Last active
July 9, 2020 07:52
-
-
Save sheldonhull/95c3f9533b2111d7d9fa40ff90a917e3 to your computer and use it in GitHub Desktop.
Getting Started With Terraform Blog Post
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
resource "aws_iam_role" "role" { | |
name = "terraform-test-${var.env}-iam-role-for-${var.username}" | |
assume_role_policy = <<-EOT | |
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:Describe*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
] | |
} | |
EOT | |
tags = var.tags | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# main.tf | |
terraform { | |
required_version = ">= 0.12.9" | |
backend "remote" { | |
hostname = "app.terraform.io" | |
organization = "your-terraform-org-name-here" | |
workspaces { | |
# >>>>>>> THIS WILL CREATE A WORKSPACE FOR project-workspacetext | |
# >>>>>>> Recommend simplify with something consistent like "qa-initial-test-qa" | |
prefix = "initial-test-" | |
} | |
} | |
} | |
# To trigger resources press ctrl+space, and then type `tf-` you'll see a ton of great snippets ready to go if you installed the terraform snippets visual studio code extensions |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#outputs.tf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
variable "allowed_aws_accounts" { | |
default = ["123456789"] # Limits access to only our qa account so you can't easily goof and deploy to the wrong place | |
} | |
# PROVIDER: AWS https://www.terraform.io/docs/providers/aws/index.html | |
provider "aws" { | |
version = "~> 2.7" | |
region = "${lookup(var.region, var.env)}" | |
profile = "${lookup(var.profilemap, var.env)}" | |
shared_credentials_file = "%USERPROFILE%/.aws/credentials" | |
#NOTE: for demo you can set these but don't ever consider it ok to leave this here other than for a quick test. Better to use named profiles to avoid accidentally committing IAM keys to your repo. | |
# These in Terraform Cloud will be set as environment variables and automatically applied as to the provider when you use the correct naming per documentation | |
#access_key = "" | |
#secret_key = "" | |
allowed_account_ids = var.allowed_aws_accounts | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# VARIABLES: https://www.terraform.io/docs/cloud/workspaces/variables. | |
# Don't use terraform.tfvars with terraform cloud, only auto file is ok for this | |
username = "IForgotToFollowDirections" | |
tags = { | |
Createdby = "IForgotToFollowDirections" | |
ManagedBy = "terraform" | |
Project | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#variables.tf | |
# NOTE: "env" doesn't have a default value set. This means that you can't run the plan without setting the variable. This ensures the variable is set instead of defaulting and us forgetting | |
variable "env" { | |
type = string | |
description = "This will be what you use to identify qa, uat, prod etc. Since we want to support terraform cloud we can't depend on string interpolation with terraform.workspace" | |
} | |
variable "region" { | |
type = map(string) | |
default = { | |
qa = "us-east-1" | |
prod = "i-shouldnt-even-go-here-yet" | |
} | |
} | |
variable "profilemap" { | |
type = map(string) | |
default = { | |
qa = "my-aws-named-profile-for-qa" | |
prod = "i-shouldnt-even-go-here-yet" | |
} | |
} | |
variable "username" { | |
description = "this is my user name and required" | |
} | |
variable "tags" { | |
description = "tags to apply to resources so people are happy" | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment