- Request AWS credentials on
#ask-aws
Slack channel. - Change password
- Create new access key, save it in a secure place on your hard drive and inactivate the old one (IAM->Users->your username->Security Credentials)
- Setup MFA for your username
- Along with your credentials to account
889772146711
you will be also permitted to useOrganizationAccountAccessRole
role - To switch to the role in the web interface use after signing in use: https://signin.aws.amazon.com/switchrole
- Install and set up AWS CLI: https://docs.aws.amazon.com/cli/latest/userguide/install-macos.html
- Configure CLI to use the OrganizationAccountAccessRole role with MFA like explain here: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-role.html#cli-configure-role-mfa
Best way to manage Terraform versions for the different project is to use along with the version manager like asdf
. Asdf will not only facilitate managing different versions of the tools in the different project but it also installs the tools itself.
- Install
asdf
as described: https://asdf-vm.com/#/core-manage-asdf-vm - Install terraform plugin:
asdf plugin-add terraform https://github.com/Banno/asdf-hashicorp.git
- Install golang plugin:
asdf plugin-add golang https://github.com/kennyp/asdf-golang.git
- Install dep plugin:
asdf plugin-add golang-dep https://github.com/mcdan/asdf-golang-dep.git
Create a directory for the Terraform project. Terratest (and more precisely Go) needs all source code files to be included in $GOPATH/src directory ie. $GOPATH/src/aws_examples. Enter the working directory - for now aws_examples and run:
asdf list-all terraform
lists all available version of Terraform; choose the version you want to useasdf install terraform 0.12.5
to install the toolasdf local terraform 0.12.5
set the version for the project (it should create the.tool-versions
file)
Terraform doesn't support MFA enabled AWS roles. To make it work to install and setup AWS-VAULT ( https://github.com/99designs/aws-vault)
When aws-vault is set up all terraform command need to prefix with aws-vault exec [profile] --
ie:
aws-vault exec test -- terraform apply
Terratest needs Go compiler installed and $GOPATH set.
- Set the
$GOPATH
ie. go to your project's directory andcd ..
- Install and setup desired version of Go:
3.asdf install golang 1.12.7
2.asdf local golang 1.12.7
- Install and setup desired version of Golang-dep:
asdf install golang-dep v0.5.4
asdf local golang-dep v0.5.4
- In the
test
folder, create aGopkg.toml
file with the following content:
[[constraint]]
name = "github.com/gruntwork-io/terratest"
version = "0.17.4"
- Run
dep ensure
. This should load or necessary Go dependecies.
Terratest also need to be run with the aws-vault wrapper ie: aws-vault exec test -- go test -v -timeout 15m
###Useful readings https://blog.gruntwork.io/authenticating-to-aws-with-environment-variables-e793d6f6d02e
Some backends support multiple workspaces. It means that the state file is separate for each workspace, so execution of terraform scripts in different workspaces doesn't overwrite the state files. For example in S3 backed the default workspace will be created in a path defined by the key setting. Any other workspace will be created in the same bucket but within /env:/[workspace_name] path.
Listing existing workspaces: terraform workspace list
Showing current workspace: terraform worspace show
Changin to new workspace: terraform workspace selecet [workspace_name]