.Terraform CI/CD Best Practices

When you design your software, most of the time you think about CI/CD approach to improve overall software development cycle and speed deployments up, nice! right?.
But What about your IaC?

Note: Check our previous blog where we discussed how we used AWS CodePipeline for creating CI/CD pipeline for ECS services, and for Lambda functions.

You should treat your IaC the same way you do with Software, and even go the extra mile making sure that your end-end experience of updating your Infrastructure is safe, fast and reliable.

Note: When we say IaC we mean Terraform

Some of our clients required that CI/CD pipeline solutions for Terraform should be implemented using AWS Services only, and we accepted that challenge. In the following Architecture, we describe our way of implementing Terraform CI/CD using AWS Developer Tools including AWS CodePipeline and AWS CodeBuild. We used CodePipeline for designing the phases and stages of the pipeline, and use CodeBuild for Terraform interaction and automation.

Using AWS Services for creating Terraform CI/CD pipeline introduce various advantages, including:

• The connection between Terraform and AWS API happened internally, which means more secure connections and more quicker deployments.
• You don’t need to share AWS API keys and secrets, you use your AWS CodeBuild Role, and configure Terraform to assume it, even if you use API Keys, you don’t need to share it externally either.
• You can add more stages to the pipeline like, validating, linting, policies enforcement.
• Integration with Other AWS services natively, like CloudWatch logs, CloudTrail, etc.
  

Note: You can send your pipeline results as a notification, to do that, check our blog post about how to create CodePipeline notifications here

In the Architecture, we include some of Terraform best practices, also we assume that the source code exists in AWS CodeCommit, but can be used with other source code management systems.