Bootstrap a new environment: Create a CloudFormation Stack in AWS
This step only needs to be done once per environment. If you or others have deployed Veriscope Servers in the target environment, then it’s safe to assume this step has already been completed and you can skip to the next section. |
Manual actions
Run the following commands for each environment you want to create, replacing <env>
with the environment in question: test
, dev
, staging
, or prod
.
It is assumed you have access to IAM User credentials which have enough permissions to create CloudFormation stacks which in-turn will be creating IAM Groups, IAM Roles, IAM Policies, S3 Buckets, DynamoDB Tables etc. |
Create a S3 bucket (in this example, shyft-cfn-templates
) to store the packaged cloudformation templates.
Validate and package the template
Remember to substitute <env>
with the appropriate environment: test
, dev
, staging
, or prod
.
aws cloudformation validate-template --template-body file://iac-bootstrap.yaml
aws cloudformation package --template-file iac-bootstrap.yaml --s3-bucket shyft-cfn-templates --output-template-file packaged-iac-bootstrap.yaml
Update the S3 bucket name as appropriate. In this example, shyft-cfn-templates
aws s3 cp packaged-iac-bootstrap.yaml s3://shyft-cfn-templates/packaged-iac-bootstrap.yaml
Create new stack
Remember to substitute <env>
with the appropriate environment: test
, dev
, staging
, or prod
.
aws cloudformation create-stack --stack-name iac-bootstrap-veriscope-<env> --template-body file://packaged-iac-bootstrap.yaml --capabilities CAPABILITY_NAMED_IAM --disable-rollback --parameters ParameterKey=ServiceName,ParameterValue=veriscope ParameterKey=EnvironmentName,ParameterValue=<env>
Take note of the CloudFormation outputs as these values will be needed in the next step:
|
Add IaC Users to IAM User Group
Get the name of the IAM group (IAM Group for IaC Users) and add your Veriscope IaC users to that group.
Update the stack
Remember to substitute <env>
with the appropriate environment: test
, dev
, staging
, or prod
.
aws cloudformation update-stack --stack-name iac-bootstrap-veriscope-<env> --template-body file://packaged-iac-bootstrap.yaml --capabilities CAPABILITY_NAMED_IAM --parameters ParameterKey=ServiceName,ParameterValue=veriscope ParameterKey=EnvironmentName,ParameterValue=<env>
Delete stack
Remember to substitute <env>
with the appropriate environment: test
, dev
, staging
, or prod
.
aws cloudformation delete-stack --stack-name iac-bootstrap-veriscope-<env>
The terraform state S3 bucket is set to be retained in order to not lose any terraform state information in the event of accidental stack deletions etc. Once you’ve confirmed you don’t need any of the terraform state files stored in the S3 bucket, delete the bucket by running the below command:
aws s3 rb s3://<env>-veriscope-<aws-region>-terraform