Giter Site home page Giter Site logo

terraformawsbootstrap's Introduction

Terraform AWS Bootstrap

This project is to perform the intitial bootstrapping of Terraform in an AWS account. It creates an S3 bucket and DynamoDB Table for Terraform state management using an S3 Remote backend configuration. This is a low-cost, simple way to manage an AWS project using Infrastructure as Code. Using a remote state backend allows for easier collaboration and enables versioning and locking for the terraform state file.

Prerequisites

  • The IAM setup to allow this run to build things in the account is not included, this should be a seperate external step
  • The AWS credentials / permissions for Terraform to assume are external to this
  • The CICD configuration is external to this module

Setup Remote State

  1. Configure main.tf.
    • Replace all instances of PROJECT_NAME with the name of the project
    • Replace all instances of AWS_ACCOUNT_ID with the AWS Account ID in use
    • Replace all instances of AWS_REGION with the AWS region to deploy to
    • (Optional) Follow below steps to Setup CI-CD using Github Actions
  2. Create the S3 Bucket and Dynamodb locking table.
    • terraform init
    • terraform apply
  3. Switch to S3 remote backend.
    • In main.tf, remove the comments from the bootstrap module
    • terraform init
    • terraform apply

(Optional) Setup CI-CD using Github Actions

WARNING misconfiguration during these steps can compromise your AWS account. Do not proceed unless you are absolutely certain that the input values you are providing to github-actions-iam module are correct and have reviewed the Github Actions module code in detail. By default, this module attaches an admin policy to the role and you may need to consider replacing this with a set of permissions that best match your needs and security risk posture

  1. Set up the github-actions-iam module.
  1. Configure .github/workflows/github-actions.yml with an AWS region, AWS role, and Role session name.
    • aws-region: us-east-1
    • role-to-assume: arn:aws:iam::AWS_ACCOUNT_ID:role/PROJECT_NAME-AWS_ACCOUNT_ID-github-oidc
      • this should be the role that is being created at ./modules/github-actions-iam/iam.tf

terraformawsbootstrap's People

Contributors

samtowne avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.