Provide the full code from the demo

[skoblenick]

I watched your talk at Going Multi-Account With Terraform on AWS at https://www.youtube.com/watch?v=qVcdO3OeTZo.

Can you provide the full code for both directories? This repo only contains the environment directory under your aws-multi-account directory and is missing the main. The terraform files for the setup of main account would be useful. While some of the concepts are the same, there are distinctly different actions being performed in each module and are useful for understanding more about the AWS organizations and policy setup. It would be nice, for the sake of completeness to see this other folder, the video gives a glimpse of a file or two but overlooks the meat of the policy assignments.

[lpossamai]

+1 Please provide the full code

[lpossamai]

FYI @skoblenick https://github.com/Sivajey/hashitalks-africa-demo

[deltakroneker]

@skoblenick You can see in the commit history that his most recent commit removed the main/ directory. Although you can checkout and inspect the repository at the point in time before that happened (thus getting the full code), it would be nice to know what is the reason for this latest commit @cobusbernard

[cobusbernard]

Hi, sorry for the lack of response, the last year was busy with relocating the family to Seattle :) I'll revert the commit, think I cleaned up for another demo using the repo.

[cobusbernard]

To answer @skoblenick initial question, this repo should actually be split into at least 2 different ones, just used directories for the demo. You use the main repo to bootstrap your environment and top level account, then use the environment repo for your dev / test / prod environment, each in their own AWS account. This allows you to keep the infrastructure in sync using a single repo (environment), and manage the differences with the tfvars file for each one.

[deltakroneker]

To answer @skoblenick initial question, this repo should actually be split into at least 2 different ones, just used directories for the demo. You use the main repo to bootstrap your environment and top level account, then use the environment repo for your dev / test / prod environment, each in their own AWS account. This allows you to keep the infrastructure in sync using a single repo (environment), and manage the differences with the tfvars file for each one.

Are there any drawbacks to keeping it the way you showed (single repo for both directories)?

[cobusbernard]

Yes, I used to use a mono-repo approach, but as you start splitting out more of the infra into their own statefiles (e.g. 1 per service), the build system becomes slow and too complex. Splitting into own repos keeps is cleaner and simpler.

[amitkarpe]

Is there any document or guide to understand best practice to manage AWS Multi Account using TF/TG? What should be directory structure? Whether we should prefer mono-repo or separate repository for dev/test/qa/prod/cicd/monitoring environment? How to handle other IaC repo like we have github and azure?

[cobusbernard]

Apologies, this took quite a while, but I have published the code as 2 tutorials, I updated the readme to have the links, let me know if there is anything that isn't clear. @amitkarpe - there is one tutorial specifically showing how to use multiple repos to manage multiple accounts for you to dig into.

I initially spent ~2 years using a mono-repo for multi account setups, but then ended up splitting them into separate ones when it became to hard to manage all the workflows and coordinate between teams. I am planning to write up a detailed post about that soon on https://buildon.aws, but please have a look at that one tutorial I mentioned earlier.

[fede843]

Apologies, this took quite a while, but I have published the code as 2 tutorials, I updated the readme to have the links, let me know if there is anything that isn't clear. @amitkarpe - there is one tutorial specifically showing how to use multiple repos to manage multiple accounts for you to dig into.

Hi, are the links broken?

[dbaber]

The links in the README.md seems to be broken now. I found these with Google: https://community.aws/tutorials/bootstrapping-terraform-automation-amazon-codecatalyst https://community.aws/tutorials/automating-multiple-environments-with-terraform