Page MenuHomePhabricator
Files F2894216

D8669.id29462.diff
No OneTemporary
Actions

D8669.id29462.diff
View Options

diff --git a/services/terraform/remote/main.tf b/services/terraform/remote/main.tf
--- a/services/terraform/remote/main.tf
+++ b/services/terraform/remote/main.tf
@@ -1,3 +1,13 @@
+terraform {
+ backend "s3" {
+ region = "us-east-2"
+ key = "terraform.tfstate"
+ bucket = "commapp-terraform"
+ dynamodb_table = "terraform-lock"
+ encrypt = true
+ }
+}
+
provider "sops" {}
data "sops_file" "secrets_json" {
@@ -5,14 +15,20 @@
}
locals {
- secrets = jsondecode(data.sops_file.secrets_json.raw)
+ environment = terraform.workspace
+ secrets = jsondecode(data.sops_file.secrets_json.raw)
+
+ target_account_id = lookup(local.secrets.accountIDs, local.environment)
+ terraform_role_arn = "arn:aws:iam::${local.target_account_id}:role/Terraform"
}
provider "aws" {
region = "us-east-2"
- shared_config_files = ["${pathexpand("~/.aws/config")}"]
- shared_credentials_files = ["${pathexpand("~/.aws/credentials")}"]
+ assume_role {
+ role_arn = local.terraform_role_arn
+ external_id = "terraform"
+ }
# automatically add these tags to all resources
default_tags {

File Metadata

Mime Type
text/plain
Expires
Sat, Oct 5, 3:10 PM (20 h, 48 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2244268
Default Alt Text
D8669.id29462.diff (1 KB)

Event Timeline