Projects with Terraform infrastructure that use the Layer0 provider often will persist Terraform state of individual Layer0 environments within a Layer0 instance to S3. Rather than using the S3 bucket and IAM user Layer0 creates when an instance is created, project devs will create their own S3 bucket and will define CI environment variables manually that will (among other things) have AWS IAM keypairs and references to the S3 bucket embedded in the environment variables.
One reason why projects persist Terraform state is to enable a cleaner blue-green deployment scenario. On build, a new Layer0 environment will be created and tested, then if everything passes, a proxy will point to the candidate environment created and old Layer0 environments are destroyed.
The request
The l0-setup's api module have outputs that reference the S3 bucket name, and the IAM credentials of the user with access to the S3 bucket, but this is not easily abstracted in Terraform infrastructure that uses the Layer0 provider.
It would be cool if the Layer0 provider's data sources added fields that allowed consumers to pull the IAM credentials and S3 bucket resources that are created when the Layer0 instance is created.
Something that would allow for something like this in terraform:
I think this sort of thing would help to reduce the amount of manual configuration a project has to do (creating an IAM user, creating a new S3 bucket, adding the secret CI variables to the project, etc) when they deploy to a layer0 instance.
Background
Projects with Terraform infrastructure that use the Layer0 provider often will persist Terraform state of individual Layer0 environments within a Layer0 instance to S3. Rather than using the S3 bucket and IAM user Layer0 creates when an instance is created, project devs will create their own S3 bucket and will define CI environment variables manually that will (among other things) have AWS IAM keypairs and references to the S3 bucket embedded in the environment variables.
One reason why projects persist Terraform state is to enable a cleaner blue-green deployment scenario. On build, a new Layer0 environment will be created and tested, then if everything passes, a proxy will point to the candidate environment created and old Layer0 environments are destroyed.
The request
The
l0-setup
's api module have outputs that reference the S3 bucket name, and the IAM credentials of the user with access to the S3 bucket, but this is not easily abstracted in Terraform infrastructure that uses the Layer0 provider.It would be cool if the Layer0 provider's data sources added fields that allowed consumers to pull the IAM credentials and S3 bucket resources that are created when the Layer0 instance is created.
Something that would allow for something like this in terraform:
I think this sort of thing would help to reduce the amount of manual configuration a project has to do (creating an IAM user, creating a new S3 bucket, adding the secret CI variables to the project, etc) when they deploy to a layer0 instance.