Set up Terraform
GovWifi infrastructure is managed using Terraform which is configured via govwifi-terraform.
Prerequisites
There are several prerequisites to running govwifi-terraform make commands successfully:
- Your GPG key ID has been added to govwifi-build and secrets in this project have been re-encrypted.
- You have an AWS IAM user with the ability to assume suitable roles.
- Your AWS configuration contains an appropriate profile wth the suitable role. eg.
[profile govwifi]
region = eu-west-1
role_arn=arn:aws:iam::1234567890:role/first-name.last-name
mfa_serial=arn:aws:iam::1234567890:mfa/first-name.last-name@digital.cabinet-office.gov.uk
- You’ve installed Terraform version declared in the .terraform-version file. This can easily be installed alongside other versions using tfenv.
- (Optional) aws-vault is a useful AWS credential management tool. If you have other AWS credentials on you system this may help switch profiles.
- (Optional) gds-cli can be useful for automating some of the AWS credential management. Ask the team for help setting this up.
Running Terraform for the first time
If you are running terraform commands for the first time you’ll need to initialise terraform, this involves decrypting secrets and getting the backend state from S3. This is handled by one make command:
Note: env refers to staging | wifi | wifi-london
aws-vault exec govwifi-staging -- make <env> init-backend
or if you are using the gds-cli:
gds aws govwifi-staging -- make <env> init-backend
Use a staging env when testing your setup, when you are confident your setup works as expected, you can then change govwifi-staging to govwifi to run in production).
After this you should be able to run plan to verify everything works:
aws-vault exec govwifi-staging -- make <env> plan
or if you are using the gds-cli:
gds aws govwifi-staging -- make <env> plan
You should see the confirmation message:
No changes. Infrastructure is up-to-date.
You’re now ready to make some changes!