Skip to content
/ cool-accounts Public

Terraform code to configure the accounts for the COOL.

License

CC0-1.0 license
3 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cisagov/cool-accounts

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,539 Commits
.github
.github
 
 
audit
audit
 
 
dns
dns
 
 
dynamic
dynamic
 
 
images
images
 
 
log-archive
log-archive
 
 
master
master
 
 
shared-services
shared-services
 
 
terraform
terraform
 
 
users
users
 
 
.ansible-lint
.ansible-lint
 
 
.bandit.yml
.bandit.yml
 
 
.flake8
.flake8
 
 
.gitignore
.gitignore
 
 
.isort.cfg
.isort.cfg
 
 
.mdl_config.yaml
.mdl_config.yaml
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.prettierignore
.prettierignore
 
 
.terraform-docs.yml
.terraform-docs.yml
 
 
.yamllint
.yamllint
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements-dev.txt
requirements-dev.txt
 
 
requirements-test.txt
requirements-test.txt
 
 
requirements.txt
requirements.txt
 
 
setup-env
setup-env
 
 

Repository files navigation

cool-accounts

GitHub Build Status

This project contains several directories of Terraform code to perform the initial configuration of the COOL accounts, such as the "terraform", "users", and "shared-services" accounts. This Terraform code creates and configures the most basic resources needed to build out services and environments in the COOL organization, such as:

  • An S3 bucket and a DynamoDB table for Terraform remote shared state.
  • Roles that can be assumed by IAM user accounts to Terraform further environments and services.
  • An initial set of user accounts so that developers can get started.

Bootstrapping accounts

Note that all accounts must be bootstrapped. This is because initially there is no IAM role that can be assumed to build out these resources. Therefore for each account you must first apply the Terraform code in the corresponding directory with:

  • Using programmatic credentials for AWSAdministratorAccess as obtained for the COOL account from the AWS SSO page.

After this initial apply your desired IAM role will exist, and it will be assumable from your IAM user that exists in the "users" account. Therefore you can apply future changes using your IAM user credentials.

The "terraform" and "users" accounts require even more special attention. The "terraform" account must contain an S3 bucket and a DynamoDB table to support Terraform remote shared state, and the "users" account must contain some IAM user accounts before the other accounts can be bootstrapped. Therefore, in addition to using the programmatic credentials as described above, these two accounts must use local state for the first apply. Then the local state can be migrated to the remote backend hosted in the "terraform" account and future applies can proceed normally.

Note that step-by-step bootstrapping instructions are given in the account-specific README.md files found in the account subdirectories.

Notes

Running pre-commit requires running terraform init in every directory that contains Terraform code. In this repository, this includes each account directory (e.g. audit/, dns/, dynamic/, etc.)

Contributing

We welcome contributions! Please see CONTRIBUTING.md for details.

License

This project is in the worldwide public domain.

This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.

All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.

About

Terraform code to configure the accounts for the COOL.

Resources

Readme

License

CC0-1.0 license

Security policy

Security policy
Activity
Custom properties

Stars

3 stars

Watchers

4 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 11

Languages