Terraform is an infrastructure service from HashiCorp that enables administrators to configure and provision resources. Terraform has a wide flexibility for implementations, while allows users to design and configure their terraform scripts in a variety of ways.
This topic describes how to use an AWS Terraform provider to help automate the steps to provision ChaosSearch access to your AWS cloud storage buckets.
Before you get started with the Terraform access configuration scripts, make sure that you have the following:
- You AWS profile name and region where the cloud storage buckets are located
- Your AWS account number
- The list of the AWS bucket names and the AWS region where they are located (these are the buckets to which you are granting ChaosSearch read and list access)
- Your ChaosSearch external ID
Your workstation must also have an installed version of Terraform.
Contact ChaosSearch Customer Success to obtain the Terraform package with the files needed to use the AWS Terraform access provisioning. The package is typically a tarfile package of several Terraform definition files.
As a good practice, extract the Terraform files to a new empty folder on your workstation, and change to that folder for the next steps.
Run the following commands to set and export the following environment variables:
export AWS_PROFILE=<Your AWS_PROFILE> export AWS_REGION=<Your AWS region>
In the directory where you extracted the Terraform files for the AWS access example kit, create a
variables.tfvars text file with the following contents:
cs_external_id = "CS_ACCOUNT_ID_FROM_CHAOSSEARCH" data_bucket_name = "<see below>" aws_account_number = YOUR_AWS_ACCOUNT_NUMBER
data_bucket_name field, you can type one AWS S3 bucket name to grant ChaosSearch read access to that bucket. You can then use the AWS IAM interface to update the policy to add other buckets following the steps in IAM role Policy Permissions. You could also use the string
"*" to grant read access to all buckets, but this is not recommended for most production environments. Currently this Terraform example does not support multiple bucket names in the
To use the AWS Terraform example to provision access for ChaosSearch:
- Run the
terraform initcommand to set up the Terraform environment.
- Optionally run
terraform planto check for errors or issues in the files.
- Run the
terraform apply -var-file="variables.tfvars"command to provision the AWS access role and policy to grant read access to the specified bucket for ChaosSearch.
The output of the terraform scripts is the role ARN that you must supply in the AWS Credentials page of the ChaosSearch console.
Updated 5 months ago