AWS without AWS: writing infrastructure as code

  • Updated on 24th Nov 2024

This article is the first part of the AWS without connecting to AWS series, with more to follow.

I've used Amazon Web Services (AWS) for a long time, with infrastructure as code the main way I've interacted with AWS for most of that time. Terraform (and OpenTofu that forked from there) has been the tool that I've used the most.

Creating resources in AWS is the goal, but there are reasons why we may not be able to operate against live AWS as readily as we may like:

  • Connectivity to AWS APIs. Do we have network connectivity? Maybe we are working from a plane, train, or automobile, or a beach.
  • Environment availability. Are we able to create AWS resources in a non-disruptive way? Can we use or create an environment in a live AWS account for testing purposes, without conflicting with others? Maybe you have to run tests in an AWS account that has not had AWS service quotas increased the same as production environments.
  • Dependencies. Are we able to deploy our infrastructure as code? Especially when we have small modules of code that are deployed onto a platform, there may be platform dependencies that we need to be available.
  • Cost. Is it sustainable to test in live AWS? Short lived resources, such as in an ephemeral environment, can help keep cost down, but there are many considerations.
  • Practicality. Certain changes may need to be tested in an AWS Organization, and Organizations are often not something that can be readily created and destroyed. Other changes may have side effects that are hard to reverse.

Given the above, from time to time it can be helpful to avoid interacting with AWS, to glean what you can from the infrastructure as code without creating real resources in AWS. It is not always trivial, and not always possible, to avoid real APIs to AWS but it can be helpful to work with quicker, tighter feedback loops. What you can do with Terraform and the AWS provider without connecting to AWS?

We will consider a number of options in this series of articles, with basic writing and testing of infrastructure as code our first.

## Writing infrastructure as code

Does a validate check for unknown resource attributes? If not, what does?

Validation of infrastructure as code

Terraform validate (with and without init)?

Caveats about dependencies that can't be resolved until apply. Nice notes by apparentlymart on an issue somewhere?

## Generating a plan without AWS

What settings do we need to allow it. What are the caveats?

Then testing of a plan, but that is more the static analysis bit.

TF test? There are tools? Any gruntwork ones?

We will consider:

  • Localstack
  • Boto
  • iamlive
  • Static analysis
    • On IAC
    • On plan
    • On state

Wiremock

Working on a plane. Speeding up feedback loops.

This article is part 1 of 1 in AWS without connecting to AWS.