Deploy identical Development and Production environments using Terraform

Surpass is a strategic projects company that built a public-transportation planning system. They created a web app to allow Public Transportation Designers to create and test how new transportation lines would behave, work, and impact current traffic and usage.

Their state when they met us:

• Basic app, running locally on the developers' computers.
• No ability to work with the users.
• No environments set, or a possibility to collaborate live with other developers.
• No deployment pipelines or version management.

• Fully managed IaC-based infrastructure & environments.
• Developers' freedom, accessibility, and ease of use.

• Use Terraform/Terragrunt to manage the infrastructure:This is the most flexible IaC approach, enabling full control and integration with AWS resources.
• Create Dev/Staging/Production environments entirely in code.
• Develop a deployment process to deploy changes initially to Dev and later to Staging & Prod, with the appropriate tests and branching strategies in Git.

We accounted for the following security-related restrictions:

• Geo-based access restriction.
• Usage of WAF & CloudFront.
• A solid access control system for the internal (Private VPC) system.

The goals, decisions, and restrictions led to the following strategy:

• Use Terragrunt to re-use Terraform code, ensuring better observability of environments and resources. This approach allowed us to change only configuration values between environments, avoiding changes to actual code logic.
• Manage all secrets in AWS Secrets Manager, accessing values from GitHub Action Pipelines with multiple values set per environment.
• Deploy the Dev stack first, then build Staging and Production environments to improve stability, applying the same strategy for later additions.
• Create sub-projects following the same method.
• Define the correct CI/CD pipelines and branch protections for an optimal review and deployment flow.

The process of creating Surpass' infrastructure was methodical and detailed:

• Create the Terraform module, deploy it using Terragrunt, and check for usability.
• Request feedback from the Dev team or the customer and make adjustments.
• Manage and organize the code and Infrastructure modules.

This iterative methodology allowed us to:

• Be agile.
• Re-use code.
• Adhere to customer and developer requirements.
• Deliver value quickly, in small and manageable parts, while keeping everything tidy and neat.

• The entire infrastructure is managed using Terraform.
• Identical Dev/Staging/Production environments were created, with differences limited to each module's inputs (mostly the same).
• Migration between AWS accounts (due to various reasons) was 10x faster compared to non-Terraform setups.
• Each change, addition, and modification of the environment was recorded and managed in the Git repository containing Terraform/Terragrunt code.
• The codebase remained clean and organized.
• System services were completely isolated and inaccessible to the public web.