This repository contains Terraform configurations for managing AWS infrastructure for AJF Apps.
- Terraform v1.11.4 or later (on linux_amd64)
- AWS CLI configured with appropriate credentials
- Access to AWS account in us-east-1 region
- Terraform installed (see installation instructions below)
For Fedora 39 the HashiCorp repository may not work correctly. Here's how to install Terraform manually:
-
Create a bin directory in your home folder if it doesn't exist:
mkdir -p ~/bin
-
Get the latest Terraform version and download it:
TER_VER=`curl -s https://api.github.com/repos/hashicorp/terraform/releases/latest | grep tag_name | cut -d: -f2 | tr -d \"\,\v | awk '{$1=$1};1'` wget https://releases.hashicorp.com/terraform/${TER_VER}/terraform_${TER_VER}_linux_amd64.zip unzip terraform_${TER_VER}_linux_amd64.zip -d ~/bin
-
Make sure ~/bin is in your PATH:
echo 'export PATH="$HOME/bin:$PATH"' >> ~/.bashrc source ~/.bashrc
-
Verify the installation:
terraform --version
Note: This method is particularly useful for Fedora 39 and newer versions where the HashiCorp repository might not work correctly.
- It should work with dnf for Fedora 40 and 41. This developer has yet to test that out though.
.
├── environments/
│ ├── dev/ # Development environment (planned)
│ ├── staging/ # Staging environment (planned)
│ └── prod/ # Production environment (active)
│ ├── main.tf # Main configuration
│ ├── provider.tf # AWS provider settings
│ └── backend.tf # State backend configuration
├── modules/
│ ├── api/ # API Gateway module
│ ├── data/ # Data sources module
│ ├── ecr_existing/ # ECR repositories module
│ ├── lambda_existing/ # Lambda functions module
│ ├── parameters/ # SSM parameters module
│ ├── step_function/ # Step Functions module
│ ├── storage_existing/ # S3 buckets module
│ └── terraform_state/ # Terraform state management
-
Navigate to the production environment directory:
cd environments/prod
-
Create a
prod.tfvars
file based on the example template:cp prod.tfvars.example prod.tfvars
-
Edit
prod.tfvars
with your actual AWS account ID and application configurations. -
Initialize Terraform (provide your actual terraform state bucket name):
terraform init -backend-config="bucket=your-actual-terraform-state-bucket"
Note: The bucket name is not stored in git for security reasons. You must provide it during initialization.
-
Plan the changes:
terraform plan -var-file=prod.tfvars
-
Apply the changes:
terraform apply -var-file=prod.tfvars
All resources are configured with appropriate security settings:
- S3 buckets have encryption enabled
- IAM roles follow least privilege principle
- API Gateway has proper authentication and authorization
Terraform state is stored in an S3 bucket with versioning enabled and state locking using DynamoDB.
- Create a feature branch
- Make your changes
- Run
terraform fmt
to format the code - Run
terraform validate
to check for errors - Submit a pull request