Wednesday, January 6, 2021

Enterprise Patterns in Terraform

What are Modules? 
- self contained pieces of IAC that abstract the infrastructure deployments 
- use clear organization and DRY (Dont Repeat Yourself) 
- helps in writing composable, shareable and reusable infrastructures 

 Scope the requirements into appropriate modules: - When building a module, consider 3 areas: 
 1. Encapsulation - Group infrastructure that is always deployed together 
 2. Privileges - Restrict modules to privilege boundaries 
 3. Voltatility - Separate long lived infrastructure from short-lived (Ex: Database-static vs Application Servers-dynamic) 

Create the module MVP :
* Always aim to deliver a module that works for 80% of usecases 
* Never code for edge cases. A module should be a reusable block of code. 
* Avoid conditional expressions in MVP 
* Module should only expose the most commonly modified arguments as variables. 

 Scoping Example - A team wants to provision their infrasturucture, web tier application, and app tier using Terraform 
- web application requires autoscaling group 
- app tier also requires autoscaling group, an S3 and a database.

So the modules for the above requirement could be as: 
Module 1: Network: [VPC, NACL, NAT Gateway] 
- responsible for infrastructure networking 
 - contains network ACLs and NAT gateway 
 - also includes VPC, subnets, peering and direct connect 

Module 2: Web: [Load Balancer, Auto Scaling Group] 
- creates and manages the infrastructure needed to run the web application 
 - contains load balancer and auto scaling group 
 - could also include EC2 instances, S3 buckets, security groups inside the application and logging 

Module 3: App: [Load Balancer, Auto Scaling Group, S3 bucket] 
- creates and manages the infrastructure needed to run the app tier application 
 - contains the load balancer, auto scaling group, and s3 buckets 
 - can also include EC2 instances, S3 buckets, security groups inside the application and logging 

Module 4: Database: [Database] 
 - creates and manages the infrastructure needed to run the database 
 - contains the RDS instance used by the application 
 - can also include all associated storage, all backup data and logging 

Module 5: Routing: [Hosted Zone, Route 53, Route Table] 
- creates and manages the infrastructure needed for any network routing 
 - contains hosted zones, Route 53, Route Tables 

Module 6: Security: [IAM- Identity And Access Management] 
- creates and manages the infrastructure needed for security 
 - contains IAM resources, also include security groups and MFA 

 After we are done writing modules
- we import them into the private module registry 
- advertise their availability to the respective team members for consumption


Define and use a consistent module structure:
- Define list of .tf files that must be in the module and what they should contain
- Define a .gitignore for modules
- Create a standard way of providing examples (terraform.tfvars.example)
- Use a consistent directory structure with a defined set of directories, even if they may be empty
- All module directories should have a README detailing the purpose and use of files within it


Use source control to track modules:
- Place modules ini source control to manage versions, collaboration, and audit trail of changes
- Tag and document all releases to master (use CHANGELOG and README as a minimum)
- Code review all changes to the master
- Encourage your module users to reference by tag
- Assign each module an owner
- Use only one module per repository
 

Documentation source: