Terraform example to have a short developer loop and pipeline in Azure DevOps (CI/CD).
We think Infrastructure as Code should be used by everyone while at the same time being as easy and accessible as possible. This was created to kick-start individuals, teams and organizations and give them an example of how they can work.
As of writing, we have created two terraform setups. One for the core infrastructure (tf-core-infra) and one for EKS (tf-eks) - as well as Azure Pipelines YAMLs for each. There's also a boilerplate (tf-boilerplate and .ci/pipeline-tf-boilerplate.yml) which hopefully makes it easier for more setups.
Take a look in the variables folder for more information. The common.tfvars is used by all environments and env.tfvars for each specific environment.
Fork this repository, try it out with Azure Pipelines and make it yours. If you do something cool, you can always do a pull request back here.
Go to (in Azure DevOps) Project Settings > Service connections > New service connection > AWS > Name it aws-<ENV> (example: env-dev).
Enable/disable environments by modifying env<ENV>Enabled (example: envDevEnabled) from false to true.
Go to (in Azure DevOps) Pipelines > Library and create the variable group terraform-encryption with a variable (should be secret) named terraformEncryptionSecret. Make sure it's not in clear text - it will be used to encrypt and decrypt the terraform plans stored in artifacts.
You may have to modify the s3 bucket etc.
aws configure --profile kubernetes-dev
export AWS_PROFILE="kubernetes-dev"
pwsh .ci/Invoke-PipelineTask.ps1 -tfFolderName tf-core-infra -build
pwsh .ci/Invoke-PipelineTask.ps1 -tfFolderName tf-core-infra -deploy
You may have to run -build with the additional parameter -azureDevOps once to create the s3 bucket for the state.
The recommended way of running it, since all the configuration required is included. Add the service connection and modify the variable variables to reflect your environment, see .ci/pipeline-tf-infra-core.yml for an example.
Create an IAM user with full permissions to the account and add it as aws-<ENV> (example: aws-dev) as a service connection.
If you want to create a new terraform setup, copy the tf-boilerplate folder and .ci/pipeline-tf-boilerplate.yml (with your new names). Make sure to update the pipeline yaml where it says boilerplate to your new setup.