create-tf-backend:
aws s3api create-bucket \
--bucket ${TF_BACKEND_BUCKET} \
--region ${AWS_REGION} \
--object-lock-enabled-for-bucket \
$(if ${AWS_PROFILE},--profile ${AWS_PROFILE},)
aws s3api put-bucket-versioning \
--bucket ${TF_BACKEND_BUCKET} \
--versioning-configuration Status=Enabled \
$(if ${AWS_PROFILE},--profile ${AWS_PROFILE},)
aws s3api put-bucket-encryption \
--bucket ${TF_BACKEND_BUCKET} \
--server-side-encryption-configuration '{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}' \
$(if ${AWS_PROFILE},--profile ${AWS_PROFILE},)
aws s3api put-public-access-block \
--bucket ${TF_BACKEND_BUCKET} \
--public-access-block-configuration "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true" \
$(if ${AWS_PROFILE},--profile ${AWS_PROFILE},)
aws dynamodb create-table \
--table-name ${TF_BACKEND_TABLE} \
--region ${AWS_REGION} \
--attribute-definitions AttributeName=LockID,AttributeType=S \
--key-schema AttributeName=LockID,KeyType=HASH \
--provisioned-throughput ReadCapacityUnits=1,WriteCapacityUnits=1 \
$(if ${AWS_PROFILE},--profile ${AWS_PROFILE},)
delete-tf-backend:
aws s3api delete-bucket \
--bucket ${TF_BACKEND_BUCKET} \
$(if ${AWS_PROFILE},--profile ${AWS_PROFILE},)
aws dynamodb delete-table \
--table-name ${TF_BACKEND_TABLE} \
$(if ${AWS_PROFILE},--profile ${AWS_PROFILE},)AWS_PROFILE is applied conditionally if set with How to make an optional flag in the Makefile command
Usage:
make create-tf-backend TF_BACKEND_BUCKET=bucket_name TF_BACKEND_TABLE=table_name AWS_REGION=us-east-1 AWS_PROFILE=profile_name
make delete-tf-backend AWS_PROFILE=profile_nameRelated to: Makefile, Terraform backend