Skip to content

Commit

Permalink
Add AWS provider in preparation for OIDC setup
Browse files Browse the repository at this point in the history
  • Loading branch information
mattburgess committed Sep 29, 2023
1 parent 3c9f789 commit a63c385
Show file tree
Hide file tree
Showing 9 changed files with 18 additions and 17 deletions.
2 changes: 1 addition & 1 deletion src/tfcloud-setup/pre-requisites.md
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ The GitHub PAT above has **very** high privileges across **all** repositories. A
Copy and paste the following into a new file, `locals.tf`, and adjust the values to match your desired Terraform Cloud and GitHub organization names:

```hcl
{{#include locals.tf}}
{{#include terraform/locals.tf}}
```

## AWS Credentials
Expand Down
18 changes: 6 additions & 12 deletions src/tfcloud-setup/terraform-local.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,16 @@

At this early stage, all we want to do is ensure that `terraform`, when run locally, can initialize itself and run successfully but not manage any resources.

Copy and paste the following Terraform code into a new file, `terraform.tf`, which will configure the [Terraform Enterprise provider](https://github.com/hashicorp/terraform-provider-tfe). Terraform will use local state files to keep track of any resources that it is managing.
Copy and paste the following Terraform code into a new file, `terraform.tf`, which will configure the [Terraform Enterprise provider](https://github.com/hashicorp/terraform-provider-tfe), [AWS provider](https://github.com/hashicorp/terraform-provider-aws), and [GitHub provider](https://github.com/integrations/terraform-provider-github). Terraform will use local state files to keep track of any resources that it is managing.

```hcl
{{#include terraform.tf}}
{{#include terraform/terraform.tf}}
```

Copy and paste the following Terraform code into a new file, `variables.tf`, which declares the input variables we set up earlier in `credentials.auto.tfvars`

```hcl
{{#include variables.tf}}
{{#include terraform/variables.tf}}
```

Initialize Terraform:
Expand All @@ -22,9 +22,11 @@ $ terraform init
Initializing the backend...

Initializing provider plugins...

- Finding hashicorp/aws versions matching "~> 5.19.0"...
- Finding hashicorp/tfe versions matching "~> 0.48.0"...
- Finding integrations/github versions matching "~> 5.38.0"...
- Installing hashicorp/aws v5.19.0...
- Installed hashicorp/aws v5.19.0 (signed by HashiCorp)
- Installing hashicorp/tfe v0.48.0...
- Installed hashicorp/tfe v0.48.0 (signed by HashiCorp)
- Installing integrations/github v5.38.0...
Expand All @@ -40,14 +42,6 @@ so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
```
At this point, a `terraform plan` should succeed but show no resources need to change, somewhat obviously due to us not having asked it to manage any just yet:
Expand Down
File renamed without changes.
File renamed without changes.
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,14 @@ terraform {
source = "hashicorp/tfe"
version = "~> 0.48.0"
}

github = {
source = "integrations/github"
version = "~> 5.38.0"
}
aws = {
source = "hashicorp/aws"
version = "~> 5.19.0"
}
}
}

Expand All @@ -19,3 +22,7 @@ provider "tfe" {
provider "github" {
token = var.github_admin_token
}

provider "aws" {
region = "us-east-1"
}
File renamed without changes.
File renamed without changes.
File renamed without changes.
6 changes: 3 additions & 3 deletions src/tfcloud-setup/tfcloud-resources.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,19 +5,19 @@ We'd like Terraform to deploy the Terraform Cloud organization, a project within
To start with, copy and paste the following into `organization.tf` to create the Terraform Cloud Organization, replacing the placeholder values with ones that will work for you. This will also create an OAuth client so that Terraform can watch for and react to commits to GitHub repositories.

```hcl
{{#include organization.tf}}
{{#include terraform/main.tf}}
```

Next, copy and paste the following into `tfcloud_variables.tf`. The resources below manage common variable sets that hold the various credentials needed for both Terraform Cloud and the GitHub Terraform provider to interact with their respective APIs:

```hcl
{{#include tfcloud_variables.tf}}
{{#include terraform/tfcloud_variables.tf}}
```

Next, copy and paste the following into `tfcloud_mgmt_project.tf` to create the Terraform Cloud project and workspace along with the associated GitHub repository. This also creates a workspace-scoped "variable set" resource to hold the credentials that Terraform Cloud will need in order to interact with both the Terraform Enterprise API and GitHub API. We follow Hashicorp's [recommended practice](https://developer.hashicorp.com/terraform/tutorials/cloud/cloud-multiple-variable-sets) of scoping the variable sets as narrowly as possible; we don't want any old project or workspace in our organization to be able to make changes to the Terraform Cloud organization.

```hcl
{{#include tfcloud_mgmt_project.tf}}
{{#include terraform/tfcloud_mgmt_project.tf}}
```

Running `terraform apply` should show that 14 resources need to be created, so go ahead and confirm to get things set up!
Expand Down

0 comments on commit a63c385

Please sign in to comment.