search

adorsys / ops-adorsys-kubernetes-platform

Infrastructure Setup of adorsys Test/Poc projects
Apache License 2.0
2 stars 2 forks source link

Create s3bucket for remote TF state files #2

Closed nce closed 1 year ago

nce commented 1 year ago

We want to sync our terraform state to one bucket in s3.

The bucket needs to be created by hand, along side the policy for our user (#3).

Creation of the bucket by cli

aws s3 mb s3://ops-k8s-bootstrap-tfstate
echo > policy.json <<EOF
{
  "Id": "Policy1666800308880",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1666800306128",
      "Action": [
        "s3:GetObject",
        "s3:ListBucket",
        "s3:PutBucketVersioning",
        "s3:PutEncryptionConfiguration",
        "s3:PutObject",
        "s3:GetBucketVersioning",
        "s3:GetEncryptionConfiguration",
        "s3:GetBucketPublicAccessBlock",
        "s3:PutBucketPublicAccessBlock"
      ],
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::ops-k8s-bootstrap-tfstate",
        "arn:aws:s3:::ops-k8s-bootstrap-tfstate/*"
      ],
      "Principal": {
        "AWS": [
          "arn:aws:iam::571075516563:user/ops-github-kaas"
        ]
      }
    }
  ]
}
EOF
aws s3api put-bucket-policy --bucket ops-k8s-bootstrap-tfstate --policy file://policy.json

Pay attention to the name of the cluster AND the arn of the user

tim-tschiersch commented 1 year ago
nce commented 1 year ago

This was reworked and is now included in the init.tf file https://github.com/adorsys/ops-k8s-bootstrap/blob/5b0d51be59ac1df91d2ba929404ba950eb289d60/init.tf