Terraform Module Support
Terraform modules group individual resources together to allow them to be deployed as a collective. However, modules do pose some challenges when being created and/or supported. This document describes the Global DevSecOps team approach to maintaining and updating the modules and their resources.
Versioning
Terraform modules are based on either Terraform developed modules that are found in the Terraform Registry, or 3rd party created modules that someone else created and submitted back to the registry. Each module has a version. This is important to note because if you use many modules we may have many versions to support.
The Seagen Standard is current version minus 1. If we are using version 1.0 and 1.1 is released, we will continue supporting 1.0 until 1.2 is released.
What does support mean
Support means that the DevSecOps team will create an improvement and push that change out to the GDCT repos. These repos are samples. They will also update the Seagen Terraform Registry for others to use. Upgrading all repos that use a particular version will be the responsibility of the Global DevSecOps team. The upgrade will be scheduled for release after the following information is collected and publicized.
Documentation stating the repositories that will be upgraded
Schedule for releases and upgrades
Collaboration with the development teams to determine the impact to the team
Phased rollout of the changes to not only the GitHub repositories but also the resources being deployed
Test runs of the changed resources
Upgraded or clean state files
Post delivery readout to the teams
What Terraform providers are supported by Global DevSecOps
A provider is a grouping of modules and resources built for a particular public cloud or technology provider. Seagen supports the following providers.
Microsoft Azure
Google Cloud Platform
What Terraform Modules are currently supported by Global DevSecOps
The following modules are currently supported by the Global DevSecOps Team. This will be translated into a SharePoint List that will be accessible to everyone.
Azure Kubernetes Services
Azure Kubernetes Service (AKS) offers the quickest way to start developing and deploying cloud-native apps in Azure, datacentres, or at the edge with built-in code-to-cloud pipelines and guardrails. Get unified management and governance for on-premises, edge, and multi-cloud Kubernetes clusters.
Easily migrate existing applications to containers and run them in a fully managed Kubernetes service with AKS.
Use AKS to simplify the deployment and management of microservices-based architecture. AKS streamlines horizontal scaling, self-healing, load balancing, and secret management.
Azure API Management
Azure API Management is a hybrid, multicloud management platform for APIs across all environments. As a platform-as-a-service, API Management supports the complete API lifecycle.
Two of the greatest benefits of an Azure API Management Solution are improved communication across apps and increased business agility.
By using an APIM, you can apply global policies across all or even a subset of APIs
Azure Application Insights
Application Insights is an extension of Azure Monitor and provides Application Performance Monitoring (also known as “APM”) features. APM tools are useful to monitor applications from development, through test, and into production in the following ways: Proactively understand how an application is performing.
Insights is different than Azure Monitor as Insights provide a customized monitoring experience for particular Azure services. They use the same metrics and logs as other features in Azure Monitor but may collect extra data and provide a unique experience in the Azure portal.
Azure Cognitive Account Services - v.007
Azure Cognitive Services are cloud-based artificial intelligence (AI) services that help developers build cognitive intelligence into applications without having direct AI or data science skills or knowledge. They are available through REST APIs and client library SDKs in popular development languages.
Cognitive Services can be categorized into four main pillars:
Vision Speech Language Decision
More detailed information can be found here: https://learn.microsoft.com/en-us/azure/cognitive-services/what-are-cognitive-services
Azure Cosmos DB - v.0.0.11
Azure solution for a fast NoSQL database, with open APIs for any scale. The service is designed to allow customers to elastically (and independently) scale throughput and storage across any number of geographical regions. Azure Cosmos DB is the first globally distributed database service in the market today to offer comprehensive service level agreements encompassing throughput, latency, availability, and consistency.
Azure SQL Database - v 0.0.22
Azure SQL Database is a fully managed platform as a service (PaaS) database engine that handles most of the database management functions such as upgrading, patching, backups, and monitoring without user involvement.
Azure Databricks Cluster - v0.0.8
a set of computation resources and configurations on which you run data engineering, data science, and data analytics workloads, such as production ETL pipelines, streaming analytics, ad-hoc analytics, and machine learning.
Azure Databricks provides the latest versions of Apache Spark and allows you to seamlessly integrate with open source libraries. Spin up clusters and build quickly in a fully managed Apache Spark environment.
Azure Databricks Workspaces - v0.0.1
An Azure Databricks workspace is an environment for accessing all of your Azure Databricks assets. The workspace organizes objects such as notebooks, libraries, experiments, queries, and dashboards into folders, and provides access to data and computational resources such as clusters and jobs.
