Skip to content

Instantly share code, notes, and snippets.

@pwillis-els

pwillis-els/readme.md

Last active June 9, 2022 18:53
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save pwillis-els/1cbc5133afcb510b226d1189b8b8285a to your computer and use it in GitHub Desktop.
Save pwillis-els/1cbc5133afcb510b226d1189b8b8285a to your computer and use it in GitHub Desktop.
Download ZIP
How I manage Terraform & AWS infrastructure
Raw
readme.md

My development environment

I use a couple tools to make it easier for me to get work done:

  • cliv. This installs all my typical Ops tools that aren't packaged by my Linux distribution. This also allows me to switch versions of any tool at any time, either by specifying a particular version of a tool, or by pinning a version in a .COMMAND-versions file. No need for tfenv.

  • terraformsh. This wrapper for Terraform makes it much easier to manage lots of environments and run common Terraform commands. It's simpler than TerraGrunt and still allows me to keep my code and configs DRY.

  • terraformer. I use this tool whenever there's a legacy AWS, Azure, New Relic, etc cloud infrastructure that isn't managed by Terraform yet. I dump all the files, edit them to connect the resources together / link dependencies, and commit them to a repo and start managing the infrastructure as code.

  • Git. Kinda hard not to use Git these days, eh?

  • saml2aws. At work we use SAML to authenticate to AWS and generate temporary credentials, and this is the best tool for the job.

  • GnuPG. I keep a master GPG key used to sign Git commits, keep my SSH private keys, and secure my pass store.

  • pass. I use this to store my passwords/keys/etc. Combined with GnuPG and Git, I can keep an encrypted store of passwords and sync them, version-control them. Combined with saml2aws and aws-cli, this becomes the System Keychain used to store my saml2aws username/password used to generate credentials for aws-cli.

  • aws-cli. Command-line interface to AWS. I use the following config to automatically authenticate via saml2aws when my credentials expire.

    [profile org-product-dev]
output = json
credential_process = saml2aws login --skip-prompt --quiet --credential-process --role DEV-ROLE-ARN-HERE --profile org-product-dev-saml2aws

[profile org-product-prod]
output = json
credential_process = saml2aws login --skip-prompt --quiet --credential-process  --role PROD-ROLE-ARN-HERE --profile org-product-prod-saml2aws

  • docker. Anything I do "for work" gets automated eventually, and I use Docker containers to create a single environment so I can run this work from some CI/CD tool. Deploys, troubleshooting tools, dev tools, etc all get kept in and run from a container. The actual code is kept in Git repositories and either volume-mounted into or checked-out from the container.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment