144 lines
4.5 KiB
Bash
144 lines
4.5 KiB
Bash
#!/bin/bash
|
|
|
|
# Enterprise CI/CD Foundation Bootstrap Script
|
|
# This script creates the S3 bucket and DynamoDB table for Terraform backend
|
|
# before running the main Terraform deployment
|
|
|
|
set -e
|
|
|
|
# Configuration
|
|
PROJECT_NAME="${PROJECT_NAME:-enterprise-cicd}"
|
|
ENVIRONMENT="${ENVIRONMENT:-dev}"
|
|
AWS_REGION="${AWS_REGION:-us-east-1}"
|
|
|
|
# Generate unique suffix for global resources
|
|
RANDOM_SUFFIX=$(openssl rand -hex 4)
|
|
BUCKET_NAME="${PROJECT_NAME}-terraform-state-${RANDOM_SUFFIX}"
|
|
TABLE_NAME="${PROJECT_NAME}-terraform-locks"
|
|
|
|
echo "🚀 Bootstrapping Terraform Backend Infrastructure"
|
|
echo "Project: ${PROJECT_NAME}"
|
|
echo "Environment: ${ENVIRONMENT}"
|
|
echo "Region: ${AWS_REGION}"
|
|
echo "Bucket: ${BUCKET_NAME}"
|
|
echo "Table: ${TABLE_NAME}"
|
|
|
|
# Verify AWS credentials
|
|
echo "🔐 Verifying AWS credentials..."
|
|
aws sts get-caller-identity || {
|
|
echo "❌ AWS credentials not configured or invalid"
|
|
exit 1
|
|
}
|
|
|
|
# Create S3 bucket for Terraform state
|
|
echo "📦 Creating S3 bucket for Terraform state..."
|
|
if aws s3api head-bucket --bucket "${BUCKET_NAME}" 2>/dev/null; then
|
|
echo "✅ Bucket ${BUCKET_NAME} already exists"
|
|
else
|
|
# Create bucket with appropriate settings based on region
|
|
if [ "${AWS_REGION}" = "us-east-1" ]; then
|
|
aws s3api create-bucket \
|
|
--bucket "${BUCKET_NAME}" \
|
|
--region "${AWS_REGION}"
|
|
else
|
|
aws s3api create-bucket \
|
|
--bucket "${BUCKET_NAME}" \
|
|
--region "${AWS_REGION}" \
|
|
--create-bucket-configuration LocationConstraint="${AWS_REGION}"
|
|
fi
|
|
|
|
# Enable versioning
|
|
aws s3api put-bucket-versioning \
|
|
--bucket "${BUCKET_NAME}" \
|
|
--versioning-configuration Status=Enabled
|
|
|
|
# Enable encryption
|
|
aws s3api put-bucket-encryption \
|
|
--bucket "${BUCKET_NAME}" \
|
|
--server-side-encryption-configuration '{
|
|
"Rules": [{
|
|
"ApplyServerSideEncryptionByDefault": {
|
|
"SSEAlgorithm": "AES256"
|
|
}
|
|
}]
|
|
}'
|
|
|
|
# Block public access
|
|
aws s3api put-public-access-block \
|
|
--bucket "${BUCKET_NAME}" \
|
|
--public-access-block-configuration \
|
|
BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true
|
|
|
|
echo "✅ S3 bucket ${BUCKET_NAME} created successfully"
|
|
fi
|
|
|
|
# Create DynamoDB table for state locking
|
|
echo "🔒 Creating DynamoDB table for state locking..."
|
|
if aws dynamodb describe-table --table-name "${TABLE_NAME}" --region "${AWS_REGION}" >/dev/null 2>&1; then
|
|
echo "✅ DynamoDB table ${TABLE_NAME} already exists"
|
|
else
|
|
aws dynamodb create-table \
|
|
--table-name "${TABLE_NAME}" \
|
|
--attribute-definitions AttributeName=LockID,AttributeType=S \
|
|
--key-schema AttributeName=LockID,KeyType=HASH \
|
|
--billing-mode PAY_PER_REQUEST \
|
|
--region "${AWS_REGION}" \
|
|
--tags Key=Name,Value="${TABLE_NAME}" \
|
|
Key=Project,Value="${PROJECT_NAME}" \
|
|
Key=Environment,Value="${ENVIRONMENT}" \
|
|
Key=ManagedBy,Value=terraform
|
|
|
|
# Wait for table to be active
|
|
echo "⏳ Waiting for DynamoDB table to be active..."
|
|
aws dynamodb wait table-exists --table-name "${TABLE_NAME}" --region "${AWS_REGION}"
|
|
echo "✅ DynamoDB table ${TABLE_NAME} created successfully"
|
|
fi
|
|
|
|
# Generate backend configuration
|
|
echo "📝 Generating backend configuration..."
|
|
cat > backend.tf << EOF
|
|
# Terraform Backend Configuration
|
|
# Auto-generated by bootstrap script
|
|
|
|
terraform {
|
|
backend "s3" {
|
|
bucket = "${BUCKET_NAME}"
|
|
key = "foundation/terraform.tfstate"
|
|
region = "${AWS_REGION}"
|
|
dynamodb_table = "${TABLE_NAME}"
|
|
encrypt = true
|
|
}
|
|
}
|
|
EOF
|
|
|
|
echo "✅ Backend configuration written to backend.tf"
|
|
|
|
# Save configuration for later use
|
|
cat > .backend-config << EOF
|
|
BUCKET_NAME=${BUCKET_NAME}
|
|
TABLE_NAME=${TABLE_NAME}
|
|
AWS_REGION=${AWS_REGION}
|
|
PROJECT_NAME=${PROJECT_NAME}
|
|
ENVIRONMENT=${ENVIRONMENT}
|
|
EOF
|
|
|
|
echo ""
|
|
echo "🎉 Bootstrap completed successfully!"
|
|
echo ""
|
|
echo "📋 Resources Created:"
|
|
echo " S3 Bucket: ${BUCKET_NAME}"
|
|
echo " DynamoDB Table: ${TABLE_NAME}"
|
|
echo " Region: ${AWS_REGION}"
|
|
echo ""
|
|
echo "📁 Files Generated:"
|
|
echo " backend.tf - Terraform backend configuration"
|
|
echo " .backend-config - Resource details for cleanup"
|
|
echo ""
|
|
echo "🚀 Ready to run Terraform:"
|
|
echo " terraform init"
|
|
echo " terraform plan"
|
|
echo " terraform apply"
|
|
echo ""
|
|
echo "💡 To destroy everything later:"
|
|
echo " terraform destroy"
|
|
echo " ./cleanup.sh (to remove bootstrap resources)" |