Bootstrap a new environment: Create a CloudFormation Stack in AWS

This step only needs to be done once per environment. If you or others have deployed Veriscope Servers in the target environment, then it’s safe to assume this step has already been completed and you can skip to the next section.

Manual actions

Run the following commands for each environment you want to create, replacing <env> with the environment in question: test, dev, staging, or prod.

It is assumed you have access to IAM User credentials which have enough permissions to create CloudFormation stacks which in-turn will be creating IAM Groups, IAM Roles, IAM Policies, S3 Buckets, DynamoDB Tables etc.

Create a S3 bucket (in this example, shyft-cfn-templates) to store the packaged cloudformation templates.

Validate and package the template

Remember to substitute <env> with the appropriate environment: test, dev, staging, or prod.

aws cloudformation validate-template --template-body file://iac-bootstrap.yaml
aws cloudformation package --template-file iac-bootstrap.yaml --s3-bucket shyft-cfn-templates --output-template-file packaged-iac-bootstrap.yaml

Update the S3 bucket name as appropriate. In this example, shyft-cfn-templates

aws s3 cp packaged-iac-bootstrap.yaml s3://shyft-cfn-templates/packaged-iac-bootstrap.yaml

Create new stack

Remember to substitute <env> with the appropriate environment: test, dev, staging, or prod.

aws cloudformation create-stack --stack-name iac-bootstrap-veriscope-<env> --template-body file://packaged-iac-bootstrap.yaml --capabilities CAPABILITY_NAMED_IAM --disable-rollback --parameters ParameterKey=ServiceName,ParameterValue=veriscope ParameterKey=EnvironmentName,ParameterValue=<env>

Take note of the CloudFormation outputs as these values will be needed in the next step:

  • Name of DynamoDB table

  • Name of S3 bucket

  • Name of IAM role

Add IaC Users to IAM User Group

Get the name of the IAM group (IAM Group for IaC Users) and add your Veriscope IaC users to that group.

Update the stack

Remember to substitute <env> with the appropriate environment: test, dev, staging, or prod.

aws cloudformation update-stack --stack-name iac-bootstrap-veriscope-<env> --template-body file://packaged-iac-bootstrap.yaml --capabilities CAPABILITY_NAMED_IAM --parameters ParameterKey=ServiceName,ParameterValue=veriscope ParameterKey=EnvironmentName,ParameterValue=<env>

Delete stack

Remember to substitute <env> with the appropriate environment: test, dev, staging, or prod.

aws cloudformation delete-stack --stack-name iac-bootstrap-veriscope-<env>

The terraform state S3 bucket is set to be retained in order to not lose any terraform state information in the event of accidental stack deletions etc. Once you’ve confirmed you don’t need any of the terraform state files stored in the S3 bucket, delete the bucket by running the below command:

aws s3 rb s3://<env>-veriscope-<aws-region>-terraform