This is for quick reference about our design decisions.

Where terraform data is stored for the company, teams, how DNS works etc.

Everything here is covered by complete articles explaining why.

This is just a quick reference summary.

Read more: ARGLabs tech stuff summary

Environments

Environments used in ARGLabs:

• Default: where IaC is developed and every unique stuff is deployed.
• Prd: production environment derived from the default environment.

Scopes

We’ll have just one scope named AIO (for All In One).

AWS Accounts

Read about here: AWS multi-account model and ARGLabs

One account for each environment per scope.

This means:

• AIO Default
• AIO Prd

Network

Each environment will use only one VPC in which each team will have it’s own network.

• Default: 10.255.0.0/16
  • SRE Team: 10.255.0.0/24
  • Team01: 10.255.1.0/24
  • Team02: 10.255.2.0/24
• Prd: 10.0.0.0/16
  • SRE Team: 10.0.0.0/24
  • Team01: 10.0.1.0/24
  • Team02: 10.0.2.0/24

CIDR Control is done at this repo: https://bitbucket.org/arglabs/arglabs-main-org-cidr-control/src/master/

Terraform

Remote state bucket

• arglabs-terraform-states: company-wide stuff. Used for resources outside the teams accounts.
• arglabs-aio-terraform-states: Used to store all AIO account terraform projects.

Terraform and providers versions

We decided to use latest versions because

DNS

Projects

AIO BigBang

AIO Account

SRE Infrastructure

Pending

• AIO bigbang wont have state aggregator anymore and will only save state on the main account s3 bucket.
• Infrastructure repos should get remote state from the main account but stores its states on the bucket inside the default account.
  • change-data should help to do this