GitHub Terraform Repo
Categories:
2 minute read
Keeping track of Terraform code can be tricky. More so if you’re using it from different systems, in VSCode, or through online services like Terraform Cloud. My preference is to keep all my code in the same place and then reference it from the different systems when running the code as I need to. This means I get a uniform result when building infrastructure as I’m using the same Terraform module code, I can take advantage of versioning my code, I can also use automation with GitHub Actions to manage my code by producing new version tags, scan the code for security issues, and even create documentation for me.
GitHub repository structure
I’ve decided to store Terraform code for Azure and AWS is its own GitHub account as I find it easier to manage the repositories if they’re the next level down from the account rather than have lots of sub-folders.
There is a repository for each reusable module on a per resource basis. So an Azure resource group, linux VM, and load balancer each has its own repository.
Each repository is named terraform-{cloud}-{resource}
as this is the naming convention required when importing modules into Terraform Cloud registry. So for Azure it’s terraform-azurerm-{resource}
and for AWS it’s terraform-aws-{resource}
.
The Terraform code is in the root of the module repository and made up of the standard Terraform files locals.tf
main.tf
outputs.tf
variables.tf
.
+ grinntec-terraform-azure
|--+ terraform-azurerm-resource_group
|
|-- .gitignore
|-- .terraform.local.hcl
|
|-- locals.tf
|-- main.tf
|-- outputs.tf
|-- variables.tf
|
|-- CHANGELOG.md
|-- LICENSE
|-- README.md
|
| |--+ .github
| | |
| | |--+ workflows
| | |
| | |-- ci-terraform.yaml
| |
| |--+ ExampleConfiguration
| | |
| | |-- locals.tf
| | |-- main.tf
| | |-- outputs.tf
| | |-- providers.tf
| | |-- terraform.tfvars
| | |-- variables.tf
| |
| |--+ checkov-security-scan
| |
| |-- results_cli.txt