Compare commits

..

No commits in common. "0bfa74c95c5fb3c4fb093ddf10ec732ac64a8b3c" and "19ebb73fe878938435694ffa87a586f158b7aa77" have entirely different histories.

9 changed files with 38 additions and 62 deletions

View File

@ -1,7 +0,0 @@
formatter: markdown table
output:
file: README.terraform.md
mode: replace
sort:
by: required

View File

@ -1 +1 @@
latest-allowed 1.6.3

34
.terraform.lock.hcl generated
View File

@ -2,24 +2,24 @@
# Manual edits may be lost in future updates. # Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/aws" { provider "registry.terraform.io/hashicorp/aws" {
version = "5.49.0" version = "5.19.0"
constraints = "~> 5.49.0" constraints = "~> 5.19.0"
hashes = [ hashes = [
"h1:Y3xvYjzBIwYSbcnZDcs6moiy30uxRoY5oT2ExQHKG5A=", "h1:QUX8nqmzZAlmG1eKzNLWqXUnsnvQ222cB9n/9J2U4Eo=",
"zh:0979b07cdeffb868ea605e4bbc008adc7cccb5f3ba1d3a0b794ea3e8fff20932", "zh:03aa0f857c6dfce5f46c9bf3aad45534b9421e68983994b6f9dd9812beaece9c",
"zh:2121a0a048a1d9419df69f3561e524b7e8a6b74ba0f57bd8948799f12b6ad3a1", "zh:0639818c5bf9f9943667f39ec38bb945c9786983025dff407390133fa1ca5041",
"zh:573362042ba0bd18e98567a4f45d91b09eb0d223513518ba04f16a646a906403", "zh:0b82ad42ced8fb4a138eaf2fd37cf6059ca0bb482114b35fb84f22fc1500324a",
"zh:57be7a4d6c362be2fa586d270203f4eac1ee239816239a9503b86ebc8fa1fef0", "zh:173e8c19a9f1d8f6457c80f4a73a92f420a81d650fc4ad0f97a5dc4b9485bba8",
"zh:5c72ed211d9234edd70eac9d77c3cafc7bbf819d1c28332a6d77acf227c9a23c", "zh:42913a40ddfe9b4f3c78ad2e3cdc1dcfd48151bc132dc6b49fc32cd6da79db21",
"zh:7786d1a9781f8e8c0079bf58f4ed4aeddec0caf54ad7ddcf43c47936d545a04f", "zh:452db5caca2e53d5f7090979d518e77aa5fd98385514b11ee2ce76a46e89cb53",
"zh:82133e7d39787ee91ed41988da71beecc2ecb900b5da94b3f3d77fbc4d4dc722",
"zh:8cdb1c154dead85be8352afd30eaf41c59249de9e7e0a8eb4ab8e625b90a4922",
"zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
"zh:ac215fd1c3bd647ae38868940651b97a53197688daefcd70b3595c84560e5267", "zh:a12377ade89ee18d9be116436e411e8396898bd70b21ab027c161c785e86238d",
"zh:c45db22356d20e431639061a72e07da5201f4937c1df6b9f03f32019facf3905", "zh:aa9e4746ba49044ad5b4dda57fcdba7bc16fe65f696766fb2c55c30a27abf844",
"zh:c9ba90e62db9a4708ed1a4e094849f88ce9d44c52b49f613b30bb3f7523b8d97", "zh:adfaee76d283f1c321fad2e4154be88d57da8c2ecfdca9516c8920bd2ece36ed",
"zh:d2be3607be2209995c80dc1d66086d527de5d470f73509e813254067e8287106", "zh:bf6fbc6d60661c03ed2214173c1deced908dc62480dd41e67ac399fa4abd7467",
"zh:e3fa20090f3cebf3911fc7ef122bd8c0505e3330ab7d541fa945fea861205007", "zh:cb685da03ad00d1a27891f3d366d75e8795ac81f1b427888b434e6832ca40633",
"zh:ef1b9d5c0b6279323f2ecfc322db8083e141984cfe1bb2f33c0f4934fccb69e3", "zh:e0432c78dfaf2baebe2bf5c0ad8087f547c69c2c5a00e4c1dcd5a6344ce726df",
"zh:e0ec9ccb8d34d6d0d8bf7f8628c223951832b4d50ea8887fc711fa854b3a28b4",
"zh:f274397ada4ef3c1dce2f70e719c8ccf19fc4e7a2e3f45d018764c6267fd7157",
] ]
} }

