0

Situation: We would like Terraform to do our infrastructure management on AWS (we are using AWS services only) and set up a Continuous Integration pipeline to test the Terraform configurations. Every one of our customers' environments are sitting on different subaccounts.

What we would like to achieve: Manage every customer environment separately, but using the same modules. If a module changes, we would like to run Terraform Plan on all customers' dev environment, then apply, then (if everything is fine) do the same with stage, etc. For example, lets say we have 10 clients, each of them has a Dev, Stage, Prelive, and Live environment. If I make a change in the network module and I commit my change, I want the system to do the Plan and Apply parallelly.

My questions: 1) What do you think, what would be the right way to roll out the changes? 2) Which tool would be suitable to achieve this? (Currently we are using Jenkins everywhere, but would be happy to use another tool if it could meet these requirements) 3) What would be the right logic to roll out changes for 10, 20, 50 clients, in a way that if a Plan fails, the checks will not stop, but will be done for all clients?

Thank you very much for your help!

David Dusnoki
  • 1

1 Answers1

1

I don't do this for multiple clients, but the method we're using achieves something similar. What we've done is setup AWS Codebuild against a terraform repository. In that repo we have our terraform files broken down into directories. That github repo is wired to trigger Codebuild(we're using lambda functions behind an API gateway for this). In the payload we grab the last two commits, then compare them for a list of files that changed. Meaning that we then know which terraform files changed on the commit in github. Then you just iterate over those changed files and run your plan/apply against them.

gochuck
  • 185
  • 2
  • 13