Deploy with Terraform¶

The AWS infrastructure for the DCE master account is defined as a Terraform module within the github.com/Optum/dce repo. This infrastructure may be deployed using the Terraform CLI:

cd modules
terraform init
terraform apply

See terraform.io for more information on using Terraform.

After the Terraform deployment is complete, you will need to build and deploy the application code to AWS:

make deploy

Alternatively, you can download the build artifacts from a Github release, and deploy them directly. Both the deploy.sh and build_artifacts.zip are supplied with the github release:

cd modules
namespace=$(terraform output namespace)
artifacts_bucket=$(terraform output artifacts_bucket_name)
deploy.sh build_artifacts.zip ${namespace} ${artifacts_bucket}

Configuring Terraform Variables¶

The DCE Terraform module accepts a number of configuration variables to tweak the behavior of the DCE deployment. These variables can be provided to the terraform apply CLI command, or configured in a tfvars file.

For example:

terraform apply \
    -var namespace=nonprod \
    -var check_budget_enabled=false \
    -var-file my-dce.tfvars

See Terraform documentation for details on configuring input variables.

See /modules/variables.tf for a full list of configurable Terraform variables.

Accessing Terraform Outputs¶

The DCE Terraform module outputs a number of parameters, which may be useful for interacting with the configured resources. For example, the api_url output provides the base url for your DCE API Gateway endpoint.

Use the terraform output CLI command to access outputs.

cd modules
terraform output api_url

For a full list of available outputs, see /modules/outputs.tf

Extending the Terraform Configuration¶

You may want to extend the DCE Terraform configuration with our own infrastructure. For example, you may want to subscribe your own Lambda to DCE SNS Lifecycle Events.

To do this, pull in the DCE Terraform module as a submodule from within your own Terraform configuration:

# Load DCE as a Terraform submodule
module "dce" {
  source = "github.com/Optum/dce//modules"
  # Optionally, configure additional input variables
  namespace= "nonprod"
  check_budget_enabled = false
}

# Reference DCE module outputs as needed
# For example, here we'll subscribe to the "lease-added" SNS topic
resource "aws_sns_topic_subscription" "assign_topic_lambda" {
  topic_arn = module.dce.lease_added_topic_arn
  protocol  = "lambda"
  endpoint  = aws_lambda_function.my_fn.arn
}
resource "aws_lambda_permission" "assign_sns" {
  statement_id  = "AllowExecutionFromSNS"
  action        = "lambda:InvokeFunction"
  function_name = aws_lambda_function.my_fn.name
  principal     = "sns.amazonaws.com"
  source_arn    = module.dce.lease_added_topic_arn
}