update documentation

RADAR-base · Sep 5, 2024 · 838230a · 838230a
1 parent 8baef13
commit 838230a
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 32 deletions.
diff --git a/README.md b/README.md
@@ -105,6 +105,16 @@ Created resources (if all enabled):
 * CloudWatch event rules and targets
 * Essential IAM policies, roles, users for aforementioned resources
 
+## Configure the remote backend (optional)
+At some point, you might want the infrastructure state created by operations performed on `cluster` and `config` workspances to be persisted, encrypted and versioned at a remote location. This template provides a default option using an S3 backend and to set this up:
+```
+cd backend
+terraform init
+terraform apply --auto-approve
+terraform output
+```
+Then return to a workspace directory and replace the placeholder values in `versions.tf` with the actual output values from the previous step. Note that changing the backend configuration requires (re)initialisation and if you have existing local .tfstate files, they will be copied or migrated to the newly configured remote backend. To utilise a backend other than S3, please refer to this [Terraform Doc](https://developer.hashicorp.com/terraform/language/settings/backends/configuration).
+
 ## Known limitations
 * Since EBS has been chosen as the default storage, node groups will be created in a single AZ due to the mounting restriction.
 * Sometimes Terraform tries to replace the existing MSK cluster while re-applying the templates even if there is no change on the cluster. Mitigate this with `terraform untaint aws_msk_cluster.msk_cluster`.

diff --git a/backend/.terraform.lock.hcl b/backend/.terraform.lock.hcl
diff --git a/backend/outputs.tf b/backend/outputs.tf
@@ -1,11 +1,15 @@
 output "backend_bucket_name" {
-  value = var.backend_bucket_name
+  value = var.enable_backend ? var.backend_bucket_name : null
 }
 
 output "backend_state_locking" {
-  value = var.backend_state_locking
+  value = var.enable_backend ? var.backend_state_locking : null
 }
 
 output "backend_aws_region" {
-  value = var.AWS_REGION
+  value = var.enable_backend ? var.AWS_REGION : null
+}
+
+output "backend_access_iam_policy" {
+  value = var.enable_backend ? aws_iam_policy.backend[0].arn : null
 }
diff --git a/backend/variables.tf b/backend/variables.tf
@@ -44,17 +44,17 @@ variable "common_tags" {
 
 variable "enable_backend" {
   type        = bool
-  description = "Do you need backend for storing TF state? [true, false]"
+  description = "Do you need a remote backend for storing TF state? [true, false]"
 }
 
 variable "backend_bucket_name" {
   type        = string
-  description = "Default name for the S3 bucket for storing TF state"
-  default     = "radar-base-dev-cluster-1-infrastructure"
+  description = "Default name of the S3 bucket for storing TF state"
+  default     = "radar-base-infrastructure"
 }
 
 variable "backend_state_locking" {
   type        = string
-  description = "Default name for the DynamoDB table for TF state locking"
-  default     = "radar-base-dev-cluster-1-infrastructure-state-locking"
+  description = "Default name of the DynamoDB table for TF state locking"
+  default     = "radar-base-infrastructure-state-locking"
 }