This is a special workspace that is expected to be ran locally and not via a pull request. It is only used to setup the bare minimum access necessary for GitHub + Terraform Cloud to be able to manage the rest.
- Sets up dynamic provider authentication with OIDC
For first pass you'll have to use the root
user credentials via:
https://us-east-1.console.aws.amazon.com/iamv2/home#/security_credentials
but after first pass this is not recommended. You should utilize the SSO users after initial bootstrapping is executed.
- GitHub Repositories
- Terraform Cloud Workspaces
To get started with the bootstrap you need to setup your environment. First, you'll need a GitHub Access Token that has:
- repo: Full Access
- read:org
- read:discussion
Set this as an environment variable GITHUB_TOKEN
.
Then you need to be logged into terraform cloud. To do this run:
terraform login
Then you can run the terraform.
terraform plan
terraform apply
We do expect that state from the bootstrap is committed to git
(the .tfstate files).