Created by Karapet Andreasyan, last modified on Dec 01, 2022

We are using the Official Terraform Provider that uses Ably Control API
The API allows us to create and manage:

  • Ably apps (main component)

  • API keys (for microservices and other connections)

  • Namespaces (for channel rules)

  • Queues

  • Most of the Integration rules
    but not access tokens and user management in the Ably account.

Important: The Terraform Provider is in Preview and you may find some unexpected behavior during the implementation of new rules and resources.

Important: We are using the Ably Terraform provider to create necessary components in the Ably Free and Enterprise accounts using access tokens that should be generated manually in UI and set in Terraform Cloud as a variable.

Our Terraform configuration has 3 parts: Dispatcher, Applications-Infra, and Applications-Config.

Dispatcher: Controls account access tokens and environments.

You can enable or disable the Ably app for the specific environment in shared_variables.tf.
Here we can also automate user account creation and token generation when Ably API adds POST methods for those and include them in Terraform provider.

Input:

  • Ably Access token for Dev (Terraform var: ably_dev_token )

  • Ably Access token for Prod (Terraform var: ably_prod_token )

Output:

  • Stores corresponding API access token in applications-infra Terraform Cloud workspace as a variable.

Applications-Infra: Creates and manages the Ably app.

We create Ably app using the the current environment name and configure notifications settings for app.

Input:

  • Ably Access token (Terraform var: ably_token )

  • Firebase key, Apple Push Notification service certificates (Vault: secret/{env}/ably/manual)

Output:

  • App ID (Vault: secret/{env}/ably/app)

Applications-Config: Creates and manages all other configurations in Ably app.

We have dynamic resources that read the yaml configuration file and configure the corresponding Ably app. In YAML you can add or remove any element.

Input:

  • API access token (Terraform var: ably_token )

  • App ID (Vault: secret/{env}/ably/app)

Output:

  • API keys (Vault example: secret/{env/}apps/iam-manager/ably-api-key)

Next steps:
As mentioned above if you want to create new Ably app for new environment you can just enable it in shared_variables.tf.

You can add new API keys in configuration yaml for new microservices and use them in applications manifest.