問題描述
混合 Terraform 和無服務器框架 (Mixing Terraform and Serverless Framework)
這更像是一個懸而未決的問題,我只是希望得到任何意見和建議。我想到了 AWS,但它可能也與其他雲提供商相關。
我想提供 IaaC 解決方案,該解決方案將易於維護並涵蓋現代無服務器架構的所有要求。Terraform 是定義基礎設施的絕佳工具,擁有眾多官方資源和社區的穩定支持。我真的很喜歡它的語法和模塊的整個概念。但是,使用 Lambdas 非常糟糕。它還提出了另一個問題:是否應該使用與基礎架構更改相同的流程來部署代碼更改?在哪裡劃清代碼和基礎設施之間的界限?
另一方面,無服務器框架允許超級輕鬆地開發和部署 Lambda。在資源的使用方面,它有強烈的意見,但它具有許多值得的開箱即用的功能。它不應該真正用於定義整個基礎架構。
我目前的方法是使用 Terraform 定義任何共享資源,並使用 Serverless 定義任何與域相關的資源。這裡我有另一個與我之前的問題相關的問題:部署依賴。簡單場景:Lambda.1 將用戶添加到以 Lambda.2 作為觸發器的 Cognito(共享資源)。我必須創建一個自定義解決方案來管理部署順序(必須首先部署 Lambda.2,等等)。它'
參考解法
方法 1:
It is totally possible to mix the two and I have had to do so a few times. How this looks actually ends up being simpler than it seems.
First off, if you think about whatever you do with the Serverless Framework as developing microservices (without the associated infrastructure management burden), that takes it one step in the right direction. Then, what you can do is decide that everything that is required to make that microservice work internally is defined within that microservice as a part of the services configuration in the serverless.yml, whether that be DynamoDB tables, Auth0 integrations, Kinesis streams, SQS, SNS, IAM permissions allocated to functions, etc. Keep that all defined as a part of that microservice. Terraform not required.
Now think about what that and other microservices might need to interact with more broadly. They aren't critical for that services internal operation but are critical for integration into the rest of the organisations infrastructure. This includes things like deployment IAM roles used by the Serverless Framework services to deploy into CloudFormation, Relational Databases that have to be shared amongst multiple services and resources, networking elements (VPC's, Security Groups, etc), monolithic clusters like ElasticSearch and Redis ... all of these elements are great candidates for definition outside of the Serverless Framework and work really well with Terraform.
Any resource would be able to connect to these Terraform defined resource as needed, unlike that hard association such as Lambda functions triggered off of an API Gateway endpoint.
Hope that helps
(by Jakub Nurski、Gareth McCumskey)