HumanGov: Model Automated Multi-Tenant Architecture (MAMA) Part 2 of 3: Storing MAMA Project State File in the Cloud (AWS S3 and Amazon DynamoDB) using Terraform and AWS CLI on AWSCloud9

Background

This project is about establishing cloud infrastructure for a Model Automated Multi-Tenant Architecture (MAMA), HumanGov. Each tenant (state = tenant in this case) will have their own EC2 instance, their own S3 bucket, and their own DynamoDB. (For example, Missouri and Kansas will have separate infrastructures.) The states wanted a Reusable, Multi-Tenant Software as a Service (SaaS) Application Infrastructure for dinner, and MAMA will feed it to them. This is a three part project:
HumanGov: Model Automated Multi-Tenant Architecture (MAMA), A Three-Part Series

There will not be lengthy explanations here. This post assumes that you already reviewed the ten (10)-part series on Terraform. If you want more in-depth explanation/background/information about what is going on, you can check out this 10-part series: Terraform: 10-Part Series for Familiarization

1 of 10. Open AWS Cloud9

““

2 of 10. Create bucket and dynamodb

This is for purposes of storing your Terrraform state remotely. Do not confuse this with the name of a state. The dynamodb will handle the locking, and the S3 will hold the Terraform state file. Note: bucket names should be unique, so maybe you shouldn't copy the name of this bucket. Note: This is intentionally created *outside* of Terraform. Else, an errant "terraform destroy" would eliminate this data.

aws s3api create-bucket --bucket humangov-terraform-state-8675309-jenny --region us-east-1 aws dynamodb create-table \ --table-name humangov-terraform-state-lock-table \ --attribute-definitions AttributeName=LockID,AttributeType=S \ --key-schema AttributeName=LockID,KeyType=HASH \ --provisioned-throughput ReadCapacityUnits=5,WriteCapacityUnits=5 \ --region us-east-1
““
““

3 of 10. Check for the bucket and table creation

aws s3api list-buckets aws dynamodb list-tables
““
““

4 of 10. In "folder-name", create and modify "backend.tf"

This file will have the parameters for your remote state. Make sure the file is created in your main project folder. Hopefully the image doesn't confuse you, but you should create the file prior to editing it.

cd ~/environment/human-gov-infrastructure/terraform pwd touch backend.tf

"backend.tf"

terraform { backend "s3" { bucket = "humangov-terraform-state-8675309-jenny" key = "terraform.tfstate" region = "us-east-1" encrypt = true dynamodb_table = "humangov-terraform-state-lock-table" } }
““

5 of 10. Init and Apply.

You should be notified that state will be saved remotely.

terraform fmt terraform validate terraform init terraform plan terraform apply
““
““

6 of 10. Check for the state in your S3 bucket.

Make sure to substitute in your actual bucket name. You could use the GUI if you want, but it's not neccessary.

aws s3 ls s3://humangov-terraform-state-8675309-jenny
““

7 of 10. Check for the lock file

Prior to confirming the terraform destroy, check your dynamoDB, and see the lock table populated (may have to refresh). After the destroy completes, the lock will disappear from the table (may have to refresh).

terraform destroy
““
““
““
““

8 of 10. Make a change.

change the "variables.tf" in the "terraform" folder from three states to only one: California

variable "states" { description = "A list of state names" default = ["california"] }

Follow-up with a terraform apply

terraform apply
““

9 of 10. Where is state stored?

Validate the local terraform.tfstate does not mention the resources, but you can find this information in the .tfstate file in the S3 bucket.

““
““

10 of 10. Cleanup

terraform destroy
““

Reference

ls

create-bucket

create-table

list-buckets

list-tables

s3

Tommy Tutone - 867-5309/Jenny

Comments

Popular posts from this blog

Containing the Chaos! | A Three-Part Series Demonstrating the Usefulness of Containerization to HumanGov

Ansible is the Answer! | A Three-Part Series Demonstrating the Usefulness of Ansible to HumanGov