Open ben851 opened 1 year ago
Addressing one of Jimmy's comments Steve will take a look at as well
Added a diagram showing current and proposed flows
Jimmy to review ADR today.
Commented on the ADR. Let's take the stand up parking lot to address these and find a resolution.
Still under discussion. Will have a meeting in the following weeks.
Meeting was pushed due to AWS incident, Ben to reschedule today.
Had the meeting:
Updated document with IT Security concerns. Moving back to review
Steve and Jimmy will review
Let's setup a meeting with the security folks + Calvin to explain our choice.
Jimmy to start a slack thread to inform security of our decision.
We have received the blessing from IT Sec. This can be merged. A new ticket will be created for the implementation.
Description
As a developer/operator of GC Notify I want to be able to administer Terraform environments in a single location so that it is easy to identify and understand how any given environment is configured.
WHY are we building?
Currently environment variables and secrets are injected in at least four different places: TFVars file (stored in last pass), env_vars.hcl, each sub-folder terragrunt.hcl, and github actions secrets. This makes it very difficult to understand exactly how an environment is being configured, and is adding confusion when spinning up new environments.
WHAT are we building?
An ADR that will describe a single file approach to managing environments
VALUE created by our solution
In addition to simplifying the creation and management of Terraform environments, this will also reduce the number of terragrunt environment folders we will require, and will take a positive step toward consolidating secrets in AWS Secrets Manager.
Acceptance Criteria