How to Share Infrastructure in Multiple Terraform Projects?

Methods to divide Terraform AWS infrastructure between different teams and projects using Terraform: Using Terraform Data Sources, Accessing a Remote Terraform State-file From Other Project, ...

How to share AWS Infrastructure between multiple teams and projects?

There are many ways to share and manage AWS infrastructure created by Terraform with different teams inside a company.

In this tutorial, we share some methods to divide the responsibility, reduce the risk and give each team access to the infrastructure resources.

Using Terraform Data Sources

With this method, multiple projects can share resources (i.e. a VPC, Subnets, Route Tables, Security Groups, EBS volumes, Customer Gateways… ) by using a Terraform Data Source to find the resource ID in a different Terraform project.

The following example shows a Terraform Base project that creates the basic AWS infrastructure and a Terraform Web Project that creates an EC2 instance on the subnet created by the Base project.

Base Project

The base project creates a VPC and a Subnet. Once created, other projects can ask AWS for the IDs of this elements and use them in other Terraform configuration files.

terraform {
  required_version = "~> 0.12" 
}

provider "aws" {
  shared_credentials_file = pathexpand("~/keys/ditwl_kp_infradmin.pem")
  profile                 = "ditwl_infradmin"
  region                  = "us-east-1"
  version                 = "~> 2.0"
}

resource "aws_vpc" "ditwl-vpc" {
  cidr_block           = "172.17.32.0/19"
  enable_dns_support   = true
  enable_dns_hostnames = true
  tags = {
    Name = "ditwl-vpc"
  }
}

resource "aws_subnet" "ditwl-sn-za-pro-pub-32" {
  vpc_id                  = aws_vpc.ditwl-vpc.id
  cidr_block              = "172.17.32.0/23"
  availability_zone       = "us-east-1a"
  map_public_ip_on_launch = "true"
  tags = {
    Name = "ditwl-sn-za-pro-pub-32"
  }
}

Terraform Web Project

The sub project creates only the needed infrastructure for a simple website. Since it needs a VPC and a Subnet, it uses Terraform Data Sources to find out the IDs of the VPC and the Subnet created by the Base project.

terraform {
  required_version = "~> 0.12" 
}

provider "aws" {
  shared_credentials_file = pathexpand("~/keys/ditwl_kp_infradmin.pem")
  profile                 = "ditwl_infradmin"
  region                  = "us-east-1"
  version                 = "~> 2.0"
}

data "aws_ami" "ubuntu" {
  most_recent = true

  filter {
    name   = "name"
    values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
  }

  filter {
    name   = "virtualization-type"
    values = ["hvm"]
  }

  owners = ["099720109477"] # Canonical
}

#Find a VPC named "ditwl-vpc"
data "aws_vpc" "ditwl-vpc" {  
  filter {
    name = "tag:Name"
    values = ["ditwl-vpc"]
  }  
}

#Find a Subnet located at the VPC named "ditwl-vpc" with tag Name="ditwl-sn-za-pro-pub-32"
data "aws_subnet" "ditwl-sn-za-pro-pub-32" {
  vpc_id = data.aws_vpc.ditwl-vpc.id
  tags = {
    Name = "ditwl-sn-za-pro-pub-32"
  }
}

# Create an AWS instance in the Subnet "ditwl-sn-za-pro-pub-32"
resource "aws_instance" "ditwl-web-01" {
  ami           = data.aws_ami.ubuntu.id
  instance_type = "t3.micro"
  subnet_id     = data.aws_subnet.ditwl-sn-za-pro-pub-32.id
  tags = {
    Name = "HelloWorld"
  }
}

Accessing a Remote Terraform State-file From Other Project

WIP

terraform-aws-ec2-rds-basic-free - ITWL_AWS_Terraform_VPC_WP_RDS_tags.png
Table of Contents
Primary Item (H2)Sub Item 1 (H3)Sub Item 2 (H4)
Sub Item 3 (H5)
Sub Item 4 (H6)

Related Cloud Tutorials

AWS Security Groups’ Best Practices
AWS Security Groups are virtual firewalls that control inbound and outbound traffic to and from Amazon Web Services (AWS) resources, such as EC2 and RDS instances.
AWS and Terraform Naming Best Practices
Terraform and AWS resource naming should follow a company standard. Each company has different requirements and the standard should be adjusted.
How To Debug Terraform
Enable Terraform debug Terraform uses the value from the environment variable TF_LOG to define the LOG level. Available values are TRACE, DEBUG, INFO, WARN or ERROR. Additionally, you can specify a destination file for the log by setting the environment variable TF_LOG_PATH to the full path of the desired destination. Set the debug variables and […]
AWS Tagging Best Practices
Effective infrastructure resource tagging can greatly improve management, IaC, monitoring and cost visibility in AWS.
How to Deploy Applications in Kubernetes using Terraform
How to publish multiple replicas of an Application (from the Docker Registry) and create a NodePort in Kubernetes using Terraform (in 10 seconds)
Terraform logo
HCL
HashiCorp Configuration Language HCL is a domain-specific language developed by HashiCorp, a company known for its infrastructure automation tools such as Terraform, Vault, Consul, and Nomad. HCL is designed specifically for writing configuration files that define infrastructure components and their settings. It is used in HashiCorp’s suite of tools to create and manage infrastructure as […]
AWS Terraform module
IaC
Infrastructure as Code IaC is an approach to managing and provisioning computing infrastructure through machine-readable code and automation, rather than manual processes. In IaC, infrastructure is defined, configured, and managed using code, which can be version-controlled and treated like any other software application. IaC involves: IaC provides several benefits, including improved efficiency, reduced manual errors, […]
AWS S3
AWS S3, is a highly scalable and durable object storage used for data storage, backup, content distribution, data archiving, and as a foundation for building cloud-native applications.
AWS EC2
Amazon Elastic Compute Cloud, is a web service offered by Amazon Web Services (AWS) that provides resizable and scalable compute capacity in the cloud. In simple terms, AWS EC2 allows you to launch and manage virtual machines, known as instances, in the AWS cloud.
AWS AMI
AWS AMI, or Amazon Machine Image, is a pre-configured virtual machine image used to create and launch Amazon Elastic Compute Cloud (EC2) instances
1 2 3

Javier Ruiz

IT Wonder Lab tutorials are based on the rich and diverse experience of Javier Ruiz, who founded and bootstrapped a SaaS company in the energy sector. His company, which was later acquired by a NASDAQ traded company, managed over €2 billion per year of electricity for prominent energy producers across Europe and America. Javier has more than 20 years of experience in building and managing IT companies, developing cloud infrastructure, leading cross-functional teams, and transitioning his own company from on-premises, consulting, and custom software development to a successful SaaS model that scaled globally.

One comment on “How to Share Infrastructure in Multiple Terraform Projects?”

Leave a Reply

Your email address will not be published. Required fields are marked *


linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram