1. Create a Provider.tf file
In this file i specify the region and AWS user credentials using one of the following secure ways
- aws configure
- Environment variables
- IAM roles (recommended for EC2, CloudShell, CI/CD)
provider "aws" {
region = "us-east-1"
}
2. Create Main.tf file
In this file i created an S3 bucket for the remote backend to store terraform state file and make it private with versioning enabled
resource "aws_s3_bucket" "example" {
bucket = "my-unique-bucket-name-12345" # change this to a unique name
acl = "private"
versioning {
enabled = true
}
# Block public access
block_public_acls = true
block_public_policy = true
ignore_public_acls = true
restrict_public_buckets = true
}
3. Create backend.tf file
In this file i created a remote backend S3 to store terraform state file and make it private with versioning enabled
terraform {
backend "s3" {
bucket = "my-terraform-state-johndoe123" # Replace with your unique bucket name
key = "terraform-state-file"
region = "us-east-1"
}
}
4. Create an AWS Secret Manager
aws secretsmanager create-secret --name my-database-password-johndoe --secret-string "YourSecurePassword"
5. Update Main.tf file
updated my main.tf and create RDS resource
resource "aws_s3_bucket" "example" {
bucket = "my-unique-bucket-name-12345" # change this to a unique name
acl = "private"
versioning {
enabled = true
}
# Block public access
block_public_acls = true
block_public_policy = true
ignore_public_acls = true
restrict_public_buckets = true
}
data "aws_secretsmanager_secret_version" "database_password" {
secret_id = "my-database-password-johndoe"
}
resource "aws_db_instance" "my_secret_db" {
identifier = "rds-db-instance"
allocated_storage = 20
storage_type = "gp2"
engine = "mysql"
engine_version = "8.0.43"
instance_class = "db.t3.micro"
username = "admin"
password = data.aws_secretsmanager_secret_version.database_password.secret_string # Using the retrieved secret value
}
Top comments (0)