UNCLASSIFIED - NO CUI

Skip to content

Code for Creating TF Backend

Julian Hair requested to merge create-tf-backend into main

General MR

Summary

This MR is to deploy the infrastructure needed for our terraform backend. This code creates the S3 bucket and Dynomadb table. The providers.tf backend config is commented out initially due to chicken and egg problem explained here.

This code can live in the main.tf but would need to be commented out so it doesn't break on terraform destroy.

This can be used for our current infrastructure, and can create more buckets as needed. .tfbackend files can be utilized for different environments and s3 buckets as well. Details in issue investigate backend solution S3+Dynamo.

After a terraform apply the eks/terraform/providers.tf would need to have the following added to use s3 backend and not local

  backend "s3" {
    region         = "us-gov-west-1"
    dynamodb_table = "dev-eks-automation-state-lock"
    bucket         = "dev-eks-automation-terraform-state"
    key            = "dev/terraform.tfstate"
  }

Relevant logs/screenshots

Terraform will perform the following actions:

  # aws_dynamodb_table.backend-dynamodb-table will be created
  + resource "aws_dynamodb_table" "backend-dynamodb-table" {
      + arn              = (known after apply)
      + billing_mode     = "PROVISIONED"
      + hash_key         = "LockID"
      + id               = (known after apply)
      + name             = "dev-eks-automation-state-lock"
      + read_capacity    = 20
      + stream_arn       = (known after apply)
      + stream_label     = (known after apply)
      + stream_view_type = (known after apply)
      + tags_all         = (known after apply)
      + write_capacity   = 20

      + attribute {
          + name = "LockID"
          + type = "S"
        }
    }

  # module.s3.module.s3-bucket.aws_s3_bucket.this[0] will be created
  + resource "aws_s3_bucket" "this" {
      + acceleration_status         = (known after apply)
      + acl                         = (known after apply)
      + arn                         = (known after apply)
      + bucket                      = "dev-eks-automation-terraform-state"
      + bucket_domain_name          = (known after apply)
      + bucket_prefix               = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = true
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + object_lock_enabled         = false
      + policy                      = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags_all                    = (known after apply)
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)
    }

  # module.s3.module.s3-bucket.aws_s3_bucket_public_access_block.this[0] will be created
  + resource "aws_s3_bucket_public_access_block" "this" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = (known after apply)
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + restrict_public_buckets = true
    }

  # module.s3.module.s3-bucket.aws_s3_bucket_server_side_encryption_configuration.this[0] will be created
  + resource "aws_s3_bucket_server_side_encryption_configuration" "this" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + rule {
          + apply_server_side_encryption_by_default {
              + sse_algorithm = "AES256"
            }
        }
    }

  # module.s3.module.s3-bucket.aws_s3_bucket_versioning.this[0] will be created
  + resource "aws_s3_bucket_versioning" "this" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + versioning_configuration {
          + mfa_delete = (known after apply)
          + status     = "Suspended"
        }
    }

Plan: 5 to add, 0 to change, 0 to destroy.

Linked Issue

Create AWS S3 Backend for Dev Automation EKS terraform investigate backend solution S3+Dynamo

Upgrade Notices

(Include any relevant notes about upgrades here or write "N/A" if there are none)

Edited by Julian Hair

Merge request reports