Skip to main content

terraform/README.md

1# terraform



3These scripts are all related to [Terraform], the infrastructure-as-code tool we use at work.



5[Terraform]: https://www.terraform.io/



7## The individual scripts



9<!-- [[[cog



11# This adds the root of the repo to the PATH, which has cog_helpers.py


12from os.path import abspath, dirname


13import sys



15sys.path.append(abspath(dirname(dirname("."))))



17import cog_helpers



19folder_name = "terraform"



21scripts = [


22    {


23        "name": "tf",


24        "description": "alias for `terraform`",


25    },


26    {


27        "name": "tfi",


28        "description": """


29        alias for <a href="https://developer.hashicorp.com/terraform/cli/commands/init"><code>terraform init</code></a>


30        """,


31    },


32    {


33        "name": "tfp",


34        "description": """


35        alias for <a href="https://developer.hashicorp.com/terraform/cli/commands/plan"><code>terraform plan -out=tfplan</code></a>.


36        I run this before making any changes, so I can review what Terraform is about to do.


37        """,


38    },


39    {


40        "name": "tfa",


41        "description": """


42        alias for <a href="https://developer.hashicorp.com/terraform/cli/commands/apply"><code>terraform apply terraform.plan</code></a>.


43        I only run this after I’ve reviewed the proposed changes from <code>tfp</code>.


44        """,


45    },


46    {


47        "name": "tfmv",


48        "description": """


49        alias for <a href="https://developer.hashicorp.com/terraform/cli/commands/state/mv"><code>terraform state mv</code></a>


50        """,


51    },


52    {


53        "name": "tflint",


54        "description": """


55        alias for the <a href="https://github.com/terraform-linters/tflint">tflint linter</a>, but running inside a Docker container


56        """,


57    },




60cog_helpers.create_description_table(folder_name=folder_name, scripts=scripts)



62]]]-->


63<dl>


64  <dt>


65    <a href="https://github.com/alexwlchan/scripts/blob/main/terraform/tf">


66      <code>tf</code>


67    </a>


68  </dt>


69  <dd>


70    alias for `terraform`


71  </dd>



73  <dt>


74    <a href="https://github.com/alexwlchan/scripts/blob/main/terraform/tfi">


75      <code>tfi</code>


76    </a>


77  </dt>


78  <dd>


79    alias for <a href="https://developer.hashicorp.com/terraform/cli/commands/init"><code>terraform init</code></a>


80  </dd>



82  <dt>


83    <a href="https://github.com/alexwlchan/scripts/blob/main/terraform/tfp">


84      <code>tfp</code>


85    </a>


86  </dt>


87  <dd>


88    alias for <a href="https://developer.hashicorp.com/terraform/cli/commands/plan"><code>terraform plan -out=tfplan</code></a>.


89    I run this before making any changes, so I can review what Terraform is about to do.


90  </dd>



92  <dt>


93    <a href="https://github.com/alexwlchan/scripts/blob/main/terraform/tfa">


94      <code>tfa</code>


95    </a>


96  </dt>


97  <dd>


98    alias for <a href="https://developer.hashicorp.com/terraform/cli/commands/apply"><code>terraform apply terraform.plan</code></a>.


99    I only run this after I’ve reviewed the proposed changes from <code>tfp</code>.


100  </dd>



102  <dt>


103    <a href="https://github.com/alexwlchan/scripts/blob/main/terraform/tfmv">


104      <code>tfmv</code>


105    </a>


106  </dt>


107  <dd>


108    alias for <a href="https://developer.hashicorp.com/terraform/cli/commands/state/mv"><code>terraform state mv</code></a>


109  </dd>



111  <dt>


112    <a href="https://github.com/alexwlchan/scripts/blob/main/terraform/tflint">


113      <code>tflint</code>


114    </a>


115  </dt>


116  <dd>


117    alias for the <a href="https://github.com/terraform-linters/tflint">tflint linter</a>, but running inside a Docker container


118  </dd>


119</dl>


120<!-- [[[end]]] (sum: udcN6wOhi/) -->



122## Choosing between `terraform` and `run_terraform.sh`



124In some of the Terraform configurations at work, we use wrapper scripts `run_terraform.sh` instead of invoking `terraform` directly.


125This wrapper script fetches API keys for the [Elastic Cloud] and [Auth0] providers, so we don't have to hard-code them or store them locally.


126Something like:



128```shell


129EC_API_KEY=$(aws secretsmanager get-secret-value \


130  --secret-id "elastic_cloud/api_key" \


131  --output text \


132  --query "SecretString")



134EC_API_KEY="$EC_API_KEY" terraform "$@"


135```



137My `tf` scripts will choose whether to run a wrapper script or vanilla `terraform`, so I don't have to think about it.



139[Elastic Cloud]: https://registry.terraform.io/providers/elastic/ec/latest/docs#using-your-api-key-on-the-elastic-cloud-terraform-provider


140[Auth0]: https://registry.terraform.io/providers/auth0/auth0/latest/docs#environment-variables