Azure Data Factory - v0.0.12
Azure Data Factory is Azure’s cloud ETL service for scale-out serverless data integration and data transformation. It offers a code-free UI for intuitive authoring and single-pane-of-glass monitoring and management. You can also lift and shift existing SSIS packages to Azure and run them with full compatibility in ADF.
Azure Data Lake Gen 2 - v0.0.6
Azure Data Lake Storage Gen2 is a set of capabilities dedicated to big data analytics, built on Azure Blob Storage. Data Lake Storage Gen2 converges the capabilities of Azure Data Lake Storage Gen1 with Azure Blob Storage.
Azure Firewall - v0.0.1
Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. The stateful firewall service has built-in high availability and unrestricted cloud scalability to help you create, enforce, and log application and network connectivity policies across subscriptions and virtual networks.
Azure Firewall decrypts outbound traffic, performs required security checks, and then encrypts the traffic to the destination. It works in conjunction with URL filtering and web categories by letting administrators allow or deny user access to website categories such as gambling or social media.
The intrusion detection and prevention system (IDPS) capability uses signatures to continuously monitor activities, generate alerts, log information, and optionally attempt to block the attack. It can detect attacks in all ports and protocols for non-encrypted traffic. Encrypted traffic utilizes the TLS inspection capability for decryption.
Azure Function Apps - v0.0.8
Azure Functions is a serverless solution that allows you to write less code, maintain less infrastructure, and save on costs. Instead of worrying about deploying and maintaining servers, the cloud infrastructure provides all the up-to-date resources needed to keep your applications running.
A function app lets you group functions as a logical unit for easier management, deployment, scaling, and sharing of resources
When should you use Azure Functions? Reminders and notifications. Scheduled tasks and messages. File processing. Data or data streams processing. Running background backup tasks. Computing backend calculations. Lightweight Web APIs, proofs of concept, MVPs.
Azure Identify Providers - v0.0.9
An identity provider creates, maintains, and manages identity information while providing authentication services to applications. When sharing your apps and resources with external users, Azure AD is the default identity provider for sharing.
Azure Key Vault - v0.0.4
Azure Key Vault is a cloud service that provides a secure store for secrets. You can securely store keys, passwords, certificates, and other secrets. Azure key vaults may be created and managed through the Azure portal.
Azure Key Vault is a centralized cloud service for securely storing and accessing applications’ secrets. Key Vault helps you control your applications’ secrets by keeping them in a single, central location and by providing secure access, permissions control, and access logging capabilities, use Azure key vault to enhance data protection and compliance. Secure key management is essential to protect data in the cloud. Use Azure Key Vault to encrypt keys and small secrets like passwords that use keys stored in hardware security modules (HSMs).
Azure Kubernetes Cluster - v0.0.1
Azure Kubernetes Service (AKS) offers the quickest way to start developing and deploying cloud-native apps in Azure, datacentres, or at the edge with built-in code-to-cloud pipelines and guardrails. Get unified management and governance for on-premises, edge, and multi-cloud Kubernetes clusters.
Azure Network Watcher - v0.0.9
Network Watcher provides you the ability to diagnose your most common VPN Gateway and Connections issues. Allowing you, not only, to identify the issue but also to use the detailed logs created to help further investigate.
Azure Redis Cache - v0.0.6
Azure Cache for Redis provides an in-memory data store based on the Redis software. Redis improves the performance and scalability of an application that uses backend data stores heavily.
Redis is a great choice for implementing a highly available in-memory cache to decrease data access latency, increase throughput, and ease the load off your relational or NoSQL database and application.
Azure Service Bus - v0.0.7
Azure Service Bus is a fully managed enterprise message broker with message queues and publish-subscribe topics (in a namespace). Service Bus is used to decouple applications and services from each other, providing the following benefits: Load-balancing work across competing workers.
Azure Signal R - v0.0.18
Azure SignalR Service simplifies the process of adding real-time web functionality to applications over HTTP. This real-time functionality allows the service to push content updates to connected clients, such as a single page web or mobile application.
Azure Storage - v0.0.7
The Azure Storage platform is Microsoft’s cloud storage solution for modern data storage scenarios. Azure Storage offers highly available, massively scalable, durable, and secure storage for a variety of data objects in the cloud.
Azure VNET - v0.0.7
Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks.
