Closed danieltharp closed 2 years ago
SherifNagy
commented
3 years ago Looks great, but are you planning to be everything behind a NAT "sorry if I missed this part in conversation" and if we will go with firewall solution, would that be a double NAT?
danieltharp
commented
3 years ago So, a little context around some of the decisions. This style will lend itself to the most flexibility in deployment, in exchange for a fair bit of work. Each service provider, each region, each environment, all treated as independent entities. This is also the easiest way to run disparate workloads in different regions and/or environments.
Terraform would keep state at the provider-region-environment level (e.g., aws/us-east-1/dev) and the CI layer would need to be aware of that, likely using S3 as a backend as it's supported very well.
Running a provider.tf for each environment means we can test new builds of the upstream provider in one environment without being stuck with it everywhere. The version pinning in each environment's vpc module also lets you do the same on a per-module level.
danieltharp
commented
3 years ago Looks great, but are you planning to be everything behind a NAT "sorry if I missed this part in conversation" and if we will go with firewall solution, would that be a double NAT?
What's here so far doesn't attempt to answer that question as there was a lot of talk around firewalling and routing, what's in here right this minute only gets as far as VPCs and subnets and is more of a style guide than a serious attempt at a PR, hence it being a draft.
SherifNagy
commented
3 years ago Thank you so much for the info :+1:
Wanted to add a first draft of how we might use Terraform in the context of multi-cloud, multi-region. This is obviously very nearly empty given how much is still to be discussed, but I wanted to have us all be able to talk architecture while looking at the same thing.
Maintainers of
infrastructurecan push directly to my branch with changes.