Gentoo uses some Terraform to manage various components that have terraform support; this helps support infra-as-code which we feel is important to manage infrastructure. For infra members, check out git+ssh://email@example.com/infra/infra-as-code.
Currently terraform can control our onprem gitlab and our AWS deployment. Pushing updates requires two credentials:
- An AWS credential to access terraform state (s3, dynamodb). - A credential for the target system (currently an AWS or gitlab credential.)
We will document how to get both.
infra-as-code/aws/accounts/$ARN/ is our aws control segment.
infra-as-code/gitlab/ is our gitlab control segment.
It stores terraform state on AWS; to use terraform apply you will need AWS creds. export AWS_SECRET_KEY_ID and AWS_SECRET_ACCESS_KEY for your role.