Skip to content

auspatious/de-terraform

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
modules/service-account
modules/service-account
 
 
prod
prod
 
 
resources
resources
 
 
scripts
scripts
 
 
staging
staging
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
secrets.md
secrets.md
 
 

Repository files navigation

Digital Earth Terraform Templates

Infrastructure as code for the modern Digital Earth

Overview

This repository serves as a reference implementation of a Terraform-based infrastructure for deploying a Digital Earth platform. This repository contains infrastructure as code templates for separate staging and production environments, including a Kubernetes cluster and key components, plus a public data bucket. This repository should be considered in context with the de-flux repository, which contains the application deployment configuration based on Flux.

Manual steps

You need to create some secrets on AWS manually, then refer to them in Terraform.

The list of manual secrets is in secrets.md. These should be deployed to your preferred operating region i.e. us-west-2

Route53 hosted zones for each environment need to be created manually, and placeholder text in the main.tf terraform (tf) file to match the created hosted zones.

Environment setup

Install the Terraform CLI and login to Terraform Cloud using terraform login.
Follow the prompts. You will need a Terraform Cloud account and have created an access token to perform this command.

Within Terraform Cloud, you will need to manually create a workspace for each environment with the working directory set to either staging or production.

You should also update the DigitalEarthExample and org-staging or org-prod placeholder text in the main.tf terraform (tf) file to match the created workspaces.

Authentication

Note that an Identify Provider was manually added to AWS using this documentation.

You can see the identity provider on the AWS console.

Next we set up a role with a custom role trust policy, as documented above. The role can be accessed on the console here.

Finally we export two variables in Terraform Cloud:

  • TFC_AWS_PROVIDER_AUTH, which is set to true
  • TFC_AWS_RUN_ROLE_ARN, which should have the ARN arn:aws:iam::AWS_ACCOUNT_ID:role/TerraformCloudRole from the role above.

One off tricks

If you get the error:

AuthFailure.ServiceLinkedRoleCreationNotPermitted: The provided credentials do not have permission to create the service-linked role for EC2 Spot Instances

do this on the command line with a privileged user.

aws iam create-service-linked-role --aws-service-name spot.amazonaws.com

Reference here.

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages