Personal AWS account configuration and resources.
This is the basic account bootstrapping process for my root personal account preserved here should it ever need to be repeated.
- Create a new AWS account. This will serve as the "management" account.
- Login with the root user
- From the default region, enable IAM Identity Center
- Create an access key for the root user
- With the root credentials, run
terraform init
andterraform apply
inworkspaces/management
using the local backend (comment out the s3 backend configuration)
$ cd workspaces/management
$ AWS_ACCESS_KEY_ID=example AWS_SECRET_ACCESS_KEY=secret terraform init
$ AWS_ACCESS_KEY_ID=example AWS_SECRET_ACCESS_KEY=secret terraform apply
- Delete the root user access key
- Merge the
aws-config.template
into the standard AWS configuration path -~/.aws/config
- Login to the AWS console with the new IAM Identity Center user
- With the new admin role, run
terraform init
andterraform apply
inworkspaces/global
using the local backend (commend out the s3 backend configuration)
$ aws-vault exec mine.main.admin -- terraform init
$ aws-vault exec mine.main.admin -- terraform apply
- Migrate the
workspace/global
state to the s3 backend (uncomment the s3 backend configuration inworkspaces/global/main.tf
)
$ aws-vault exec mine.main.admin -- terraform init -migrate-state -backend-config=../backend.hcl
- Migrate the
workspace/management
state to the s3 backend (uncomment the s3 backend configuration inworkspaces/management/main.tf
)
$ aws-vault exec mine.main.admin -- terraform init -migrate-state -backend-config=../backend.hcl