Terraform CI/CD Best Practices
When you design your software, most of the time you think about CI/CD approach to improve
overall software development cycle and speed deployments up, nice! right?.
But What about your IaC?
Note: Check our previous blog where we discussed how we used AWS CodePipeline for creating CI/CD pipeline for ECS services, and for Lambda functions.
You should treat your IaC the same way you do with Software, and even go the extra mile making sure that your end-end experience of updating your Infrastructure is safe, fast and reliable.
Note: When we say IaC we mean Terraform
Some of our clients required that CI/CD pipeline solutions for Terraform should be implemented using AWS Services only, and we accepted that challenge. In the following Architecture, we describe our way of implementing Terraform CI/CD using AWS Developer Tools including AWS CodePipeline and AWS CodeBuild. We used CodePipeline for designing the phases and stages of the pipeline, and use CodeBuild for Terraform interaction and automation.
Using AWS Services for creating Terraform CI/CD pipeline introduce various advantages, including:
- The connection between Terraform and AWS API happened internally, which means more secure connections and more quicker deployments.
- You don’t need to share AWS API keys and secrets, you use your AWS CodeBuild Role, and configure Terraform to assume it, even if you use API Keys, you don’t need to share it externally either.
- You can add more stages to the pipeline like, validating, linting, policies enforcement.
- Integration with Other AWS services natively, like CloudWatch logs, CloudTrail, etc.
Note: You can send your pipeline results as a notification, to do that, check our blog post about how to create CodePipeline notifications here
In the Architecture, we include some of Terraform best practices, also we assume that the source code exists in AWS CodeCommit, but can be used with other source code management systems.
How to access AWS Cloud9 IDE from VSCode?
Run Terraform and Ansible from the online IDE
Cross-Account CI/CD Pipeline for ECS and Lambda
Automate your software delivery process using continuous integration and delivery (CI/CD) pipelines
AWS Codepipeline Notification
A simple notification application sending different statuses of your AWS CodePipeline to Slack or MS Teams using an incoming Webhook.