View File

@ -1,4 +1,4 @@
# Terraform AWS Pre-base Infrastructure # Terraform AWS Pre-Base
## Intro ## Intro
@ -17,34 +17,24 @@ This configuration is intended to be manually executed once at the beginning by
## Usage ## Usage
1. Install [terraform](https://terraform.io). The required version is stated in [`terraform.meta.tf`](./terraform.meta.tf). You can also use [tfenv](https://github.com/tofuutils/tenv) to automatically get a suitable version. 1. Install [terraform](https://terraform.io) or [opentofu](https://opentofu.org/) (preferably with [tfenv](https://github.com/tfutils/tfenv)). The required version is stated in `terraform.meta.tf`.
2. Insert backend config values in `terraform.backend.tfvars`. See [`terraform.backend.remote.tfvars.sample`](./terraform.backend.remote.tfvars.sample) for example, or configure your preferred backend. 2. Install terraform dependencies:
3. *(optional)* Login to terraform cloud to use the remote backend:
```bash ```bash
terraform login terraform init -upgrade
``` ```
4. Install terraform dependencies and initiate the backend: 3. Insert org-specific variable values in `<org-name>.tfvars`. See `*.tfvars.sample` for example.
4. Then execute as:
```bash ```bash
terraform init -backend-config=terraform.backend.tfvars terraform apply -var-file=<org-name>.tfvars
```
5. Insert deployment-specific values in `terraform.tfvars`. See [`terraform.tfvars.sample`](./terraform.tfvars.sample) for example.
6. Then execute as:
```bash
terraform apply -var-file=terraform.tfvars
``` ```
## Notes ## Notes
- ⚠️ **This project's state file should not be saved in the same AWS account where it is being deployed.** The terraform state is not saved in s3, because it is assumed that no s3 bucket for terraform states exists yet. User should secure the state file using some other method.
- The terraform state is not saved in s3, because it is assumed that no s3 bucket for terraform states exists yet. Instead the [terraform cloud](https://app.terraform.io/) remote backend is used. You may need to setup an account there. Or use local or your preferred backend. You should ensure security of the state file. Generated outputs are saved in a parameter store tree for future reference.
- Generated outputs are also saved in a parameter store tree for future reference.

