Figurate Terraform

Introduction

Terraform is an infrastructure provisioning tool that defines a language that allows for declarative definition of infrastructure resources in a concise format.

The power of Terraform is in the extensive list of provider plugins that implement integration with multiple Cloud platforms and vendor services.

Pros

The primary benefit of Terraform is that it is the default standard for integration with major Cloud providers, such that many of the new platform features are available first in Terraform.

• Strong Open Source community supporting multiple provider implementations for major and niche platforms and services.
• Extensible to support custom provider implementations to suit most needs
• Concise language well suited to infrastructure definition

Cons

Terraform alone is usually not sufficient to provide a complete Infrastructure as Code solution, but can be the cornerstone in a broader strategy.

• Infrastructure state is not managed automatically (Terraform Cloud does improve this)
• Some values may be stored in state insecurely (e.g. secrets, credentials, etc.)

Module Guidelines

Figurate modules are developed with the following principles for maximum portability and reuse.

• Use consistent variable names where possible (use same convention as resources)
• Make no assumptions about provider and backend configuration (these are configured externally)
• Avoid nested modules (minimise externally managed dependencies)
• Make no assumptions about execution environment (avoid local-exec)

Figurate Modules

Alerting | API Gateway | Audit Trail | Autoscaling | Backups | Budgets | Cache | Canary Deployments | CDN | Cell-based Architecture | Certificates | Containers | Service Discovery | Encryption | Events | Health Checks | Identity Management | Immutable Infrastructure | Lifecycle Policies | Load Balancing | Logging | Monitoring | Private Networking | Observability | Patching | Permissions | Proxies | Queues | Service Quotas | Recovery | Routing | Runbooks | Secrets | Serverless | Tenancy Management | Testing | Threat Detection | Throttling | Tracing | Usage Monitoring | Vulnerabilty Scans

Alerting

• AWS Cloudwatch Alarms
• AWS SNS Topics

API Gateway

• AWS Lambda APIs
• AWS API Gateway Targets

Audit Trail

TBD.

Autoscaling

• AWS Autoscaling Groups
• AWS Launch Templates

Backups

TBD.

Budgets

TBD.

Cache

TBD.

Canary Deployments

TBD.

CDN

• DigitalOcean CDN
• AWS CloudFront Distribution

Cell-based Architecture

TBD.

Certificates

• AWS ACM Certificates

Containers

• AWS ECS Clusters
• AWS ECS Services
• AWS ECS Task Definitions
• AWS ECR Repositories
• AWS ECS Capacity Providers

Service Discovery

• AWS Service Discovery Namespaces

Encryption

• AWS KMS Keys

Events

• AWS S3 Triggers
• AWS CloudWatch Events

Health Checks

TBD.

Identity Management

TBD.

Immutable Infrastructure

TBD.

Lifecycle Policies

TBD.

Load Balancing

• AWS Load Balancing

Logging

TBD.

Monitoring

TBD.

Private Networking

• AWS VPC Subnets
• AWS VPC Endpoints
• AWS Security Groups
• DigitalOcean Firewalls

Observability

TBD.

Patching

TBD.

Permissions

• AWS IAM Roles
• AWS IAM Groups
• AWS IAM Policies

Proxies

TBD.

Queues

TBD.

Service Quotas

TBD.

Recovery

TBD.

Routing

• AWS Route53 Zones

Runbooks

TBD.

Secrets

• AWS SSM Parameters

Serverless

• AWS Lambda Layers
• AWS Lambda Functions

Tenancy Management

• Github Repositories
• Github Organizations
• Terraform Cloud Organizations
• Terraform Cloud Workspaces
• AWS Organizations Policies

Testing

TBD.

Threat Detection

TBD.

Throttling

TBD.

Tracing

TBD.

Usage Monitoring

TBD.

Vulnerability Scans

TBD.