Manages overarching cloud resources for my personal usage.
This repo is part of my journey to use git as the source of truth for everything I can automate.
This repo.
Repo to manage cloud resources for my family usage.
My domain names configuration is in a private repo and is automatically synced to the various domain providers using GitHub Actions.
However, several providers require for requests to come from a fixed IP address which is why I decided to use a hosted Github Runner on Digital Ocean.
To access sub-accounts via the AWS console, login to AWS as the global user and switch role.
Global user credentials:
- Sign-in URL:
terraform output --raw global_aws_signin_url - Username:
terraform output --raw global_aws_user_name - Password:
terraform output --raw global_aws_user_password | base64 --decode | gpg --decrypt
Switch role information:
- Account: Copy the desired sub-account ID from the organization page
- Role:
OrganizationAccountAccessRole
In order to sign/verify/encrypt stuff across various projects, I use Google KMS.
If you want to fork this repo and modify it for your own personal/commercial usage, please do so freely, it is licensed accordingly (Apache 2.0).
The way to set it up for the first time is:
-
Rename the project
romain-infrato your liking, this is the main project (this repo). -
Remove the other projects
-
Login to the various cloud providers or set environment variables accordingly (most likely as root/admin user)
-
Run
terraform init -
If you forked the repo, rename it accordingly and then import it with (replace
romain-infraaccordingly):terraform import module.romain-infra.github_repository.github[\"main\"] romain-infra
-
Run
terraform apply -
This will create the main project and some global credentials for clouds that support it (AWS/GCP), and set them up in Terraform Cloud.
-
Upload the state to Terraform Cloud:
- Uncomment the lines in
_backend.tfand modify accordingly - Run
terraform init - Answer that you want to copy the state in the prompt
- Uncomment the lines in
-
Commit and push your work.
-
The plan in Terraform Cloud should run smoothly and display that no changes were detected.
Make modifications/add your projects through pull requests if you want to get speculative plans before merging.
Change directory to the repo and then run: (or replace {owner}/{repo})
gh api -p everest -X POST repos/{owner}/{repo}/actions/runners/registration-token | jq .tokenChange directory to a repo of the org and then run: (or replace {owner})
gh api -p everest -X POST orgs/{owner}/actions/runners/registration-token | jq .token