DEVHIDE
Login Or Sign up

How to achieve dependency management in pure terraform

56 Views Asked by At

I have posted an opinion question but was told that SO favours more specific question hence why I’m asking a more specific as a followup:

Let’s say that I have two terraform projects, vpc, and k8s cluster:

# vpc/main.tf

resource "aws_vpc" "main" {
  cidr_block = "10.0.0.0/16"
}

resource "aws_subnet" "main1" {
  vpc_id     = aws_vpc.main.id
  cidr_block = "10.0.1.0/24"

  tags = {
    Name = "Main1"
  }
}

resource "aws_subnet" "main2" {
  vpc_id     = aws_vpc.main.id
  cidr_block = "10.0.2.0/24"

  tags = {
    Name = "Main2"
  }
}

output "vpc_id" {
  value = aws_vpc.main.id
}

output "subnet_1_id" {
    value = aws_subnet.main1.id
}

output "subnet_2_id" {
    value = aws_subnet.main1.id
}

In the cluster project:

# eks/main.tf

variable "subnet_1_id" {}
variable "subnet_2_id" {}

resource "aws_eks_cluster" "example" {
  name     = "example"
  role_arn = "arn:myawsrole/accnt"

  vpc_config {
    subnet_ids = [var.subnet_1_id, var.subnet_2_id]
  }

  # Ensure that IAM Role permissions are created before and deleted after EKS Cluster handling.
  # Otherwise, EKS will not be able to properly delete EKS managed EC2 infrastructure such as Security Groups.
  depends_on = [
    aws_iam_role_policy_attachment.example-AmazonEKSClusterPolicy,
    aws_iam_role_policy_attachment.example-AmazonEKSVPCResourceController,
  ]
}

output "endpoint" {
  value = aws_eks_cluster.example.endpoint
}

output "kubeconfig-certificate-authority-data" {
  value = aws_eks_cluster.example.certificate_authority[0].data
}

Let’s say I want the EKS module to be fed the inputs from vpc/main.tf but I want them to be applied independently to limit the blast radius. How do I manage these projects in pure terraform. I don’t want to use terragrunt/terrateam since they are overkill for my case I feel. Here are approaches I have considered:

  • Using terraform remote_state data source
  • Writing to another source such as aws_ssm or vault and reading those from that source

Note that I also want to be able to detect when these outputs have changed to trigger updates in dependant projects as well and I want to do this in a pipeline so I need a way to track changes in thes outputs

terraform terragrunt
Original Q&A
0

There are 0 best solutions below

Related Questions in TERRAFORM

Related Questions in TERRAGRUNT

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

.

Copyright © 2021 Jogjafile Inc.