Skip to content

Latest commit

 

History

History
62 lines (42 loc) · 2.38 KB

infrastructure-and-terraform.md

File metadata and controls

62 lines (42 loc) · 2.38 KB
Raw

Infrastructure and Terraform

We use infrastructure as code (Terraform) to deploy and manage resources hosting the app. This is stored in the terraform directory.

Read the In-depth Terraform documentation

Linting Terraform documentation

Occasionally, a PR might fail CI on Github at the Terraform / Validate step. To lint the Terraform documentation and get this check passing:

  1. Install terraform-docs brew install terraform-docs
  2. Switch onto the failing branch (usually a Renovate branch)
  3. cd into the terraform directory in the repo
  4. Run terrform-docs .
  5. Commit the changes on the branch

Tfvar files

We use tfvar files to store the secrets and settings used to manage our infrastructure.

Each environment has a corresponding file, dev.tfvars, test.tfvars and prod.tfvars.

As the contents of these files is sensitive, we have to handle them carefully and store them securely.

These files should never be shared via insecure methods and are stored in the Azure Keyvault.

If you need to work with the infrastructure, for example updating or adding an environment variable, you will need to fetch the relevant file.

Fetching the tfvar files

Before you can fetch the files you need permission to do so. Another member of the team or a member of the devops team will need to action this for you.

Each file has a key_vault_access_users key which is an array of the user accounts that can download the files. Your account will need to be added to this list and have the change applied before you can then download the files.

The keyvault that stores these files is in the development Azure resource group so you will not neeed to open a PIM to download the files, note: you will need a PIM to apply any changes in test or production.

Once you have access you can download the files for each environment.

Instructions for downloading the files will be available in the wiki (DfE access required)]

Applying changes with the tfvar file will also update the file stored in the Azure keyvault:

Always download the tfvars before running any Terraform to ensure you have the latest version!

See the in-depth Terraform documentation for applying changes with these files.