A reference repository of Terraform with canonical and as-simple-as-possible demonstrations of Terraform functionality and features.
See here for docs.
At Container Solutions we find we regularly need chunks of Terraform to demonstrate something specific, such as:
-
A simple EC2 instance
-
A bespoke VPC
-
A Windows EC2 instance with an EBS volume
This might be to do a basic test of something, find an example to tinker with, or send to someone to get them going.
To help get started with these examples, there are scripts available in bin and in local folders.
Here's an example run:
$ git clone https://github.com/ContainerSolutions/terraform-examples
$ cd terraform-examples
$ cd aws/aws_vpc
$ ./run.sh
Input AWS_ACCESS_KEY_ID
KEY
Input AWS_SECRET_ACCESS_KEY
<secret>
...
If you want to skip the manual key/id inputs, then export them.
See bin/README.md for more information.
If you want to look for a specific example, try the index.
The code is generally divided up by provider, then resource, then whatever the example illustrates, eg local/null_resource/for_each, or aws/aws_instance/remote-exec/inline.
Other basic language features may be illustrated in their own folders, eg outputs/local_file/module.
The examples seek to be:
-
As simple as possible to illustrate the functionality
-
Self-contained (ie limited to one
.tffile) -
Clear (eg resource names are verbose and unambiguous)
-
Where it makes sense, items that can be changed are prefaced with
changeme_ -
In general, underscores are used in Terraform names over dashes
-
Naming Terraform resources, data, and variables:
- use only lower case letters, numbers, and underscore
- names should be unique between all examples (but across resources items only if a resource; data items only if data, etc)
- prefixed with:
changeme_<example_name>_
-
name =attribute within the resource:- use only lower case letters, numbers, and dash
- same as resource name, but with:
s/_/-/g
-
For help with automated testing
- where possible, add some way to enable 'left-over' resources to be cleaned up, eg provider
default_tagsofcs_terraform_examplesin AWS provider blocks
- where possible, add some way to enable 'left-over' resources to be cleaned up, eg provider
On every commit, the following tests run on all branches:
-
A
tflinton all files ending withtf -
A
terraform validateon all -
A series of checks to test the code against standards
On every commit to the integration and main branches:
-
All AWS provider examples are run against an AWS account
-
All GCP provider examples are run against a GCP account
-
All Linode provider examples are run against a Linode account
-
All DigitalOcean provider examples are run against a DigitalOcean account
-
All 'local' provider examples are run locally on the GitHub Actions runner
This is because a) the tests are long and/or cost money and b) the won't work without the necessary auth information being set up correctly.
The auth information for the provider accounts are stored in secrets in the repository, accessible to the admin.
Integration rebasing and any necessary re-work is done on the integration branch before rebasing to main. This is to help ensure that main is in as pristine a state as possible.