Skip to content

aws-ia/terraform-tfe-workspace-orchestrator

Repository files navigation

Terraform Cloud Multi-Region Deployment with Workspaces

If you want to deploy a terraform module to multiple locations (different VPCs, Regions, Accounts) this module can help. In most examples we use regions as the location separator but that doesnt have to be the case. The premise is simple, create your root module in a public VCS repo then using your Terraform Cloud (TFC) Organization, create workspaces for each deployment location.

Usage

To use you must have:

  1. Terraform Cloud Organization with Admin Access
  2. VCS repo with your HCL root module
  3. Connect the repo to TFC (To be automated)

Once the above is complete, simply execute this module with references for each location in a way that TFC can reference.

Workspaces

Workspaces are defined in a nested map as each deployment location. A workspace key within the var.workspaces can utilize any workspace argument.

It can also accept var.workspaces.<>.vars which can accept variable declarations as described below.

Variables

This module allows you to specify variables in 3 different ways:

  1. Attach a pre-created variable set id to each workspace with the key shared_variable_set_ids.
  2. Specify on a per-workspace using the nested map structure below
module "multi_region_deployment" {
  source = "aws-ia/workspace-orchestrator/tfe"
  ...

  shared_variable_set_ids = [
    data.tfe_variable_set.creds.id,
  ]

  workspaces = {
    eastcoast = {
      vars = {
        AWS_REGION = {
          value = "us-east-1"
          # category = "env" # unnecessary, default behavior
        }
        my_tf_var = {
          value     = "test"
          category  = "terraform"
        }
      }
    }
    westcoast = {...}
  }
}

Examples

For examples see here

Example terraform.tfvars

organization            = "<>"

# variable set contains my AWS_ACCESS_KEY_ID & AWS_SECRET_ACCESS_KEY, attach to all workspaces
creds_variable_set_name = "dev_aws_creds"

vcs_repo = {
  identifier     = "drewmullen/aws-infra" # https://github.com/drewmullen/aws-infra
  oauth_token_id = "<oauth token from TFC>"
  branch         = "master"
}

Known Issues

Currently there is no way to wait for any workspace variable sets prior to the initial workspace creation. If the inital apply fails you can rekick them off. This will hopefully be resolved in a future release

Requirements

Name Version
terraform >= 1.3.2
aws >=4.0.0, < 6.0.0
tfe >= 0.51.1

Providers

Name Version
tfe >= 0.51.1

Modules

No modules.

Resources

Name Type
tfe_variable.workspace resource
tfe_workspace.main resource
tfe_workspace_settings.this resource
tfe_workspace_variable_set.shared_preexisting_variable_set_ids resource
tfe_workspace_variable_set.this resource

Inputs

Name Description Type Default Required
organization TFC Organization string n/a yes
workspaces Nested map of workspaces to create and the associated arguments they can accept:

Example:
workspaces = {
eastcoast = {
vars = {
AWS_REGION = {
value = "us-east-1"
}
}
}
westcoast = {...}
}
Arguments accepted within workspace definition:

- All arguments from tfe_workspace. Defaults set as documented in July 2022 (v0.33.0).
- vars = A nested map of variables, their value and category
vars = {
myvar_name = {
value = "my var value"
category = "env" # valid values: "env" or "terraform", default = "env"
}
}
Workspace tag_names will attempt to combine specific tag_names and from var.shared_workspace_tag_names.
any n/a yes
shared_variable_set_ids A variable set ID to set to all workspaces. Use if you have a pre-existing variable set. list(string) [] no
shared_workspace_tag_names Tag names to set for all workspaces. To set per-workspace, see var.workspaces. list(any) [] no
vcs_repo Definition of the VCS repo to attach to every workspace.
object({
branch = optional(string)
github_app_installation_id = optional(string)
identifier = string
ingress_submodules = optional(bool)
oauth_token_id = optional(string)
})
null no

Outputs

Name Description
workspaces_attributes Attributes associated with the created workspaces.