diff --git a/terraform/README.md b/terraform/README.md index 7b875d70..b488be91 100644 --- a/terraform/README.md +++ b/terraform/README.md @@ -206,4 +206,63 @@ https://login.microsoftonline.com/common/oauth2/authorize?client_id=41b23e61-6c1 TODO ## Downloading a client profile -TODO \ No newline at end of file +TODO + +# Quick Steps +Copy paste (mostly) + +*Edit provider.tf and turn off remote bucket temporarily (comment out backend {} section)* +``` +provider "azurerm" { + version = "=1.40.0" +} + +provider "azuread" { + # Whilst version is optional, we /strongly recommend/ using it to pin the version of the Provider being used + version = "=0.7.0" +} + +terraform { + #backend "azurerm" { + #resource_group_name = "cloudzero-dev-tfstate" + #storage_account_name = "cloudzerodevtfstate" + #container_name = "tfstate" + #key = "dev.terraform.tfstate" + #} +} +``` + +`terraform init` + +`terraform plan -target=module.tf_state` + +Ensure the state bucket is created. + +*create the container in the portal (or cli).* +This simply involves going to the bucket in the azure portal and creating the container. + +Now is the tricky part. For this, we will be switching from local state (files) to remote state (stored in the azure bucket) + +Uncomment the `backend {}` section in the `provider.tf` file. Once uncommented, we will re-run the init. This will attempt to copy the local state to the remote bucket. + +`terraform init` + +*Say `yes` to the question* + +Now we need to update the Update `variables.tf` with the principals for the users in `admin_users` variable map. If these are not defined yet, just leave it as an empty set. + +Next, we'll create the operator keyvault. + +`terraform plan -target=module.operator_keyvault` + +Lastly, we'll pre-populate some secrets using the secrets-tool. Follow the install/setup section in the README.md first. Then populate the secrets with a definition file as described in the following link. + + +https://github.com/dod-ccpo/atst/tree/staging/terraform/secrets-tool#populating-secrets-from-secrets-definition-file + +*Next we'll apply the rest of the TF configuration* + +`terraform plan` # Make sure this looks correct + +`terraform apply` +