This README provides a step-by-step guide on how to deploy this Terraform project using Terraform Cloud. Terraform Cloud is a hosted service that allows you to manage your infrastructure with collaborative features, remote execution, and secure storage of your Terraform state.
Before you begin, ensure you have the following:
- A Terraform Cloud account. Sign up for a free account at app.terraform.io.
- Terraform CLI - Install the appropriate version for your operating system.
- Git - Install Git for your operating system.
- An AWS account with appropriate permissions to create and manage resources.
- A text editor for modifying configuration files.
Follow these steps to deploy the Terraform project using Terraform Cloud:
Clone the repository to your local machine:
git clone https://github.com/your-username/terraform-project.gitNavigate to the project directory:
cd terraform-projectBefore deploying the Terraform project, ensure that the AWS user associated with your aws_access_key and aws_secret_key has the necessary permissions to create and manage resources.
AS an MVP this I used a very wide open settings. Its in the TODO to bring this down to more specific permissions:
The user must have at least the following IAM policies attached:
AdministratorAccess: This policy allows Terraform to do pretty much anything. Its not best practice to use this policy and this will be updated in the future.AmazonS3FullAccess: This policy allows Terraform to create and manage S3 buckets and objects, which are used in this file to upload a JSON configuration file to an S3 bucket.IAMFullAccess: This policy allows Terraform to create and manage IAM roles, which are used in this file to create an IAM role for RDS to import MySQL backups from S3.
Note that the exact policies required may depend on your specific environment and use case, and it is recommended to review and limit the permissions granted by each policy to the minimum required for Terraform to function properly.
To attach these policies to an existing AWS user or to create a new user with these permissions, follow the AWS Identity and Access Management (IAM) documentation.
Log in to your Terraform Cloud account and create a new workspace. Choose the "Version control workflow" option and connect your version control provider (e.g., GitHub, GitLab, Bitbucket). Select the repository you cloned earlier.
In this project, configuration variables are stored in a config.json file. The file should include the following variables:
{
"AWS_REGION": "us-east-1",
"AWS_PROFILE": "dlaas",
"SERVICE_NAME": "DLaaS",
"DB_NAME": "dlaas",
"SERVICE_DOMAIN": "datalayer.storage",
"DEFAULT_S3_BUCKET": "dlaas",
"DONATE_TO_SUPPORT_MORE_DEVELOPMENT": "true",
"DONATION_ADDRESS": "xch1am3lgxqhqyp6g7ulxx98kzl85w724mecpyydsqlfrtdpme9strwsacnsx7",
"DONATION_PERCENTAGE": "0.002",
"DB_INSTANCE_CLASS": "db.t3.micro",
"SUBSCRIPTION_GRACE_PERIOD_IN_DAYS": "15"
}You can modify these variables according to your requirements. Keep in mind that SERVICE_DOMAIN and DEFAULT_S3_BUCKET must be changed so they do not conflict with other instances on AWS.
Additionally, you need to set up the aws_access_key and aws_secret_key in the "Variables" tab of your Terraform Cloud workspace. Make sure to mark these variables as "Sensitive" to prevent them from being exposed in logs.
The DONATION_ADDRESS variable is an optional configuration that sends a small portion of the earnings to the provided XCH address to help fund further development. While it is not required to have this field filled out, your contribution will greatly support the ongoing development of this product.
If you don't already have a domain for hosting this project, you'll need to purchase one. The domain's nameservers must be set to the nameservers generated by AWS Route 53 when they become available. This step is necessary to obtain an SSL certificate for the SaaS product, ensuring secure communication between your users and the service.
Once you have purchased a domain, proceed with the rest of the deployment steps. Remember to update the SERVICE_DOMAIN variable in the config.json file with your purchased domain.
After deploying the infrastructure with Terraform Cloud, you'll need to update the nameservers for your domain to point to the AWS Route 53 hosted zone created by the project. This step is crucial to ensure the proper functioning of the SSL certificate and the overall security of the SaaS product.
Please follow this tutorial to set up your terraform workspace