lab part 2: legacy system production-grade Terraform modules + GitLab
π― Goal When you push to GitLab: CI runs terraform plan for envs/legacy It uses remote S3 backend It assumes AWS role (OIDC) It does NOT auto-apply Apply is manual + protected π Current Structure (Correct) infra-live/ βββ envs/ β βββ legacy/ β β βββ backend.tf β β βββ main.tf β β βββ providers.tf β β βββ variables.tf β β βββ terraform.tfvars β β βββ .terraform.lock.hcl βββ scripts/ β βββ assume_role.sh βββ .gitlab-ci.yml βββ .gitignore Backend already configured: backend "s3" {} State is already in S3. Good. π’ STEP 1 β Make Sure CI Has AWS Access Your pipeline already uses OIDC: scripts/assume_role.sh It should: Assume IAM role Export AWS credentials Print caller identity In CI logs you should see: aws sts get-caller-identity If that works β AWS access is ready. π’ STEP 2 β Add Legacy Plan Job in .gitlab-ci.yml Add this block: stages : - plan - apply legacy-plan : stage : plan image : hashicorp/terraform:1.7 before_script : - apk add --no-cache bash curl jq aws-cli - . scripts/assume_rol
Continue reading on Dev.to DevOps
Opens in a new tab
