This is the minimal, very first setup of terraform backend in S3 and DynamoDB.
The terraform state produced in this repository is pushed to a separate bucket with AWS CLI.
To deploy infrastructure, run the following commands:
terraform init
terraform apply
Please note the terraform state is local.
Folder utils contains common scripts to be used across projects.
In order to get sufficient access to work with terraform or AWS CLI:
Make sure to unset the AWS variables:
unset AWS_ACCESS_KEY_ID
unset AWS_SECRET_ACCESS_KEY
unset AWS_SESSION_TOKEN
As a note, the following set-up is based on the README of assume-role tool
Set up a profile for each role you would like to assume in ~/.aws/config, for example:
[profile default]
region = eu-west-2
output = json
[profile admin]
region = eu-west-2
role_arn = <role-arn>
mfa_serial = <mfa-arn>
source_profile = default
The source_profile needs to match your profile in ~/.aws/credentials.
[default]
aws_access_key_id = <your-aws-access-key-id>
aws_secret_access_key = <your-aws-secret-access-key>
brew install remind101/formulae/assume-role
Run the following command with the profile configured in your ~/.aws/config:
assume-role admin
Run the following command with the profile configured in your ~/.aws/config:
eval $(dojo "echo <mfa-code> | assume-role admin"
Run the following command to confirm the role was assumed correctly:
aws sts get-caller-identity
When creating the new ssm keys, please follow the agreed convention as per the design specified below:
- all parts of the keys are lower case
- the words are separated by dashes (
kebab case) envis optional
Please follow this design to ensure the ssm keys are easy to maintain and navigate through:
| Type | Design | Example |
|---|---|---|
| User-specified | /repo/<env>?/user-input/ |
/repo/${var.environment}/user-input/db-username |
| Auto-generated | /repo/<env>?/output/<name-of-git-repo>/ |
/repo/output/prm-deductions-base-infra/root-zone-id |
Run
./tasks set_version
to bump patch version,
or
./tasks set_version 0.X.Y
to set a new version of the script.
Then make your changes and update the CHANGELOG.md description.
Commit and push. A new release will be created on github.