aws-deployment-framework icon indicating copy to clipboard operation
aws-deployment-framework copied to clipboard

Published 20 hours ago verified publisher icon awslabs

Scaling Terraform Deployments

Open adamcoxon opened this issue 5 years ago • 2 comments

This is more of a question than an issue.

After successfully using CloudFormation for all our deployments across the org, I am testing the deployment of Terraform using the CodeBuild deployment provider with GitHub as the source. I have deployments working very nicely and am able to use CodeBuild to run the shell scripts to deploy the Terraform. Here is an example of the deployment map being used.

  - name: terraform-testing
    default_providers:
      source:
        provider: github
        properties:
          repository: terraform-testing
          owner: "bob"
          oauth_token_path: "pat"
          json_field: "pat"
          branch: test
      deploy:
        provider: codebuild
        properties:
          image: "STANDARD_2_0"
          spec_filename: buildspec-deploy.yml
    targets:
      - name: test3
        properties:
          environment_variables:
            TF_VAR_TARGET_ACCOUNT_ID: "432124341234" # Test3
            TF_VAR_TARGET_ACCOUNT_ROLE: TerraformTest
      - name: test2
        properties:
          environment_variables:
            TF_VAR_TARGET_ACCOUNT_ID: "432137401234" # Test2
            TF_VAR_TARGET_ACCOUNT_ROLE: TerraformTest

The question now which I am hoping the community here can help answer is how to scale these deployments. At the minute I need to add a new account each time to the map which will not scale to 10s or 100s of accounts very nicely. It would be great to be able to add in OU paths similarly to how we do when using the CloudForamtion provider.

Does anyone on here know how I could achieve this? I have seen custom deploy resources in previous PRs but that does not seem suitable as my source code needs to be in GitHub.

Thanks in advance. 👍 😄

adamcoxon avatar Apr 15 '20 08:04 adamcoxon

Hey @adamcoxon what version of ADF are you using ? AFAIK, ADF has stopped assume role from codebuild deployment account to target accounts post ADF 3x+ ?

amitsehgal avatar Jun 05 '20 00:06 amitsehgal

#397 provides a scalable implementation to this problem. We try to include support for this feature with the next release of ADF, being v3.2.0. I hope this helps.

sbkok avatar Nov 08 '21 17:11 sbkok

Thank you for your patience. I am happy to inform you that this feature has been released as part of v3.2.0 just now. Please open a new issue if you are experiencing any issues related to this feature.

sbkok avatar Jan 24 '23 10:01 sbkok