todd-dsm/one-time-setup.md

## one-time-setup.md

      
    Raw
  

              one-time-setup.md
            
          
    one-time-setup-stuff

There are a few, important pregame steps:
1 - Install some required programs first:


homebrew
awscli

macOS: brew install awscli
Ubuntu: sudo apt-get update && sudo apt-get install awscli


keybase - used to cryptographically validate the Terraform package

macOS: brew install --cask keybase
Install it, open it and configure it.
Leave keybase running during the Terraform install


Terraform

via tfenv; brew install tfenv quickstart


IntelliJ Community Edition

macOS: brew install intellij-idea-ce

install the Terraform plugin
Preferences > Plugins > Search: Terraform and HCL
Install this plugin and restart IntelliJ


helm 3.x

macOS: brew install kubernetes-helm
Debian/Ubuntu


2 - Set your project environment variables in build.env

NOTE: It's not necessary to purchase a domain but your experimentation will produce better learning results if you do. Register a domain in AWS - ONLY, then create a public zone and record these details in build.env
NOTE: Always check your build variables.
Use the latest possible version of the AWS Provider.
3 - Source-in build variables:

source build.env <stage|prod>; E.G.:
source build.env stage
4 - Create the project bucket; it should look like this:

% scripts/setup/create-backend-resources.sh

Provisioning state Storage and Locking mechnanism...
Region set to: us-west-2
  Creating a DynamoDB table for state locking; ignore the above error...
{
    "TableDescription": {
        "AttributeDefinitions": [
            {
                "AttributeName": "LockID",
                "AttributeType": "S"
            }
        ],
        "TableName": "tf-state-gitops-demo-stage-lock",
        "KeySchema": [
            {
                "AttributeName": "LockID",
                "KeyType": "HASH"
            }
        ],
        "TableStatus": "CREATING",
        "CreationDateTime": "2021-11-14T14:49:36.645000-08:00",
        "ProvisionedThroughput": {
            "NumberOfDecreasesToday": 0,
            "ReadCapacityUnits": 5,
            "WriteCapacityUnits": 5
        },
        "TableSizeBytes": 0,
        "ItemCount": 0,
        "TableArn": "arn:aws:dynamodb:us-west-2:299285526804:table/tf-state-gitops-demo-stage-lock",
        "TableId": "f0c35dea-f26e-463e-8c39-e293bffb87db",
        "SSEDescription": {
            "Status": "ENABLED",
            "SSEType": "KMS",
            "KMSMasterKeyArn": "arn:aws:kms:us-west-2:299285526804:key/35a32fdb-d6c4-4c0f-b600-947280279059"
        }
    }
}


Creating a bucket for remote terraform state...
make_bucket: tf-state-gitops-demo-stage
  The bucket has been created: tf-state-gitops-demo-stage
  Enabling versioning...
  Enabling encryption...
  Blocking public access...
  Creating Terraform backend definition...


We are ready to start Terraforming!
5 - Check the contents of the provider-aws.tf

These parameters/values will be auto-populated based on build.env variables. The backend configuration should look similar to this:
terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 4.43"
    }
  }
  backend "s3" {
    dynamodb_table = "tf-state-consul-ecs-stage-lock"
    bucket         = "tf-state-consul-ecs-stage"
    key            = "env/stage"
    region         = "us-west-2"
    encrypt        = true
    //role_arn = "arn:aws:iam::367652197469:role/terraform-backend"
  }
}

provider "aws" {
  region = local.region
  default_tags {
    tags = {
      env     = var.envBuild
      project = var.project
    }
  }
}
You should now be clear to build.