View File

@ -3,14 +3,14 @@
| Name | Version | | Name | Version |
|------|---------| |------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.8.0 | | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.6.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.49.0 | | <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.19.0 |
## Providers ## Providers
| Name | Version | | Name | Version |
|------|---------| |------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.49.0 | | <a name="provider_aws"></a> [aws](#provider\_aws) | 5.19.0 |
## Modules ## Modules
@ -38,15 +38,15 @@ No modules.
| Name | Description | Type | Default | Required | | Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:| |------|-------------|------|---------|:--------:|
| <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | aws region where resources will be created | `string` | n/a | yes | | <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | aws region where resources will be created | `string` | n/a | yes |
| <a name="input_org_name"></a> [org\_name](#input\_org\_name) | organization name; used in various resource identifiers | `string` | n/a | yes |
| <a name="input_dynamodb_table_name_slug"></a> [dynamodb\_table\_name\_slug](#input\_dynamodb\_table\_name\_slug) | base name slug of the dynamodb table to create; this prefixed by `var.org_name` | `string` | `"terraform-locks"` | no | | <a name="input_dynamodb_table_name_slug"></a> [dynamodb\_table\_name\_slug](#input\_dynamodb\_table\_name\_slug) | base name slug of the dynamodb table to create; this prefixed by `var.org_name` | `string` | `"terraform-locks"` | no |
| <a name="input_git_project"></a> [git\_project](#input\_git\_project) | git source of this project; used in resource tags | `string` | `""` | no | | <a name="input_git_project"></a> [git\_project](#input\_git\_project) | git source of this project; used in resource tags | `string` | `""` | no |
| <a name="input_iac_username"></a> [iac\_username](#input\_iac\_username) | IAM user to create with admin access; for use by subsequent IaC projects | `string` | `"iac"` | no | | <a name="input_iac_username"></a> [iac\_username](#input\_iac\_username) | IAM user to create with admin access; for use by subsequent IaC projects | `string` | `"iac"` | no |
| <a name="input_kms_alias"></a> [kms\_alias](#input\_kms\_alias) | alias of the kms key to create | `string` | `"iac"` | no | | <a name="input_kms_alias"></a> [kms\_alias](#input\_kms\_alias) | alias of the kms key to create | `string` | `"iac"` | no |
| <a name="input_org_name"></a> [org\_name](#input\_org\_name) | organization name; used in various resource identifiers | `string` | n/a | yes |
| <a name="input_parameter_store_path"></a> [parameter\_store\_path](#input\_parameter\_store\_path) | the parameter store path where outputs will be added for reference | `string` | `"/iac/terraform/pre-base/"` | no | | <a name="input_parameter_store_path"></a> [parameter\_store\_path](#input\_parameter\_store\_path) | the parameter store path where outputs will be added for reference | `string` | `"/iac/terraform/pre-base/"` | no |
| <a name="input_s3_bucket_name_slug"></a> [s3\_bucket\_name\_slug](#input\_s3\_bucket\_name\_slug) | base name slug of the s3 bucket to create; this prefixed by `var.org_name` | `string` | `"terraform-states"` | no | | <a name="input_s3_bucket_name_slug"></a> [s3\_bucket\_name\_slug](#input\_s3\_bucket\_name\_slug) | base name slug of the s3 bucket to create; this prefixed by `var.org_name` | `string` | `"terraform-states"` | no |
| <a name="input_s3_bucket_use_random_suffix"></a> [s3\_bucket\_use\_random\_suffix](#input\_s3\_bucket\_use\_random\_suffix) | whether to add random suffix to bucket name, or assume the generated name is unique | `bool` | `false` | no |
| <a name="input_s3_enable_versioning"></a> [s3\_enable\_versioning](#input\_s3\_enable\_versioning) | whether to enable object versioning on the created bucket | `bool` | `true` | no | | <a name="input_s3_enable_versioning"></a> [s3\_enable\_versioning](#input\_s3\_enable\_versioning) | whether to enable object versioning on the created bucket | `bool` | `true` | no |
| <a name="input_s3_use_name_suffix"></a> [s3\_use\_name\_suffix](#input\_s3\_use\_name\_suffix) | whether to add random suffix to bucket name, or assume the generated name is unique | `bool` | `false` | no |
| <a name="input_s3_version_limit"></a> [s3\_version\_limit](#input\_s3\_version\_limit) | how many noncurrent versions of s3 objects to retain; max 100 | `number` | `100` | no | | <a name="input_s3_version_limit"></a> [s3\_version\_limit](#input\_s3\_version\_limit) | how many noncurrent versions of s3 objects to retain; max 100 | `number` | `100` | no |
## Outputs ## Outputs

View File

@ -1,5 +0,0 @@
#vim:ft=hcl
organization = "bdeshi.space"
workspaces {
name = "aws-prod-pre-base"
}

View File

@ -1,12 +1,11 @@
terraform { terraform {
required_version = "~> 1.8.0" required_version = "~> 1.6.0"
required_providers { required_providers {
aws = { aws = {
source = "hashicorp/aws" source = "hashicorp/aws"
version = "~> 5.49.0" version = "~> 5.19.0"
} }
} }
backend "remote" {}
} }
provider "aws" { provider "aws" {

View File

@ -1,4 +1,3 @@
#vim:ft=hcl org_name = "bdeshi.space"
org_name = "bdeshi.space" aws_region = "us-east-1"
aws_region = "us-east-1"
git_project = "git@git.bdeshi.space:bdeshi/terraform-aws-pre-base.git" git_project = "git@git.bdeshi.space:bdeshi/terraform-aws-pre-base.git"

View File

@ -17,7 +17,7 @@ variable "aws_region" {
variable "iac_username" { variable "iac_username" {
type = string type = string
description = "IAM user to create with admin access; for use by subsequent IaC projects" description = "IAM user to create with admin access; for use by subsequent IaC projects"
default = "iac" default = "iac"
} }
variable "kms_alias" { variable "kms_alias" {