up setup of remote terraform state

time track: 3.5h
tldr-devops · Jan 17, 2023 · ed78951 · ed78951
1 parent bdedba4
commit ed78951
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 3 deletions.
diff --git a/.gitignore b/.gitignore
@@ -5,6 +5,8 @@
 *.tfstate
 *.tfstate.*
 
+*.terraform.lock.hcl
+
 # Crash log files
 crash.log
 
@@ -27,3 +29,7 @@ override.tf.json
 
 # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
 # example: *tfplan*
+
+# terragrunt
+*.out
+**/.terragrunt-cache/*
diff --git a/README.md b/README.md
@@ -1,5 +1,6 @@
 # Infrastructure Example
 This example was conceived as an infrastructure for one AWS account with one region and division into dev, management and prod environments.
+But it can be extended for multiple regions, aws accounts and other clouds.
 
 Current files structure:
 ```
@@ -19,10 +20,20 @@ terraform/modules/.gitkeep
 ```
 
 Time track:
-- [Filipp Frizzy](https://github.com/Friz-zy/) 11.5h
+- [Filipp Frizzy](https://github.com/Friz-zy/) 15.0h
 
 ## [Terraform](https://www.terraform.io/) and [Terragrunt](https://terragrunt.gruntwork.io)
 In this setup I use terraform with terragrunt for provisioning whole infrastructure.
+Terraform can store it's state in files or in remote backend via S3 or [Terraform Cloud](https://cloud.hashicorp.com/products/terraform).
+For command work we should use only remote state. In this setup I use AWS S3 `terraform_state` bucket + DynamoDB for locking.
+This require some initial preparation:
+```
+cd terraform/environments/aws-account-id/us-east-2/management/s3/terraform_state/
+terraform init
+terraform apply
+sed -i "s/terraform_state_bucket/$(terraform output terraform_state_s3_bucket_name|sed 's/\"//g')/g" ../../../../backend.hcl
+terragrunt init
+```
 
 ## [Ansible](https://www.ansible.com/)
 

diff --git a/terraform/environments/aws-account-id/backend.hcl b/terraform/environments/aws-account-id/backend.hcl
@@ -5,7 +5,7 @@ remote_state {
     if_exists = "overwrite_terragrunt"
   }
   config = {
-    bucket = "terraform_state"
+    bucket = "terraform_state_bucket"
     key = "${path_relative_to_include()}/terraform.tfstate"
     region         = "us-east-2"
     encrypt        = true

diff --git a/terraform/environments/aws-account-id/us-east-2/management/s3/terraform_state/main.tf b/terraform/environments/aws-account-id/us-east-2/management/s3/terraform_state/main.tf
@@ -6,14 +6,17 @@ provider "aws" {
 
 # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket
 resource "aws_s3_bucket" "terraform_state" {
-  bucket_prefix = "terraform_state"
+  bucket_prefix = "terraform-state-"
 
   tags = {
     Name        = "terraform_state"
     Terraform   = "terraform_state"
     Environment = "management"
   }
 
+  # change it for deleting bucket with all content
+  force_destroy = false
+
   lifecycle {
     prevent_destroy = true
   }

diff --git a/terraform/environments/aws-account-id/us-east-2/management/s3/terraform_state/output.tf b/terraform/environments/aws-account-id/us-east-2/management/s3/terraform_state/output.tf
@@ -0,0 +1,4 @@
+output "terraform_state_s3_bucket_name" {
+  value       = aws_s3_bucket.terraform_state.id
+  description = "The Name of the S3 bucket for terraform state"
+}