CODEWITHSUNDEEP
bambooterraform-provider-aws
Goutham
Goutham

Reputation: 63

How to build AWS services using Terraform with Bamboo

Can someone mention the steps in setting up the CI/CD pipeline for creating AWS services using Terraform in Bamboo

Upvotes: 1

Views: 2827

Answers (2)

30thh
30thh

Reputation: 11386

I would suggest to create a build plan with an output to a tfplan file saving it as an artifact.

terraform plan -out <FILE>

Then you review the output of plan-command in the log of the build task. Finally you write deployment project applying the tffile.

terraform apply <FILE>

You can control different stages (dev, staging, prod) over GIT-branches, creating a branch for every stage. Bamboo build task will peek the the hcl-file or switch the terraform workspace according to a current branch.

Every stage will get its own Bamboo deployment environment.

You need to put the GIT branch into the version of the Bamboo build. Otherwise you won't know, which Bamboo environment is this build to apply.

The deployment project will need the same terraform code version to apply the tfplan file. Most probably you will need to copy the whole script to the artefact or create a GIT tag.

There is a security issue in this solution. If the same Bamboo build task is able to execute terraform plan in every environment, the developers could theoretically get an access to PROD state-file. If could be an issue.

Upvotes: 0

Boris Van Hardeveld
Boris Van Hardeveld

Reputation: 66

You probably want to create a build plan which looks as follows:

STAGE: Plan
    JOB: Plan
        TASK: Script, terraform init -input=false
        TASK: Script, terraform validate -input=false
        TASK: Script, terraform plan -out=tfplan -input=false
STAGE: Apply
    JOB: Apply
        TASK: Script, terraform apply -input=false tfplan

The 'Apply' stage should be configured to be a 'Manual stage', meaning it needs manual approval before it will run. This allows to review the created Terraform plan in the first stage before applying it on your infrastructure. The plan itself can be linked to, and trigger on the repository with your Terraform specifications.

In terms of connecting with AWS, you can provide the required Terraform variables as environment variables in your scripts, which themselves refer to regular bamboo variables. For example:

export AWS_ACCESS_KEY_ID ="${bamboo.AwsAccessKeyId}"

terraform plan ...

In terms of fetching these variable values from AWS, you might be interested in this plugin: https://marketplace.atlassian.com/apps/1221965/secret-managers-for-bamboo (note that I am affiliated).

Upvotes: 1

Related Questions