code change (.tf file), the hooks in the hooks: config will execute.

Credits

The general structure of these modules, file layout etc. are largely based on Gruntwork's recommendations. More specifically the blog posts:

Gruntwork's example repos, of both modules and live/input data, along with their README files have also proven very useful:

To workaround some of Terraform's quirks and shortcomings:

Other inspiration: