Code Review In Seconds

Self-Hosted AI Code Reviewer

LiveReview
LiveReview
AI-Powered Code Review

localstack-service-terraform-drone

Automate CI/CD pipelines with Drone CI and LocalStack for Terraform. Learn how to integrate LocalStack as a service in your Drone CI pipeline for efficient testing.

Drone CI LocalStack Terraform Integration

Drone CI Pipeline Configuration for LocalStack and Terraform

This document outlines a Drone CI pipeline configuration that leverages LocalStack to simulate AWS services for Terraform deployments. This setup is ideal for local development and testing of infrastructure as code.

Pipeline Definition

The pipeline is defined using a YAML configuration file. It includes steps for environment variable dumping, waiting for LocalStack to become available, pre-deployment checks, Terraform execution, and post-deployment verification.

---
kind: pipeline
type: docker
name: default
trigger:
  event:
    - pull_request
steps:
- name: dumps-env
  image: alpine
  commands:
  - env
  
- name: wait-for-localstack
  image: ruanbekker/awscli
  environment:
    AWS_ACCESS_KEY_ID: 123
    AWS_SECRET_ACCESS_KEY: xyz
    AWS_DEFAULT_REGION: eu-west-1
  commands:
  - while ! aws --endpoint-url=http://localstack:4566 kinesis list-streams; do sleep 1; done
  
- name: pre-list-tables
  image: ruanbekker/awscli
  environment:
    AWS_ACCESS_KEY_ID: 123
    AWS_SECRET_ACCESS_KEY: xyz
    AWS_DEFAULT_REGION: eu-west-1
  commands:
  - aws --endpoint-url=http://localstack:4566 dynamodb list-tables
  
- name: terraform-step
  image: hashicorp/terraform:light
  environment:
    AWS_ACCESS_KEY_ID:
      from_secret: AWS_ACCESS_KEY_ID 
    AWS_SECRET_ACCESS_KEY:
      from_secret: AWS_SECRET_ACCESS_KEY
    AWS_DEFAULT_REGION: us-east-1
  commands:
  - sh init.sh
  - terraform plan
  - terraform apply -auto-approve
  volumes:
  - name: cache
    path: /tmp
    
- name: post-list-tables
  image: ruanbekker/awscli
  environment:
    AWS_ACCESS_KEY_ID: 123
    AWS_SECRET_ACCESS_KEY: xyz
    AWS_DEFAULT_REGION: eu-west-1
  commands:
  - aws --endpoint-url=http://localstack:4566 dynamodb list-tables
  
volumes:
- name: cache
  temp: {}
- name: localstack-vol
  host:
    path: /tmp/localstack-vol

services:
  - name: localstack
    image: localstack/localstack:0.12.17
    environment:
      DOCKER_HOST: unix:///var/run/docker.sock
      EDGE_PORT: 4566
    volumes:
      - name: docker-socket
        path: /var/run/docker.sock
      - name: localstack-vol
        path: /tmp/localstack

Key Components and Configuration

LocalStack Service

The localstack service is defined to run alongside the pipeline steps. It uses the localstack/localstack Docker image and exposes the necessary ports. The DOCKER_HOST environment variable is crucial for LocalStack to interact with the Docker daemon.

AWS CLI Steps

Several steps utilize the ruanbekker/awscli image to interact with LocalStack. These steps include:

  • wait-for-localstack: Polls LocalStack to ensure it's ready before proceeding.
  • pre-list-tables: Lists DynamoDB tables before Terraform applies changes.
  • post-list-tables: Lists DynamoDB tables after Terraform applies changes to verify the deployment.

These steps use dummy AWS credentials and specify the AWS_DEFAULT_REGION, pointing the AWS CLI to the LocalStack endpoint via --endpoint-url=http://localstack:4566.

Terraform Execution

The terraform-step uses the official hashicorp/terraform:light image. It executes init.sh (assumed to contain initialization scripts), runs terraform plan, and then terraform apply -auto-approve. The AWS credentials are sourced from secrets, and the default region is set to us-east-1. A volume named cache is mounted at /tmp for Terraform's state and cache management.

Volumes and Secrets

The pipeline utilizes several volumes:

  • cache: A temporary volume for Terraform operations.
  • localstack-vol: A host-mounted volume for persistent LocalStack data (though in this example, it's mounted to /tmp/localstack within the service).
  • docker-socket: A volume to provide access to the Docker socket for the LocalStack service.

AWS credentials (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY) are expected to be provided as secrets in the Drone CI environment.

Benefits of this Setup

  • Local Development & Testing: Run Terraform against a local, mocked AWS environment, reducing costs and improving speed.
  • CI/CD Integration: Seamlessly integrate infrastructure provisioning into your CI/CD workflows.
  • Reproducibility: Ensure consistent infrastructure deployments across different environments.

Further Enhancements

Consider adding more comprehensive checks, such as verifying specific AWS resources created by Terraform, or integrating with other AWS services supported by LocalStack.

For more information on Drone CI, refer to the Drone CI Docker Pipeline Syntax. For LocalStack documentation, visit LocalStack Documentation.

← Back to drone-ci cheatsheets All cheatsheets