jnichols3
commented
3 years ago
- Different projects (different teams using this for several projects) in several repos. Are there core items that won't change across projects?
This is only specific to a single repo. Projects are split and locked based on the terraform backend configuration and atlantis or other cicd configuration. The idea is that the core items are the base provider configurations, VPC IDs, Route53 root zone IDs and so forth and that these are all contained in the common base directories. You can use a split repo model and keep all of the base setup in a single repo.
- Different versions of OS's MacOS vs. Windows vs. Linus: RHEL vs. Amazon Linux2 vs. Ubuntu, etc.
There isn't anything OS or platform dependent here. The terraform binaries for your version need to be installed locally or in atlantis or some other CICD tool.
- Different utilities: Using Terraform vs. Terragrunt
Only plain terraform plus atlantis is used here.
- Different versions of Terraform/Terragrunt
The base provider directories imply a terraform version. The example I have here is that you have a 0.15 terraform provider in the 0.x base directory and the 1.x terraform provider you intend to use going forward. When 2.0 terraform comes out, another base directory is created and symlinks updated. Minor version bumps, like 0.15.1 to 0.15.2 can typically be done in the whatever the latest base directory is, but the best practice is to create another 0.y directory as needed with new versions of terraform.
- Different versions of policies (in Terraform Sentinel policy files or TFsec policy files)
The policy files can be placed in base/prod and base/stage with the appropriate level of security controls needed (along with the IAM project).
To what extent does this example accommodate differences: