Infrastructure as Code

The iac directory contains all Infrastructure as Code (IaC)

Directory Structure

The Iac directory is as follows:

BloodConnect
└── iac
    ├── terraform
    │   ├── aws
    │   │   ├── auth
    │   │   └── donate
    │   └── gcp
    ├── serverless
    └── pulumi

• iac dir contains IaC tool names (e.g. Terraform, Pulumi etc.) which is being used to deploy. It can contains multiple tools.

• Each IaC tool named dir contains cloud platform dirs (e.g. Amazon Web Services, Google Cloud Platform etc.). It can contain multiple dirs.

• Each IaC tool named dir contains core level codes which will work for all cloud platforms

• Each cloud platform dir contains modules of the project with separate dirs (e.g. frontend, backend, services etc.)

• IaC codes should be independent of deployment environment (e.g. test, staging, prod) but it can accept environment level values as variables

• IaC should have a runbook which will be used by deployment pipeline

IaC Coverage

• Terraform/AWS - initially starting with Terraform Version: 1.6.5 and AWS

Terraform Guideline

• Follow HasiCorp provided styleguide

• Add a blank line at the end of each resource

• A tag must be used to track cost

• A terraform validation step must be added in build or release pipeline which will be executed before releasing

terraform validate  # Command of terraform to validate it
make run-command-tf-validate  # Validate terraform using dockerized dev environment

• Must provide variable description and type

variable "image_id_1" {
  type = string
}

# preferred
variable "image_id_2" {
  description = "ec2 image id"
  type        = string
}

• Must provide lambda description

• Always format terraform using terraform fmt command before git commit. There is a make command for it

make run-command-tf-fmt

• Check terraform static security using

make run-command-tf-security