s3 bucket creation for terraform state files

To create the S3 bucket and set up the necessary permissions, follow these steps:

Step 1: Create an S3 Bucket

You can create an S3 bucket using the AWS Management Console, AWS CLI, or Terraform. Here, I'll provide instructions for both the AWS CLI and Terraform.

Using AWS CLI

1. Open a terminal and run the following command:

   aws s3api create-bucket --bucket your-terraform-state-bucket --region us-west-2 --create-bucket-configuration LocationConstraint=us-west-2

2. Enable versioning on the bucket:

   aws s3api put-bucket-versioning --bucket your-terraform-state-bucket --versioning-configuration Status=Enabled

Using Terraform

Create a Terraform configuration file (s3_bucket.tf):

provider "aws" {
  region = "us-west-2"
}

resource "aws_s3_bucket" "terraform_state" {
  bucket = "your-terraform-state-bucket"

  versioning {
    enabled = true
  }

  server_side_encryption_configuration {
    rule {
      apply_server_side_encryption_by_default {
        sse_algorithm = "AES256"
      }
    }
  }

  tags = {
    Name = "TerraformStateBucket"
  }
}

Initialize and apply the configuration:

terraform init 

terraform apply

Step 2: Set Up Permissions

Create an IAM Policy for S3 Access

Create an IAM policy to allow access to the S3 bucket. You can create the policy using the AWS Management Console or AWS CLI.

Using AWS CLI

Create a policy JSON file (s3_policy.json):

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::your-terraform-state-bucket"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::your-terraform-state-bucket/*"
            ]
        }
    ]
}

Create the IAM policy:

aws iam create-policy --policy-name TerraformS3Access --policy-document file://s3_policy.json

Attach the Policy to the IAM Role or User

Attach the newly created policy to the IAM role or user that Terraform will use.

1. Attach the policy to a user:

   aws iam attach-user-policy --policy-arn arn:aws:iam::aws:policy/TerraformS3Access --user-name your-username

2. Attach the policy to a role:

   aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/TerraformS3Access --role-name your-role-name

Step 3: Configure Backend in Terraform

Configure your Terraform backend to use the newly created S3 bucket.

In monitoring/main.tf and dev/main.tf:

terraform {
  backend "s3" {
    bucket = "your-terraform-state-bucket"
    key    = "monitoring/terraform.tfstate"  # for monitoring cluster
    region = "us-west-2"
  }
}

# For dev cluster
terraform {
  backend "s3" {
    bucket = "your-terraform-state-bucket"
    key    = "dev/terraform.tfstate"
    region = "us-west-2"
  }
}

Apply the Configuration

Run terraform init and terraform apply in the monitoring and dev directories to initialize the backend and apply the configurations:

cd monitoring
terraform init
terraform apply -var="ssh_private_key=$(cat ../uday1.pem)"

cd ../dev
terraform init
terraform apply -var="ssh_private_key=$(cat ../uday1.pem)"

This setup will ensure that your Terraform state is stored in an S3 bucket with versioning enabled and proper access permissions configured.