Compare commits
6 Commits
19ebb73fe8
...
0bfa74c95c
Author | SHA1 | Date | |
---|---|---|---|
0bfa74c95c | |||
30fa72a048 | |||
426366f45d | |||
58ab8bf827 | |||
d650f553b7 | |||
922443daba |
7
.terraform-docs.yml
Normal file
7
.terraform-docs.yml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
formatter: markdown table
|
||||||
|
output:
|
||||||
|
file: README.terraform.md
|
||||||
|
mode: replace
|
||||||
|
sort:
|
||||||
|
by: required
|
||||||
|
|
@ -1 +1 @@
|
|||||||
1.6.3
|
latest-allowed
|
||||||
|
34
.terraform.lock.hcl
generated
34
.terraform.lock.hcl
generated
@ -2,24 +2,24 @@
|
|||||||
# Manual edits may be lost in future updates.
|
# Manual edits may be lost in future updates.
|
||||||
|
|
||||||
provider "registry.terraform.io/hashicorp/aws" {
|
provider "registry.terraform.io/hashicorp/aws" {
|
||||||
version = "5.19.0"
|
version = "5.49.0"
|
||||||
constraints = "~> 5.19.0"
|
constraints = "~> 5.49.0"
|
||||||
hashes = [
|
hashes = [
|
||||||
"h1:QUX8nqmzZAlmG1eKzNLWqXUnsnvQ222cB9n/9J2U4Eo=",
|
"h1:Y3xvYjzBIwYSbcnZDcs6moiy30uxRoY5oT2ExQHKG5A=",
|
||||||
"zh:03aa0f857c6dfce5f46c9bf3aad45534b9421e68983994b6f9dd9812beaece9c",
|
"zh:0979b07cdeffb868ea605e4bbc008adc7cccb5f3ba1d3a0b794ea3e8fff20932",
|
||||||
"zh:0639818c5bf9f9943667f39ec38bb945c9786983025dff407390133fa1ca5041",
|
"zh:2121a0a048a1d9419df69f3561e524b7e8a6b74ba0f57bd8948799f12b6ad3a1",
|
||||||
"zh:0b82ad42ced8fb4a138eaf2fd37cf6059ca0bb482114b35fb84f22fc1500324a",
|
"zh:573362042ba0bd18e98567a4f45d91b09eb0d223513518ba04f16a646a906403",
|
||||||
"zh:173e8c19a9f1d8f6457c80f4a73a92f420a81d650fc4ad0f97a5dc4b9485bba8",
|
"zh:57be7a4d6c362be2fa586d270203f4eac1ee239816239a9503b86ebc8fa1fef0",
|
||||||
"zh:42913a40ddfe9b4f3c78ad2e3cdc1dcfd48151bc132dc6b49fc32cd6da79db21",
|
"zh:5c72ed211d9234edd70eac9d77c3cafc7bbf819d1c28332a6d77acf227c9a23c",
|
||||||
"zh:452db5caca2e53d5f7090979d518e77aa5fd98385514b11ee2ce76a46e89cb53",
|
"zh:7786d1a9781f8e8c0079bf58f4ed4aeddec0caf54ad7ddcf43c47936d545a04f",
|
||||||
|
"zh:82133e7d39787ee91ed41988da71beecc2ecb900b5da94b3f3d77fbc4d4dc722",
|
||||||
|
"zh:8cdb1c154dead85be8352afd30eaf41c59249de9e7e0a8eb4ab8e625b90a4922",
|
||||||
"zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
|
"zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
|
||||||
"zh:a12377ade89ee18d9be116436e411e8396898bd70b21ab027c161c785e86238d",
|
"zh:ac215fd1c3bd647ae38868940651b97a53197688daefcd70b3595c84560e5267",
|
||||||
"zh:aa9e4746ba49044ad5b4dda57fcdba7bc16fe65f696766fb2c55c30a27abf844",
|
"zh:c45db22356d20e431639061a72e07da5201f4937c1df6b9f03f32019facf3905",
|
||||||
"zh:adfaee76d283f1c321fad2e4154be88d57da8c2ecfdca9516c8920bd2ece36ed",
|
"zh:c9ba90e62db9a4708ed1a4e094849f88ce9d44c52b49f613b30bb3f7523b8d97",
|
||||||
"zh:bf6fbc6d60661c03ed2214173c1deced908dc62480dd41e67ac399fa4abd7467",
|
"zh:d2be3607be2209995c80dc1d66086d527de5d470f73509e813254067e8287106",
|
||||||
"zh:cb685da03ad00d1a27891f3d366d75e8795ac81f1b427888b434e6832ca40633",
|
"zh:e3fa20090f3cebf3911fc7ef122bd8c0505e3330ab7d541fa945fea861205007",
|
||||||
"zh:e0432c78dfaf2baebe2bf5c0ad8087f547c69c2c5a00e4c1dcd5a6344ce726df",
|
"zh:ef1b9d5c0b6279323f2ecfc322db8083e141984cfe1bb2f33c0f4934fccb69e3",
|
||||||
"zh:e0ec9ccb8d34d6d0d8bf7f8628c223951832b4d50ea8887fc711fa854b3a28b4",
|
|
||||||
"zh:f274397ada4ef3c1dce2f70e719c8ccf19fc4e7a2e3f45d018764c6267fd7157",
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
30
README.md
30
README.md
@ -1,4 +1,4 @@
|
|||||||
# Terraform AWS Pre-Base
|
# Terraform AWS Pre-base Infrastructure
|
||||||
|
|
||||||
## Intro
|
## Intro
|
||||||
|
|
||||||
@ -17,24 +17,34 @@ This configuration is intended to be manually executed once at the beginning by
|
|||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
1. Install [terraform](https://terraform.io) or [opentofu](https://opentofu.org/) (preferably with [tfenv](https://github.com/tfutils/tfenv)). The required version is stated in `terraform.meta.tf`.
