From ed789519b1f1a4d803bb0f49fdbd1f6c156b291b Mon Sep 17 00:00:00 2001
From: Filipp Frizzy <filipp.s.frizzy@gmail.com>
Date: Tue, 17 Jan 2023 23:49:56 +0400
Subject: [PATCH] up setup of remote terraform state time track: 3.5h

---
 .gitignore                                          |  6 ++++++
 README.md                                           | 13 ++++++++++++-
 terraform/environments/aws-account-id/backend.hcl   |  2 +-
 .../us-east-2/management/s3/terraform_state/main.tf |  5 ++++-
 .../management/s3/terraform_state/output.tf         |  4 ++++
 5 files changed, 27 insertions(+), 3 deletions(-)
 create mode 100644 terraform/environments/aws-account-id/us-east-2/management/s3/terraform_state/output.tf

diff --git a/.gitignore b/.gitignore
index 7a3e2fd..b9a7bf4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,6 +5,8 @@
 *.tfstate
 *.tfstate.*
 
+*.terraform.lock.hcl
+
 # Crash log files
 crash.log
 
@@ -27,3 +29,7 @@ override.tf.json
 
 # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
 # example: *tfplan*
+
+# terragrunt
+*.out
+**/.terragrunt-cache/*
diff --git a/README.md b/README.md
index 8ebb8ce..efe55db 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,6 @@
 # Infrastructure Example
 This example was conceived as an infrastructure for one AWS account with one region and division into dev, management and prod environments.
+But it can be extended for multiple regions, aws accounts and other clouds.
 
 Current files structure:
 ```
@@ -19,10 +20,20 @@ terraform/modules/.gitkeep
 ```
 
 Time track:
-- [Filipp Frizzy](https://github.com/Friz-zy/) 11.5h
+- [Filipp Frizzy](https://github.com/Friz-zy/) 15.0h
 
 ## [Terraform](https://www.terraform.io/) and [Terragrunt](https://terragrunt.gruntwork.io)
 In this setup I use terraform with terragrunt for provisioning whole infrastructure.
+Terraform can store it's state in files or in remote backend via S3 or [Terraform Cloud](https://cloud.hashicorp.com/products/terraform).
+For command work we should use only remote state. In this setup I use AWS S3 `terraform_state` bucket + DynamoDB for locking.
+This require some initial preparation:
+```
+cd terraform/environments/aws-account-id/us-east-2/management/s3/terraform_state/
+terraform init
+terraform apply
+sed -i "s/terraform_state_bucket/$(terraform output terraform_state_s3_bucket_name|sed 's/\"//g')/g" ../../../../backend.hcl
+terragrunt init
+```
 
 ## [Ansible](https://www.ansible.com/)
 
diff --git a/terraform/environments/aws-account-id/backend.hcl b/terraform/environments/aws-account-id/backend.hcl
index 2eb6b3f..94464b4 100644
--- a/terraform/environments/aws-account-id/backend.hcl
+++ b/terraform/environments/aws-account-id/backend.hcl
@@ -5,7 +5,7 @@ remote_state {
     if_exists = "overwrite_terragrunt"
   }
   config = {
-    bucket = "terraform_state"
+    bucket = "terraform_state_bucket"
     key = "${path_relative_to_include()}/terraform.tfstate"
     region         = "us-east-2"
     encrypt        = true
diff --git a/terraform/environments/aws-account-id/us-east-2/management/s3/terraform_state/main.tf b/terraform/environments/aws-account-id/us-east-2/management/s3/terraform_state/main.tf
index 7b731ec..4f5eeee 100644
--- a/terraform/environments/aws-account-id/us-east-2/management/s3/terraform_state/main.tf
+++ b/terraform/environments/aws-account-id/us-east-2/management/s3/terraform_state/main.tf
@@ -6,7 +6,7 @@ provider "aws" {
 
 # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket
 resource "aws_s3_bucket" "terraform_state" {
-  bucket_prefix = "terraform_state"
+  bucket_prefix = "terraform-state-"
 
   tags = {
     Name        = "terraform_state"
@@ -14,6 +14,9 @@ resource "aws_s3_bucket" "terraform_state" {
     Environment = "management"
   }
 
+  # change it for deleting bucket with all content
+  force_destroy = false
+
   lifecycle {
     prevent_destroy = true
   }
diff --git a/terraform/environments/aws-account-id/us-east-2/management/s3/terraform_state/output.tf b/terraform/environments/aws-account-id/us-east-2/management/s3/terraform_state/output.tf
new file mode 100644
index 0000000..26c59ec
--- /dev/null
+++ b/terraform/environments/aws-account-id/us-east-2/management/s3/terraform_state/output.tf
@@ -0,0 +1,4 @@
+output "terraform_state_s3_bucket_name" {
+  value       = aws_s3_bucket.terraform_state.id
+  description = "The Name of the S3 bucket for terraform state"
+}