How to automate Infrastructure Deployment using Terraform
Santiago Roldan Ruarte
Information Security Engineer | Identity & Access Management | IAM | Cloud Security | AWS | Blockchain Enthusiast
As an IAM Engineer, the scope of my position is a really wide sometimes.
We are not only taking care of the permissions that the users should have to work, we sometimes get caught in the middle of DevOps pipelines, or Data Analytics integrations, Customer Experience metrics, Software Development best practices… and pretty much all the technical areas of the compay.
In this case, I’ll show you how you can automate Infrastructure deployment using Infrastructure as Code (IaC).
IaC it’s a really big topic, and because of that, in this article I'll cover only the implementation of this solution, without talking about the features and benefits of this paradigm.
What do you need?
This is the technology stack that you’ll use:
Auth0 will be the platform where we’re going to deploy our infrastructure, but it works the same for any other platform like AWS, Kubernetes, Azure, GCP, etc
You can find the terraform providers HERE.
Note that some of the applications mentioned above are paid.
Workflow
This is the workflow of the implementation:
Our starting point is a simple Jira request. This request will send a HTTP POST request to an endpoint from AWS API Gateway, that triggers a Lambda Function to create a Pull Request from a new branch in a Github Repository, so we can review and approve (or decline) and merge it with the main branch.
Every action taken in the repository will be notified via Slack to a specific channel in order to gain visibility of the infrastructure about to be created.
Once merged, an integration with Spacelift will start running the terraform commands init and plan, showing us the resources that we want to deploy.
We’ll confirm and then the terraform apply command will be executed, and the resources will be created.
Implementation
As I mentioned, everything starts with a simple Jira request.
We’ll create a jira request with some basic information about the resource that we want to create.
In this case, we will create an Auth0 Organization.
In the request, the user must fill the form with mandatory information, like the name of the organization, and the Display Name of the organization.
For this article, we’re going to use city names.
Note: the mandatory fields are different depending on the resources you want to create, you can find more in the terraform documentation.
Once the request is created, the Jira automation rule comes to action.
领英推荐
It looks something like this:
When an issue is created with the issue type that we want, this will create a new branch in our Github Repository with the format
{{issue.key}}-{{issue.name}}
So if we’ve create the request IAC-123 for the organization Barcelona, the branch name will be IAC-123-Barcelona . This way we can keep a track of all the resources that we create, and it’s easy to rollback in case something goes wrong.
After that, Jira will send a POST request to our AWS API Gateway endpoint, that will trigger our AWS Lambda Function.
This lambda will create a new .tf file with the name of the resource in our repository, and create a new pull request to merge the new branch with the default branch, in my case develop.
You can find the code for the lambda function in my github page.
If everything goes well, we can see that we have a Pull Request created in our Github Repository
When we look at the pull request, we see that a new file was created, with the name of the organization, and the matching Auth0 Machine to Machine Application.
Again, this applies to a lot of different providers, it could be an AWS EC2 or any other resource.
Once the pull request is merged with the default branch it will go to Spacelift, to start the terraform management.
We just have to click on confirm and the infrastructure we’ve defined will be deployed in our environment.
In conclusion, automating infrastructure deployment using Infrastructure as Code (IaC) marks a significant evolution in how we manage and deploy our resources.
With this workflow, we have seen how a simple request in Jira can trigger a series of automated events that results in the efficient, secure, and reproducible creation of infrastructure.
This method not only improves cross-team collaboration by leveraging tools such as GitHub, AWS Lambda, Spacelift, and Slack but also increases visibility and control over deployed resources, ensuring they meet organizational policies and standards.
By adopting IaC, businesses can reduce project delivery times, minimize human errors, and maximize operational efficiency, preparing our infrastructure for future innovations and sustainable growth.
What feature or extra step would you add to this workflow?
Subscribe to my newsletter for a regular dose of expert advice, practical tips, automation ideas, and the latest news in the world of technology!