This repository provides a required minimum setup of the IaC with default Terragrunt code layout and CI/CD pipelines.
| Name | Description |
|---|---|
AWS_ACCESS_KEY_ID |
AWS access key to make programmatic calls to AWS |
AWS_SECRET_ACCESS_KEY |
AWS secret key |
IAC_PAT |
Personal access tokens (PATs) for authentication to GitHub when using the GitHub API or the command line |
INFRACOST_API_KEY |
Free API key for Infracost |
Contains in-house Terraform modules, best practice here is to use a separate repository for Terraform modules, but in some cases better to keep specific modules here. By default, CI pipeline is enabled for this folder, if pull request contains changes for files placed in modules, then CI will detect all updated modules and will perform some basic checks (formatting, code validation, and apply linter).
This is a root folder for Terragrunt, all nested folders are using the followed convection: each of them is placed with tree default layer separators (AWS account, region, and environment). In the future, users could extend those layers with their own.
The folder with Terraform generated resources basically is designed to use with SAK modules and used by ArgoCD.
Algorithm of work:
- Terragrunt applies Terraform code and generates required files in its
.terrafrom-cachefolder. - CI pipelines after finishing applying code perform checking state file for resources with
local_filetype and copy all of them with keeping original Terragrunt folder path togeneratedfolder and commit them.
NOTE: CI or Terraform do not perform deletions from that folder, so users must clean up unused files by themself.
- Copy this repository under your organization.
- Fill up all required GitHub secrets.
- Perform CI and Terragrunt layout modifications based on your needs
- Manually perform first
terragrunt applyforterraform-statesTerragrunt folder (by default placed inmain/us-west-2/development/terraform-states, the path could be different if it was changed on the third step).