Back to Terraform and Azure DevOps!
Infrastructure is coded in Terraform and stored in Git Repository of Azure DevOps.
To run the code automatically whenever a change occurs in my Git Repo, pipeline is the way to go!
YAML is the next thing you need to learn to form the pipeline. Once you understand the way it works, you can use it in GitHub Actions which is another way to run your pipelines. Azure DevOps has automated a lot of tasks. This is the tool I used in this case.
My main target in this lab is to experimented with YAML and multi-stage pipelines.
USAGE OF MULTI-STAGE PIPELINES
In big organizations where there are multiple departments in delivering Infrastructure as code, there is segregation of duties. Network department is responsible for network infrastructure deployment while the platform one most probably is focused on systems and landing zones. The whole structure depends on the company culture and structure. Separate pipelines can exist. However as you understand there are dependencies between the layers. Network is required for systems to be provisioned. Multi-stage pipelines and nested pipelines come to the rescue for those scenarios!
SENSITIVE VARIABLES
Another thing in this implementation that I really focused on was the way variables are passed to the nested pipelines and even more the sensitive ones (secret values). You should not have the value neither in the pipeline nor in terraform code. Those values should be stored externally from both. When you provision infrastructure locally running terraform commands from your pc, then sensitive variables can be stored in environmental variables. In Azure DevOps Project the declaration can be done in a Variable Group.
Check my article in medium:
https://medium.com/@liannetz/multi-stage-azure-devops-pipeline-and-terraform-b3fc1e1fe69f
