Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Setup Terraform Cloud account #3370

Closed
2 tasks done
UlisesGascon opened this issue May 26, 2023 · 14 comments
Closed
2 tasks done

Setup Terraform Cloud account #3370

UlisesGascon opened this issue May 26, 2023 · 14 comments

Comments

@UlisesGascon
Copy link
Member

UlisesGascon commented May 26, 2023

Based on the discussion in #3270 (comment). cc: @nodejs/build

I will need help to setup the Terraform Cloud Account for Node.js Org. This account will be used to create a Team in Terraform Cloud and provide access to individual accounts. Can you create the account using the *@iojs.org email?

Additional steps

  • Add my personal account to the team as well as Workspace Administrator level. This guide can help or I can do it if you share the credentials for Terraform Cloud
  • I will generate a token for the GitHub actions that will sync the terraform state
@mhdawson
Copy link
Member

+1 with readonly access to start.

@targos
Copy link
Member

targos commented May 27, 2023

I created an account with the build email. Could be a good opportunity to start sharing build login credentials with 1Password

@targos
Copy link
Member

targos commented May 27, 2023

With the free tier, I can only add people as team owners. We would need at least the Standard plan to create additional teams. They say the first 500 resources per month are free, but I don't know what counts as a resource and if it will be enough for us.

@UlisesGascon
Copy link
Member Author

I love the idea to use 1password for this too. I believe 500 resources can cover our needs, but I will be sure once I got access to Cloudflare (#800).

We can start with the free tier and see how critical is to move to the Standard plan, I believe the amount of users with direct access to terraform cloud will be very limited and probably admin compatible role.

@targos
Copy link
Member

targos commented May 31, 2023

@UlisesGascon What's your account's email address?

@UlisesGascon
Copy link
Member Author

My email is [email protected]. Thanks @targos ! :)

@UlisesGascon
Copy link
Member Author

It is working! Thanks a lot @targos 👍

@targos targos transferred this issue from nodejs/admin May 31, 2023
@targos
Copy link
Member

targos commented May 31, 2023

Reopening until the credentials have been somehow shared with @nodejs/build-infra

@UlisesGascon
Copy link
Member Author

There is no option to scope the Terraform Cloud. So any personal token might have access to all the workspaces in all the organizations as the user.

I suggest to create an account with a build team email or another alias and generate the personal token from that account for the Github Actions part 🤔

@targos
Copy link
Member

targos commented Jun 12, 2023

create an account with a build team email or another alias

Isn't it what this issue was about?

@UlisesGascon
Copy link
Member Author

Isn't it what this issue was about?

Yes, that is correct. I expected to generate a token on behalf of the organization, but the current Terraform Cloud settings only allow me to generate tokens as myself. The next step will be to add a new member to the organization who is not a personal account and generate the token from that account. Is there a better way to manage this scenario?

@targos
Copy link
Member

targos commented Jun 13, 2023

The API Tokens page recommends to create Team Tokens for CI/CD. What's wrong with that?

@UlisesGascon
Copy link
Member Author

UlisesGascon commented Jun 13, 2023

🤦 I didn't saw that in the UI. Thanks @targos!

I created a team API Token and it is working as expected.
Captura de pantalla 2023-06-13 a las 9 26 31

I was not so sure about the expiration that we need, so I used a short one for now.

@targos
Copy link
Member

targos commented Jul 4, 2023

Reopening until the credentials have been somehow shared with https://github.com/orgs/nodejs/teams/build-infra

Done in the secrets repo.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants