Our setup has about 40 sub-accounts under the main Enterprise-level account. As such, scalability is a major concern when looking to implement any changes. As a result, we’re looking to shift orchestration into Terraform in order to afford a level automation and self-documentation that goes beyond NerdGraph/API.
So what is the best way to structure our code and directory to enable reusability of modules as well as per-account-level tweaks?
I’ve been considering a structure as follows.
. |—modules | |—alert_policies.tf | |—alert_conditions.tf | |—versions.tf |—environments | |—account_alpha.tf | |—account_bravo.tf | |—versions.tf
This would allow us to:
Reference the same set of resources present in “modules” to be shared across our clients, much like a template.
E.g., base set of alerting that should be present across all sub-accounts.
Each sub-account can individually override certain resources if required, using the template as a base.
E.g., tweak the thresholds, depending on the sub-account’s requirements.
How can we shape our code structure to target this use-case? It’d be a big win for scalability to allow this sort flexibility within the configuration.