Page MenuHomePhabricator

[services][terraform] Introduce S3 backend
ClosedPublic

Authored by bartek on Jul 31 2023, 1:38 AM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Nov 5, 6:53 AM
Unknown Object (File)
Tue, Nov 5, 6:53 AM
Unknown Object (File)
Tue, Nov 5, 6:53 AM
Unknown Object (File)
Tue, Nov 5, 6:50 AM
Unknown Object (File)
Fri, Nov 1, 4:34 PM
Unknown Object (File)
Oct 4 2024, 3:10 PM
Unknown Object (File)
Sep 28 2024, 1:18 AM
Unknown Object (File)
Sep 26 2024, 5:29 AM
Subscribers

Details

Summary

Part of ENG-3549. This diff sets up Terraform to use the S3 backend, located on the Terraform/Infra AWS account in the commapp-terraform bucket.
Logged in to that account, the AWS provider 'assumes role' on the target (staging/prod) accounts in order to perform actions.

The following steps were made:

  1. Created a new S3 bucket commapp-terraform in the Terraform/Infra AWS account
  2. Set up appropriate permissions to access the bucket
  3. Both staging and prod accounts have a Terraform IAM role, assumable by the Terraform/Infra account
  4. Set up the code in this diff.
  5. Log in to the Terraform/Infra account with CLI and ran terraform init -migrate-state to copy local state to S3.

Depends on D8667

Test Plan
  1. Logged in to the Terraform/Infra AWS account with AWS CLI
  2. Cleared local files and dirs: terraform.tfstate, .terraform/, .terraform.tfstate.d/
  3. Ran terraform init and terraform workspace select production. They succeeded.
  4. Ran terraform plan - it succeeded and showed the changes that would be applied.
  5. Entered S3 console and verified that the state files were last updated during the tf apply.

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable