Code for Creating TF Backend
General MR
Summary
This MR is to deploy the infrastructure needed for our terraform backend. This code creates the S3 bucket and Dynomadb table. The providers.tf backend config is commented out initially due to chicken and egg problem explained here.
This code can live in the main.tf but would need to be commented out so it doesn't break on terraform destroy.
This can be used for our current infrastructure, and can create more buckets as needed. .tfbackend files can be utilized for different environments and s3 buckets as well. Details in issue investigate backend solution S3+Dynamo.
After a terraform apply the eks/terraform/providers.tf would need to have the following added to use s3 backend and not local
backend "s3" {
region = "us-gov-west-1"
dynamodb_table = "dev-eks-automation-state-lock"
bucket = "dev-eks-automation-terraform-state"
key = "dev/terraform.tfstate"
}Relevant logs/screenshots
Terraform will perform the following actions:
# aws_dynamodb_table.backend-dynamodb-table will be created
+ resource "aws_dynamodb_table" "backend-dynamodb-table" {
+ arn = (known after apply)
+ billing_mode = "PROVISIONED"
+ hash_key = "LockID"
+ id = (known after apply)
+ name = "dev-eks-automation-state-lock"
+ read_capacity = 20
+ stream_arn = (known after apply)
+ stream_label = (known after apply)
+ stream_view_type = (known after apply)
+ tags_all = (known after apply)
+ write_capacity = 20
+ attribute {
+ name = "LockID"
+ type = "S"
}
}
# module.s3.module.s3-bucket.aws_s3_bucket.this[0] will be created
+ resource "aws_s3_bucket" "this" {
+ acceleration_status = (known after apply)
+ acl = (known after apply)
+ arn = (known after apply)
+ bucket = "dev-eks-automation-terraform-state"
+ bucket_domain_name = (known after apply)
+ bucket_prefix = (known after apply)
+ bucket_regional_domain_name = (known after apply)
+ force_destroy = true
+ hosted_zone_id = (known after apply)
+ id = (known after apply)
+ object_lock_enabled = false
+ policy = (known after apply)
+ region = (known after apply)
+ request_payer = (known after apply)
+ tags_all = (known after apply)
+ website_domain = (known after apply)
+ website_endpoint = (known after apply)
}
# module.s3.module.s3-bucket.aws_s3_bucket_public_access_block.this[0] will be created
+ resource "aws_s3_bucket_public_access_block" "this" {
+ block_public_acls = true
+ block_public_policy = true
+ bucket = (known after apply)
+ id = (known after apply)
+ ignore_public_acls = true
+ restrict_public_buckets = true
}
# module.s3.module.s3-bucket.aws_s3_bucket_server_side_encryption_configuration.this[0] will be created
+ resource "aws_s3_bucket_server_side_encryption_configuration" "this" {
+ bucket = (known after apply)
+ id = (known after apply)
+ rule {
+ apply_server_side_encryption_by_default {
+ sse_algorithm = "AES256"
}
}
}
# module.s3.module.s3-bucket.aws_s3_bucket_versioning.this[0] will be created
+ resource "aws_s3_bucket_versioning" "this" {
+ bucket = (known after apply)
+ id = (known after apply)
+ versioning_configuration {
+ mfa_delete = (known after apply)
+ status = "Suspended"
}
}
Plan: 5 to add, 0 to change, 0 to destroy.Linked Issue
Create AWS S3 Backend for Dev Automation EKS terraform investigate backend solution S3+Dynamo
Upgrade Notices
(Include any relevant notes about upgrades here or write "N/A" if there are none)