Example solution for 🥚 vs 🐔 problem - how to create infrastructure for remote Terraform backend with Terraform?

• Terraform installed (approach tested against v0.11.2)
• AWS S3 backend with DynamoDB table for locking will be used
• operator should have AWS credentials in profile - for the purpose of this repo we use terraform profile
• backend will be created and maintained under base workspace

Before applying you should update backend.tfvars with backend configuration. You should also update list of operators AWS usernames in the setup/variables.tf file.

If you want to use workspaces per environment (as we and Hashicorp recommends) it might be convenient to name basic one base or leave default for backend infrastructure only.

When you run setup.sh the script will create required S3 bucket and DynamoDB table with local backend and then it will initialize remote backend where it will migrate the local state. Terraform will ask for confirmation during creation of required resources and if operator wants to migrate the state.

• AWS S3 policies doesn't support groups so each operator must be added explicit to the policy file
• -backend=false doesn't work, so "hack" with separated setup directory must be used to run Terraform without S3 backend

Please open an issue if something is not clear or you can suggest a better solution.