Deploy Base Layer
In this deployment, we will create base resources that are foundational and common across services.
Base resources are deployment in AWS account that's specific to one project and one environment.
An active engagement with OPStimus is required to access the GitHub repositories mentioned in this guide.
Base resources can be found in https://github.com/opstimus/client-aws-architecture-iac-base/
Setup a git repository in your organization using <project-slug>-iac-base name and by cloning the contents from above repository and make below initial changes according to your organization naming.
Configure Terraform Backend
Inside environment/prod directory.
Edit config.s3.tfbackend and s3 bucket name with your project account id.
You will need to duplicate prod directory inside environment directory if you plan to deploy other environments such as dev and stg. And update the backend and variables according to the environment requirements.
Update Resource Definitions
Edit main.tf and update according to the project requirements.
Edit terraform.tfvars and set the region, environement and other parameters that are specific to the environment.
Create IAM role for GitHub Workflow to Assume
In the project account.
- In AWS console, Goto IAM → Roles.
- Click Create role.
- Select Web identity and select github Identity Provider in the dropdown.
- Fill the repository and branch details (never leave them blank) and click Next.
- Select the required AWS managed permissions that needed for base deployment. Generally they are:
- AmazonEC2FullAccess
- AmazonS3FullAccess
- AmazonRDSFullAccess
- IAMFullAccess
- Click Next and set role name
<project-slug>-<env-slug>-iac-base - Update role ARN in
cd-<env-slug>.yml.exampleworkflow.
Run Deployment
After ensuring Terraform resource configurations, start the initial deployment by renaming cd-<env-slug>.yml.example to cd-<env-slug>.yml