terraform reads its vars in a linar fashion. We will use this to have an override abiltiy. Common vars will exist in terraform.tfvars and stack specific vars will exist in mystack.tfvars. Note that the value terraform choses is the last value to got from the var files, the most right file will take presedance.
terraform plan -var-file=terraform.tfvars -var-file=mystack.tfvars
terraform apply -var-file=terraform.tfvars -var-file=mystack.tfvars
terraform destroy -var-file=terraform.tfvars -var-file=mystack.tfvars
also, see terraform.tfvars for general settings that have not been overriden, like subnet ranges and so on.
mystack.tfvars
stack_name = "mytest"
bastion_remote_access_ssh = [
"x.x.x.x/32,description of what this address if for",
]
ssh_public_key = "ssh-rsa AAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3NAAAAB3N user@nasa"
bastion_instance_size = "t2.xlarge"
app_instance_size = "t2.xlarge"
web_instance_size = "t2.xlarge"
db_multi_az = false
db_name = "example_database"
db_user = "example"
db_passwd = "supersecretpassword"
deploy_bucket = "rbexamplebuiltbin"
app_deply_file = "latest.zip"
app_ssm_kms_key = "alias/aws/ssm"
This is designed to deploy example_app, a simple crud app that is written in go and uses psql. The zip file latest.zip in deployable_app needs to be put in an s3 bucket. This binary in that zip is compiled for linux
The file that pulls the zip down is ./userdata/app_server.sh at line - [ aws, s3, cp, "s3://rbexamplebuiltbin/latest.zip", ./ ]
./outputs.tf is commented out due to on a destroy terraform still moans that the outputs cannot output as there is no state, i just dont like seeing false errors.
-
maybe introduce ansible, but for now it feels to heavy for this project
-
fix
aws_db_instancethis has an issue with final snapshots, terraform still does not honor thedon't backup my database, there is a github issue for this hashicorp/terraform-provider-aws#92