/tf_aws_account_initializer

Initilizes a fresh AWS account with a S3 state bucket, Lock Table on DynomoDB and a Route53 hosted zone

Primary LanguageHCL

tf_aws_account_initializer

The GitHub repository tf_aws_account_initializer contains Terraform scripts to initialize an AWS account to use with Terraform with the following resources:

Resource Description
S3 Bucket For storing Terraform state.
DynamoDB Table For state locking to prevent simultaneous updates.
Route 53 Hosted Zone For DNS management.

Overview

This Terraform is intended to run once with no state.

Security considerations

This Terraform was validated using Trivy. You'll find the report in SECURITY.

  • It is intended not to use customer managed encryption keys.
  • Bucket logging is disabled.
  • Point-in-time recovery is not enabled since it's just a terraform state which can be changed by terraform itself.

Requirements

Name Version
aws ~> 5

Providers

Name Version
aws 5.55.0

Modules

No modules.

Resources

Name Type
aws_dynamodb_table.state_lock resource
aws_route53_zone.zone resource
aws_s3_bucket.state_bucket resource
aws_s3_bucket_public_access_block.publicBlock resource
aws_s3_bucket_server_side_encryption_configuration.encryption resource
aws_s3_bucket_versioning.versioning resource

Inputs

Name Description Type Default Required
assume_role_arn The ARN of the role to assume string null no
aws_default_tags The default tags to apply to all resources map(string) {} no
aws_profile The AWS profile to use string "default" no
aws_region The AWS region to deploy resources string "eu-central-1" no
fqdn The FQDN of the Route 53 zone string n/a yes
reverse_fqdn The reverse FQDN of the Route 53 zone string n/a yes

Outputs

Name Description
name_servers The name servers of the hosted zone
route53_hosted_zone_id The ID of the hosted zone
state_bucket The name of the state bucket
state_lock_table The name of the state lock table