This repository collects the organization's infrastructure-as-code. It is encoded using Hashicorp Terraform. It uses an Azure Storage account to keep a shared copy of the Terraform state and also performs extra validation before invoking the Terraform plan and apply commands.
This repository uses terraform-docker to simpliify working with Terraform. In order to work with terraform-docker, you need to install Docker Engine and make (but not Terraform itself, which is already included).
The tool assumes that your Terraform is organized into separate subdirectories (called DIR), each of which holds a separate Terraform configuration. This repository has two default configurations:
governance/: "Abstract" and administrative resources, typically groups, shared key vaults.core/: Resources that many other parts interact with, such as peering, shared firewalling, et c.
You can add new subdirectories as necessary to organize your infrastructure.
terraform-docker assumes that you have multiple copies of your configurations deployed so that you can verify any changes before rolling them out in production. Each copy is called an environment, or ENV for short. terraform-docker defaults to two environments, called dev and prod.
Start by familiarizing yourself with the Terraform workflow. The tool wraps the actual execution of Terraform, but the workflow is the same.
Before you executre plan for the first time, you need to initialize your local environment. You need to do this for every ENV/DIR combination.
make prepare ENV=dev DIR=governanceOnce you have performed this step, you can start updating your environments.
make plan ENV=dev DIR=governance
make apply ENV=dev DIR=governance