Terraform built and run off your single user desktop is one thing; but getting terraform to work correctly across a development team requires addressing a few concerns.

Concern 1 – Multi File Edits (on State File). How does one prevent multiple user edits from overwriting each other.

Solution 1 – Store the terraform state in a Cloud Storage bucket

This is as simple as passing in an existing storage bucket for the backend in your terraform provider block.

terraform {

  backend "gcs" {

    bucket  = "tf-state-f5"

    prefix  = "terraform/state"

  }

}

If you wanted to create the bucket first via terraform

provider "google" {

  version = "~> 3.0.0"

  credentials = file("../account.json")

  project     = var.project_name

  region      = var.region

  zone        = var.zone

}

resource "google_storage_bucket" "tf-state-f5" {

  name   = var.state_bucket_name

  location      = var.region

  force_destroy = true

}

Concern 2 – Secrets in State File, How does one protect sensitive data in state files?

Solution 2 – Store the state in  a Cloud Storage bucket (encrypted by default)

See snippet above for cloud storage based TF state file backend.

Concern 3 – Organizational Structure for different environments

Each Environment should, ideally, get it’s own terraform folder.

dev prod terraform
dev prod terraform

In addition, under each environment, one design might be to allow each ‘high level  service’ (e.g. Networking, RDS…) should get it’s own subfolder. So, Networking, RDS, APIGateway, SharedServices – would all be subfolders in each of the DEV and PROD parent folders.

However, another simpler design might be to have a subfolder for each tier of the app – e.g.  FrontEnd, BackEnd. DataTier – under each of the DEV and PROD parent folders.

As you can see, there isn’t any ONE right way to structure your DEV and PROD folder structures, but there are some common practice recommendations.

Concern 4 – Multi APPLY of multiple state files

These multiple state files (though good), lead to another challenge – how does one APPLY all the folders at once?

Solution 4 – Terragrunt

Terragrunt in a wrapper around TF and allows provides enhanced tooling and functionality. One such function is the ability to apply multiple folders at the same time.

Summary

Single Developer Terraform environments are notably easier than multi developer environments. This post highlights some key concerns in multi developer terraform environments, and some potential solutions.

Need Help?

Need help with your Terraform efforts? Start the conversation today.  


Need an experienced AWS/GCP/Azure Professional to help out with your Public Cloud Strategy? Set up a time with Anuj Varma.