antonbabenko / terraform-best-practices

Terraform Best Practices free ebook translated into ๐Ÿ‡ฌ๐Ÿ‡ง๐Ÿ‡ฆ๐Ÿ‡ช๐Ÿ‡ง๐Ÿ‡ฆ๐Ÿ‡ง๐Ÿ‡ท๐Ÿ‡ซ๐Ÿ‡ท๐Ÿ‡ฌ๐Ÿ‡ช๐Ÿ‡ฉ๐Ÿ‡ช๐Ÿ‡ฌ๐Ÿ‡ท๐Ÿ‡ฎ๐Ÿ‡ฑ๐Ÿ‡ฎ๐Ÿ‡ณ๐Ÿ‡ฎ๐Ÿ‡ฉ๐Ÿ‡ฎ๐Ÿ‡น๐Ÿ‡ฏ๐Ÿ‡ต๐Ÿ‡ฐ๐Ÿ‡ท๐Ÿ‡ต๐Ÿ‡ฑ๐Ÿ‡ท๐Ÿ‡ด๐Ÿ‡จ๐Ÿ‡ณ๐Ÿ‡ช๐Ÿ‡ธ๐Ÿ‡น๐Ÿ‡ท๐Ÿ‡บ๐Ÿ‡ฆ๐Ÿ‡ต๐Ÿ‡ฐ
https://www.terraform-best-practices.com/
Other
2.07k stars 431 forks source link

How to manage dependencies? #27

Open Cinderhaze opened 3 years ago

Cinderhaze commented 3 years ago

I saw you touch on dependencies in https://github.com/antonbabenko/terraform-best-practices/blob/master/not-best-practices/faq.md but I was wondering if you could point to a resource for how to manage terraform dependencies..

My current organization does something that feels wrong, and requires lots of manual rebuilds.. When a terraform module depends on another module, it is fetched into the 'build' directory, with the dependent module name as a folder in the top level structure of the built module. It is then 'vendored' into the .tar that we produce and push to our artifact repository (across environments), and then exported from the artifact repo into each different environments git repo with an appropriate version tag.

We use terragrunt to fetch the version of the repo with all of it's dependencies vendored into it.;

What is the 'right' way to have multiple module dependency resolved in terragrunt? We already have a top level module_versions.yaml file that is used to index the version, but you can't just update dependent_module in that file and get it pulled in, unless the toplevel_module gets rebuilt, and pulls that version in.

Are there any good resources showing how to create/reference/build the right module structure and it's references? I guess what I want to find is what you would put in https://www.terraform-best-practices.com/examples/terragrunt, but it currently appears empty!

antonbabenko commented 3 years ago

I think you are right that the solution you have implemented does not sound like the best one. You have a lot of extra implementation details (vendored modules, yaml files, etc) which I will skip and describe how this can be implemented in a simpler way (some details are ignored for simplicity reasons).


Terraform modules should be versioned. Combine multiple Terraform modules blocks into one (so-called, "infrastructure modules" or "stacks").

Terragrunt configuration describes environments that consist of versioned terraform module + inputs to that module.

Dependencies inside of terraform modules and in terragrunt configurations can be managed using tools like dependabot or renovatebot.

I don't see the reason to not use native mechanisms to resolve required dependencies implemented by terraform init in your scenario.

terraform and terragrunt does not have all the features like package management software has (think about npm, pip, etc), and in many cases, we don't need it.

https://github.com/antonbabenko/terragrunt-reference-architecture - take a look at this Terragrunt reference architecture.