Use TFMAKE_AGREE=1 to auto confirm that prompt. Please notice that the prompt shows the selected terraform workspace and the alias/name of the provider account. Using workspace 'prd' on 'My_fancy_Azure_Production_subscription'. Support for AWS will follow in a future version of tfmake Final Notesīy default, before any a terraform command is executed, you will be asked to confirm the usage of the current environment. ARM_ACCESS_KEY = $(az keyvault secret show -name YOUR_SECRET -vault-name YOUR_VAULT -query value -o tsv) tfmake/config, make sure you enabled auto_switching:. When you're using Azure and installed azctx, tfmake will use the cached credentials to automatically switch to the correct subscription. So, if you delete this file, this safeguard won't work anymore :( Auto-switching Credentials on Azure The 'magic' behind all this is a cache stored in $(PWD)/.tfmake/cache. You previously used 'aws-account-one' for provider aws. $ aws-vault exec ACCOUNT_TWO - tfmake plan If you use different credentials the next time you use tfmake in this project, you'll see a warning. > Now using Terraform workspace 'dev' on AWS account 'aws-account-one'. $ aws-vault exec ACCOUNT_ONE - tfmake select env=dev Only needed when using the select command! $ aws-vault exec my-aws-account - tfmake select env=dev -workspace-key-prefix foo/barĪfter you selected the environment, the path to your terraform state is: //Īssuming the key value is whatever/terraform.tfstate, this leads to: my-aws-account/foo/bar/whatever/terraform.tfstate Safeguarding CredentialsĪlthough, you have to provide the correct credentials yourself, tfmake will check if the credentials you provide are expected. ![]() If you want something in-between the alias and the key, you can use the 'workspace prefix' like this: TERRAFORM_S3_KEY is the value of the key in terraform.tf.ACCOUNT_ALIAS is the alias of the account you're using (either: AWS or Azure).When selecting an environment, by default, the following naming convention is used to store the terraform state: / Use tfmake azure help to see the azure edition. Example: "make apply input=false no-color auto-approve" can be used to pass arbitrary terraform parameters (without a prefix dash). parameter 'env' is only required when selecting an environment Import Import existing infrastructure into your Terraform state Select Select and initialize terraform workspace (aka 'stage')ĭestroy Destroy Terraform-managed infrastructure Update Update terraform modules and providers Here's the help for the (bundled) Makefile $ tfmake helpĮNVIRONMENT is one of It just assumes you're using an authenticated context.įor, aws, I use aws-vault. The used Makefile will not handle authentication. For example: provider=azure leads to using Makefile.azure. Here, the provider is selected by using the right command.Įach provider leads to a specific Makefile. Depending on the selected provider, a different, provider specific, Makefile is used to wrap terraform. If you see one, please update: pip install -upgrade tfmake ProvidersĬurrently, tfmake supports two providers: aws and azure. Guess Default command that guesses what provider you're using.Ī warning will be shown when your tfmake is out-of-date. Here's the help for the wrapper $ tfmake -help If you get an error message (~ and my colleagues haven't beat you to it). It's working very well for us, but your requirements might be different.Īlso, I've done my best to make this thing work on both MacOS and Linux. This module includes a highly opinionated Makefile implementation. The main advantage is that you don't have to copy the Makefile. This is a Python based wrapper around an opionated Makefile I use for multi-cloud/cross-account terraform projects.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |