I have a Terraform-managed infrastructure repository that deploys resources on AWS for various projects. Currently, it includes a Virtual Private Cloud (VPC) and everything is functioning smoothly. I'm planning to switch to OpenTofu and utilize Bitbucket Pipelines for our CI/CD instead of Jenkins.
My main question is whether it's smart to create a new VPC within a mono-repo setup, or if I should simply use the existing VPC? Also, I'm transitioning our staging environments to on-premise, planning to use NGINX and an Application Load Balancer to manage traffic to relevant resources, while only using AWS for our production services. I'd appreciate your insights on this!
4 Answers
As long as both pipelines share the same state file and backend, you should be good to go. It's all about keeping those files synchronized!
When considering whether to create a new VPC, think about blast radius. It's usually best to keep your Jenkins and Bitbucket development on separate infrastructure until everything works seamlessly. Since VPCs are free, you can create as many as you need without much hassle. Your plan to have staging on-prem and production on AWS makes sense if that's what fits your company's model. It really depends on your definition of staging and how closely you want it aligned with production.
Totally agree! For us, staging on cloud just didn’t make financial sense, which is why we’re going on-prem.
I’d stick with the existing VPC if it's already set up well with subnets and security groups. Creating a new VPC can add unnecessary complexity unless you need strict separation. Your strategy of having on-prem staging with production services on AWS should work well, just be mindful of potential latency and routing challenges with NGINX and ALB. And a tip: don’t change too many things at once. It can get messy fast!
Reusing the current VPC is definitely a smarter move; no need for a new setup unless required. OpenTofu should integrate smoothly with existing state files, which means it's a cost-effective decision to keep production services on AWS while hosting staging on-site. But keep an eye on how far staging diverges from production to maintain cost-effectiveness. By the way, what’s the deal with your Jenkins setup?
Just to note, they're planning to use different state files, so that could complicate things.