#!/bin/bash # Enterprise CI/CD Foundation Bootstrap Script # This script creates the S3 bucket and DynamoDB table for Terraform backend # before running the main Terraform deployment set -e # Configuration PROJECT_NAME="${PROJECT_NAME:-enterprise-cicd}" ENVIRONMENT="${ENVIRONMENT:-dev}" AWS_REGION="${AWS_REGION:-us-east-1}" # Generate unique suffix for global resources RANDOM_SUFFIX=$(openssl rand -hex 4) BUCKET_NAME="${PROJECT_NAME}-terraform-state-${RANDOM_SUFFIX}" TABLE_NAME="${PROJECT_NAME}-terraform-locks" echo "🚀 Bootstrapping Terraform Backend Infrastructure" echo "Project: ${PROJECT_NAME}" echo "Environment: ${ENVIRONMENT}" echo "Region: ${AWS_REGION}" echo "Bucket: ${BUCKET_NAME}" echo "Table: ${TABLE_NAME}" # Verify AWS credentials echo "🔐 Verifying AWS credentials..." aws sts get-caller-identity || { echo "❌ AWS credentials not configured or invalid" exit 1 } # Create S3 bucket for Terraform state echo "📦 Creating S3 bucket for Terraform state..." if aws s3api head-bucket --bucket "${BUCKET_NAME}" 2>/dev/null; then echo "✅ Bucket ${BUCKET_NAME} already exists" else # Create bucket with appropriate settings based on region if [ "${AWS_REGION}" = "us-east-1" ]; then aws s3api create-bucket \ --bucket "${BUCKET_NAME}" \ --region "${AWS_REGION}" else aws s3api create-bucket \ --bucket "${BUCKET_NAME}" \ --region "${AWS_REGION}" \ --create-bucket-configuration LocationConstraint="${AWS_REGION}" fi # Enable versioning aws s3api put-bucket-versioning \ --bucket "${BUCKET_NAME}" \ --versioning-configuration Status=Enabled # Enable encryption aws s3api put-bucket-encryption \ --bucket "${BUCKET_NAME}" \ --server-side-encryption-configuration '{ "Rules": [{ "ApplyServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256" } }] }' # Block public access aws s3api put-public-access-block \ --bucket "${BUCKET_NAME}" \ --public-access-block-configuration \ BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true echo "✅ S3 bucket ${BUCKET_NAME} created successfully" fi # Create DynamoDB table for state locking echo "🔒 Creating DynamoDB table for state locking..." if aws dynamodb describe-table --table-name "${TABLE_NAME}" --region "${AWS_REGION}" >/dev/null 2>&1; then echo "✅ DynamoDB table ${TABLE_NAME} already exists" else aws dynamodb create-table \ --table-name "${TABLE_NAME}" \ --attribute-definitions AttributeName=LockID,AttributeType=S \ --key-schema AttributeName=LockID,KeyType=HASH \ --billing-mode PAY_PER_REQUEST \ --region "${AWS_REGION}" \ --tags Key=Name,Value="${TABLE_NAME}" \ Key=Project,Value="${PROJECT_NAME}" \ Key=Environment,Value="${ENVIRONMENT}" \ Key=ManagedBy,Value=terraform # Wait for table to be active echo "⏳ Waiting for DynamoDB table to be active..." aws dynamodb wait table-exists --table-name "${TABLE_NAME}" --region "${AWS_REGION}" echo "✅ DynamoDB table ${TABLE_NAME} created successfully" fi # Generate backend configuration echo "📝 Generating backend configuration..." cat > backend.tf << EOF # Terraform Backend Configuration # Auto-generated by bootstrap script terraform { backend "s3" { bucket = "${BUCKET_NAME}" key = "foundation/terraform.tfstate" region = "${AWS_REGION}" dynamodb_table = "${TABLE_NAME}" encrypt = true } } EOF echo "✅ Backend configuration written to backend.tf" # Save configuration for later use cat > .backend-config << EOF BUCKET_NAME=${BUCKET_NAME} TABLE_NAME=${TABLE_NAME} AWS_REGION=${AWS_REGION} PROJECT_NAME=${PROJECT_NAME} ENVIRONMENT=${ENVIRONMENT} EOF echo "" echo "🎉 Bootstrap completed successfully!" echo "" echo "📋 Resources Created:" echo " S3 Bucket: ${BUCKET_NAME}" echo " DynamoDB Table: ${TABLE_NAME}" echo " Region: ${AWS_REGION}" echo "" echo "📁 Files Generated:" echo " backend.tf - Terraform backend configuration" echo " .backend-config - Resource details for cleanup" echo "" echo "🚀 Ready to run Terraform:" echo " terraform init" echo " terraform plan" echo " terraform apply" echo "" echo "💡 To destroy everything later:" echo " terraform destroy" echo " ./cleanup.sh (to remove bootstrap resources)"