https://github.com/sue445/terraform-aws-template
Terraform template for AWS
https://github.com/sue445/terraform-aws-template
aws template template-project terraform
Last synced: about 1 year ago
JSON representation
Terraform template for AWS
- Host: GitHub
- URL: https://github.com/sue445/terraform-aws-template
- Owner: sue445
- License: mit
- Created: 2021-05-30T05:40:53.000Z (about 5 years ago)
- Default Branch: main
- Last Pushed: 2025-04-11T10:11:00.000Z (about 1 year ago)
- Last Synced: 2025-04-11T11:57:28.955Z (about 1 year ago)
- Topics: aws, template, template-project, terraform
- Language: HCL
- Homepage:
- Size: 356 KB
- Stars: 6
- Watchers: 2
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# terraform-aws-template
[Terraform](https://www.terraform.io/) template for [AWS](https://aws.amazon.com/)
## :information_desk_person: Migrate to S3-native state locking
> [!NOTE]
> If you want to migrate from DynamoDB state locking to S3-native state locking,
> read [this migration guide](MIGRATE_TO_S3_NATIVE_STATE_LOCKNG.md)
## [Workflow](.github/workflows/terraform.yml) features
* Authenticating via [GitHub OIDC provider](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services)
* Run `terraform apply`
* Automatically running on `main` branch
* Manual running on any branch
* Run `terraform plan`, `terraform fmt` and [tflint](https://github.com/terraform-linters/tflint)
* Post `terraform plan` report to PullRequest comment and Job Summaries
* Slack notification
## Requirements
* GitHub Actions
* Terraform v1.10+
## Usage of this template
### 1. Install tools
* [tfenv](https://github.com/tfutils/tfenv)
### 2. Create a repository using this template
### 3. Setup terraform with CloudFormation
1. Download [cloud_formation/setup-terraform.yml](cloud_formation/setup-terraform.yml)
2. Go to [CloudFormation](https://console.aws.amazon.com/console/home)
3. Create stack with downloaded `setup-terraform.yml`
#### Parameters
* `BackendBucketName` **(Required)**
* Name of backend bucket.
* c.f. https://www.terraform.io/language/settings/backends/s3
* `TerraformLockTableName` **(Required)**
* Name of lock table name for terraform.
* c.f. https://www.terraform.io/language/settings/backends/s3
* default: `terraform-lock`
* `GithubOidcRoleName` **(Required)**
* IAM Role name for OIDC authentication
* default: `github-oidc-role`
* `GitHubOrgName` **(Required)**
* GitHub organization or user name (e.g. `octocat`)
* `GitHubRepositoryName` **(Required)**
* GitHub repository name (e.g. `Hello-World`)
* `OIDCProviderArn` (optional)
* Arn for the GitHub OIDC Provider.
* A new provider will be created if omitted
### 4. Register secrets
* `SLACK_WEBHOOK` (optional)
* Create from https://slack.com/apps/A0F7XDUAZ
### 5. Edit files
#### [.github/workflows/terraform.yml](.github/workflows/terraform.yml)
Edit followings
* `GITHUB_OIDC_PROVIDER_ROLE`
* This is crated by [cloud_formation/setup-terraform.yml](cloud_formation/setup-terraform.yml). See CloudFormation stack output
* `AWS_REGION`
* Same to the region where Cloudformation was executed
#### [.terraform-version](.terraform-version)
* Upgrade to the latest version if necessary
#### [backend.tf](backend.tf)
Edit followings
* `terraform.backend.bucket`
* Same to `BackendBucketName` of [cloud_formation/setup-terraform.yml](cloud_formation/setup-terraform.yml) parameter
* `terraform.backend.region`
* Same to the region where Cloudformation was executed
#### [terraform.tfvars](terraform.tfvars)
Edit followings
* `aws_account_id`
* AWS account ID
* `provider_region`
* Same to the region where Cloudformation was executed
#### [versions.tf](versions.tf)
Upgrade to the latest version if necessary
* `terraform.required_providers.aws.version`
* `terraform.required_version`
### 6. Run Terraform from local
```bash
tfenv install
terraform init
# Run followings if you upgraded providers
terraform init -upgrade
git add .terraform.lock.hcl
git commit -m "terraform init -upgrade"
git push
```
### 7. Check if GitHub Actions build is executed
## Maintenance for Terraform repository
### Upgrade Terraform core
1. Check latest version
* https://github.com/hashicorp/terraform/blob/main/CHANGELOG.md
2. Edit [.terraform-version](.terraform-version)
3. Run `tfenv install`
### Upgrade Terraform providers (automatically)
1. Edit [.github/dependabot.yml](.github/dependabot.yml)
2. Wait for Dependabot to create a PullRequests
### Upgrade Terraform providers (manually)
1. Check latest versions
* https://github.com/terraform-providers/terraform-provider-aws/blob/master/CHANGELOG.md
2. Edit `terraform.required_providers.aws.version` in [versions.tf](versions.tf)
3. Run `terraform init -upgrade`
## Other solution
* https://github.com/sue445/terraform-gcp-template