Manage Multiple Environments in AWS using Terraform

Terraforms in a way have revolutionized the management of infrastructures as code. Terraform uses declarative, high level, scalable and flexible code to manage infrastructure.

Organizations have multiple environments for any application that is being built. Developers have their own environment called dev, QA people have testing environments, integration environment is right before production to finally check the application before you go live!

So the code written by devs for dev environment climbs the ladder and moves to testing phase, then integration before finally going live to prod . This is what should happen when we maintain infrastructure as code.

Terraform uses the concept called workspaces to manage different environments.

Workspaces are how Terraform Cloud organizes infrastructure for different environments. If you have worked with Terraforms, you already have worked with workspaces i.e. a default workspace. A workspace contains everything Terraform needs to manage a given collection of infrastructure for any specific environment.

Here we will look at a very simple and effective way to manage multiple environments using Terraform :

Git link for code : https://github.com/Viveksingh1313/Terraform-Multiple-Envs

Workspaces uses state to manage the infrastructure configuration for different environments, which means that for every workspace there will be a separate terraform.tfstate file generated.

This is what a Directory looks like with dev and prod environments :

In our example we will create two environments — 1. dev 2 .prod

Let’s begin with the practical session (consists of total 12 steps):

Step 1 : Install terraform and create an IAM user in your AWS account. Attach an AdministratorAccess policy(for this blog) to the IAM user and download the secret_key and access_key.

If you have any confusion please refer step1 and step 2 in this article.

Step 2 : Create a main.tf file and paste following content :

provider “aws” {
   access_key = “acess_key_here”
   secret_key = “secre_access_key”
   region = var.region
}
resource “random_pet” “petname” {
   length = 3
   separator = “-”
}
resource “aws_s3_bucket” “bucket” {
   bucket = “${var.prefix}-${random_pet.petname.id}”
   acl = “public-read”
   policy = <<EOF {
     “Version”: “2012–10–17”,
     “Statement”: [{
     “Sid”: “PublicReadGetObject”,
     “Effect”: “Allow”,
     “Principal”: “*”,
     “Action”: [
         “s3:GetObject”
      ],
     “Resource”: [
         “arn:aws:s3:::${var.prefix}-${random_pet.petname.id}/*”
     ]
   }]
}
EOF
website {
   index_document = “index.html”
   error_document = “error.html”
}
force_destroy = true
}
resource “aws_s3_bucket_object” “webapp” {
   acl = “public-read”
   key = “index.html”
   bucket = aws_s3_bucket.bucket.id
   content = file(“${path.module}/assets/index.html”)
   content_type = “text/html”
}

Pass your secret_key and access_key to provider block.
Here we are creating a S3 bucket using resource “aws_s3_bucket‘. Resource “aws_s3_bucket_object” is used to create an index.html file inside the bucket with the content of index.html file. We have also attached a publicly accessible resource policy to S3 bucket so that any IAM user can view the buckets.

Step 3 : Create an assets folder. Inside the assets folder create index.html file and fill it in with whatever content you want your S3 bucket files to have.

Step 4 : Create a file named “variables.tf” file

variable “region” {
    description = “This is the cloud hosting region where your   webapp will be deployed.”
}
variable “prefix” {
    description = “This is the environment where your webapp is deployed — prod, or dev”
}

Step 5 : Create a “dev.tfvars” file to manage dev environment’

# dev environment
region = “us-east-2”
prefix = “dev”

Step 6 : Create a “prod.tfvars” file to manage prod environment

# prod environment
region = “us-east-2”
prefix = “prod”

Step 7 : Create a “outputs.tf” file, which will be assigned the url to S3 bucket after deployments are done . Remember this assignment can only be done after you deploy the infrastructure using “terraform apply”

output “website_endpoint” {
   value =  “http://${aws_s3_bucket.bucket.website_endpoint}/index.html"
}

We are done with our configuration. We will run the commands now to get our infrastructure created.

Step 8 : Run “terraform init” — downloads providers

Step 9: Run “”terraform workspace new dev” to create a dev environment. This command also sets your current workspace to dev.

Step 10 : Run “terraform apply -var-file=dev.tfvars” — Applies the configuration of your dev environment using dev.tfvars file to terraform infrastructure. This command will help create S3 bucket for dev.

Step 11: Run “terraform workspace new prod” — Creates a new workspace prod for prod infrastructure management.

Step 12 : Run “terraform apply -var-file=prod.tfvars” — Applie the configuration of your prod environment using prod.tfvars file to terraform infrastructure. This command helps create S3 bucket for prod.

That’s it.

Your infrastructure (S3 buckets for dev and prod) are created in AWS.

Screenshot below :

Main.tf file → The names of the bucket are coming from the resource “random_pet” in “aws_s3_bucket” resource.

In this case, we have created the states locally. Directory structure after Step 12 :

However it is advised to have these states created in the cloud i.e. in S3 bucket preferably.

A clap and follow would be the best way to end this so that we can see each other again somewhere in between a gazillion articles floating around . Thanks :)