Deploying Terraform Infrastructure with CI/CD Pipeline.

6 min readFeb 19, 2021

Automating Terraform configuration by utilizing CircleCI to deploy an S3 backed web application.

The continuous integration workflow enables development teams to automate, self-test, quickly build, clone, and deploy software. Terraform deploys infrastructure repeatably. By adding Terraform into a CircleCI workflow, you can deploy your infrastructure in the same pipeline.

Benefits of continuous integration-continuous deployment (CI-CD)

Smaller code changes are simpler and have fewer consequences.
Fault isolation is simpler and quicker.
Testability improves due to smaller, specific changes.

Prerequisites:

Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as custom in-house solutions. → https://learn.hashicorp.com/tutorials/terraform/install-cli
GitHub is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. → https://github.com/
CircleCI is a modern continuous integration and continuous delivery (CI/CD) platform. → https://circleci.com/signup/
AWS → https://aws.amazon.com/free/

Clone Repository:

Make sure you insert your GitHub name!

$ git clone https://github.com/YOUR-USER-NAME/learn-terraform-circleci

Change directories to your forked repository.

$ cd learn-terraform-circleci/.circleci

Analyze CircleCI configuration:

Open the config.yml file in your file editor. There will be a total of four jobs in this workflow: plan-apply, apply, plan-destroy, and destroy.

You will then use these jobs to define the automated Terraform workflow. Each job must declare an executor, an operating system which will launch and perform the actions you define, and a series of steps.

Plan-Apply Job

The steps in this configuration are actions that CircleCI takes in the workflow to perform your job. Steps are a collection of executable commands.

Apply Job

The attach_workspace step in the apply job loads the previously persisted workspace in the plan job. The apply job runs terraform apply using the execution plan generated from the previous job.

The Plan Destroy and Destroy Jobs

The plan-destroy job creates an execution plan and the destroy job executes that with terraform apply tfdestroy job to remove all of the infrastructure you created.

Workflow

Workflow defines order, precedence, and requirements to perform the jobs within the pipeline

Setup the CircleCI UI

In the CircleCI web UI, choose the Projects icon from the left. Search for the repo you forked and choose Set Up Project.

name the project learn-terraform-circleci

2. Choose “Hello World” as the language and choose the “Use Existing Config” option.

3. Choose “Start Building” and you should be presented with a popup confirming you have created config.yml file.

4. It will fail because the job needs our AWS credentials.

To generate an access key and secret access key file, log in to your AWS account and create them in IAM.
Add and save these variables in your CircleCI Build Settings.

insert aws access key and aws secret access key in this section

Create Remote Backend:

In your terminal, change into the s3_backend directory of the learn-terraform-circleci repository.

$ cd s3_backend

2. Initialize and apply the backend configuration. You will be prompted to choose an AWS region for your S3 bucket.

$ terraform init && terraform apply

US-EAST-1 is the region we are using for this project

3. Change into the root directory of the learn-terraform-circleci repository.

$ cd ..
$ vim main.tf

4. Open the main.tf file and add the backend configuration with your unique bucket ID and region.

Add your unique bucket name inside the configuration

This is what the addition of the added resource block into the configuration should look like.

Trigger The Workflow with Git:

Prepare to add your changes to your GitHub repository.

$ git add main.tf variables.tfvars

2. Commit changes.

$ git commit -m "Add remote backend and variable definitions"

3. Push these changes to your forked repositories master branch

$ git push

If you get an error as such below, run terraform fmt before committing GIT to make sure there are no errors with the main.tf configuration.

the build has failed in the CI build tool.

After editing the Main.tf file come back to the terminal and run Git again.

successful commit and push after format correction to main.tf

4. The CircleCI web UI should indicate that your build has started.

You should see the build begin to start running in Circle CI

5. Click on-hold, click hold-apply, then click approve button.

Review that job by navigating to the workflows for plan_approve_apply. In each job in the workflow, you can click on each step to expand the output.

Once the deployment job is complete, your workflow will be on hold. The hold in your configuration is the step before destruction. The output in the job displays your webapp address.
Navigate to that address and verify your app deployed correctly.
Example: Endpoint = “terramino.hashicorp.fun.xxxxxx.s3-website-us-east-1.amazon.com”

We have now deployed a hosted webpage in S3 by integrating Terraform with CircleCI workflow.

Generate Destroy Plan:

The plan-destroy step in the workflow will prevent CircleCI from continuing to the next job in your workflow.

hold-destroy is a manual gate step which allows you to decide when to move to the final step in the configuration. Click on the hold step and then choose "approve" to move on to the destroy job in this workflow.