Using Terraform
What are we going to do?
We are going to perform the following steps:
- Define a workspace
- Add the source code for our product
- Update the manifest file
Step by step guide
Here are the steps you need to follow to “Using Terraform”
Define a workspace
-
Navigate to the ServiceCatalogFactory CodeCommit repository
-
Open the Add file menu and click the Create file button
-
Paste the following snippet to the main input field:
Schema: factory-2019-04-01 Workspaces: - Name: "subnet" Versions: - Name: "v1" Active: True Source: Provider: "CodeCommit" Configuration: RepositoryName: "subnet-terraform" BranchName: "main" -
Set your filename to workspaces/networking.yaml
-
Set your Author name
-
Set your Email address
-
Set your Commit message
Using a good / unique commit message will help you understand what is going on later.
- Click the Commit changes button:
What did we just do?
The YAML file we created in the CodeCommit repository told the framework to:
- create a pipeline that will take source code from a branch named main of CodeCommit repo named subnet-terraform
Verify the change worked
Once you have made your changes the ServiceCatalogFactory Pipeline should have run. If you were very quick in making the change, the pipeline may still be running. If it has not yet started feel free to the hit the Release change button.
Once it has completed it should show the Source and Build stages in green to indicate they have completed successfully:
The screenshots may differ slightly as the design of AWS CodePipeline changes. You should see a pipeline where each stage is green.
Add the source code for our product
When you configured your product version, you specified the following version:
Versions:
- Name: "v1"
Active: True
Source:
Provider: "CodeCommit"
Configuration:
RepositoryName: "subnet-terraform"
BranchName: "main"
This tells the framework the source code for the product comes from the main branch of a CodeCommit repository of the name subnet-terraform.
We now need to create the CodeCommit repository and add the AWS CloudFormation template we are going to use for our workspace.
-
Navigate to AWS CodeCommit
-
Click Create repository
- Input the name
subnet-terraform
- Click Create
- Scroll down to the bottom of the page and hit the Create file button
- Copy the following snippet into the main input field:
variable "VPCID" {
type = string
}
variable "SubnetCIDR" {
type = string
}
resource "aws_subnet" "main" {
vpc_id = var.VPCID
cidr_block = var.SubnetCIDR
}
-
Set the File name to
subnet.tf -
Set your Author name
-
Set your Email address
-
Set your Commit message
Using a good / unique commit message will help you understand what is going on later.
The name or number of files does not matter when you are creating your own workspaces using Terraform.
Creating that file should trigger your workspace–subnet-v1-pipeline.
Once the pipeline has completed it should show the stages in green to indicate they have completed successfully:
You should see your commit message on this screen, it will help you know which version of ServiceCatalogFactory repository the pipeline is processing.
The screenshots may differ slightly as the design of AWS CodePipeline changes. You should see a pipeline where each stage is green.
You have now successfully created a stack!
Verify the stack is present in Amazon S3
Now that you have verified the pipeline has run correctly you can go to Amazon S3 to view the stack.
-
Navigate to https://s3.console.aws.amazon.com/s3/home
-
Select the bucket named sc-puppet-stacks-repository-<account_id>
-
Navigate to workspace/subnet/v1 where you should see an object named workspace.zip
Update the manifest file
-
Navigate to the ServiceCatalogPuppet CodeCommit repository again
-
Click on manifest.yaml
-
Click Edit
-
Append the following snippet to the end of the file in the input field:
workspaces: subnet: name: "subnet" version: "v1" depends_on: - name: vpc type: stack affinity: stack parameters: VPCID: ssm: name: "/networking/vpc/account-parameters/${AWS::AccountId}/${AWS::Region}/VPCId" SubnetCIDR: default: '10.0.1.0/24' deploy_to: tags: - tag: "type:prod" regions: "default_region" -
The main input field should look like this (remember to set your account_id):
accounts:
- account_id: "<YOUR_ACCOUNT_ID_WITHOUT_HYPHENS>"
name: "puppet-account"
default_region: "eu-west-1"
regions_enabled:
- "eu-west-1"
tags:
- "type:prod"
- "partition:eu"
stacks:
delete-default-networking-function:
name: "delete-default-networking-function"
version: "v1"
capabilities:
- CAPABILITY_NAMED_IAM
deploy_to:
tags:
- tag: "type:prod"
regions: "default_region"
vpc:
name: "vpc"
version: "v1"
depends_on:
- name: "delete-default-networking"
type: "lambda-invocation"
affinity: "lambda-invocation"
deploy_to:
tags:
- tag: "type:prod"
regions: "default_region"
outputs:
ssm:
- param_name: "/networking/vpc/account-parameters/${AWS::AccountId}/${AWS::Region}/VPCId"
stack_output: VPCId
lambda-invocations:
delete-default-networking:
function_name: DeleteDefaultNetworking
qualifier: $LATEST
invocation_type: Event
depends_on:
- name: "delete-default-networking-function"
type: "stack"
affinity: "stack"
invoke_for:
tags:
- regions: "default_region"
tag: "type:prod"
assertions:
assert-no-default-vpcs:
expected:
source: manifest
config:
value: []
actual:
source: boto3
config:
client: 'ec2'
call: describe_vpcs
arguments: {}
use_paginator: true
filter: Vpcs[?IsDefault==`true`].State
depends_on:
- name: "delete-default-networking"
type: "lambda-invocation"
affinity: "lambda-invocation"
assert_for:
tags:
- regions: regions_enabled
tag: type:prod
launches:
subnet:
portfolio: "networking-mandatory"
product: "subnet"
version: "v1"
depends_on:
- name: vpc
type: stack
affinity: stack
parameters:
VPCID:
ssm:
name: "/networking/vpc/account-parameters/${AWS::AccountId}/${AWS::Region}/VPCId"
SubnetCIDR:
default: '10.0.0.0/24'
deploy_to:
tags:
- tag: "type:prod"
regions: "default_region"
workspaces:
subnet:
name: "subnet"
version: "v1"
depends_on:
- name: vpc
type: stack
affinity: stack
parameters:
VPCID:
ssm:
name: "/networking/vpc/account-parameters/${AWS::AccountId}/${AWS::Region}/VPCId"
SubnetCIDR:
default: '10.0.1.0/24'
deploy_to:
tags:
- tag: "type:prod"
regions: "default_region"
Committing the manifest file
Now that we have updated the manifest file we are ready to commit it.
- Set your Author name
- Set your Email address
- Set your Commit message
Using a good / unique commit message will help you understand what is going on later.
- Click the Commit changes button:
What did we just do?
When you added the following:
workspaces:
subnet:
name: "subnet"
version: "v1"
depends_on:
- name: vpc
type: stack
affinity: stack
parameters:
VPCID:
ssm:
name: "/networking/vpc/account-parameters/${AWS::AccountId}/${AWS::Region}/VPCId"
SubnetCIDR:
default: '10.0.1.0/24'
deploy_to:
tags:
- tag: "type:prod"
regions: "default_region"
You told the framework to provision v1 of subnet into the default region of each account that has the tag type:prod
Verifying the provisioned stack
Once you have made your changes the ServiceCatalogPuppet Pipeline should have run. If you were quick in making the change, the pipeline may still be running. If it has not yet started feel free to the hit the Release change button.
Once it has completed it should show the stages in green to indicate they have completed successfully:
The screenshots may differ slightly as the design of AWS CodePipeline changes. You should see a pipeline where each stage is green.
You have now successfully provisioned a workspace.