Set up Terraform
There are several prerequisites to running govwifi-terraform
make commands successfully:
- Your GPG key ID has been added to govwifi-build and secrets in this project have been re-encrypted.
- You have an AWS IAM user with the ability to assume a suitable role (RE-GovWifi team can set this up).
- Your AWS configuration contains an appropriate profile wth the suitable role. eg.
[profile govwifi] region = eu-west-1 role_arn=arn:aws:iam::1234567890:role/first-name.last-name mfa_serial=arn:aws:iam::1234567890:email@example.com
- You’ve installed Terraform version declared in the .terraform-version file. This can easily be installed alongside other versions using tfenv.
- (Optional) aws-vault is a useful AWS credential management tool. If you have other AWS credentials on you system this may help switch profiles.
- (Optional) gds-cli can be useful for automating some of the AWS credential management. Ask the team for help setting this up.
Running Terraform for the first time
If you are running terraform commands for the first time you’ll need to initialise terraform, this involves decrypting secrets and getting the backend state from S3. This is handled by one make command:
env refers to
staging | staging-london | wifi | wifi-london
aws-vault exec govwifi -- make <env> init-backend
(use a staging env when testing your setup).
After this you should be able to run
plan to verify everything works:
aws-vault exec govwifi -- make <env> plan
You should see the confirmation message:
No changes. Infrastructure is up-to-date.
You’re now ready to make some changes!