Automating Terraform Deployment with CircleCI AWS

Amaresh Pelleti

Are you looking to streamline your infrastructure deployment process using Terraform and CircleCI? Look no further! In this post, we’ll walk you through setting up a robust deployment pipeline that automatically deploys infrastructure changes while ensuring consistency and reliability across different environments.

Introduction

Managing infrastructure as code (IaC) can be a daunting task without the right tools and processes in place. With Terraform and CircleCI, you can automate the deployment process, reduce manual errors, and improve deployment efficiency.

Setting Up the Pipeline

Pipeline Overview

Our deployment pipeline consists of several key steps:

  1. Linting: Analyzing Terraform code for security vulnerabilities using tfsec.
  2. Terraform Plan: Generating an execution plan based on the branch name and environment type.
  3. Manual Approval: A manual approval step before applying changes to the infrastructure.
  4. Terraform Apply: Applying Terraform changes to the infrastructure after approval.

Configuration Explanation

We’ve provided a sample CircleCI configuration file with detailed explanations:

version: 2.1

executors:
  terraform:
    docker:
      - image: docker.mirror.hashicorp.services/hashicorp/terraform:light
  tfsec:
    docker:
      - image: aquasec/tfsec-ci:latest

jobs:

  tfsec:
    executor: tfsec
    steps:
      - checkout
      - run: 
          name: tfsec
          command: |
            tfsec . -s

  terraform-plan:
    executor: terraform
    steps:
      - checkout
      - run:
          name: Set Environment and Terraform Plan
          command: |
            echo "Running Terraform Plan for branch: $CIRCLE_BRANCH"
            if [ "$CIRCLE_BRANCH" == "dev" ]; then
              export ENV_TYPE="dev"
              terraform init -backend-config=dev_backend.hcl
              terraform plan -var-file=dev.tfvars
            elif [ "$CIRCLE_BRANCH" == "test" ]; then
              export ENV_TYPE="test"
              terraform init -backend-config=test_backend.hcl
              terraform plan -var-file=test.tfvars
            elif [ "$CIRCLE_BRANCH" == "master" ]; then
              export ENV_TYPE="prod"
              terraform init -backend-config=prod_backend.hcl
              terraform plan -var-file=prod.tfvars
            else
              echo "Unsupported branch: $CIRCLE_BRANCH"
              exit 1
            fi

  terraform-apply:
    executor: terraform
    steps:
      - checkout
      - run:
          name: Set Environment and Terraform Apply 
          command: |
            echo "Running Terraform Apply for branch: $CIRCLE_BRANCH"
            if [ "$CIRCLE_BRANCH" == "dev" ]; then
              export ENV_TYPE="dev"
              terraform init -backend-config=dev_backend.hcl
              terraform apply -var-file=dev.tfvars
            elif [ "$CIRCLE_BRANCH" == "test" ]; then
              export ENV_TYPE="test"
              terraform init -backend-config=test_backend.hcl
              terraform apply -var-file=test.tfvars
            elif [ "$CIRCLE_BRANCH" == "master" ]; then
              export ENV_TYPE="prod"
              terraform init -backend-config=prod_backend.hcl
              terraform apply -var-file=prod.tfvars
            else
              echo "Unsupported branch: $CIRCLE_BRANCH"
              exit 1
            fi

workflows:
  build_approve_deploy:
    jobs:
      - tfsec
      - terraform-plan:
          requires:
            - tfsec 
      - hold:
          type: approval
          requires:
            - terraform-plan
      - terraform-apply:
          requires:
            - hold

Configuring Environment Variables

To securely manage sensitive information like AWS credentials, we use CircleCI’s context feature. Follow these steps to configure environment variables:

Open Organization Settings: Navigate to the CircleCI organization settings from the menu.

Create Context: Inside the organization settings, create a context named “dev, test, prod” (or your preferred name).

Add Variables: Within the context, add the following variables:

  • AWS_ACCESS_KEY_ID: AWS access key ID for accessing AWS services.
  • AWS_SECRET_ACCESS_KEY: AWS secret access key corresponding to the access key ID.
  • Other environment-specific variables as required for your deployment.

Example Configuration

For a practical demonstration, you can explore the GitHub repository containing the sample configuration and Terraform scripts.

Conclusion

Automating infrastructure deployment with Terraform and CircleCI offers numerous benefits, including increased efficiency, reduced errors, and improved deployment consistency. By following the steps outlined in this guide, you can set up a robust deployment pipeline tailored to your organization’s needs.

Start automating your infrastructure deployment today and unlock the full potential of Terraform and CircleCI!

Feel free to reach out if you have any questions or need further assistance.

Happy deploying! 🚀