The IaC Catalog is an AutoCloud feature that enables self-service "Intelligent Infrastructure-as-Code" (IIaC). You can learn more about how "Intelligent" IaC differs from IaC here. IIaC can be used to create repeatable patterns of cloud resources, such as a static site, with Terraform Modules by transforming them into easy-to-use UI forms. These patterns are created as "Blueprints" within AutoCloud using AutoCloud's Terraform Provider. This means the Blueprints are configured using HCL, live alongside your Terraform code, and are "IaC" themselves. AutoCloud's IaC Catalog allows users to automatically create terraform files using any public and private module(s) they require. You can create Blueprints using any Terraform Provider that can be used in Terraform modules including the AWS provider, Azure provider, and Google Cloud provider.
In order to use the IaC Catalog in AutoCloud, your organization and user must have the right permissions. The IaC Catalog requires the Terraform Generators Administrator permission. If your user does not currently have this permission, please talk to your organization's administrator. If your organization does not have access to the IaC Catalog, please reach out to the AutoCloud Team.
We recommend following our getting started walkthrough for an in-depth explanation of how to create an IaC Catalog item. In this walkthrough, we will use private AutoCloud modules to create a Terraform Blueprint for a static site and then deploy that static site to AWS using Terraform Cloud.
How it works
The IaC Catalog solution is broken up into two workflows that together enable self-service DevOps while maintaining organization best practices. These workflows, the Producer Flow and the Consumer Flow are explained in several steps that are below:
The Producer Flow is where an engineer in the organization or team who already knows Terraform is able to create the patterns they want to expose to other members of their organization through the IaC Catalog. Don't worry if all these steps do not make sense at first glance. This Getting started page will help you understand what each of these steps does with thorough code examples.
- First, a user must identify a module (or set of modules) they would like to utilize within their organization. This could be a static site, landing zone, a K8s setup using EKS, or anything else you frequently reuse. Your modules can be public modules on the Terraform Registry or private modules within your organization's source control.
- In order to use private modules, you must connect your source control system to AutoCloud.
- The user will Generate an API token within AutoCloud's UI which is used to authenticate AutoCloud's Terraform Provider with AutoCloud.
- The user will then define a short HCL file, or set of files, using AutoCloud's Terraform Provider semantics, that will configure how these modules should behave. Within this configuration, you can configure several things including:
- Selecting the repositories a pattern should create pull requests against (with the generated Terraform code).
- Adding additional questions to the consumer form that determine how the module(s) should be configured. This can be things such as what environment or region they are to be deployed in.
- Override variables in several ways including setting computed values, adding conditionals for the variable, layering on additional validation rules, and more! See the documentation for all you can do with variable customization.
- Add metadata to the created generator such as a name, description, and instructions for how to use it.
- Define RBAC for who (users and/or groups) within the organization should have access to the Blueprint.
- The user will then be back in their normal Terraform "flow". Just run terraform plan and terraform apply as you normally would for the new Blueprint to appear in your AutoCloud IaC catalog.
- The newly created Blueprint will begin as unpublished and can be found at IaC Catalog > Drafts. This allows the producer to test the Blueprint before publishing it to users in the organization. For more details on testing and publishing a blueprint, see Testing and Publishing Blueprints.
The Consumer Flow allows other engineers in a Producer's organization to generate Terraform code without needing Terraform expertise by using the Blueprints defined in the Producer Flow. This is done by visiting the IaC Catalog page in the AutoCloud platform and clicking the "generate" button on a Blueprint.
- First, a user will navigate to the IaC Catalog page in AutoCloud and find the Blueprint they wish to use.
- The user can then read any instructions on the Blueprint that will explain how it is to be used and what modules it contains.
- After clicking "generate", the user will fill out a simple form that is used to generate the Terraform code for that Blueprint. This form is based on two things:
- The variables for the Terraform Module(s) that make up the Blueprint.
- The AutoCloud configuration that was defined for the Blueprint as a part of the Producer Flow.
- Once the form is complete, the user will be able to see a compliance report and cost estimate for the Terraform code that will be generated. If this all looks good, the user can click submit.
- Once the form is submitted, a pull request will be created at the configured repo and file path with the generated Terraform file(s). Optionally, a JIRA ticket can also be created with a link to the opened pull request (if you have setup JIRA integration).
- The generated Terraform can now be deployed to your cloud account(s) using your existing process (Terraform Cloud/Enterprise, Atlantis, Jenkins, GitHub Actions, etc.). AutoCloud does not deploy IaC for you.