Prerequisites:
- 3 AWS accounts in the same AWS organization:
- management account of the organization,
- 2 new accounts for dev and prod environment of example "product",
- environment accounts must have
OrganizationAccountAccessRole
IAM role that can be assumed from the management account, - AWS CLI access to management account configured via
AWS_PROFILE
or some other method
Run:
- Modify
organization_management_account_id
key of globals instacks/config.tm.hcl
with your management account ID, - Modify
account_id
key of globals for each environment instacks/myproduct/config.tm.hcl
with your environment account IDs, - Generate terraform code
terramate generate
, - Set the CLI AWS credentials to the management account via e.g. env variable
AWS_PROFILE
or some other method, - Create S3 bucket in management account to store shared state remotely:
cd stacks/management-account/terraform-state && terraform init && terraform apply -auto-approve
- Go back to repository root,
- Apply the rest of the infrastructure:
terramate run -- terraform init && terramate run -- terraform apply -auto-approve
- Destroy the infrastructure when you are finished:
terramate run --reverse -- terraform destroy -auto-approve