terraform-aws-components icon indicating copy to clipboard operation
terraform-aws-components copied to clipboard

Published 20 hours ago verified publisher icon cloudposse

Fixes and changes to spin up a brand new atmos stack

Open iliazlobin opened this issue 3 years ago • 3 comments

what

  • remote_state invocation through the module, removing old code where remote state is pulled through data sources
  • updated modules' versions in several places
  • changes to providers.tf for bootstraping components with a direct assume role variable (we haven't figured out how to make it work through iam_roles module while we don't have any roles provisioned)
  • missing and required variables that have references in module's code
  • we'd be rather using roles instead of profiles when setting up AWS providers
  • updated policies for ALB controller according to updated AWS docs
  • created custom EKS IAM roles

iliazlobin avatar Jun 01 '21 13:06 iliazlobin

I rejected the changes to the providers for the bootstrap components because they create or modify IAM roles and/or authentication so you cannot use the roles they create to create them (which is why they are called "bootstrap" components).

The bootstrap components can be created by any IAM role that has read/write access to the Terraform state S3 bucket and Dynamo DB table, and can assume OrganizationAccountAccessRole in the relevant accounts.

Nuru avatar Jun 01 '21 18:06 Nuru

Maybe I am mistaken, but I don think you meant to commit...

modules/tfstate-backend/gbl-root-tfstate-backend.planfile

sgtoj avatar Jun 04 '21 08:06 sgtoj

I think this was included on accident as well gbl-root-tfstate-backend.tfplan.

nitrocode avatar Jul 29 '21 18:07 nitrocode

Closed this as it has become stale, most of the components referenced by this branch and PR have been superseded or updated.

Benbentwo avatar Aug 25 '22 22:08 Benbentwo