grouping hierarchy

Account

• Per AWS Account

• Prod, Non-prod, Main, TestNet

Env / VPC / Workspace

• dev,qa,uat,prod, main

• separated by terraform.workspace

• separated by VPC

• 1 terraform.workspace = 1 VPC

Public Subnets

• sss

Private Subnets

• sss

GENERIC NAMING Convention

• Use DASH for Resource names to quicly identify which one is created by a developer vs. a terraform library code.

resource "aws_route53_record" "referral-digitalservices-io-record" {

...

}

• Variable and Tag Names should Start with Capital Letter because TF library codes always start small letter.

tags = {

App = local.tfsettings.project_name

Environment = terraform.workspace

Entity = local.tfsettings.entity_name

Terraform = "true"

Tier = "database"

}

# NOT YET IMPLEMENTED. THINK TWICE IF CAMEL CASE OF UNDERSCORE

locals {

default_tfsettings = {

Project_name = "msk-stack-standalone"

Pafka_version = "2.4.1"

Broker_nodes = 2

Instance_type = "kafka.t3.small"

Ebs_volume_size = 100

Client_broker = "TLS_PLAINTEXT"

# Security group to use. In this case, we will use EKS SG because other Kafka components are runnung in

Eks_sg = ""

}

TFSTATE Convention

• TFStates are separated by AWS Account and not by Enviroments.

• A TFState is shared by enviroments like Dev, QA and Productionn

• Hashicorp did not allow environment variables in "backend" to prevent separating TFState by Environments.

Naming: <entityname>-tfstate-<account>

Ex. devopsph-tfstate-mikaelvg

Component Naming Convention

Level1: Entity Name

• It could be a company, or a subgroups under one company.

• Ex. diginex is one entity, devopsph is one entity

Level2: Component Name

VPC

• 1 word description + Techinical Names like. eks, vpc, msk. Examples below

  • mainVpc

  • vendorVpc

Security Group

• Always assign NAME TAG because theres always multiple secgrp names

Subnet

• Use default

• Samples

  • devopsph-mainVpc-default-private-us-east-1a

  • devopsph-mainVpc-default-private-us-east-1b

  • devopsph-mainVpc-default-private-us-east-1c

Other Components Under VPC

• Use the defaults

• The default has VPC name prefix. Succeding name is properly generated by the system.

• Samples

  • Subnets

    • devopsph-mainVpc-default-private-us-east-1a

    • devopsph-mainVpc-default-private-us-east-1b

    • devopsph-mainVpc-default-private-us-east-1c

    • devopsph-mainVpc-default-public-us-east-1a

    • devopsph-mainVpc-default-public-us-east-1b

    • devopsph-mainVpc-default-public-us-east-1c

  • Route table

    • devopsph-mainVpc-default-private-us-east-1a

    • devopsph-mainVpc-default-private-us-east-1b

    • devopsph-mainVpc-default-private-us-east-1c

    • devopsph-mainVpc-default-public

  • Internet gateway

    • devopsph-mainVpc-default

  • Elastic IPs

    • devopsph-mainVpc-default-us-east-1a

    • devopsph-mainVpc-default-us-east-1b

    • devopsph-mainVpc-default-us-east-1c

  • Nat Gateways

    • devopsph-mainVpc-default-us-east-1a

    • devopsph-mainVpc-default-us-east-1b

    • devopsph-mainVpc-default-us-east-1c

Level3: Application Code

• Shared = if shared accross different application.

• Application Code = there should be a reference short short code of the application

Folder Structure for IAC

applications - contains codes that are for applications use

modules - contains the templates used by the applications

scripts - bash and python scripts

Files

# secrets file are entirely encrypted

tfsecrets/

<env>.yml

default.yml

#root

iam.tf - roles and users

instance.tf - ec2 intances

key.tf

Application

main.tf

• Central file to contain all the "resources" creation and variable assignements.

• common resources are:

For application use only

Note: There are configuration create by "network" and this, specific to application only.

• • Application database

  • Loadbalancers

  • IAM roles

  • IAM policies

  • IAM iam_assumable_role

backend.tf

• tfstate S3 storage

data.tf

• Data sources allow data to be fetched or computed for use elsewhere in Terraform configuration. Use of data sources allows a Terraform configuration to make use of information defined outside of Terraform, or defined by another separate Terraform configuration.

• External Fetched data sources are:

  • devopsph-network (terraform_remote_state) - VPC and other resources created by NETWORK component.

  • For detailed explanation of shared componets,refer to network <insert link here>

• Iinternal Fetched data sources are:

  • TDB