# Install pgp
brew install gnupg
# Write out the hashicorp public pgp key
cat <<EOF > hashicorp.asc
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBFMORM0BCADBRyKO1MhCirazOSVwcfTr1xUxjPvfxD3hjUwHtjsOy/bT6p9f
W2mRPfwnq2JB5As+paL3UGDsSRDnK9KAxQb0NNF4+eVhr/EJ18s3wwXXDMjpIifq
fIm2WyH3G+aRLTLPIpscUNKDyxFOUbsmgXAmJ46Re1fn8uKxKRHbfa39aeuEYWFA
3drdL1WoUngvED7f+RnKBK2G6ZEpO+LDovQk19xGjiMTtPJrjMjZJ3QXqPvx5wca
KSZLr4lMTuoTI/ZXyZy5bD4tShiZz6KcyX27cD70q2iRcEZ0poLKHyEIDAi3TM5k
SwbbWBFd5RNPOR0qzrb/0p9ksKK48IIfH2FvABEBAAG0K0hhc2hpQ29ycCBTZWN1
cml0eSA8c2VjdXJpdHlAaGFzaGljb3JwLmNvbT6JAU4EEwEKADgWIQSRpuf4XQXG
VjC+8YlRhS2HNI/8TAUCXn0BIQIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAK
CRBRhS2HNI/8TJITCACT2Zu2l8Jo/YLQMs+iYsC3gn5qJE/qf60VWpOnP0LG24rj
k3j4ET5P2ow/o9lQNCM/fJrEB2CwhnlvbrLbNBbt2e35QVWvvxwFZwVcoBQXTXdT
+G2cKS2Snc0bhNF7jcPX1zau8gxLurxQBaRdoL38XQ41aKfdOjEico4ZxQYSrOoC
RbF6FODXj+ZL8CzJFa2Sd0rHAROHoF7WhKOvTrg1u8JvHrSgvLYGBHQZUV23cmXH
yvzITl5jFzORf9TUdSv8tnuAnNsOV4vOA6lj61Z3/0Vgor+ZByfiznonPHQtKYtY
kac1M/Dq2xZYiSf0tDFywgUDIF/IyS348wKmnDGjuQENBFMORM0BCADWj1GNOP4O
wJmJDjI2gmeok6fYQeUbI/+Hnv5Z/cAK80Tvft3noy1oedxaDdazvrLu7YlyQOWA
M1curbqJa6ozPAwc7T8XSwWxIuFfo9rStHQE3QUARxIdziQKTtlAbXI2mQU99c6x
vSueQ/gq3ICFRBwCmPAm+JCwZG+cDLJJ/g6wEilNATSFdakbMX4lHUB2X0qradNO
J66pdZWxTCxRLomPBWa5JEPanbosaJk0+n9+P6ImPiWpt8wiu0Qzfzo7loXiDxo/
0G8fSbjYsIF+skY+zhNbY1MenfIPctB9X5iyW291mWW7rhhZyuqqxN2xnmPPgFmi
QGd+8KVodadHABEBAAGJATwEGAECACYCGwwWIQSRpuf4XQXGVjC+8YlRhS2HNI/8
TAUCXn0BRAUJEvOKdwAKCRBRhS2HNI/8TEzUB/9pEHVwtTxL8+VRq559Q0tPOIOb
h3b+GroZRQGq/tcQDVbYOO6cyRMR9IohVJk0b9wnnUHoZpoA4H79UUfIB4sZngma
enL/9magP1uAHxPxEa5i/yYqR0MYfz4+PGdvqyj91NrkZm3WIpwzqW/KZp8YnD77
VzGVodT8xqAoHW+bHiza9Jmm9Rkf5/0i0JY7GXoJgk4QBG/Fcp0OR5NUWxN3PEM0
dpeiU4GI5wOz5RAIOvSv7u1h0ZxMnJG4B4MKniIAr4yD7WYYZh/VxEPeiS/E1CVx
qHV5VVCoEIoYVHIuFIyFu1lIcei53VD6V690rmn0bp4A5hs+kErhThvkok3c
=+mCN
-----END PGP PUBLIC KEY BLOCK-----
EOF
# This is the public key from above - one-time step.
gpg --import hashicorp.asc
# Download the archive and signature files.
curl -Os https://releases.hashicorp.com/terraform/0.15.0/terraform_0.15.0_darwin_amd64.zip
curl -Os https://releases.hashicorp.com/terraform/0.15.0/terraform_0.15.0_SHA256SUMS
curl -Os https://releases.hashicorp.com/terraform/0.15.0/terraform_0.15.0_SHA256SUMS.sig
# Verify the signature file is untampered.
gpg --verify terraform_0.15.0_SHA256SUMS.sig terraform_0.15.0_SHA256SUMS
# Verify the SHASUM matches the archive.
shasum -a 256 -c terraform_0.15.0_SHA256SUMS
# Unzip
unzip terraform_0.15.0_darwin_amd64.zip
# Move binary to path
echo $PATH
mv terraform /usr/local/bin/
# Verify the install
command -v terraform
terraform -help
terraform -vexport AWS_PROFILE=infi
mkdir -p ~/.aws
grep -q "\[$AWS_PROFILE\]" ~/.aws/credentials && echo "AWS profile already exists" || cat <<EOF >> ~/.aws/credentials
[infi]
aws_access_key_id = AKIAXXXXXXXXXX
aws_secret_access_key = xxxxxxxxxxxxxxxxxxxxxx
EOF
cat ~/.aws/credentialsSee: https://github.com/cloudposse/terraform-aws-tfstate-backend#usage
mkdir -p project-directory/infra/prod
cd project-directory/infra/prod
export AWS_PROFILE=infi
# Create initial terraform file
cat <<EOF > main.tf
variable "region" {
default = "ap-southeast-1"
}
provider "aws" {
region = var.region
}
# You cannot create a new backend by simply defining this and then
# immediately proceeding to "terraform apply". The S3 backend must
# be bootstrapped according to the simple yet essential procedure in
# https://github.com/cloudposse/terraform-aws-tfstate-backend#usage
module "terraform_state_backend" {
source = "cloudposse/tfstate-backend/aws"
version = "0.33.0"
s3_bucket_name = "infi-terraform-state-prod"
attributes = ["terraform-state"]
billing_mode = "PAY_PER_REQUEST"
terraform_backend_config_file_path = "."
terraform_backend_config_file_name = "backend.tf"
force_destroy = false
}
EOF
# Downloads Terraform modules and providers
terraform init
# Creates the state bucket and DynamoDB locking table. At this point, the Terraform state is still stored locally.
terraform apply -auto-approve
# Store state in the S3 bucket, and the DynamoDB table will be used to lock the state to prevent concurrent modification
terraform init -force-copy
# Edit main.tf