Skip to content

Instantly share code, notes, and snippets.

@kunduso
kunduso / aws-cli-create-iam-policy-and-user.txt
Created Apr 3, 2021
The aws cli to create a IAM policy, create a user, create access key, and attach the user to the policy
View aws-cli-create-iam-policy-and-user.txt
# The code for the backend-role-policy.json is available at https://gist.github.com/kunduso/bf94f1aa5e683ed66539458a9a44138d
# create a policy with name "Custom-Terraform-Policy-Backend-April"
# https://docs.aws.amazon.com/cli/latest/reference/iam/create-policy.html
aws iam create-policy --policy-name Custom-Terraform-Policy-Backend-April --policy-document file://backend-role-policy.json
#output
{
"Policy": {
"PolicyName": "Custom-Terraform-Policy-Backend-April",
"PolicyId": "ANPAZIAA3LP6OBWQHE5E6",
@kunduso
kunduso / aws-cli-create-dynamodb-table.txt
Last active Apr 3, 2021
The aws cli to create a dynamodb table
View aws-cli-create-dynamodb-table.txt
# table name: Terraform-backend-lock
aws dynamodb create-table --table-name Terraform-backend-lock --attribute-definitions AttributeName=LockID,AttributeType=S --key-schema AttributeName=LockID,KeyType=HASH --provisioned-throughput ReadCapacityUnits=5,WriteCapacityUnits=5
#output
{
"TableDescription": {
"AttributeDefinitions": [
{
"AttributeName": "LockID",
"AttributeType": "S"
@kunduso
kunduso / aws-cli-encrypt-s3.txt
Last active Apr 3, 2021
The aws cli to encrypt a s3 bucket
View aws-cli-encrypt-s3.txt
# bucket name: skundu-terraform-remote-state-two
aws s3api put-bucket-encryption --bucket skundu-terraform-remote-state-two --server-side-encryption-configuration "{\"Rules\": [{\"ApplyServerSideEncryptionByDefault\":{\"SSEAlgorithm\": \"AES256\"}}]}"
# no output if bucket encryption is successfully applied
@kunduso
kunduso / aws-cli-create-s3.txt
Created Apr 3, 2021
The aws cli to create a s3 bucket
View aws-cli-create-s3.txt
# bucket name: skundu-terraform-remote-state-two
aws s3api create-bucket --bucket skundu-terraform-remote-state-two --region us-east-2 --create-bucket-configuration LocationConstraint=us-east-2
#output
{
    "Location": "http://skundu-terraform-remote-state-two.s3.amazonaws.com/"
}
View azure-contributor-role-list.txt
C:\Program Files\Microsoft SDKs\Azure\.NET SDK\v2.9>az role definition list -n Contributor
[
{
"assignableScopes": [
"/"
],
"description": "Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.",
"id": "/subscriptions/25a30d13-b7a9-4bdb-abdd-3b7c9b8552d2/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
"name": "b24988ac-6180-42a0-ab88-20f7382dd24c",
"permissions": [
@kunduso
kunduso / azure-service-principal.txt
Last active Mar 26, 2021
azure cli commands to create a service principal
View azure-service-principal.txt
# az ad sp create-for-rbac --name "$(Service-Principal-Name)" --role "Contributor" --scope "/subscriptions/$(SubscriptionNumber)"
az ad sp create-for-rbac --name "Terraform-User-March-2021" --role "Contributor" --scope "/subscriptions/$(SubscriptionID)"
# I am replacing the tenant and subscription value with variable for security reasons
# Output from the commandline console:
Changing "Terraform-User-March-2021" to a valid URI of "http://Terraform-User-March-2021", which is the required format used for service principal names
Creating 'Contributor' role assignment under scope '/subscriptions/$(SubscriptionID)'
The output includes credentials that you must protect. Be sure that you do not include these credentials in your code or check the credentials into your source control. For more information, see https://aka.ms/azadsp-cli
{
@kunduso
kunduso / storage-account.cmd
Last active Mar 26, 2021
azure cli command to create a resource group, storage account, and storage container
View storage-account.cmd
az group create --name Terraform-Remote-State-Group --location "East US"
# the above command creates a resource group and displays the result in below format
{
"id": "/subscriptions/$(SubscriptionNumber)/resourceGroups/Terraform-Remote-State-Group",
"location": "eastus",
"managedBy": null,
"name": "Terraform-Remote-State-Group",
"properties": {
"provisioningState": "Succeeded"
},
@kunduso
kunduso / azure-pipelines.yaml
Created Mar 25, 2021
Terraform plan command using powershell in Azure Pipelines
View azure-pipelines.yaml
- powershell: |
terraform plan -var client_id="$(client_id)" -var client_secret="$(client_secret)" -var subscription_id="$(subscription_id)" -var tenant_id="$(tenant_id)" -out application.tfplan -no-color
workingDirectory: $(build.sourcesdirectory)
displayName: 'terraform plan'
# where $(client_id) is the appID of the service principal,
# $(client_secret) is the password of the service princial,
# $(subscription_id) is the Azure subscription to which the service principal belongs, and
# $(tenant_id) is the tenant value of the service principal.
# These values can be stored in Azure pipeline variables or as a variable group in the Azure DevOps project.
@kunduso
kunduso / azure-pipelines.yaml
Last active Mar 25, 2021
Terraform init command using powershell in Azure Pipelines
View azure-pipelines.yaml
- powershell: |
terraform init -backend-config="access_key=$(storage_access_key)" -no-color
workingDirectory: $(build.sourcesdirectory)
displayName: 'terraform init'
# where $(storage_access_key) is a secret variable stored in the Azure pipeline
# variable or a Library variable group. The value of the variable is the storage
# access key to the storage account where the terraform remote state file is stored
@kunduso
kunduso / backend.tf
Created Mar 24, 2021
This is a representation of the contents of an Azure backend with resource group, storage account name, container name, and storage account access key details
View backend.tf
terraform {
backend "azurerm" {
resource_group_name = "$(ResourceGroupToStoreTerraformBackendResources)"
storage_account_name = "$(UniqueStorageAccountName)"
container_name = "$(StorageContainerName)"
key = "terraform.tfstate"
access_key = "$(StorageAccountAccessKey)"
}
}