With the acme example of having infrastructure-modules-multi-account-acme hold the “blueprints” and infrastructure-live-multi-account-acme “instantiate” them makes sense, but where do you introduce holistic testing with Terratest?
infrastructure-modules combines a bunch of small modules from other repos (e.g., from the Gruntwork Infrastructure as Code Library). Those modules should each have their own automated tests. You can think of those as the “unit tests,” though infrastructure testing doesn’t really have pure unit testing.
The next level up is to have tests for the modules in the
infrastructure-modules repo itself. These are tests validating that several of your modules work together, so you can think of them as your “integration tests.” You’ll need to find ways to “mock” dependencies of one module on another; e.g., if you have a
db module in
infrastructure-modules that looks up VPC/subnet data created by a
vpc module, you’ll want to make it possible to override that data so you can provide it automatically at test time without having to run the
vpc module itself.
Finally, the top level is to test the code in
infrastructure-live. These would be your end-to-end tests, as they are validating how everything works together. In practice, deploying your entire architecture from scratch can be a bit too slow/brittle, so typically, these tests run each change against an existing environment that is already up and running, so you are just checking that the latest increment of change has broken anything.