Scope environment

We're almost ready to start your first run, but before it has a chance to succeed, you need to set up the scope-specific environment for Geopoiesis to operate in. Each scope runs with its own set of environment variables, which it does not share with the worker binary. In other words, none of the environment variables you have in your .env file will be automatically available to your run.

Setting environment in the UI

Depending on how you store your remote state and which providers you use, you may need a different set of environment variables. In order to do that, please navigate to the Environment section of your Geopoiesis installation and click EDIT.

When adding a new environment variable, you have an option to save it as plaintext or a secret:

The main difference between the two is that while plaintext variable can be read back in the UI, a secret variable will not, though it will remain available just the same in the Terraform environment.

Here is an example of environment settings for a simple repository storing the state in S3 and managing some AWS and GitHub resources:

Note on Terraform variables

In Terraform there are different types of environment variables. Some, like the ones you can see in an example above, are used to set up a backend and individual providers. Their documentation will generally tell you what environment variables are expected as settings.

The other type of environment variables are the ones that set Terraform root input variables. You can read more about those variables here, but the general idea is that if you need to set a Terraform variable called name, you can pass it to through your environment as TF_VAR_name - note the TF_VAR_ prefix.

Last but not least there are environment variables you can use to tweak Terraform itself. You can read more about those here.

All of the above types of variables are set in the Environment section of your Geopoiesis scope, and Geopoiesis does not differentiate between them.

Setting environment using Terraform

Geopoiesis stores environment variables for its managed scopes in SSM Parameter Store, encrypted with KMS in case of secrets. If you so wish, you can short-circuit the whole copy-paste job and use Terraform to set those directly. Geopoiesis Terraform templates repository offers two helper modules - one for plaintext, and one for write-only environment variables.

Here is an example of using a plaintext template to set a variable called AWS_ACCESS_KEY_ID on the scope called hello-world:

geopoiesis.tf
module "production-aws-key-id" {
source = "github.com/geopoiesis/terraform//aws/environment/plaintext?ref=0.6.0"
name = "AWS_ACCESS_KEY_ID"
scope = "hello-world"
value = "${module.access.production_key_id}"
}

This is a very attractive alternative if the values of those scope environment variables are themselves generated by Terraform. In the above example, a static key ID and secret credential pair is probably created by the module called access, allowing a Geopoiesis scope access to some AWS account.