Azure Windows Web App - v0.0.5
Azure Web Apps is a cloud computing based platform for hosting websites, created and operated by Microsoft. It is a platform as a service which allows publishing Web apps running on multiple frameworks and written in different programming languages, including Microsoft proprietary ones and 3rd party ones.
Google App Engine - v0.0.3
Google App Engine is a cloud computing platform as a service for developing and hosting web applications in Google-managed data centers. Applications are sandboxed and run across multiple servers.
Google Big Query - v5.2.0
BigQuery is Google’s fully managed, serverless data warehouse that enables scalable analysis over petabytes of data. It is a Platform as a Service that supports querying using ANSI SQL. It also has built-in machine learning capabilities.
Google Cloud Build - v0.1.0
Cloud Build is a service that executes your builds on Google Cloud. Cloud Build can import source code from a variety of repositories or cloud storage spaces, execute a build to your specifications, and produce artifacts such as Docker containers or Java archives.
Google Cloud Run - v0.0.3
Cloud Run is a managed compute platform that lets you run containers directly on top of Google’s scalable infrastructure.
You can deploy code written in any programming language on Cloud Run if you can build a container image from it. In fact, building container images is optional. If you’re using Go, Node.js, Python, Java, .NET Core, or Ruby, you can use the source-based deployment option that builds the container for you, using the best practices for the language you’re using.
Google Cloud Storage - v3.2.0
Cloud Storage is a managed service for storing unstructured data. Store any amount of data and retrieve it as often as you like.
Google Databricks - v0.1.0
Databricks, whose founders created Apache Spark, delivers a fully managed Spark experience on Google Cloud with performance gains of up to 50x over open source Spark. This fast engine gives you business-ready insights that you can integrate with Looker and BigQuery.
Google Data Flow - v2.1.0
Google Cloud Dataflow is a fully managed service for executing Apache Beam pipelines within the Google Cloud Platform ecosystem.
Google Data Processor - v0.0.2
Google Event Function - v2.2.0
Event triggers: Pub/Sub triggers. Cloud Storage triggers. Firestore triggers.
Google Cloud Commands - v3.1.1
https://cloud.google.com/sdk/docs/cheatsheet
Google Groups - v0.0.1
Google Groups is a service from Google that provides discussion groups for people sharing common interests. The Groups service also provides a gateway to Usenet newsgroups via a shared user interface.
Google Healthcare - v2.2.0
Google Kubernetes - v19.0.0
Kubernetes, also known as K8s, is an open-source system for automating deployment, scaling, and management of containerized applications.
Google Memory Store - v4.1.0
A fully managed in-memory data store service for Redis and Memcached.
Google Network - v5.0.0
Google Project Services - v0.0.0
Allows management of a single API service for a Google Cloud Platform project.
Google PubSub - v3.2.0
Pub/Sub is an asynchronous and scalable messaging service that decouples services producing messages from services processing those messages, allows services to communicate asynchronously, with latencies on the order of 100 milliseconds.
Pub/Sub is used for streaming analytics and data integration pipelines to ingest and distribute data. It’s equally effective as a messaging-oriented middleware for service integration or as a queue to parallelize tasks.
Pub/Sub enables you to create systems of event producers and consumers, called publishers and subscribers. Publishers communicate with subscribers asynchronously by broadcasting events, rather than by synchronous remote procedure calls (RPCs).
Google Scheduled Function - v2.2.0
Cloud Scheduler is a fully managed enterprise-grade cron job scheduler. It allows you to schedule virtually any job, including batch, big data jobs, cloud infrastructure operations, and more. You can automate everything, including retries in case of failure to reduce manual toil and intervention. Cloud Scheduler even acts as a single pane of glass, allowing you to manage all your automation tasks from one place.
Google Secret Manager - v0.3.1
Secret Manager is a secure and convenient storage system for API keys, passwords, certificates, and other sensitive data. Secret Manager provides a central place and single source of truth to manage, access, and audit secrets across Google Cloud.
Google Spanner - v0.2.0
Spanner is a distributed SQL database management and storage service developed by Google. It provides features such as global transactions, strongly consistent reads, and automatic multi-site replication and failover. Spanner is used in Google F1, the database for its advertising business Google Ads.
Google SQL DB - v8.0.0
There are three relational database options in Google Cloud: Cloud SQL, Cloud Spanner, and Bare Metal Solution. Cloud SQL: Provides managed MySQL, PostgreSQL and SQL Server databases on Google Cloud.