This repository contains an AWS CloudFormation template to set up infrastructure for managing Terraform/OpenTofu remote state. It includes resources for S3 bucket storage, DynamoDB table for state locking, and IAM roles for state management and infrastructure operations.
- Name:
infrastructure-state-${AWS::AccountId} - Features:
- Versioning enabled
- Default encryption using AES256
- Name:
infrastructure-state-lock - Purpose: To manage state locking for distributed plan and apply operations
-
State Management Role:
- Permissions to modify objects in the S3 bucket and update the DynamoDB lock table.
- Trust policy allows the role
arn:aws:iam::${AWS::AccountId}:role/ops-adminto assume it.
-
Infrastructure Operator Role:
- Attached with AWS
AdministratorAccesspolicy. - Trust policy allows the role
arn:aws:iam::${AWS::AccountId}:role/ops-adminto assume it.
- Attached with AWS
-
Validate the CloudFormation template:
aws cloudformation validate-template --template-body file://backend.yml
-
Deploy the stack:
aws cloudformation create-stack --stack-name infrastructure-state-backend --template-body file://backend.yml --capabilities CAPABILITY_NAMED_IAM
This project is licensed under the MIT License. See the LICENSE file for details.