Skip to content

jdhollis/remote-state

master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
env
 
 
 
 
 
 
 
 
 
 
 
 

remote-state

Introduction

This module provides the necessary infrastructure for storing remote Terraform state. This includes an S3 bucket for storing the state files, a KMS key for encrypting the state at rest, and a DynamoDB table for handling state locking.

You can read more about Terraform state here and backends here. We are using the S3 backend.

AWS

All Terraform and scripts assume you have the AWS CLI tools installed. On the Mac, you can install them via Homebrew:

brew install awscli

Credentials

All of the Terraform assumes that you have configured your AWS credentials the following way:

~/.aws/credentials

[ops]
aws_access_key_id = …
aws_secret_access_key = …

~/.aws/config

[profile ops]

[profile ops-tools]
source_profile = ops
role_arn = arn:aws:iam::[TOOLS_ACCOUNT_ID]:role/Ops

[profile ops-dev]
source_profile = ops
role_arn = arn:aws:iam::[DEV_ACCOUNT_ID]:role/Ops

[profile ops-stage]
source_profile = ops
role_arn = arn:aws:iam::[STAGE_ACCOUNT_ID]:role/Ops

[profile ops-prod]
source_profile = ops
role_arn = arn:aws:iam::[PROD_ACCOUNT_ID]:role/Ops

You can configure using aws configure or edit the files directly.

Bootstrapping

To bootstrap remote-state, run:

terraform init
terraform plan -out plan
terraform apply plan

Once the infrastructure has been created, uncomment the terraform > backend block and update the details for the new environment you've just bootstrapped.

Then:

terraform init
terraform plan -out plan
terraform apply plan

You will be asked during init whether you want to move your local state to the remote backend. Do so.

About

Baseline Terraform remote state setup with locking for AWS

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages