This module is used to bootstrap s3 and dynamodb for state backend, template partial backend and tfvar files in this repository for each environment under iac/env.
This module templates out a backend.tf file and a ${root-module}-backend.tfconfig file that are used to configure terraform to utilize an s3 backend. Each environment (dev, staging, prod, etc) will have its own backend-config file that is utilize different backend settings. This pattern is known as terraform partial backend configuration.
Steps to use this module:
- Initialize the bootstrap module in the environment you want to use it in
- Apply the bootstrap module using relevant tfvars files
- Re-init backend to use the newly created backend
Warning
When bootstrapping multiple environments and the same root module, you'll need to remove your local .terraform directory and backend.tf file before re-initializing the backend since it will need to create the s3 bucket and dynamodb table for each environment as well as the ${root-module}-backend.tfconfig files. Once this has been completed, the same backend.tf can be used across all environments as long as the contents of the backend.tf file are the same.
example uds runner usage:
# from the root of the repo
export ENV=dev
# or
# uds run set-env lets you set a persistent ENV variable so you don't have to keep setting it, however --set still overrides
uds run set-env --set ENV=dev
#initial runs
uds run main:one-time-bootstrap-env --set ENV=$ENV
#subsequent runs for $ENV
uds run main:apply-bootstrap --set ENV=$ENV
# re-init to use a different ENV and also s3 backend
export ENV=stg
uds run main:remove-backend-configuration-files
uds run main:one-time-bootstrap-env --set ENV=$ENV
uds run main:apply-bootstrap --set ENV=$ENVexample terraform usage:
Important
This scenario assumes first time bootstrapping for ENV.
# from the root of this module
env=dev
root_module=bootstrap
pushd "iac/${root_module}"
terraform init
# var-file path relative to current working directory
terraform apply -var-file ../env/${env}/tfvars/common.terraform.tfvars -var-file ../env/${env}/tfvars/${root_module}.terraform.tfvars -auto-approve
# init again to use the new s3 backend
# you can just run 'terraform init' on subsequent runs if you are not changing the backend or ENV context
terraform init --reconfigure --backend-config=../env/${env}/backends/${root_module}-backend.tfconfig| Name | Version |
|---|---|
| terraform | >= 1.1.0 |
| aws | >= 5.34 |
| local | >= 1.3 |
| random | >= 3.1.0 |
| Name | Version |
|---|---|
| aws | >= 5.34 |
| local | >= 1.3 |
| random | >= 3.1.0 |
| Name | Source | Version |
|---|---|---|
| tfstate_backend | git::https://github.com/cloudposse/terraform-aws-tfstate-backend.git | tags/1.4.0 |
| Name | Type |
|---|---|
| local_file.backend_config | resource |
| local_file.backend_tf_template | resource |
| local_file.context_tfvars_template | resource |
| random_id.default | resource |
| aws_partition.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| backend_dynamodb_table_name | The name of the DynamoDB table | string |
"" |
no |
| backend_s3_bucket_name | The name of the S3 bucket | string |
"" |
no |
| backends | List of root module backends to template | list(string) |
[ |
no |
| bucket_ownership_enforced_enabled | Whether S3 bucket ownership is enforced | bool |
true |
no |
| create_context_tfvars | A boolean that indicates whether to create the context.tfvars file | bool |
true |
no |
| force_destroy | A boolean that indicates the S3 bucket can be destroyed even if it contains objects. These objects are not recoverable | bool |
false |
no |
| name | Name, e.g. 'app' or 'jenkins' | string |
"narwhal-delivery-iac-swf" |
no |
| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | string |
"du" |
no |
| prefix | name prefix to prepend to most resources, if not defined, created as: 'namespace-stage-name' | string |
"" |
no |
| profile | for the s3 backend config file | string |
"" |
no |
| region | region to deploy resources, this is set via ../env/$env/common.terraform.tfvars | string |
n/a | yes |
| stage | Stage, e.g. 'prod', 'staging', 'dev', or 'test' | string |
"test" |
no |
| suffix | name suffix to append to most resources, if not defined, randomly generated | string |
"" |
no |
| tags | Additional tags to apply to all resources. | map(string) |
{} |
no |
| terraform_backend_config_template_file | The path to the backend config template file, this a backend Partial Configuration that is scalable across multiple environments | string |
"../templates/backend.tfconfig.tpl" |
no |
| terraform_backend_tf_template_file | The path to the backend tf template file, this a backend Partial Configuration that is scalable across multiple environments | string |
"../templates/backend.tf.tpl" |
no |
| terraform_context_tfvars_template_file | The path to the context tfvars template file, this a backend Partial Configuration that is scalable across multiple environments | string |
"../templates/context.tf.tpl" |
no |
| terraform_state_file | The path to the state file inside the bucket | string |
"terraform.tfstate" |
no |
| tfstate_backend_name | The naming convention for the tfstate backend | string |
"tfstate" |
no |
| Name | Description |
|---|---|
| account_tfstate_backend_dynamodb_table_id | tf state backend DynamoDB table ID |
| account_tfstate_backend_dynamodb_table_name | tfstate backend DynamoDB table name |
| account_tfstate_backend_s3_bucket_id | tfstate backend S3 bucket ID |