Skip to content

liamfit/demo-mgmt-infra

BranchesTags

Repository files navigation

demo-mgmt-infra

This repo contains terraform config and pipelines to manage the AWS management account infrastructure for a given project. The minimum set of resources includes

  • S3 buckets and DynamoDB table for Terraform remote state
  • S3 bucket for Github artifacts
  • OIDC identity provider and IAM Role for Github Actions

Management Infrastructure

How do I bootstrap a new AWS account?

The bootstrap directory contains terraform config to create the S3 backend for storing Terraform remote state files and a DynamoDB table for state locking. This is deployed from your local machine so AWS credentials are required for the account you are deploying into.

Steps are as follows:

  1. Comment out the backend config in main.tf like this:
  # backend "s3" {
  #   key            = "terraform-core-infra/bootstrap/terraform.tfstate"
  #   encrypt        = true
  #   dynamodb_table = "terraform-state"
  # }
  1. Create a copy of bootstrap\variables.tf locally called boostrap\override.tf and add the region in which you want to create the resources
  2. Run terraform init and terraform apply from within the bootstrap\ directory
  3. Add the value of the output tf_state_bucket to repository secrets as TF_STATE_BUCKET

Next we need to migrate the local terraform state to the newly created state bucket:

  1. Uncomment the backend config in main.tf
  2. Run terraform init and enter the name of the newly created S3 bucket and AWS region when prompted
  3. Type yes to copy the existing state to the new backend

Finally, we need to create the Github OIDC identity provider, an IAM role that Github Actions will assume when deploying the core infrastructure and an S3 bucket to store Github artifacts (e.g. terraform plans):

  1. Create a copy of variables.tf locally called override.tf and add the region in which you want to create the resources
  2. Run terraform init and enter the name of the terraform state bucket and AWS region when prompted
  3. Run terraform apply to create the core infrastructure
  4. Add the value of the output github_artifacts_bucket to repository secrets as GH_ARTIFACTS_BUCKET
  5. Add repositiory secrets for AWS_REGION, AWS_ACCOUNT_ID and AWS_ROLE (this will be Github-Actions-Role unless modified in main.tf)

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages