1) Create ROOT account - done ( one time)
2) Create 4 sub accounts and set up password ( one time)
1 for management
1 for staging
1 for production
3) Login as as ROOT for each sub account ( one time)
set up Administrator user with AWSAdminRole
set up access id and secret
4) Set up MFA for each AWS Sub Account - in progress ( one time)
5) Set up aws config and credentials for each sub account and verify each profile with sample aws cli like aws s3 ls
Set up profiles for each sub account like verumex-stating, verumex-stating-management, verumex-stating-production
RUn STS generate token for each sub account and update your credentials for each profile
overall you will see Config has 3 profiles ( one time)
[deafult]
[verumex-management]
[verumex-staging]
credentials file
---------------------
[profile default]
//from the AWS Sub Account (one time)
[profile verumex-management]
AccessKey= xxxxx
Secret Key = yyyy
//from the AWS Sub Account (one time)
[profile verumex-stging]
AccessKey= xxxxx
Secret Key = yyyy
// below 3 keys are generated by STS Assume Role [ every time when the token is expired ]
[profile verumex-management-role]
AccessKey= xxxxx
Secret Key = yyyy
SesstionTokenID = xxxxxxxxxxxxxxxxxxxx [ long alpha numerical string]
// below 3 keys are generated by STS Assume Role - Token is valid for 8 or 12 hours ( after that we need to re-generate the token)
[profile verumex-staging-role]
AccessKey= xxxxx
Secret Key = yyyy
SesstionTokenID = xxxxxxxxxxxxxxxxxxxx [ long alpha numerical string]
6) Create one S3 bucket in each Sub account [ one time ]
7) Update S3 bucket and profile and region based on where you created S3 in each folder where there terraform
data.tf
-- bucket name
-- profile
-- region ( we can use same region that we have in the original code)
8) Order of execution in each env/ sub account
1) bootstrap
2) networking
3) iam -- now list the dependencies on some resources and policies.. like s3, eks etc...
9) once you run bootstrap it generates terraform.state json in the S3 bucket under each sub account
10) Copy the terraform.state into your local folders like networking/iam etc.. as teeraform.tf.json
11) deprecated - map --> tomap is latest api
permissions used to list of strings --> permission to be a string
permissions="[READ, WRITE]" ==> permission='READ'
terraform is suggesting what is deprecated and whta we should use
