Skip to main content

Set up Terraform

GovWifi infrastructure is managed using Terraform which is configured via govwifi-terraform.


There are several prerequisites to running govwifi-terraform make commands successfully:

  • Your GPG key ID has been added to govwifi-build and secrets in this project have been re-encrypted.
  • You have an AWS IAM user with the ability to assume a suitable role (RE-GovWifi team can set this up).
  • Your AWS configuration contains an appropriate profile wth the suitable role. eg.
  [profile govwifi]
  region = eu-west-1
  • You’ve installed Terraform version declared in the .terraform-version file. This can easily be installed alongside other versions using tfenv.
  • (Optional) aws-vault is a useful AWS credential management tool. If you have other AWS credentials on you system this may help switch profiles.
  • (Optional) gds-cli can be useful for automating some of the AWS credential management. Ask the team for help setting this up.

Running Terraform for the first time

If you are running terraform commands for the first time you’ll need to initialise terraform, this involves decrypting secrets and getting the backend state from S3. This is handled by one make command:

Note: env refers to staging | staging-london | wifi | wifi-london

aws-vault exec govwifi -- make <env> init-backend

(use a staging env when testing your setup).

After this you should be able to run plan to verify everything works:

aws-vault exec govwifi -- make <env> plan

You should see the confirmation message:

No changes. Infrastructure is up-to-date.

You’re now ready to make some changes!

This page was last reviewed on 13 July 2021. It needs to be reviewed again on 13 January 2022 by the page owner #govwifi .
This page was set to be reviewed before 13 January 2022 by the page owner #govwifi. This might mean the content is out of date.