Skip to main content

Chapter 33 - Terraform Cloud Version Control Workflow

Using Terraform Cloud to speed up workflow

Terraform Cloud

This is going to include:

  • Version control workflow - Git 56
  • Private module Registry - Git 55
  • CLI Driven Workflow - Git
  • Migrate State to TF Cloud - Git
  • Sentinel Policies - Git
  • Sentinel Foundational Policies - Git

Version Control Workflow

Providers: https://developer.hashicorp.com/terraform/cloud-docs/vcs Terraform Cloud can initiate Terraform runs on code check in.

  • states, variables, workspaces can all be modified

Demo - Create Git Repo and Check In Basic Configs

  1. Create Repo
  2. Clone Repo
  3. Add TF code from Git 54
  4. Commit and push

image.png

Create a Terraform Cloud Account

I linked mine with my Github account and created an organization. I also went with the PAYG plan for my internal organization.

You can then create a workspace and integrate that repo with your organization.

image.png

Set your trigger for changes only on the Terraform infrastructure - not on the readme or gitignore files.

Create Azure Service Principal for access into Azure.

Run this command to create the service principal: az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/subscriptionid12345" --name="Azure Terraform"

You will need:

  • client id
  • client secret
  • subscription ID
  • tenant ID

Run and apply and it will create the resources. image.png

Updating the code in the Git Repo

I needed to update the code in the random provider resource block to numeric from number

This will trigger a new run:

image.png

image.png

Settings

You can set an auto apply on your runs You can also limit your runs from local machines only or via Github or CLI changes.

image.png

You can change between old interface or new interface. New interface is shown above, older console based interface is shown here:
image.png

Other Settings

Locking Notification - Email, Webhook, Slack

Run Triggers - allow other workspaces to run after your workspace completes. Good for VNets -> Resources SSH Key for downloading modules Team Access - Governance for teams

Destroy

In the workspace settings, you can find these options:

  • Destroy Plan - destroys the resources
  • Delete workspace - deletes the workspace

image.png