Using Terraform


What are we going to do?

We are going to perform the following steps:

  • Define a workspace
  • Add the source code for our product
  • Update the manifest file

Step by step guide

Here are the steps you need to follow to “Using Terraform”

Define a workspace

  • Navigate to the ServiceCatalogFactory CodeCommit repository

  • Open the Add file menu and click the Create file button

  • Paste the following snippet to the main input field:

    Schema: factory-2019-04-01
    Workspaces:
      - Name: "subnet"
        Versions:
          - Name: "v1"
            Active: True
            Source:
              Provider: "CodeCommit"
              Configuration:
                RepositoryName: "subnet"
                BranchName: "main"
       
    
  • Set your filename to workspaces/networking.yaml

  • Set your Author name

  • Set your Email address

  • Set your Commit message

Using a good / unique commit message will help you understand what is going on later.

  • Click the Commit changes button:

What did we just do?

The YAML file we created in the CodeCommit repository told the framework to:

  • create a pipeline that will take source code from a branch named main of CodeCommit repo named subnet-terraform

Verify the change worked

Once you have made your changes the ServiceCatalogFactory Pipeline should have run. If you were very quick in making the change, the pipeline may still be running. If it has not yet started feel free to the hit the Release change button.

Once it has completed it should show the Source and Build stages in green to indicate they have completed successfully:

The screenshots may differ slightly as the design of AWS CodePipeline changes. You should see a pipeline where each stage is green.

Add the source code for our product

When you configured your product version, you specified the following version:

    Versions:
      - Name: "v1"
        Active: True
        Source:
          Provider: "CodeCommit"
          Configuration:
            RepositoryName: "subnet"
            BranchName: "main"
  

This tells the framework the source code for the product comes from the main branch of a CodeCommit repository of the name subnet-terraform.

We now need to create the CodeCommit repository and add the AWS CloudFormation template we are going to use for our workspace.

  • Input the name subnet-terraform
  • Click Create
  • Scroll down to the bottom of the page and hit the Create file button
  • Copy the following snippet into the main input field:
variable "VPCId" {
  type = string
}

variable "SubnetCIDR" {
  type = string
}

resource "aws_subnet" "main" {
  vpc_id     = var.VPCId
  cidr_block = var.SubnetCIDR
}
 
  • Set the File name to subnet.tf

  • Set your Author name

  • Set your Email address

  • Set your Commit message

Using a good / unique commit message will help you understand what is going on later.

The name or number of files does not matter when you are creating your own workspaces using Terraform.

Creating that file should trigger your workspace–subnet-v1-pipeline.

Once the pipeline has completed it should show the stages in green to indicate they have completed successfully:

You should see your commit message on this screen, it will help you know which version of ServiceCatalogFactory repository the pipeline is processing.

The screenshots may differ slightly as the design of AWS CodePipeline changes. You should see a pipeline where each stage is green.

You have now successfully created a stack!

Verify the stack is present in Amazon S3

Now that you have verified the pipeline has run correctly you can go to Amazon S3 to view the stack.

Update the manifest file

  • Navigate to the ServiceCatalogPuppet CodeCommit repository again

  • Click on manifest.yaml

  • Click Edit

  • Append the following snippet to the end of the file in the input field:

    workspaces:
      subnet:
        name: "subnet"
        version: "v1"
        depends_on:
          - name: vpc
            type: stack
            affinity: stack
        parameters:
          VPCID:
            ssm: 
              name: "/networking/vpc/account-parameters/${AWS::AccountId}/${AWS::Region}/VPCId"
          SubnetCIDR:
            default: '10.0.1.0/24'
        deploy_to:
          tags:
            - tag: "type:prod"
              regions: "default_region"
       
