Skip to content
/ terraform-aws-s3-state-bootstrap Public

Creates a disconnected Terraform state for infrastructure management. View project README for more infomation.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

shrapk2/terraform-aws-s3-state-bootstrap

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
.github/workflows
.github/workflows
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 

Repository files navigation

Validation Status

terraform-aws-s3-state-bootstrap

This project contains an "un-automated" bootstrap configuration for starting infrastructure as code. At present it contains the Terraform code needed to create a shared state backend.

Along with prevent sensitive state data from residing within Git, it also allows for multiple administrators to manage Terraform's state and managed environments.

As a best practice, this Terraform state should remain disconnected from the overall infrastructure state, so this module should be executed once per account and not imported into the primary infrastructure state.

Note: You can also fork this and run via GitHub Actions!!

Prerequisites

This code assumes the following:

  • An AWS root account is already configured
  • Appropriate access is given to create configuration contained within
  • Basic familiarity with Terraform
  • Terraform version >= v0.13

Deployment

## You must specify the following environment variables
export AWS_ACCESS_KEY_ID="youraccesskey"
export AWS_SECRET_ACCESS_KEY="yoursecretkey"
export AWS_DEFAULT_REGION="us-awesome-1"

terraform init
terraform plan #validate changes
terraform apply

# confirm and watch it go crazy

Artifacts

This Terraform configuration creates the following objects:

  • S3 bucket for centralized state
    • This bucket cannot be deleted without policy modification
  • DynamoDB for session locking
  • S3 Generalized Hardening
  • IAM policy to control the S3 bucket access

Upon execution of this code, you should add the following state arguments into any infrastructure Terraform modules:

  • In CI or via command line:
terraform [init|plan|apply] \
  -backend-config="bucket=$BUCKET_NAME" \ 
  -backend-config="key=$USER_DEFINED.tfstate"\ 
  -backend-config="region=$AWS_REGION" \ 
  -backend-config="dynamodb_table=$DYNAMO_TABLENAME" \ 
  -backend-config="encrypt=true"
  • In a backend.tf file:
terraform {
  backend "s3" {
    bucket         = "terraform-aws-s3-state-bootstrap-tfstate"
    key            = "terraform.tfstate"
    region         = "us-east-2"
    dynamodb_table = "terraform-aws-s3-state-bootstrap-tfstate-locks"
    encrypt        = true
  }
}

License

This project is licensed under the MIT License - see the LICENSE.md file for details

About

Creates a disconnected Terraform state for infrastructure management. View project README for more infomation.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages