This directory provides a Terraform module to create the two resources needed for remotely storing Terraform state in the S3 backend:
- an S3 bucket with versioning and server-side encryption
- a DynamoDB table with a specific schema for state locking
To create these resources (only once per AWS account):
-
Choose a valid S3 bucket name.
-
S3 bucket names are globally unique, so you must choose one that is not already in use by another AWS account. One possible strategy is to use the pattern
bucket = "terraform.uiuc-tech-services-sandbox.aws.illinois.edu"
replacing 'uiuc-tech-services-sandbox' with the friendly name of your AWS account.
-
-
In an empty directory (suggested name:
bootstrap
),terraform init -from-module=git::https://github.com/techservicesillinois/aws-enterprise-vpc.git//modules/bootstrap terraform apply
Enter your chosen bucket name when prompted.
This singleton S3 bucket and DynamoDB table can be used by any number of infrastructure-as-code (IaC) environments for the same AWS account, provided that each environment's backend configuration stanza specifies a different key
value. Note in particular that the region where Terraform state is stored (us-east-2 by default) does not need to match the region(s) where other resources are being deployed.
In general we strongly recommend that all infrastructure-as-code (IaC) environments be fully specified in source control and their Terraform state kept remotely in S3, so that you can easily destroy or modify them later on.
This bootstrap environment is a justifiable exception to the rule, since it creates just two simple resources which we NEVER intend to destroy. Running the module once with interactive input and then throwing it away is a convenient and perfectly reasonable substitute for just creating the resources by hand using AWS CLI.
If you wish to do a bit of extra work, however, it is possible to follow the general rule for this environment too. After performing the first successful apply (as above),
- Edit the values marked with '#FIXME' comments in
terraform.tfvars
andbackend.tf
and uncomment appropriately. - Run
terraform init
and answer 'yes' to copy existing state from the local file to the new S3 backend. - Run
terraform plan
to make sure there are no changes and that you are no longer prompted interactively for unset variables. - Add this directory's
*.tf
andterraform.tfvars
files (with your modifications) to source control. NB: do NOT add.terraform/
orterraform.tfstate
to source control.