diff --git a/infra/terraform/live/_providers/README.md b/infra/terraform/live/_providers/README.md index 6b0c900..a8cd9b1 100644 --- a/infra/terraform/live/_providers/README.md +++ b/infra/terraform/live/_providers/README.md @@ -69,3 +69,6 @@ generate "providers" { contents = join("\n", local.providers_cfg.locals.providers_content) } ``` +This configuration is then utilized in the terragrunt.hcl file to ensure that each child configuration inherits the provider settings, maintaining consistency across all deployments. + +It's important to notice that if the provider is defined in this layer (**global**), it's going to be inherited by all the child modules. If you want to **specify a provider that is LOCAL** to a specific module, you should define it in the file `providers.hcl` file of that module, which has exactly the same structure. diff --git a/infra/terraform/live/_providers/config.hcl b/infra/terraform/live/_providers/config.hcl index e691cad..e291feb 100644 --- a/infra/terraform/live/_providers/config.hcl +++ b/infra/terraform/live/_providers/config.hcl @@ -1,56 +1,56 @@ locals { # --------------------------------------------------------------------------------------------------------------------- - # PROVIDER CONFIGURATIONS - # This section centralizes the configuration of Terraform providers, such as Cloudflare and AWS, using Terraform's - # heredoc syntax for inline definition. This approach allows for dynamic, environment-specific configuration of - # providers through environment variables, enhancing the flexibility and security of provider setups. Direct use of - # heredoc syntax within the Terragrunt configuration eliminates the need for external template files, streamlining - # the codebase and simplifying the management of provider configurations. + # GLOBAL PROVIDER CONFIGURATIONS + # This section outlines the centralized configuration for Terraform providers such as Cloudflare and AWS, + # applicable across all Terragrunt child configurations in the project. Using Terraform's heredoc syntax, + # we define providers' settings inline, promoting dynamic, environment-specific configurations through + # environment variables for enhanced flexibility and security. # - # Each provider configuration includes: - # - `enabled`: A flag (sourced from an environment variable) indicating whether the provider should be configured. - # This allows for conditional inclusion of providers based on the deployment context or environment. - # - `content`: The Terraform configuration for the provider, including authentication details and any other - # provider-specific settings. Sensitive information, such as API keys, is securely sourced from - # environment variables. + # This configuration is pivotal as it merges with 'providers.tf' settings generated in all child configurations, + # ensuring consistency and minimizing redundancy across the codebase. Sensitive information like API keys + # is securely sourced from environment variables, adhering to best practices in security and configuration management. # - # This modular and dynamic approach to configuring providers supports best practices in security and infrastructure - # code management, enabling selective provider use and environment-specific configurations without altering the - # core codebase. + # Key details include: + # - `enabled`: A boolean, sourced from environment variables, controls whether the provider is active. + # - `content`: Contains the Terraform code for setting up the provider, emphasizing secure practices by pulling + # sensitive credentials from environment settings. + # + # The approach allows for selective activation of providers per environment without altering core code, + # thus supporting a modular, secure, and maintainable infrastructure codebase. # --------------------------------------------------------------------------------------------------------------------- providers = { - cloudflare = { - enabled = get_env("TG_PROVIDER_CLOUDFLARE_ENABLED", false) - content = <