HumanGov: Model Automated Multi-Tenant Architecture (MAMA) Part 2 of 3: Storing MAMA Project State File in the Cloud (AWS S3 and Amazon DynamoDB) using Terraform and AWS CLI on AWSCloud9
Background
This project is about establishing cloud infrastructure for a Model Automated Multi-Tenant Architecture (MAMA), HumanGov. Each tenant (state = tenant in this case) will have their own EC2 instance, their own S3 bucket, and their own DynamoDB. (For example, Missouri and Kansas will have separate infrastructures.) The states wanted a Reusable, Multi-Tenant Software as a Service (SaaS) Application Infrastructure for dinner, and MAMA will feed it to them. This is a three part project:
HumanGov: Model Automated Multi-Tenant Architecture (MAMA), A Three-Part Series
There will not be lengthy explanations here. This post assumes that you already reviewed the ten (10)-part series on Terraform. If you want more in-depth explanation/background/information about what is going on, you can check out this 10-part series: Terraform: 10-Part Series for Familiarization
1 of 10. Open AWS Cloud9
2 of 10. Create bucket and dynamodb
This is for purposes of storing your Terrraform state remotely. Do not confuse this with the name of a state. The dynamodb will handle the locking, and the S3 will hold the Terraform state file. Note: bucket names should be unique, so maybe you shouldn't copy the name of this bucket. Note: This is intentionally created *outside* of Terraform. Else, an errant "terraform destroy" would eliminate this data.
aws s3api create-bucket --bucket humangov-terraform-state-8675309-jenny --region us-east-1
aws dynamodb create-table \
--table-name humangov-terraform-state-lock-table \
--attribute-definitions AttributeName=LockID,AttributeType=S \
--key-schema AttributeName=LockID,KeyType=HASH \
--provisioned-throughput ReadCapacityUnits=5,WriteCapacityUnits=5 \
--region us-east-1
3 of 10. Check for the bucket and table creation
aws s3api list-buckets
aws dynamodb list-tables
4 of 10. In "folder-name", create and modify "backend.tf"
This file will have the parameters for your remote state. Make sure the file is created in your main project folder. Hopefully the image doesn't confuse you, but you should create the file prior to editing it.
cd ~/environment/human-gov-infrastructure/terraform
pwd
touch backend.tf
"backend.tf"
terraform {
backend "s3" {
bucket = "humangov-terraform-state-8675309-jenny"
key = "terraform.tfstate"
region = "us-east-1"
encrypt = true
dynamodb_table = "humangov-terraform-state-lock-table"
}
}
5 of 10. Init and Apply.
You should be notified that state will be saved remotely.
terraform fmt
terraform validate
terraform init
terraform plan
terraform apply
6 of 10. Check for the state in your S3 bucket.
Make sure to substitute in your actual bucket name. You could use the GUI if you want, but it's not neccessary.
aws s3 ls s3://humangov-terraform-state-8675309-jenny
7 of 10. Check for the lock file
Prior to confirming the terraform destroy, check your dynamoDB, and see the lock table populated (may have to refresh). After the destroy completes, the lock will disappear from the table (may have to refresh).
terraform destroy
8 of 10. Make a change.
change the "variables.tf" in the "terraform" folder from three states to only one: California
variable "states" {
description = "A list of state names"
default = ["california"]
}
Follow-up with a terraform apply
terraform apply
9 of 10. Where is state stored?
Validate the local terraform.tfstate does not mention the resources, but you can find this information in the .tfstate file in the S3 bucket.
10 of 10. Cleanup
terraform destroy
Reference
Comments
Post a Comment