This module provides the necessary infrastructure for storing remote Terraform state. This includes an S3 bucket for storing the state files, a KMS key for encrypting the state at rest, and a DynamoDB table for handling state locking.
You can read more about Terraform state here and backends here. We are using the S3 backend.
All Terraform and scripts assume you have the AWS CLI tools installed. On the Mac, you can install them via Homebrew:
brew install awscliAll of the Terraform assumes that you have configured your AWS credentials the following way:
[ops]
aws_access_key_id = …
aws_secret_access_key = …[profile ops]
[profile ops-tools]
source_profile = ops
role_arn = arn:aws:iam::[TOOLS_ACCOUNT_ID]:role/Ops
[profile ops-dev]
source_profile = ops
role_arn = arn:aws:iam::[DEV_ACCOUNT_ID]:role/Ops
[profile ops-stage]
source_profile = ops
role_arn = arn:aws:iam::[STAGE_ACCOUNT_ID]:role/Ops
[profile ops-prod]
source_profile = ops
role_arn = arn:aws:iam::[PROD_ACCOUNT_ID]:role/OpsYou can configure using aws configure or edit the files directly.
To bootstrap remote-state, run:
terraform init
terraform plan -out plan
terraform apply planOnce the infrastructure has been created, uncomment the terraform > backend block and update the details for the new environment you've just bootstrapped.
Then:
terraform init
terraform plan -out plan
terraform apply planYou will be asked during init whether you want to move your local state to the remote backend. Do so.