Wednesday, May 11, 2022

Terraform execution

 1) Create ROOT account - done  ( one time) 


2) Create  4 sub accounts and set up password  ( one time) 

1 for management

1 for staging

1 for production


3) Login as as ROOT for each sub account  ( one time) 

set up Administrator user with AWSAdminRole

set up access id and secret 


4) Set up MFA for each AWS Sub Account - in progress  ( one time)


5) Set up aws config and credentials for each sub account and verify each profile with sample aws cli like aws s3 ls

Set up profiles for each sub account like verumex-stating, verumex-stating-management, verumex-stating-production

RUn STS generate token for each sub account and update your credentials for  each profile

overall you will see Config has 3 profiles  ( one time) 

[deafult]

[verumex-management]

[verumex-staging]

 

credentials file

---------------------

[profile default]

//from the AWS Sub Account (one time)

[profile verumex-management]

AccessKey= xxxxx

Secret Key = yyyy 

//from the AWS Sub Account (one time)

[profile verumex-stging]

AccessKey= xxxxx

Secret Key = yyyy 

// below 3 keys are generated by STS Assume Role [ every time when the token is expired ]

[profile verumex-management-role]

AccessKey= xxxxx

Secret Key = yyyy 

SesstionTokenID = xxxxxxxxxxxxxxxxxxxx [ long alpha numerical string]

 

// below 3 keys are generated by STS Assume Role - Token is valid for 8 or 12 hours ( after that we need to re-generate the token) 

[profile verumex-staging-role]

AccessKey= xxxxx

Secret Key = yyyy 

SesstionTokenID = xxxxxxxxxxxxxxxxxxxx [ long alpha numerical string]


6) Create  one S3 bucket in each Sub account  [ one time ]


7) Update S3 bucket and profile and region based on where you created S3 in each folder where there terraform

data.tf

-- bucket name

-- profile 

-- region ( we can use same region that we have in the original code)

8) Order of execution in each env/ sub account

1) bootstrap

2) networking

3) iam -- now list the dependencies on some resources and policies.. like s3, eks etc...


9) once you run bootstrap it generates terraform.state json in the S3 bucket under each sub account


10) Copy the terraform.state into your local folders like networking/iam etc.. as teeraform.tf.json



11) deprecated - map --> tomap is latest api

permissions  used to list of strings  --> permission  to be a string 

permissions="[READ, WRITE]"   ==> permission='READ'

terraform is suggesting what is deprecated and whta we should use

No comments: