Consider implementing 'aemc-terraform-provider' and pushing module to Terraform Registry

[krystian-panek-vmltech]

responsibilities

• set up and update the AEM instance
• deploy AEM packages

all done declaratively, support in-place update when possible

potential problems:

• connectivity SSH / AWS SSM (drivers to implement),
  • SSH example (like in remote-exec) https://developer.hashicorp.com/terraform/language/resources/provisioners/remote-exec
  • SSM example (sth like https://github.com/mmmorris1975/ssm-session-client/tree/main/examples/ssm-ssh)
• registering AEM as a system service (also drivers?)

resource candidates:

• aem_instance - provisioning via SSH connection (cloud agnostic)
• aem_aws_instance - provisioning via AWS SSM (dedicated to AWS, SSH-less)

resource "aws_instance" "aem_author" {
  // ...
}

resource "aem_aws_instance" "aem_author" {
  aws {
    id  = aws_instance.aem.id
    ssm = true // prefer SSM over SSH when connecting to instance to provision it
  }

  config {
    instance_id = "local_author"
    file        = "aem.yml"  // or yml inline below

    inline = <<EOT
      instance:
        config:
          local_author:
            http_url: http://127.0.0.1:4502
            user: admin
            password: admin
            run_modes: [ int ]
            jvm_opts:
              - -server
              - -Djava.awt.headless=true
              - -Djava.io.tmpdir=[[canonicalPath .Path "aem/home/tmp"]]
              - -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=0.0.0.0:14502
              - -Duser.language=en
              - -Duser.country=US
              - -Duser.timezone=UTC
            start_opts: []
            secret_vars:
              - ACME_SECRET=value
            env_vars:
              - ACME_VAR=value
            sling_props: []
      EOT
  }

  provision {
    commands = [
      // assumes usage of standard 'changed' field returned by AEMC
      ["pkg", "deploy", "--url", "http://github.com/../some-pkg.zip"],
      ["osgi", "config", "save", "--pid", "xxx", "props", "a: 'b'"]
    ]

    // nicely propagates 'changed' to TF (update in place), also automatically uploads packages to AEM
    packages = [
      "http://github.com/../some-pkg.zip",
      "packages/core-components.zip"
      "packages/content-large.zip" // use checksums to avoid re-uploading big packages
    ]

    // or as a last resort (without telling 'changed' to TF) 
    shell = <<EOT
        sh aemw pkg deploy --url "http://github.com/../some-pkg.zip"
        sh aemw [do ant
    EOT
  }
}

[krystian-panek-vmltech]

also consider implementing AEMC Packer Provisioner - https://developer.hashicorp.com/packer/docs/plugins/creation/custom-provisioners