Skip to main content
Terraform components allow you to deploy Terraform from a public or connected repo, to provision infrastructure resources in customer installs.

Configuring a Terraform component

To configure a Terraform component, specify a repo, the required configuration values, and the version of Terraform to run it with.
components/<your-component>.toml
# terraform
name              = "certificate_wildcard_public"
type              = "terraform_module"
terraform_version = "1.11.3"

[public_repo]
repo      = "nuonco/byoc"
directory = "byoc-nuon/src/components/certificate"
branch    = "main"

[vars]
install_id  = "{{ .nuon.install.id }}"
region      = "{{ .nuon.install_stack.outputs.region }}"
zone_id     = "{{ .nuon.sandbox.outputs.nuon_dns.public_domain.zone_id }}"
domain_name = "*.{{ .nuon.sandbox.outputs.nuon_dns.public_domain.name }}"
You can configure Terraform components to use either a public repo (using a public_repo block) or a private GitHub repo (using a connected_repo block). Read more about VCS configuration here. You can also put the Terraform source inside of the same repo as the app, and point to it.
If you include the Terraform source in the app repo, you must push the entire repo and do a manual build of the component in the dashboard or CLI. The CLI’s nuon apps sync will not recognize that the component has changed so will not do the build.

Configuring Terraform Vars

You can configure terraform variables for a component using component variables. These variables can access inputs, other Components, the sandbox, and details on the install itself using templating and interpolation.
components/<your-component>.toml
# terraform
name              = "dynamodb_table"
type              = "terraform_module"
terraform_version = "1.11.4"

[public_repo]
repo      = "nuonco/example-app-configs"
directory = "aws-lambda/src/components/dynamodb-table"
branch    = "main"

[vars]
name       = "widgets-{{.nuon.install.id}}"
hash_key   = "ID"
install_id = "{{.nuon.install.id}}"
region     = "{{.nuon.install_stack.outputs.region}}"

State Management

All Terraform state is managed by the Nuon data plane through the Nuon http-based API. Each execution of a Terraform component in an install is visible in the plan and apply steps in the dashboard. The Enterprise edition has two additional features including requiring approvals of the plan and apply steps and showing diffs from previous runs.

Execution and Permissions

The runner is responsible for executing Terraform, and is provisioned as part of the initial Install Stack. e.g., in AWS, the CloudFormation stack creates a VPC, networking, ASG and an EC2 instance to start the runner. The runner is separate from the Install’s infrastructure e.g., Kubernetes cluster. To learn more about the runner, read the Nuon Runner Architecture blog post.