Replies: 5 comments
-
Hi Michal, thanks for sharing your thoughts. I must agree that the DRYness can be improved here. There are some challenging ideas in our idea backlog on this about allowing One recommendation, we already can give is to use tags instead of relative directories to improve the maintainability when restructuring the directory hierarchy in the future. This does not solve the DRYness part though. We also have a implicit dependency when using stacks-in-stacks where all child stacks are executed (with an implicit) after the parent stack. If you could import the s3-flow-logs into the actual parent stack, the things would become more dry. What would be your desired solution here for configuring it easier? We are more than happy to get early feedback on how a desired feature could look like. |
Beta Was this translation helpful? Give feedback.
-
@mariux Thanks for answering
I have not used tags on purpose, to keep dependencies defined with "after" parameter of the stack aligned with how I access their dependent terraform stack state via generate_hcl "main.tf" {
content {
data "terraform_remote_state" "s3_flow_logs" {
backend = "s3"
config = {
bucket = "${global.terraform_state.bucket_name}"
key = "${terramate.stack.path.relative}/../s3-flow-logs/terraform.tfstate"
region = "${global.terraform_state.region}"
}
} and the actual stack that imports this module
As you can see
For me it's not an option because I would like to group stacks by business domains e.g.
Hard question. Maybe lets first try to define what I'm trying to achieve: some sort of a "_base" template at some level e.g. regional or environmental and be able to define multiple regions/environments from that template by simply copy pasting a directory structure, calling it region 'B' and eventually providing some overrides for default input values provided in "_base". The idea is that "live" directory must resemble the directory structure of "_base". You can actually see this in my example repository linked above. I have defined "region" and "environment" directories in "modules" this way. So what it translates to is: In some directory that I consider to be "live" (not "_base") I import some repeatable chunk of code e.g. VPC module, now this VPC has a dependency on S3 Flow logs bucket. I only see two options to create such dependency: I know the unique name of the stack (unique across entire execution context), or I know where this stack lives exactly e.g. "../s3-flow-logs". Tags could lead to ambigous import targets. In terragrunt I can achieve this with But to be honest I don't see a solution right now other than recreating this functionality from Terragrunt, but maybe improving it and e.g. instead Sorry that this post was a bit lenghty, I hope it will be ok to grasp. If you have any questions please let me know. I'm also curious what do you think. Maybe there is a better approach to achieving what I want? I approach this with a very Terragrunt-like way of doing this |
Beta Was this translation helpful? Give feedback.
-
Thanks for sharing... this actually helps.. in the very beginning we dropped the pure terraform approach and went to a HCL approach for code generation. The only real terraform dependency we currently have is in our change detection, where we identify modules that are called locally and consider a change in a local terraform module a trigger to mark the stacks including the module as changed. Now that you explained the use-case a bit better, we actually could do a similar integration for remote state data sources in our order of execution. I will discuss details with the team and see if this can be achieved in the future and get back to you. The idea here would be we scan all stack, know the backend used and align it with any remote data sources as an implicit order of execution. For circular dependencies we could just drop the full circle. This would match our plans to refactor order of execution to allow for better precedence definitions and with implicit orders. On the "reference another stack".. stack id can be any string already (so no UUID required), it just needs to be unique within the repository. We also want to share data e.g. evaluated globals on this level at some point in the future, but no concrete use-cases at the moment. In general we prefer using data sources of the resources to get the current state in the cloud and only recommend using remote state when there is no other option. Using remote state as a data source vs. remote state as outputs has the benefit that you can postpone it to the apply time and create a PR that creates dependent stacks in a single merge. Not sure if you noticed this and if it could help you but
maybe this can help you automate it at least a bit until better options are available. |
Beta Was this translation helpful? Give feedback.
-
Sure, thank you.
Makes sense, thanks for explaining.
Thanks this is an interesting idea because recreating this tree structure was problematic too. |
Beta Was this translation helpful? Give feedback.
-
We are currently planning a feature called Terramate Projects which will allow us to tackle this and some other community requested features in a better way. Terramate Projects will allow to set alias names for stacks in addition to the so the combination of |
Beta Was this translation helpful? Give feedback.
-
Context
I'm trying to create a multi region and multi environment AWS infrastructure reference example with terramate. You can find the example here: https://github.com/pbn4/terramate-aws-infrastructure-example
Below is a short explanation of the current state of the example:
Environments and regions:
For this I have 3 accounts in the same AWS organization:
Responsibilites of accounts:
Currently there are only 3 modules in each regional infrastructure: KMS, S3 VPC flow logs bucket and VPC.
I use management account credentials to run terramate and I obtain subaccount access via role assumption of default
OrganizationAccountAccessRole
created when account is added to the organization.Question
Now the question is about DRYness of
after
andbefore
. I have shared code in/modules
that defines e.g. a VPC (modules/myproduct/environment/region/vpc
) and this VPC module is imported by all regional stacks that I have (3 currently, 1 dev and 2 prod) - they follow path patternstacks/myproduct/<env_name>/<region_name>/
. Now this VPC module has a dependency ons3-flow-logs
module. The problem is that I have to define this dependency in every stack file that I created e.g. it is duplicated in files:code of one of the files:
What can I do to get rid of this duplication? Or maybe my approach to using terramate is completely wrong here and it should be done differently?
I have searched https://github.com/ashleymichaelwilliams/aws-sandbox/tree/master repository already and I couldn't find the answer.
Beta Was this translation helpful? Give feedback.
All reactions