This is DoSomething.org's infrastructure as code, built using Terraform. We use it to manage and provision resources in Fastly, Heroku, and AWS (EC2, RDS, SQS, S3, IAM users, amongst others). It's a work in progress.
Install Terraform 0.12. On macOS, this is easy with Homebrew:
brew install terraform
Create a Terraform Cloud account with your work email & ask for an invite to our organization in #dev-infrastructure. Don't forget to enable two-factor auth! Then, create your API token and place it in your ~/.terraformrc
file, like so:
credentials "app.terraform.io" {
token = "xxxxxx.atlasv1.zzzzzzzzzzzzz"
}
Run make init
from this directory to install a githook to check formatting before you commit changes. You can run make format
at any time to format your code, or install the Terraform extension for your editor.
Alright, now you're ready to build some infrastructure!! π
Terraform allows us to create & modify infrastructure declaratively. The files in this repository define what infrastructure (apps, databases, queues, domains, etc.) we should have, and Terraform figures out what changes it needs to make the get there based on what currently exists.
We separate our configuration into workspaces. We also build reusable modules in the applications/
and components/
directories that can be used to provision the same type of thing in multiple places.
See Terraform's Getting Started guide & documentation for more details.
We use workspaces to separate different contexts (e.g. the main application vs. our data stack) and environments (proudction, QA, and development). Each workspace exists as a top-level folder in this repository.
To make changes in a workspace, first cd
into the workspace's directory and run terraform init
to pull down dependencies. Then, make your changes to the Terraform configuration files with your text editor.
You can make a plan to find out how your changes will affect the current state of the system:
terraform plan
Once you're satisfied with Terraform's plan for your changes, commit your work & make a pull request. Your pull request will automatically run a plan for all workspaces (even if they're not affected by your change).
After your pull request is reviewed and merged, you can then apply your change to update the actual infrastructure. Terraform Cloud will make your changes, update the remote state, and ensure nobody else makes any changes until you're done.
To apply pending changes to a workspace, visit Terraform Cloud and open the latest run for the workspace you want to modify. Review the plan & then choose "Confirm & Apply" to make the change.
We take security very seriously. Any vulnerabilities should be reported to security@dosomething.org, and will be promptly addressed. Thank you for taking the time to responsibly disclose any issues you find.
aws_
resourcesfastly_
resourcesheroku_
resources© DoSomething.org. This config is free software, and may be redistributed under the terms specified in the LICENSE file. The name and logo for DoSomething.org are trademarks of Do Something, Inc and may not be used without permission.