    
  • The main input field should look like this (remember to set your account_id):

accounts:
  - account_id: "<YOUR_ACCOUNT_ID_WITHOUT_HYPHENS>"
    name: "puppet-account"
    default_region: "eu-west-1"
    regions_enabled:
      - "eu-west-1"
    tags:
      - "type:prod"
      - "partition:eu"
stacks:
  delete-default-networking-function:
    name: "delete-default-networking-function"
    version: "v1"
    capabilities:
      - CAPABILITY_NAMED_IAM
    deploy_to:
      tags:
        - tag: "type:prod"
          regions: "default_region"
  vpc:
    name: "vpc"
    version: "v1"
    depends_on:
      - name: "delete-default-networking" 
        type: "lambda-invocation"
        affinity: "lambda-invocation"
    deploy_to:
      tags:
        - tag: "type:prod"
          regions: "default_region"
    outputs:
      ssm: 
        - param_name: "/networking/vpc/account-parameters/${AWS::AccountId}/${AWS::Region}/VPCId"
          stack_output: VPCId
      
lambda-invocations:
  delete-default-networking:
    function_name: DeleteDefaultNetworking
    qualifier: $LATEST
    invocation_type: Event
    depends_on:
      - name: "delete-default-networking-function"
        type: "stack"
        affinity: "stack"
    invoke_for:
      tags:
        - regions: "default_region"
          tag: "type:prod"

assertions:
  assert-no-default-vpcs:
    expected:
      source: manifest
      config:
        value: []
    actual:
      source: boto3
      config:
        client: 'ec2'
        call: describe_vpcs
        arguments: {}
        use_paginator: true
        filter: Vpcs[?IsDefault==`true`].State
    depends_on:
      - name: "delete-default-networking"
        type: "lambda-invocation"
        affinity: "lambda-invocation"
    assert_for:
      tags:
        - regions: regions_enabled
          tag: type:prod

launches:
  subnet:
    portfolio: "networking-mandatory"
    product: "subnet"
    version: "v1"
    depends_on:
      - name: vpc
        type: stack
        affinity: stack
    parameters:
      VPCID:
        ssm: 
          name: "/networking/vpc/account-parameters/${AWS::AccountId}/${AWS::Region}/VPCId"
      SubnetCIDR:
        default: '10.0.0.0/24'
    deploy_to:
      tags:
        - tag: "type:prod"
          regions: "default_region"

workspaces:
  subnet:
    name: "subnet"
    version: "v1"
    depends_on:
      - name: vpc
        type: stack
        affinity: stack
    parameters:
      VPCID:
        ssm: 
          name: "/networking/vpc/account-parameters/${AWS::AccountId}/${AWS::Region}/VPCId"
      SubnetCIDR:
        default: '10.0.1.0/24'
    deploy_to:
      tags:
        - tag: "type:prod"
          regions: "default_region"
 

Committing the manifest file

Now that we have updated the manifest file we are ready to commit it.

  • Set your Author name
  • Set your Email address
  • Set your Commit message

Using a good / unique commit message will help you understand what is going on later.

  • Click the Commit changes button:

What did we just do?

When you added the following:

workspaces:
  subnet:
    name: "subnet"
    version: "v1"
    depends_on:
      - name: vpc
        type: stack
        affinity: stack
    parameters:
      VPCID:
        ssm: 
          name: "/networking/vpc/account-parameters/${AWS::AccountId}/${AWS::Region}/VPCId"
      SubnetCIDR:
        default: '10.0.1.0/24'
    deploy_to:
      tags:
        - tag: "type:prod"
          regions: "default_region"
  

You told the framework to provision v1 of subnet into the default region of each account that has the tag type:prod

Verifying the provisioned stack

Once you have made your changes the ServiceCatalogPuppet Pipeline should have run. If you were quick in making the change, the pipeline may still be running. If it has not yet started feel free to the hit the Release change button.

Once it has completed it should show the stages in green to indicate they have completed successfully:

The screenshots may differ slightly as the design of AWS CodePipeline changes. You should see a pipeline where each stage is green.

You have now successfully provisioned a workspace.