Networking State

We are starting with the network state area. In this case, that means it will where we create any network-related infrastructure. In our case, that means the following:

  1. VPC's
  2. Gatways
  3. Security Groups

We'll still segregate by environment in our case (production vs staging) but you don't necessarily need to in your case.

We'll make some new files, which mostly will be a copy/paste/tweak of our existing configuration.

File production/network/main.tf

This file is a copy of cloudcasts.tf. We copy it, rename it main.tf, remove non-VPC related configuration, and adjust our module path:

 1terraform {
 2  required_providers {
 3    aws = {
 4      source  = "hashicorp/aws"
 5      version = "3.25.0"
 6    }
 7  }
 8 
 9  backend "s3" {
10    profile = "cloudcasts"
11    region  = "us-east-2"
12  }
13}
14 
15provider "aws" {
16  profile = "cloudcasts"
17  region  = "us-east-2"
18}
19 
20variable "infra_env" {
21  type        = string
22  description = "infrastructure environment"
23 
24  # We can set a default here since we're in the production env area
25  default     = "production"
26}
27 
28variable default_region {
29  type = string
30  description = "the region this infrastructure is in"
31  default = "us-east-2"
32}
33 
34module "vpc" {
35  # Note that our modules directory are up 2 levels now
36  source = "../../modules/vpc"
37 
38  infra_env = var.infra_env
39  vpc_cidr = "10.0.0.0/17"
40  azs = ["us-east-2a", "us-east-2b", "us-east-2c"]
41  public_subnets = slice(cidrsubnets("10.0.0.0/17", 4, 4, 4, 4, 4, 4), 0, 3)
42  private_subnets = slice(cidrsubnets("10.0.0.0/17", 4, 4, 4, 4, 4, 4), 3, 6)
43}

We're re-using the same vpc module so the changes here are fairly light in our use case - we're just moving the VPC module into it's own, separately tracked state.

File run

We can update our helper script named run as well to work with our environment and state areas:

 1#!/usr/bin/env bash
 2 
 3TF_ENV=$1 # staging, production, etc
 4TF_STATE=$2 # network, data, compute
 5 
 6DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
 7 
 8# Always run from the location of this script
 9cd $DIR
10 
11if [ $# -gt 0 ]; then
12 
13    if [ ! -d "$TF_ENV/$TF_STATE" ]; then
14        >&2 echo "Directory $DIR/$TF_ENV/$TF_STATE" does not exist
15        exit 1
16    fi
17 
18    if [ "$3" == "init" ]; then
19        terraform -chdir=./$TF_ENV/$TF_STATE init \
20          -backend-config="bucket=terraform-course-cloudcasts" \
21          -backend-config="key=$TF_ENV/$TF_STATE.tfstate"
22    else
23        terraform -chdir=./$TF_ENV/$TF_STATE $3
24    fi
25fi
26# Head back to original location to avoid surprises
27cd -

We have 3 total arguments needed now:

  1. Environment (staging, production)
  2. State (data, compute, network)
  3. The command (init, plan, apply, destroy, etc)

The init command has some special needs, so it's handled in a different way - we add the -backend-config flags to supply the S3 Bucket and Key parameters dynamically.

Note that we can also get rid of our backend-production.tf and backend-staging.tf files.

We can then use this helper to see if our Network state area will be created successfully.

1./run production network init
2./run production network plan
3./run production network apply

Don't miss out

Sign up to learn when new content is released! Courses are in production now.