Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Sharing resources across terraform environments

Tags:

terraform

I have created a simple terraform infrastructure that will created some resource on aws.I have each environment variables in a separate tfvars. However I do have shared resources like security groups that would be used across environments.

How can I structure the code in such a way that I can create/destroy environments without destroying the shared resources?. I could create separate workspaces but since all resources are defined in same repo, if i destroy one environment, I am going to destroy the shared resources in the process.

A simplified version of my directory structure is as follows:

/
/main.tf
/vars/dev.tfvars
/vars/qa.tfvars
/vars/prod.tfvars

Moreover when using modules how can i specify to only delete part of it during a terraform destroy

module "vpc" {
  source = "terraform-aws-modules/vpc/aws"

  name = "my-vpc"
  cidr = "10.0.0.0/16"

  azs             = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
  private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
  public_subnets  = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]

  enable_nat_gateway = true
  enable_vpn_gateway = true

  tags = {
    Terraform = "true"
    Environment = "dev"
  }
}

For example if i delete dev environment , i just want the subnets to be deleted and not the vpc since i have one vpc shared between all environments.

like image 817
user2650277 Avatar asked Dec 20 '25 08:12

user2650277

1 Answers

For your need, you can create another TF State which contains your shared resources only, Then import it as a variable or Data in your current State. You can do as follow

/Shared-resources   <== shared stack to export SG
   /main.tf
   /export.tf
/Stack   <== Import SG here 
  /main.tf
  /vars/dev.tfvars
  /vars/qa.tfvars
  /vars/prod.tfvars

And your create 2 differents pipelines CICD to deploy "shared-resource" in his TF state, and the others in differents TF states.

Edit based on question changes:

First, it's not a good practice to have a unique VPC across many env, in your case you can have one VPC per environment, that solves the problem from the beginning :).

What you can do, is to extract the resources created in another state and leave the VPC untouched, that's mean extract the subnets and all network stuff in the shared-service state. Then import it in your VPC State as Data or variables from the other shared resources State

like image 95
Hatim Avatar answered Dec 23 '25 20:12

Hatim
Sign in to Comment

Related questions

How does Terraform know what files to load?
how to create aws lambda trigger in terraform?
Add data to a json file in terraform
Terraform Gives errors Failed to load plugin schemas

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!