Skip to content

desiredState/dStf

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

48 Commits
.vscode
.vscode
 
 
example
example
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
dstf.sh
dstf.sh
 
 
wrapper.sh
wrapper.sh
 
 

Repository files navigation

dStf

An opinionated Terraform wrapper by desiredState.

Installation

Linux / MacOS

To install the dstf command-line tool simply paste the following command into a shell. If you get a Permission denied error, try sudo -i first.

curl -L https://raw.githubusercontent.com/desiredState/dStf/master/wrapper.sh > /usr/local/bin/dstf && chmod +x /usr/local/bin/dstf

Prerequisites

dStf expects your Terraform repo to be formatted like so:

.
├── .gitignore           # Ensures you don't push secrets to the remote. See below for content.
├── dev-secrets.tfvars   # dev workspace specific variables. See below for content.
├── test-secrets.tfvars  # test workspace specific variables. See below for content.
├── prod-secrets.tfvars  # prod workspace specific variables. See below for content.
└── terraform            # This directory contains all your Terraform configurations.
    ├── dstf.tf          # This initialises the above tfvars. See below for content.
    └── main.tf          # A placeholder for your own Terraform configuration.

You can then proceed to bulk out the terraform/ directory with your own Terraform configurations, modules, etc, as per the official documentation.

.gitignore

It is important to ensure you have the following entries in your repo's .gitignore file. Missing these could lead to secrets being pushed to the remote.

# Sensitive files.
secrets.tfvars
*-secrets.tfvars

# Terraform compiled files.
*.tfstate
*.tfstate.backup
*.tfplan
terraform.tfstate.d/

# Terraform modules directory.
.terraform/

# dStf files.
.dstf-init.done

AWS credentials

Create a Programmatic access IAM user and access keys with AdministratorAccess role permissions for Terraform in AWS.

{dev,test,prod}-secrets.tfvars

To keep any secrets out of source control you'll need create a dev-secrets.tfvars, test-secrets.tfvars and a prod-secrets.tfvars file in the root directory of your Terraform repo with the following content (adjusting as necessary for the given account).

# KEEP THIS FILE SECRET!

aws_access_key = "CHANGE_ME"
aws_secret_key = "CHANGE_ME"

terraform/dstf.tf

This file simply initialises the variables found in the above {dev,test,prod}-secrets.tfvars files so they're available from your own Terraform configurations.

variable "aws_access_key" {}

variable "aws_secret_key" {}

variable "aws_region" {
  default = "eu-west-2"
}

Example repo

A dStf-compatible example repo can be found in the example/ directory.

Usage

The dstf command must be executed from the root of your Terraform repo. Usage and available commands can be seen like so:

dstf help

For example, to run a terraform plan against the dev workspace you can simply:

dstf plan dev

To do

  • dStf Vault integration to remove the dependancy on local {dev,test,prod}-secrets.tfvars files.
  • The dstf new command to generate a fresh dStf-compatible Terraform repo (like example/).

About

An opinionated Terraform wrapper by desiredState.

desiredstate.io

Topics

docker terraform

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages