Skip to content

Instantly share code, notes, and snippets.

@dannietjoh

dannietjoh/Makefile

Created February 9, 2016 11:58
Show Gist options
  • Save dannietjoh/7149b5242d5e0c78272e to your computer and use it in GitHub Desktop.
Save dannietjoh/7149b5242d5e0c78272e to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Makefile
.PHONY: help check-aws_account check-region check-tenant check-env check-setup all setup plan refresh apply destroy
SHELL := $(SHELL) -e
export AWS_PROFILE=$(aws_account)
export AWS_DEFAULT_REGION=$(region)
TF_BUCKET = "somebucketname"-$(aws_account)
TF_BUCKET_REGION = "whateverregion"
TF_STATE = .terraform/$(tenant)-$(env)-$(region)-$(aws_account).tfstate
TF_STATE_TMP = .terraform/terraform.tfstate
TF_STATE_BACKUP = .terraform/backup/$(tenant)-$(env)-$(region)-$(aws_account).tfstate-$$(date +"%Y-%m-%d-%H-%M-%S")
TF_VARS = -state=$(TF_STATE) -var-file=$(TF_VARS_FILE) -var remote_state_region=$(TF_BUCKET_REGION) -var remote_state_bucket=$(TF_BUCKET) -var aws_account=$(aws_account) -var aws_access_key=$(TF_AWS_ACCESS_KEY) -var aws_secret_key=$(TF_AWS_SECRET_KEY) -var aws_region=$(region) -var tenant=$(tenant) -var environment=$(env)
TF_VARS_FILE = variables/$(tenant)-$(env)-$(region)-$(aws_account).tfvars
TF_AWS_ACCESS_KEY = $(shell grep -A2 $(aws_account) ~/.aws/credentials | grep aws_access_key_id | awk '{gsub("aws_access_key_id=", "");print}')
TF_AWS_SECRET_KEY = $(shell grep -A2 $(aws_account) ~/.aws/credentials | grep aws_secret_access_key | awk '{gsub("aws_secret_access_key=", "");print}')
PREFLIGHT = \
echo; \
echo Running terraform $@ for $(tenant)-$(env) in $(region):; \
echo; \
test -s $(TF_STATE_TMP) || ( rm -f $(TF_STATE_TMP); ); \
cp -a $(TF_STATE) $(TF_STATE_BACKUP); \
cp $(TF_STATE) $(TF_STATE_TMP); \
terraform get -update; \
terraform remote pull; \
rm -f $(TF_STATE_TMP);
POSTFLIGHT = \
cp $(TF_STATE) $(TF_STATE_TMP); \
terraform remote push; \
rm -f $(TF_STATE_TMP);
HELP = \
%help; \
while(<>) { push @{$$help{$$2 // 'options'}}, [$$1, $$3] if /^(\w+)\s*:.*\#\#(?:@(\w+))?\s(.*)$$/ }; \
print "usage: make [target] \"var\"\=\"arg\"\n\n"; \
for (keys %help) { \
print "$$_:\n"; $$sep = " " x (20 - length $$_->[0]); \
print " $$_->[0]$$sep$$_->[1]\n" for @{$$help{$$_}}; \
print "\n"; }
help: ##@miscellaneous Show this help.
@perl -e '$(HELP)' $(MAKEFILE_LIST)
## Checks
check-aws_account:
ifndef aws_account
$(error AWS aws_account is not set, add aws_account="account1|account2|account3")
endif
check-region:
ifndef region
$(error region is not set, add region="region")
endif
check-tenant:
ifndef tenant
$(error tenant is not set, add tenant="tenant")
endif
check-env:
ifndef env
$(error env is not set, add env="dev|tst|acc|prd")
endif
check-setup:
@test -s $(TF_STATE) || ( echo "no remote state file configured, please run make setup"; false; )
## Targets
all: plan apply ## terraform plan + apply
setup: check-aws_account check-region check-tenant check-env ## Configures remote state S3 bucket"
@echo
@echo Running terraform $@ for $(tenant)-$(env) in $(region):
@echo
@test -s $(TF_STATE_TMP) || ( rm -f $(TF_STATE_TMP); )
@mkdir -p .terraform/backup
@terraform remote config -backend=s3 -backend-config="bucket=$(TF_BUCKET)" -backend-config="key=$(tenant)-$(env)-$(region)-$(aws_account)" -backend-config="access_key=$(TF_AWS_ACCESS_KEY)" -backend-config="secret_key=$(TF_AWS_SECRET_KEY)" -backend-config="region=$(TF_BUCKET_REGION)"
@mv $(TF_STATE_TMP) $(TF_STATE)
plan: check-aws_account check-region check-tenant check-env check-setup ## Update modules and run plan"
@$(PREFLIGHT)
@terraform plan -module-depth=-1 $(TF_VARS)
@rm -f $(TF_STATE_TMP)
apply: check-aws_account check-region check-tenant check-env check-setup ## Update modules and apply plan"
@$(PREFLIGHT)
@terraform apply $(TF_VARS)
@$(POSTFLIGHT)
destroy: check-aws_account check-region check-tenant check-env check-setup ## Update modules, show plan, destroy"
@$(PREFLIGHT)
@terraform plan -destroy -module-depth=-1 $(TF_VARS)
@terraform destroy $(TF_VARS)
@$(POSTFLIGHT)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment