After setting up the GitLab CI/CI pipeline, the next step I wanted to take is to use Terraform to make changes to AWS infrastructure.
There are several steps to configure a GitLab pipeline for Terraform. This example is for a new project with nothing yet configured in AWS yet.
- Create a new project in GitLab
- Get CLI credentials
- Create
.gitignore
file - Create
.gitlab-ci.yml
file - Configue GitLab-managed Terraform state
- Create test Terraform file
Create a New Project in GitLab
I have created a new AWS project for this in GitLab. As I have previously configured my SSH key for GitLab, all I needed to do was clone the newly created repo in VS Code and I was able to start creating the project files.
Get CLI Credentials
I have previously setup AWS CLI for use with my Mac, I will use this to get my access key and secret access key.
The AWS keys will need to be added to the GitLab project variables user:<Project>
>> Settings
>> CI/CD
>> Variables
The variable names must be AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
. These keys are specifically in this document
Create .gitignore
File
This is a fairly straightforward file, it will just ignore what is defined inside it.
Create .gitlab-ci.yml
File
I will be using the default .gitlab-cy.yml
file. Inside this are two templates. One for static application security testing, which I won’t go into any detail, and the other Terraform/Base.gitlab-ci.yml
is used for creating the GitLab managed terraform state.
Terraform/Base.gitlab-ci.yml
can be found here, and is used for several things to take care of the terraform steps. What I am interested in specifically is the variable TF_STATE_NAME
. This variable is the name that the GitLab terraform state file will take by default. The value is default
.TF_STATE_NAME: default # The name of the state file used by the GitLab Managed Terraform state backend
Configue GitLab-Managed Terraform State
The purpose of this is to keep the Terraform state in GitLab. This means that multiple users can pull down the repo and all be working from the same Terraform state, changes are made to the state and everything is stored in GitLab.
The example in this is to create a new Terraform state. Nothing has been configured inside my AWS account. The reference document is here. Inside the reference document, the first part is what I will describe for a new environment. If there is already a local Terraform state, it can be migrated following these steps.
Create a backend.tf
file. This file will reference that the backend of terraform will be via HTTP.
Running the pipeline will create a default Terraform state. This file can be downloaded, deleted under: <PROJECT>
>> Operate


Create Test Terraform File
I have created a tested a terraform file main.tf
. Inside this, it will create a VPC in the eu-north-1 region.
Now that the files have been created, all that is to do is push them to the repo. This will run the pipeline.
The pipeline can be found under Build
>>Pipelines
and by default will look as shown below. In my example, the deploy
stage is pending a manual action to be taken, once that runs the new VPC will be pushed to AWS.



Continuing this, a subnet can be added to the main.tf
file.
Saving and committing this will, start the pipeline again, resulting in a new subnet.

The last change I want to make to this is to add in a destroy stage to the pipeline to remove the changes. The modifications will be made to the .gitlab-ci.yml
file. In the example .gitlab-ci.yml
file, there is a cleanup
stage, but that is not referenced.
In the new .gitlab-ci.yml
file, I have made the cleanup
stage dependent on the build
and deploy
stage.

