Our IaC Catalog allows DevOps and Platform Engineers to create self-service Terraform "Blueprints" for the rest of their organization. Blueprints consist of a base Terraform module, and then some additional HCL config that allows you to specify how the module should be used by anyone who wants to consume it. Once published to the AutoClod platform, a Blueprint creates a no-code UI that enforces the guardrails you've declared for the module, ensuring that anyone can create secure, compliant, and optimized Terraform code regardless of expertise. You can create Blueprints using any Terraform Provider that can be used in Terraform modules including the AWS provider, Azure provider, and Google Cloud provider.
We recommend following our getting started walkthrough for an in-depth explanation of how to create an IaC Catalog item. In this walkthrough, we will use public Terraform modules from CloudPosse to create a Terraform Blueprint for a KMS encrypted S3 bucket and then deploy that bucket and key to AWS using Terraform Cloud.
If you'd like to dive right without a detailed walkthrough, you can visit our Quick Starts page.
The IaC Catalog solution is broken up into two workflows that together enable self-service DevOps while maintaining organization best practices. These workflows, the Producer Flow and the Consumer Flow are explained in several steps that are below:
The Producer Flow is where an engineer in the organization or team who already knows Terraform is able to create the patterns they want to expose to other members of their organization through the IaC Catalog. Don't worry if all these steps do not make sense at first glance. This Getting started page will help you understand what each of these steps does with thorough code examples.
- First, a user must identify a module (or set of modules) they would like to utilize within their organization. This could be a static site, landing zone, a K8s setup using EKS, or anything else you frequently reuse. Your modules can be public modules on the Terraform Registry or private modules within your organization's source control.
- In order to use private modules, you must connect your source control system to AutoCloud.
- The user will Generate an API token within AutoCloud's UI which is used to authenticate AutoCloud's Terraform Provider with AutoCloud.
- The user will then define a short HCL file, or set of files, using AutoCloud's Terraform Provider semantics, that will configure how these modules should behave. Within this configuration, you can configure several things including:
- Selecting the repositories a pattern should create pull requests against (with the generated Terraform code).
- Adding additional questions to the consumer form that determine how the module(s) should be configured. This can be things such as what environment or region they are to be deployed in.
- Override variables in several ways including setting computed values, adding conditionals for the variable, layering on additional validation rules, and more! See the documentation for all you can do with variable customization.
- Add metadata to the created generator such as a name, description, and instructions for how to use it.
- Define RBAC for who (users and/or groups) within the organization should have access to the Blueprint.
- The user will then be back in their normal Terraform "flow". Just run terraform plan and terraform apply as you normally would for the new Blueprint to appear in your AutoCloud IaC catalog.
- The newly created Blueprint will begin as unpublished and can be found at IaC Catalog > Drafts. This allows the producer to test the Blueprint before publishing it to users in the organization. For more details on testing and publishing a blueprint, see Testing and Publishing Blueprints.
The Consumer Flow allows other engineers in a Producer's organization to generate Terraform code without needing Terraform expertise by using the Blueprints defined in the Producer Flow. This is done by visiting the IaC Catalog page in the AutoCloud platform and clicking the "generate" button on a Blueprint.
- First, a user will navigate to the IaC Catalog page in AutoCloud and find the Blueprint they wish to use.
- The user can then read any instructions on the Blueprint that will explain how it is to be used and what modules it contains.
- After clicking "generate", the user will fill out a simple form that is used to generate the Terraform code for that Blueprint. This form is based on two things:
- The variables for the Terraform Module(s) that make up the Blueprint.
- The AutoCloud configuration that was defined for the Blueprint as a part of the Producer Flow.
- Once the form is complete, the user will be able to see a compliance report and cost estimate for the Terraform code that will be generated. If this all looks good, the user can click submit.
- Once the form is submitted, a pull request will be created at the configured repo and file path with the generated Terraform file(s). Optionally, a JIRA ticket can also be created with a link to the opened pull request (if you have setup JIRA integration).
- The generated Terraform can now be deployed to your cloud account(s) using your existing process (Terraform Cloud/Enterprise, Atlantis, Jenkins, GitHub Actions, etc.). AutoCloud does not deploy IaC for you.