If you want to deploy a terraform module to multiple locations (different VPCs, Regions, Accounts) this module can help. In most examples we use regions as the location separator but that doesnt have to be the case. The premise is simple, create your root module in a public VCS repo then using your Terraform Cloud (TFC) Organization, create workspaces for each deployment location.
To use you must have:
- Terraform Cloud Organization with Admin Access
- VCS repo with your HCL root module
- Connect the repo to TFC (To be automated)
Once the above is complete, simply execute this module with references for each location in a way that TFC can reference.
Workspaces are defined in a nested map as each deployment location. A workspace key within the var.workspaces can utilize any workspace argument.
It can also accept var.workspaces.<>.vars which can accept variable declarations as described below.
This module allows you to specify variables in 3 different ways:
- Attach a pre-created variable set id to each workspace with the key
shared_variable_set_ids. - Specify on a per-workspace using the nested map structure below
module "multi_region_deployment" {
source = "aws-ia/workspace-orchestrator/tfe"
...
shared_variable_set_ids = [
data.tfe_variable_set.creds.id,
]
workspaces = {
eastcoast = {
vars = {
AWS_REGION = {
value = "us-east-1"
# category = "env" # unnecessary, default behavior
}
my_tf_var = {
value = "test"
category = "terraform"
}
}
}
westcoast = {...}
}
}For examples see here
organization = "<>"
# variable set contains my AWS_ACCESS_KEY_ID & AWS_SECRET_ACCESS_KEY, attach to all workspaces
creds_variable_set_name = "dev_aws_creds"
vcs_repo = {
identifier = "drewmullen/aws-infra" # https://github.com/drewmullen/aws-infra
oauth_token_id = "<oauth token from TFC>"
branch = "master"
}Currently there is no way to wait for any workspace variable sets prior to the initial workspace creation. If the inital apply fails you can rekick them off. This will hopefully be resolved in a future release