From a63c385f8a721f6ff7aa02ff67e1b06d44091386 Mon Sep 17 00:00:00 2001 From: Matt Burgess <549318+mattburgess@users.noreply.github.com> Date: Fri, 29 Sep 2023 21:43:49 +0100 Subject: [PATCH] Add AWS provider in preparation for OIDC setup --- src/tfcloud-setup/pre-requisites.md | 2 +- src/tfcloud-setup/terraform-local.md | 18 ++++++------------ src/tfcloud-setup/{ => terraform}/locals.tf | 0 .../{organization.tf => terraform/main.tf} | 0 src/tfcloud-setup/{ => terraform}/terraform.tf | 9 ++++++++- .../{ => terraform}/tfcloud_mgmt_project.tf | 0 .../{ => terraform}/tfcloud_variables.tf | 0 src/tfcloud-setup/{ => terraform}/variables.tf | 0 src/tfcloud-setup/tfcloud-resources.md | 6 +++--- 9 files changed, 18 insertions(+), 17 deletions(-) rename src/tfcloud-setup/{ => terraform}/locals.tf (100%) rename src/tfcloud-setup/{organization.tf => terraform/main.tf} (100%) rename src/tfcloud-setup/{ => terraform}/terraform.tf (71%) rename src/tfcloud-setup/{ => terraform}/tfcloud_mgmt_project.tf (100%) rename src/tfcloud-setup/{ => terraform}/tfcloud_variables.tf (100%) rename src/tfcloud-setup/{ => terraform}/variables.tf (100%) diff --git a/src/tfcloud-setup/pre-requisites.md b/src/tfcloud-setup/pre-requisites.md index f6efaaa..7784424 100644 --- a/src/tfcloud-setup/pre-requisites.md +++ b/src/tfcloud-setup/pre-requisites.md @@ -91,7 +91,7 @@ The GitHub PAT above has **very** high privileges across **all** repositories. A Copy and paste the following into a new file, `locals.tf`, and adjust the values to match your desired Terraform Cloud and GitHub organization names: ```hcl -{{#include locals.tf}} +{{#include terraform/locals.tf}} ``` ## AWS Credentials diff --git a/src/tfcloud-setup/terraform-local.md b/src/tfcloud-setup/terraform-local.md index 8bd9aaa..1aabbe8 100644 --- a/src/tfcloud-setup/terraform-local.md +++ b/src/tfcloud-setup/terraform-local.md @@ -2,16 +2,16 @@ At this early stage, all we want to do is ensure that `terraform`, when run locally, can initialize itself and run successfully but not manage any resources. -Copy and paste the following Terraform code into a new file, `terraform.tf`, which will configure the [Terraform Enterprise provider](https://github.com/hashicorp/terraform-provider-tfe). Terraform will use local state files to keep track of any resources that it is managing. +Copy and paste the following Terraform code into a new file, `terraform.tf`, which will configure the [Terraform Enterprise provider](https://github.com/hashicorp/terraform-provider-tfe), [AWS provider](https://github.com/hashicorp/terraform-provider-aws), and [GitHub provider](https://github.com/integrations/terraform-provider-github). Terraform will use local state files to keep track of any resources that it is managing. ```hcl -{{#include terraform.tf}} +{{#include terraform/terraform.tf}} ``` Copy and paste the following Terraform code into a new file, `variables.tf`, which declares the input variables we set up earlier in `credentials.auto.tfvars` ```hcl -{{#include variables.tf}} +{{#include terraform/variables.tf}} ``` Initialize Terraform: @@ -22,9 +22,11 @@ $ terraform init Initializing the backend... Initializing provider plugins... - +- Finding hashicorp/aws versions matching "~> 5.19.0"... - Finding hashicorp/tfe versions matching "~> 0.48.0"... - Finding integrations/github versions matching "~> 5.38.0"... +- Installing hashicorp/aws v5.19.0... +- Installed hashicorp/aws v5.19.0 (signed by HashiCorp) - Installing hashicorp/tfe v0.48.0... - Installed hashicorp/tfe v0.48.0 (signed by HashiCorp) - Installing integrations/github v5.38.0... @@ -40,14 +42,6 @@ so that Terraform can guarantee to make the same selections by default when you run "terraform init" in the future. Terraform has been successfully initialized! - -You may now begin working with Terraform. Try running "terraform plan" to see -any changes that are required for your infrastructure. All Terraform commands -should now work. - -If you ever set or change modules or backend configuration for Terraform, -rerun this command to reinitialize your working directory. If you forget, other -commands will detect it and remind you to do so if necessary. ``` At this point, a `terraform plan` should succeed but show no resources need to change, somewhat obviously due to us not having asked it to manage any just yet: diff --git a/src/tfcloud-setup/locals.tf b/src/tfcloud-setup/terraform/locals.tf similarity index 100% rename from src/tfcloud-setup/locals.tf rename to src/tfcloud-setup/terraform/locals.tf diff --git a/src/tfcloud-setup/organization.tf b/src/tfcloud-setup/terraform/main.tf similarity index 100% rename from src/tfcloud-setup/organization.tf rename to src/tfcloud-setup/terraform/main.tf diff --git a/src/tfcloud-setup/terraform.tf b/src/tfcloud-setup/terraform/terraform.tf similarity index 71% rename from src/tfcloud-setup/terraform.tf rename to src/tfcloud-setup/terraform/terraform.tf index 7905687..04478f0 100644 --- a/src/tfcloud-setup/terraform.tf +++ b/src/tfcloud-setup/terraform/terraform.tf @@ -4,11 +4,14 @@ terraform { source = "hashicorp/tfe" version = "~> 0.48.0" } - github = { source = "integrations/github" version = "~> 5.38.0" } + aws = { + source = "hashicorp/aws" + version = "~> 5.19.0" + } } } @@ -19,3 +22,7 @@ provider "tfe" { provider "github" { token = var.github_admin_token } + +provider "aws" { + region = "us-east-1" +} diff --git a/src/tfcloud-setup/tfcloud_mgmt_project.tf b/src/tfcloud-setup/terraform/tfcloud_mgmt_project.tf similarity index 100% rename from src/tfcloud-setup/tfcloud_mgmt_project.tf rename to src/tfcloud-setup/terraform/tfcloud_mgmt_project.tf diff --git a/src/tfcloud-setup/tfcloud_variables.tf b/src/tfcloud-setup/terraform/tfcloud_variables.tf similarity index 100% rename from src/tfcloud-setup/tfcloud_variables.tf rename to src/tfcloud-setup/terraform/tfcloud_variables.tf diff --git a/src/tfcloud-setup/variables.tf b/src/tfcloud-setup/terraform/variables.tf similarity index 100% rename from src/tfcloud-setup/variables.tf rename to src/tfcloud-setup/terraform/variables.tf diff --git a/src/tfcloud-setup/tfcloud-resources.md b/src/tfcloud-setup/tfcloud-resources.md index bbdfc2a..e3d3141 100644 --- a/src/tfcloud-setup/tfcloud-resources.md +++ b/src/tfcloud-setup/tfcloud-resources.md @@ -5,19 +5,19 @@ We'd like Terraform to deploy the Terraform Cloud organization, a project within To start with, copy and paste the following into `organization.tf` to create the Terraform Cloud Organization, replacing the placeholder values with ones that will work for you. This will also create an OAuth client so that Terraform can watch for and react to commits to GitHub repositories. ```hcl -{{#include organization.tf}} +{{#include terraform/main.tf}} ``` Next, copy and paste the following into `tfcloud_variables.tf`. The resources below manage common variable sets that hold the various credentials needed for both Terraform Cloud and the GitHub Terraform provider to interact with their respective APIs: ```hcl -{{#include tfcloud_variables.tf}} +{{#include terraform/tfcloud_variables.tf}} ``` Next, copy and paste the following into `tfcloud_mgmt_project.tf` to create the Terraform Cloud project and workspace along with the associated GitHub repository. This also creates a workspace-scoped "variable set" resource to hold the credentials that Terraform Cloud will need in order to interact with both the Terraform Enterprise API and GitHub API. We follow Hashicorp's [recommended practice](https://developer.hashicorp.com/terraform/tutorials/cloud/cloud-multiple-variable-sets) of scoping the variable sets as narrowly as possible; we don't want any old project or workspace in our organization to be able to make changes to the Terraform Cloud organization. ```hcl -{{#include tfcloud_mgmt_project.tf}} +{{#include terraform/tfcloud_mgmt_project.tf}} ``` Running `terraform apply` should show that 14 resources need to be created, so go ahead and confirm to get things set up!