Terraform CI/CD Best Practices

 
 

When you design your software, most of the time you think about CI/CD approach to improve overall software development cycle and speed deployments up, nice! right?.
But What about your IaC?

Note: Check our previous blog where we discussed how we used AWS CodePipeline for creating CI/CD pipeline for ECS services, and for Lambda functions.

You should treat your IaC the same way you do with Software, and even go the extra mile making sure that your end-end experience of updating your Infrastructure is safe, fast and reliable.


Note: When we say IaC we mean Terraform


Some of our clients required that CI/CD pipeline solutions for Terraform should be implemented using AWS Services only, and we accepted that challenge. In the following Architecture, we describe our way of implementing Terraform CI/CD using AWS Developer Tools including AWS CodePipeline and AWS CodeBuild. We used CodePipeline for designing the phases and stages of the pipeline, and use CodeBuild for Terraform interaction and automation.


Using AWS Services for creating Terraform CI/CD pipeline introduce various advantages, including:

  • The connection between Terraform and AWS API happened internally, which means more secure connections and more quicker deployments.
  • You don’t need to share AWS API keys and secrets, you use your AWS CodeBuild Role, and configure Terraform to assume it, even if you use API Keys, you don’t need to share it externally either.
  • You can add more stages to the pipeline like, validating, linting, policies enforcement.
  • Integration with Other AWS services natively, like CloudWatch logs, CloudTrail, etc.

Note: You can send your pipeline results as a notification, to do that, check our blog post about how to create CodePipeline notifications here

In the Architecture, we include some of Terraform best practices, also we assume that the source code exists in AWS CodeCommit, but can be used with other source code management systems.

Terraform CI/CD Best Practices
Terraform CI/CD Best Practices



      

App Mesh and ECS with shared Meshes

Step by Step Tutorial on how to use App Mesh on ECS with cross account ressource sharing (shared meshes)

 

Jul 25th 2020

 

Yassine Berrada Touati

How to access AWS Cloud9 IDE from VSCode?

Run Terraform and Ansible from the online IDE

 

Apr 21st 2020

 

Mohammed Yahya

Cross-Account CI/CD Pipeline for ECS and Lambda

Automate your software delivery process using continuous integration and delivery (CI/CD) pipelines

 

Mar 24th 2020

 

Mohammed Yahya