Skip to content

Template Management

In this section we will learn to create and update templates and utilize all their features.

We will not cover the Terraform coding of a Template in here, writing the code for a Template is covered in the Template Developer Guide.

Creating a Template involves configuring ESH to know about the SCM repository in which the Template source code resides. You will need the web URL of the repository (not the clone URL), credentials to access the repository and it must have at least 1 tag as Deployments are tied to specific versions of Templates.

Tips for Template Management

To help your organization to get the most out of Templates, read this section.

  • Template Name - Give the Template a name that will make it easy for users for know what it does. I.e. EC2 Instance - Simple Config, EC2 Instance - Advanced Config, RDS Postgres, Aurora Postgres etc

  • Template Description - Give the Template a good multi line description. This will be useful to help users know exactly what resources a Template will create for them.

  • Authorization - An access token that has read privilege on your Template repositories.

    It is usually a good idea to have an SCM service account configured on your SCM provider, this makes managing credentials easier than using an individual users account. Generate a token for that account and use the token for Template authorization.

  • Template Versions - Versions are Tags can be created by typing git tag <semantic version, i.e. 0.0.1> then git push --tags.

  • Template Approval - Some Templates deploy special resources such as AWS accounts or expensive resources such as large virtual machines. Where this is the case it is possible to specify that deployment the Template requires manager approval. Where this is set, the Deployment of the resource is paused after the plan phase and a Tenant administrator is required to approve the Deployment.

Create a Template

Step 1 - Specify SCM Repository and Template Metadata

Use the Template console to create a Template and specify required details as referenced in above section Tips.

Template Create

Fill in the parameters for the Template.

Template Create - Parameters

Step 2 - Download a version (Git tag)

Use the Template Version console to download a tag. Click the download button as below:

Template Download Version

The tag has been downloaded and a TFSec report has been created for the version.

Template Version Download with TFSec Report

Step 3 - Review TFSec Security Reports

Review the report if it has any vulnerabilities, improve where necessary.

Template TFSec Report

Step 4 - Preview the Template Parameters

The Template parameters preview gives you a representation of what the user could see when they deploy the template. Some fields have been defaulted from the default value specified in the Terraform variables. If it possible to override the presentation and defaults for the Template parameters on a Tenant by Tenant basis using CMDB Tenant Defaults but a baseline presentation is available here for you to review parameter descriptions etc.

Template Parameter Preview - Launch

Review the parameters in the popup window.

Template Parameter Preview

Step 5 - Test a Template

Navigate to the Deployments console and follow the steps here to test your Template.

Step 6 - Certify a Template

Only Certified Templates can be used by end users so after testing has taken place by the Template Developer or other admin level users, it is essential to certify the template so it can be assigned out to regular users.

Template Certification

Step 7 - Assign Template to Template Groups

Users are granted access to Templates via their Template Group assignments. For each Tenant you create, ESH creates a default Template group. If this is a new ESH installation you have probably not created any additional Template Groups so simply assign to the default for the Tenant you have been assigned to. If there are more Template Groups, assign to approproate groups.

Template Groups

Updating a Template

After creating a Template, changes might be needed, such as changing the name, writing a more thorough description, or updating the repository authorization token.

Click the Edit button and change anything you need, then click Save.

Update Template Details

Update Template Repository Authorization

For all private repositories, a token must be specified. Update the token by clicking on the Template auth tab. Enter the new token and click the test button, if the token is valid for accessing the repository, the test button will turn green and the Save button will be enabled.

Template Repository Authorization

Do not specify a token for public repositories.

Learn about Template development here