ACcounts Terraform

This module is responsible for setting up our Account-level Terraform.

This includes the VPN and our managed NAT Gateways, but also a variety of 1-per-account IAM roles and policies.

Enabling Terraform

git clone https://github.com/hashivim/vim-terraform.git ~/.vim/pack/plugins/start/vim-terraform  # If you use vim ever
terraform init
terraform get

Running changes

Only use this for deployment accounts. For the secrets account setup, see the secrets/ sub-folder

For simplicity:

./setup_account.sh <account>

# If it yells at you about needing to setup a VPN to know
# how many subnets it has or it's a new account (but why....):
./setup_environment.sh <environment> --clean

For smaller steps:

# Get valid account workspaces
terraform workspace list

# Pick your account
terraform workspace select <account>

# See what you're about to do
terraform plan -out out.tfplan --var-file <account>.tfvar

# GO GET APPROVAL FOR THESE CHANGES
# Slack or PR

# Ensure you're in the right account and apply
terraform workspace select <account>
terraform apply out.tfplan

To avoid 30 minutes of frustration: terraform import "Quoted module string" AWS_resource. If you care about this, this will make perfect sense.