An opinionated Terraform wrapper by desiredState.
To install the dstf command-line tool simply paste the following command into a shell. If you get a Permission denied error, try sudo -i first.
curl -L https://raw.githubusercontent.com/desiredState/dStf/master/wrapper.sh > /usr/local/bin/dstf && chmod +x /usr/local/bin/dstfdStf expects your Terraform repo to be formatted like so:
.
├── .gitignore # Ensures you don't push secrets to the remote. See below for content.
├── dev-secrets.tfvars # dev workspace specific variables. See below for content.
├── prod-secrets.tfvars # prod workspace specific variables. See below for content.
└── terraform # This directory contains all your Terraform configurations.
├── dstf.tf # This initialises the above tfvars. See below for content.
└── main.tf # A placeholder for your own Terraform configuration.It is important to ensure you have the following entries in your repo's .gitignore file. Missing these could lead to secrets being pushed to the remote.
# Sensitive files.
secrets.tfvars
*-secrets.tfvars
# Terraform compiled files.
*.tfstate
*.tfstate.backup
*.tfplan
terraform.tfstate.d/
# Terraform modules directory.
.terraform/
# dStf files.
.dstf-init.doneCreate a Programmatic access IAM user and access keys with AdministratorAccess role permissions for Terraform in AWS.
To keep any secrets out of source control you'll need create a dev-secrets.tfvars and a prod-secrets.tfvars file in the root directory of your Terraform repo with the following content (adjusting as necessary for the given account).
# KEEP THIS FILE SECRET!
aws_access_key = "CHANGE_ME"
aws_secret_key = "CHANGE_ME"variable "aws_access_key" {}
variable "aws_secret_key" {}
variable "aws_region" {
default = "eu-west-2"
}As an example, here's a repo which uses dStf.
The dstf command must be executed from the root of your Terraform repo. Usage and available commands can be seen like so:
dstf helpFor example, to run a terraform plan against the dev workspace you can simply:
dstf plan dev