I'm a software developer with a side project managing infrastructure using Terraform on AWS. I've set up a GitHub CI/CD pipeline and organized my Terraform repository in a directory per environment. My challenges are mainly around how to manage the bootstrapping of GitHub Actions and IAM permissions without running Terraform locally, which is cumbersome with multiple environments. I also want to improve my CI/CD process: should I consider tag-based deployments? Plus, the directory structure isn't ideal as it complicates deployments between environments due to differing configurations. How can I maintain a smart and professional Terraform setup that's efficient and manageable as a solo developer?
4 Answers
Running Terraform locally is a recipe for disaster, especially when managing multiple environments. You should aim to do everything through your CI/CD pipelines. Setting local usage for emergency purposes only can save you from state-lock-related headaches down the line. It’s better to have a streamlined process where all your Terraform operations are handled through CI/CD to keep things consistent and safe.
How do you usually handle failed plans during an apply? I've noticed undocumented API constraints popping up.
Take a look at tools like Terragrunt or TerraTeam. They can help manage your Terraform configurations better and make it easier to handle different environments without the pain of excessive duplication.
If you like the GitOps style, check out Atlantis. I run it as an ECS container and give it the necessary permissions to handle IAM roles for Terraform operations. This setup allows for better security and control over your deployments without exposing everything to the internet.
Consider trying Terraform Cloud's free edition. It's a Git-driven solution that can eliminate the need to run Terraform locally and integrates nicely with your workflow.
So are you saying it's okay to let Terraform create new IAM policies on the fly? That could definitely simplify things for me.