I'm diving into setting up a brand new AWS account from scratch, which is a first for me. I've mainly worked with AWS environments managed by others, so I'm looking for guidance on getting started. I want to ensure I can manage everything with Infrastructure as Code (IaC) using Terraform, ideally running it within GitHub Workflows. My plan includes creating an S3 bucket for Terraform state management and setting up IAM users and policies for executing Terraform processes. However, I'm stuck on the initial setup since I need some AWS resources to run IaC, but I also want to use IaC to manage that initial setup. Here's what I'm hoping to figure out: 1. What are the essential components I need to set up? 2. What's the best strategy for the initial bootstrapping process? Just as a side note, this is for a hobby project, so minimizing costs is key for me.
5 Answers
For more sophisticated setups, while Control Tower + AFT is an enterprise-level solution, it might be too complex and costly for a hobby project. You could glean some ideas from its architecture and spin up a simplified version tailored to your needs.
For a hobby project, it's crucial not to start with just a bare-bones account. Set it up as an AWS Organization right off the bat, and make use of Identity Center. Spin up separate member accounts for your projects, including this IaC setup. There are no costs for most of this, and it simplifies the orchestration of your accounts with IaC if you plan to expand later on. I've got multiple member accounts in my personal org, and my bill is pretty low, around $30-50 a month, mainly for the resources I actually use.
I've had similar experiences where initial manual bootstrapping is unavoidable. Check out my GitHub repo for guidance on how I managed my setup; it covers the necessary steps for S3, IAM, and OIDC configuration.
1. Start by creating an S3 bucket and, if necessary, a DynamoDB table for your infrastructure using the Terraform module found at github.com/trussworks/terraform-aws-bootstrap. 2. This will serve as a backend for your primary Terraform setup. Initially, you'll have a local state file, but just keep it in a private Git repository for safety. I’ve been doing this for years and it works perfectly.
True, that method is effective; just create your bucket and the state table, then build your stacks from there. I'd also recommend looking into CDK, as others have mentioned.
A straightforward way to kickstart your AWS account is by using the command `cdk bootstrap`. It's a quick way to ensure your environment is set up appropriately.
Just a heads up, DynamoDB isn't required anymore for state locking; Terraform and OpenTofu now support native S3 locking.