ADR: Consolidate Terraform Environment Variables

[ben851]

Description

As a developer/operator of GC Notify I want to be able to administer Terraform environments in a single location so that it is easy to identify and understand how any given environment is configured.

WHY are we building?

Currently environment variables and secrets are injected in at least four different places: TFVars file (stored in last pass), env_vars.hcl, each sub-folder terragrunt.hcl, and github actions secrets. This makes it very difficult to understand exactly how an environment is being configured, and is adding confusion when spinning up new environments.

WHAT are we building?

An ADR that will describe a single file approach to managing environments

VALUE created by our solution

In addition to simplifying the creation and management of Terraform environments, this will also reduce the number of terragrunt environment folders we will require, and will take a positive step toward consolidating secrets in AWS Secrets Manager.

Acceptance Criteria

• [ ] An ADR has been created that outlines the details of the solution, which has been read and approved by the team

[sastels]

Addressing one of Jimmy's comments Steve will take a look at as well

[ben851]

Added a diagram showing current and proposed flows

[jimleroyer]

Jimmy to review ADR today.

[jimleroyer]

Commented on the ADR. Let's take the stand up parking lot to address these and find a resolution.

[sastels]

Still under discussion. Will have a meeting in the following weeks.

[ben851]

Meeting was pushed due to AWS incident, Ben to reschedule today.

[ben851]

Had the meeting:

• We will proceed with planning the implementation of the proposed solution in the ADR as is
• Jimmy will reach out to Max to ask his opinion, and try and determine the best way forward with IT Sec
• Once that is done, a meeting with IT sec will be called to discuss next steps
• For this card, Ben will update the ADR with a summary of the IT sec concerns, and then merge the ADR in draft state
• The implementation of this will be done in another card.

[ben851]

Updated document with IT Security concerns. Moving back to review

[sastels]

Steve and Jimmy will review

[jimleroyer]

Let's setup a meeting with the security folks + Calvin to explain our choice.

[ben851]

Jimmy to start a slack thread to inform security of our decision.

[ben851]

We have received the blessing from IT Sec. This can be merged. A new ticket will be created for the implementation.