|
1. Install [terraform](https://terraform.io). The required version is stated in [`terraform.meta.tf`](./terraform.meta.tf). You can also use [tfenv](https://github.com/tofuutils/tenv) to automatically get a suitable version.
|
||||||
|
|
||||||
2. Install terraform dependencies:
|
2. Insert backend config values in `terraform.backend.tfvars`. See [`terraform.backend.remote.tfvars.sample`](./terraform.backend.remote.tfvars.sample) for example, or configure your preferred backend.
|
||||||
|
|
||||||
|
3. *(optional)* Login to terraform cloud to use the remote backend:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
terraform init -upgrade
|
terraform login
|
||||||
```
|
```
|
||||||
|
|
||||||
3. Insert org-specific variable values in `<org-name>.tfvars`. See `*.tfvars.sample` for example.
|
4. Install terraform dependencies and initiate the backend:
|
||||||
|
|
||||||
4. Then execute as:
|
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
terraform apply -var-file=<org-name>.tfvars
|
terraform init -backend-config=terraform.backend.tfvars
|
||||||
|
```
|
||||||
|
|
||||||
|
5. Insert deployment-specific values in `terraform.tfvars`. See [`terraform.tfvars.sample`](./terraform.tfvars.sample) for example.
|
||||||
|
|
||||||
|
6. Then execute as:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
terraform apply -var-file=terraform.tfvars
|
||||||
```
|
```
|
||||||
|
|
||||||
## Notes
|
## Notes
|
||||||
|
|
||||||
The terraform state is not saved in s3, because it is assumed that no s3 bucket for terraform states exists yet. User should secure the state file using some other method.
|
- ⚠️ **This project's state file should not be saved in the same AWS account where it is being deployed.**
|
||||||
|
|
||||||
Generated outputs are saved in a parameter store tree for future reference.
|
- The terraform state is not saved in s3, because it is assumed that no s3 bucket for terraform states exists yet. Instead the [terraform cloud](https://app.terraform.io/) remote backend is used. You may need to setup an account there. Or use local or your preferred backend. You should ensure security of the state file.
|
||||||
|
|
||||||
|
- Generated outputs are also saved in a parameter store tree for future reference.
|
||||||
|
@ -3,14 +3,14 @@
|
|||||||
|
|
||||||
| Name | Version |
|
| Name | Version |
|
||||||
|------|---------|
|
|------|---------|
|
||||||
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.6.0 |
|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.8.0 |
|
||||||
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.19.0 |
|
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.49.0 |
|
||||||
|
|
||||||
## Providers
|
## Providers
|
||||||
|
|
||||||
| Name | Version |
|
| Name | Version |
|
||||||
|------|---------|
|
|------|---------|
|
||||||
| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.19.0 |
|
| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.49.0 |
|
||||||
|
|
||||||
## Modules
|
## Modules
|
||||||
|
|
||||||
@ -38,15 +38,15 @@ No modules.
