This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
terraform init -backend-config="bucket=$(remote-state-bucket-name)" -backend-config="key=tf/terraform.tfstate" -backend-config="region=$(region)" -backend-config="access_key=$(access_key)" -backend-config="secret_key=$(secret_key)" -no-color |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Action": [ | |
"sts:AssumeRole" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::$(TrustingAccountID):role/Assume-Role-1" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Action": "s3:*", | |
"Resource": "*" | |
} | |
] | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# The code for the backend-role-policy.json is available at https://gist.github.com/kunduso/bf94f1aa5e683ed66539458a9a44138d | |
# create a policy with name "Custom-Terraform-Policy-Backend-April" | |
# https://docs.aws.amazon.com/cli/latest/reference/iam/create-policy.html | |
aws iam create-policy --policy-name Custom-Terraform-Policy-Backend-April --policy-document file://backend-role-policy.json | |
#output | |
{ | |
"Policy": { | |
"PolicyName": "Custom-Terraform-Policy-Backend-April", | |
"PolicyId": "ANPAZIAA3LP6OBWQHE5E6", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# table name: Terraform-backend-lock | |
aws dynamodb create-table --table-name Terraform-backend-lock --attribute-definitions AttributeName=LockID,AttributeType=S --key-schema AttributeName=LockID,KeyType=HASH --provisioned-throughput ReadCapacityUnits=5,WriteCapacityUnits=5 | |
#output | |
{ | |
"TableDescription": { | |
"AttributeDefinitions": [ | |
{ | |
"AttributeName": "LockID", | |
"AttributeType": "S" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# bucket name: skundu-terraform-remote-state-two | |
aws s3api put-bucket-encryption --bucket skundu-terraform-remote-state-two --server-side-encryption-configuration "{\"Rules\": [{\"ApplyServerSideEncryptionByDefault\":{\"SSEAlgorithm\": \"AES256\"}}]}" | |
# no output if bucket encryption is successfully applied |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# bucket name: skundu-terraform-remote-state-two | |
aws s3api create-bucket --bucket skundu-terraform-remote-state-two --region us-east-2 --create-bucket-configuration LocationConstraint=us-east-2 | |
#output | |
{ | |
"Location": "http://skundu-terraform-remote-state-two.s3.amazonaws.com/" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
C:\Program Files\Microsoft SDKs\Azure\.NET SDK\v2.9>az role definition list -n Contributor | |
[ | |
{ | |
"assignableScopes": [ | |
"/" | |
], | |
"description": "Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.", | |
"id": "/subscriptions/25a30d13-b7a9-4bdb-abdd-3b7c9b8552d2/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c", | |
"name": "b24988ac-6180-42a0-ab88-20f7382dd24c", | |
"permissions": [ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# az ad sp create-for-rbac --name "$(Service-Principal-Name)" --role "Contributor" --scope "/subscriptions/$(SubscriptionNumber)" | |
az ad sp create-for-rbac --name "Terraform-User-March-2021" --role "Contributor" --scope "/subscriptions/$(SubscriptionID)" | |
# I am replacing the tenant and subscription value with variable for security reasons | |
# Output from the commandline console: | |
Changing "Terraform-User-March-2021" to a valid URI of "http://Terraform-User-March-2021", which is the required format used for service principal names | |
Creating 'Contributor' role assignment under scope '/subscriptions/$(SubscriptionID)' | |
The output includes credentials that you must protect. Be sure that you do not include these credentials in your code or check the credentials into your source control. For more information, see https://aka.ms/azadsp-cli | |
{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
az group create --name Terraform-Remote-State-Group --location "East US" | |
# the above command creates a resource group and displays the result in below format | |
{ | |
"id": "/subscriptions/$(SubscriptionNumber)/resourceGroups/Terraform-Remote-State-Group", | |
"location": "eastus", | |
"managedBy": null, | |
"name": "Terraform-Remote-State-Group", | |
"properties": { | |
"provisioningState": "Succeeded" | |
}, |
NewerOlder