terraform infrastructure runs locally , building and deploying it on aws codepipeline gives error

0
votes

I have created my aws infrastructure using terraform . the infrastructure includes creating elastic beanstalk apps , application load balancer , s3 , dynamodb , vpc-subnets and vpc-endpoints.

the aws infrastructure runs locally using the terraform commands as shown below:

terraform init
terraform plan -var-file="terraform.tfvars"
terraform apply -auto-approve -var-file="terraform.tfvars"

The terraform.tfvars contains the variables like region , instance type , access key etc .

I want to automate the build and deploy process of this terraform infrastructure using the aws codepipeline . How can I achieve this task ? What steps to follow ? Where to save the terraform.tfvars file ? What roles to specify in the specific codebuild role . What about the manual process of auto-approve ?

MY APPROACH :The entire process of codecommit/github , codebuild , codedeploy ie (codepipeline) is carried out through aws console , I started with github as source , it is working (the github repo includes my terraform code for building aws infrastructure) then for codebuild , I need to specify the env variables and the buildspec.yml file , this is the problem , Iocally I had a terraform.tfvars to do the job but here I need to do it in the buildspec.yml file .

QUESTIONS :I am unaware how to specify my terraform.tfvars credentials in the buildspec.yml file and what env variables to specify? I also know we need to specify roles in the codebuild project but how to effectively specify them ? How to also Store the Terraform state in s3 ?

1
amazon-web-servicesterraformaws-codepipeline
What error do you get? How have you configured your pipeline?ydaetskcoR
I have specified my approach ? I am stuck when I need to specify buildspec.yml file and env variables for configuring the codebuild project , also I am unaware how to specify roles for codebuild ?adit modi
I was following below mentioned tutorial but as it involves creating aws security services whereas I need to create elastic beanstalk applications and many other things , got stuck while following there steps. aws.amazon.com/blogs/security/…adit modi

1 Answers

0
votes

- How can I achieve this task ?

Use CodeCommit to store your Terraform Code, CodeBuild to run terraform plan, terraform apply, etc and CodePipeline to connect CodeCommit with CodeBuild.

What steps to follow ?

There are many tutorials on the internet. Check this as an example: https://medium.com/faun/terraform-deployments-with-aws-codepipeline-342074248843

Where to save the terraform.tfvars file ?

Ideally, you should create one terraform.tfvars for development environment, like terraform.tfvars.dev, and another one for production environment, like terraform.tfvars.prod. And in your CodeBuild environment, choose the file using environment variables.

What roles to specify in the specific CodeBuild role ?

Your CodeBuild role needs to have the permissions to create, list, delete and update resources. Basically, in one service, it's almost everything.

What about the manual process of auto-approve ?

Usually, you use terraform plan in one CodeBuild environment to show what are the changes in your environment, and after a manual approval, you execute terraform apply -auto-approve in another CodeBuild environment. Check the tutorial above, it shows how to create this.