Hey everyone! I'm in the process of migrating our infrastructure as code (IaC) from generated CloudFormation templates to Terraform. We've got 5 environments across 4 AWS regions and we're applying an A/B deployment strategy. I'm roughly 80% done, but I'm at a crossroads: should I refactor my existing Terraform setup to use Terragrunt, especially since we have so many environment permutations, or should I just stick to standard Terraform?
Also, I've been considering the practice of keeping module definitions in separate repositories from the live environment repositories. Is that becoming a common approach? It seems logical to point to a specific version of a module to ensure we can update it without disrupting our current environments that rely on earlier versions.
Currently, our Terraform repo setup looks like this:
- App A
- App B
- App C
- A static repo for non A/B resources like VPCs
- An account setup repo for one-time resources and scripts.
For all but the account setup repo, should we have two separate repos, one for modules and another for live environments? Does that sound like best practice? Thanks for any insight!
6 Answers
With five environments, keeping it simple might be best. You could risk overcomplicating everything with Terragrunt if it's not warranted. Just focus on what makes sense for your team's workflow!
Your current Terraform structure seems solid. I also recommend separating module and deployment repos, and I like to include as much IaC in the application repos as possible. Only share resources like VPCs or account setups separately. It's easier to manage that way. As for Terragrunt, if you're dealing with more than a few environments, it can save you a lot of headaches!
Try to stick with vanilla Terraform as much as possible. If you start having dependency issues or need to operate across multiple accounts, consider something like Terraspace rather than Terragrunt. I've found it to help in my experience!
It can get complex and might lead to over-engineering if it’s not necessary.
Terragrunt can be helpful if you're managing multiple waves of deployments, but for straightforward applications, you might not need it. It's powerful for complex multi-environment setups, but it can feel like overkill in simpler cases.
Totally agree. I think it really depends on your specific needs.
True, but if you keep everything in one state, it might simplify things a bit.
You could actually keep both module definitions and live infrastructure in one repo. Just reference a specific commit SHA or release from GitHub, which allows you to update modules without breaking existing environments. It’s a flexible approach that works well too!
Having separate repos for modules and deployments is definitely best practice, especially if your environments are similar. I just implemented this for 8 environments, and although it took some time, it really helps keep everything organized and consistent. Plus, making changes across multiple environments with a single command is a big win!
What are the main drawbacks of Terragrunt? I'm curious since I’ve mostly worked in Terragrunt-based setups.