|
|||||||
| Name | Description | Type | Default | Required |
|
| Name | Description | Type | Default | Required |
|
||||||
|------|-------------|------|---------|:--------:|
|
|------|-------------|------|---------|:--------:|
|
||||||
| <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | aws region where resources will be created | `string` | n/a | yes |
|
| <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | aws region where resources will be created | `string` | n/a | yes |
|
||||||
|
| <a name="input_org_name"></a> [org\_name](#input\_org\_name) | organization name; used in various resource identifiers | `string` | n/a | yes |
|
||||||
| <a name="input_dynamodb_table_name_slug"></a> [dynamodb\_table\_name\_slug](#input\_dynamodb\_table\_name\_slug) | base name slug of the dynamodb table to create; this prefixed by `var.org_name` | `string` | `"terraform-locks"` | no |
|
| <a name="input_dynamodb_table_name_slug"></a> [dynamodb\_table\_name\_slug](#input\_dynamodb\_table\_name\_slug) | base name slug of the dynamodb table to create; this prefixed by `var.org_name` | `string` | `"terraform-locks"` | no |
|
||||||
| <a name="input_git_project"></a> [git\_project](#input\_git\_project) | git source of this project; used in resource tags | `string` | `""` | no |
|
| <a name="input_git_project"></a> [git\_project](#input\_git\_project) | git source of this project; used in resource tags | `string` | `""` | no |
|
||||||
| <a name="input_iac_username"></a> [iac\_username](#input\_iac\_username) | IAM user to create with admin access; for use by subsequent IaC projects | `string` | `"iac"` | no |
|
| <a name="input_iac_username"></a> [iac\_username](#input\_iac\_username) | IAM user to create with admin access; for use by subsequent IaC projects | `string` | `"iac"` | no |
|
||||||
| <a name="input_kms_alias"></a> [kms\_alias](#input\_kms\_alias) | alias of the kms key to create | `string` | `"iac"` | no |
|
| <a name="input_kms_alias"></a> [kms\_alias](#input\_kms\_alias) | alias of the kms key to create | `string` | `"iac"` | no |
|
||||||
| <a name="input_org_name"></a> [org\_name](#input\_org\_name) | organization name; used in various resource identifiers | `string` | n/a | yes |
|
|
||||||
| <a name="input_parameter_store_path"></a> [parameter\_store\_path](#input\_parameter\_store\_path) | the parameter store path where outputs will be added for reference | `string` | `"/iac/terraform/pre-base/"` | no |
|
| <a name="input_parameter_store_path"></a> [parameter\_store\_path](#input\_parameter\_store\_path) | the parameter store path where outputs will be added for reference | `string` | `"/iac/terraform/pre-base/"` | no |
|
||||||
| <a name="input_s3_bucket_name_slug"></a> [s3\_bucket\_name\_slug](#input\_s3\_bucket\_name\_slug) | base name slug of the s3 bucket to create; this prefixed by `var.org_name` | `string` | `"terraform-states"` | no |
|
| <a name="input_s3_bucket_name_slug"></a> [s3\_bucket\_name\_slug](#input\_s3\_bucket\_name\_slug) | base name slug of the s3 bucket to create; this prefixed by `var.org_name` | `string` | `"terraform-states"` | no |
|
||||||
|
| <a name="input_s3_bucket_use_random_suffix"></a> [s3\_bucket\_use\_random\_suffix](#input\_s3\_bucket\_use\_random\_suffix) | whether to add random suffix to bucket name, or assume the generated name is unique | `bool` | `false` | no |
|
||||||
| <a name="input_s3_enable_versioning"></a> [s3\_enable\_versioning](#input\_s3\_enable\_versioning) | whether to enable object versioning on the created bucket | `bool` | `true` | no |
|
| <a name="input_s3_enable_versioning"></a> [s3\_enable\_versioning](#input\_s3\_enable\_versioning) | whether to enable object versioning on the created bucket | `bool` | `true` | no |
|
||||||
| <a name="input_s3_use_name_suffix"></a> [s3\_use\_name\_suffix](#input\_s3\_use\_name\_suffix) | whether to add random suffix to bucket name, or assume the generated name is unique | `bool` | `false` | no |
|
|
||||||
| <a name="input_s3_version_limit"></a> [s3\_version\_limit](#input\_s3\_version\_limit) | how many noncurrent versions of s3 objects to retain; max 100 | `number` | `100` | no |
|
| <a name="input_s3_version_limit"></a> [s3\_version\_limit](#input\_s3\_version\_limit) | how many noncurrent versions of s3 objects to retain; max 100 | `number` | `100` | no |
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
5
terraform.backend.remote.tfvars.sample
Normal file
5
terraform.backend.remote.tfvars.sample
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
#vim:ft=hcl
|
||||||
|
organization = "bdeshi.space"
|
||||||
|
workspaces {
|
||||||
|
name = "aws-prod-pre-base"
|
||||||
|
}
|
@ -1,11 +1,12 @@
|
|||||||
terraform {
|
terraform {
|
||||||
required_version = "~> 1.6.0"
|
required_version = "~> 1.8.0"
|
||||||
required_providers {
|
required_providers {
|
||||||
aws = {
|
aws = {
|
||||||
source = "hashicorp/aws"
|
source = "hashicorp/aws"
|
||||||
version = "~> 5.19.0"
|
version = "~> 5.49.0"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
backend "remote" {}
|
||||||
}
|
}
|
||||||
|
|
||||||
provider "aws" {
|
provider "aws" {
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
org_name = "bdeshi.space"
|
#vim:ft=hcl
|
||||||
aws_region = "us-east-1"
|
org_name = "bdeshi.space"
|
||||||
|
aws_region = "us-east-1"
|
||||||
git_project = "git@git.bdeshi.space:bdeshi/terraform-aws-pre-base.git"
|
git_project = "git@git.bdeshi.space:bdeshi/terraform-aws-pre-base.git"
|
||||||
|
@ -17,7 +17,7 @@ variable "aws_region" {
|
|||||||
variable "iac_username" {
|
variable "iac_username" {
|
||||||
type = string
|
type = string
|
||||||
description = "IAM user to create with admin access; for use by subsequent IaC projects"
|
description = "IAM user to create with admin access; for use by subsequent IaC projects"
|
||||||
default = "iac"
|
default = "iac"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "kms_alias" {
|
variable "kms_alias" {
|
||||||
|
Loading…
Reference in New Issue
Block a user