deployment-tools/init_tf_backend_aws.sh at master · quortex/deployment-tools · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
#!/bin/bash
#
# The purpose of this script is to provision the resources needed to store
# terraform states on AWS. It will provision a bucket on Amazon S3 as well as a
# Dynamo DB table to support state locking and consistency checking.
#
# Official documentation about terraform state in S3 =>
# https://www.terraform.io/language/settings/backends/s3

REGION=eu-west-1
NAME=
PREFIXED=true
BLOCK_PUBLIC_ACCESS=true
CREATE_DYNAMODB=false
ENABLE_VERSIONING=true
INTERACTIVE=true

function help() {
    cat <<EOF
Provision the resources needed to store terraform states on AWS.
A bucket on Amazon S3 will be created, as well as a Dynamo DB table to support
state locking and consistency checking.
Usage : $0 -n NAME [options]

Mandatory arguments :
    -n NAME      Set the name of created resources.
Available options :
    -r REGION                   Specify the region in which to create the resources (default $REGION).
    -p PREFIXED                 Whether to prefix the name with "<ACCOUNT ID>-tfstate-" (default $PREFIXED)
    -b BLOCK_PUBLIC_ACCESS      Whether to block public access for s3 bucket (default $BLOCK_PUBLIC_ACCESS)
    -d CREATE_DYNAMODB          Whether to create the DynamoDB table (default $CREATE_DYNAMODB)
    -v ENABLE_VERSIONING        Whether to enable bucket versioning (default $ENABLE_VERSIONING)
    -y                          Execute script in non interactive mode.
    -h                          Display this help.
EOF
}

while getopts "n:r:p:d:v:yh" opt; do
    case "$opt" in
    h)
        help
        exit 0
        ;;
    n)
        NAME=$OPTARG
        ;;
    r)
        REGION=$OPTARG
        ;;
    p)
        PREFIXED=$OPTARG
        ;;
    d)
        CREATE_DYNAMODB=$OPTARG
        ;;
    v)
        ENABLE_VERSIONING=$OPTARG
        ;;
    y)
        INTERACTIVE=false
        ;;
    *)
        echo "Invalid option: -$OPTARG" >&2
        help
        exit 1
        ;;
    esac
done

if [ "$NAME" == "" ]; then
    echo "Name was not specified, aborting !"
    exit 1
fi

if [ "$PREFIXED" == true ]; then
    NAME=$(aws sts get-caller-identity --query "Account" --output text)-tfstate-$NAME
fi

if [ "$INTERACTIVE" == true ]; then
    PLAN="This will create a S3 bucket"
    if [ "$CREATE_DYNAMODB" == true ]; then
        PLAN="$PLAN and a DynamoDB table"
    fi
	echo "$PLAN named ${NAME} in region ${REGION}."
	read -p "Continue (y/n)?" CONT
	if [ "$CONT" != "y" ]; then
		echo "Aborting !"
		exit 0
	fi
fi

# Management of the creation of the s3 bucket.
#
echo "Creating bucket : ${NAME}"
res=$(aws s3api create-bucket --bucket ${NAME} \
	--region ${REGION} \
	--create-bucket-configuration LocationConstraint=${REGION} \
	--acl private 2>&1)
if [ $? -ne 0 ]; then
	case $res in
	*"BucketAlreadyOwnedByYou"*)
		echo "Bucket already owned !"
		;;
	*"BucketAlreadyExists"*)
		echo "Bucket already exists !"
		exit 1
		;;
	*)
		echo "Error: ${res}"
		exit 1
		;;
	esac
fi

# Management of the bucket public access block configuration.
#
if [ "$BLOCK_PUBLIC_ACCESS" == true ]; then
    echo "Creating bucket public access block configuration : ${NAME}"
    aws s3api put-public-access-block --bucket ${NAME} \
    --region ${REGION} \
    --public-access-block-configuration BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true
fi

# Management of the bucket versioning.
#
if [ "$ENABLE_VERSIONING" == true ]; then
    echo "Enabling bucket versioning : ${NAME}"
    aws s3api put-bucket-versioning \
        --bucket ${NAME} \
        --versioning-configuration Status=Enabled
fi

# Management of the creation of the DynamoDB table.
#
if [ "$CREATE_DYNAMODB" == true ]; then
    echo "Creating DynamoDB table : ${NAME}"
    res=$(aws dynamodb create-table --table-name ${NAME} \
      --region ${REGION} \
      --attribute-definitions AttributeName=LockID,AttributeType=S \
      --key-schema AttributeName=LockID,KeyType=HASH \
      --billing-mode PAY_PER_REQUEST 2>&1)

    if [ $? -ne 0 ]; then
        case $res in
        *"ResourceInUseException"*)
            echo "DynamoDB table already owned !"
            exit 1
            ;;
        *)
            echo "Error: ${res}"
            exit 1
            ;;
        esac
    fi
fi