marusich pushed a commit to branch master in repository maintenance. commit fd899edad31a94aa855b6b4e042f6cd6c61a68f4 Author: Chris Marusich <cmmarus...@gmail.com> Date: Thu Jan 3 23:13:32 2019 -0800
cdn: Hard-code the region to us-east-1. * cdn/terraform/main.tf (provider) <region>: New field. Set it to us-east-1. (guix-terraform-state) <region>: Remove it. --- cdn/terraform/main.tf | 33 ++++++++++++++++----------------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/cdn/terraform/main.tf b/cdn/terraform/main.tf index 08617bb..539139e 100644 --- a/cdn/terraform/main.tf +++ b/cdn/terraform/main.tf @@ -6,6 +6,10 @@ terraform { # TODO: Add a Dynamo DB table for locking. bucket = "guix-terraform-state" key = "state" + # The backend documentation does not clarify if it respects the + # region specified in the provider configuration, so we explicitly + # set the region here, too. To understand why the region must be + # us-east-1, see the coments in the provider configuration. region = "us-east-1" # Locking will not work if you delete the corresponding table. dynamodb_table = "terraform-locking" @@ -26,20 +30,19 @@ terraform { # # Then you can invoke "terraform" like this to use the credentials: # -# AWS_PROFILE=guix AWS_DEFAULT_REGION=us-east-1 terraform apply +# AWS_PROFILE=guix terraform apply # -# The first environment variable tells the AWS provider to look for a -# "profile" named "guix". You can use any profile name you want, but -# it needs to match the profile name in the AWS credentials file. -# -# The second environment variable tells the AWS provider what region -# to use. For global services like IAM or CloudFront, you can use any -# region, but you might get better performance when using a region -# that is geographically close to you. If we ever use any services -# that are not global (e.g., EC2), then the region will specify where -# those resources (e.g., EC2 instances) will exist. - -provider "aws" {} +# The environment variable AWS_PROFILE tells the AWS provider to look +# for a "profile" named "guix". You can use any profile name you +# want, but it needs to match the profile name in the AWS credentials +# file. + +provider "aws" { + # We must use us-east-1 because that's where our certificate must + # exist. See the comments near the definition of + # berlin-mirror-certificate for details. + region = "us-east-1" +} # A friendly name for our account. This is displayed in various # places, such as the AWS Management Console. @@ -289,10 +292,6 @@ resource "aws_s3_bucket" "guix-terraform-state" { # bucket deletion succeeds. Of course, you should think twice # before deleting this bucket! force_destroy = true - # The best region! :-) This could be any region, really, but since - # I'm the primary user right now, I'm choosing the one that's - # closest to me. - region = "us-east-1" # Encrypt data at rest using S3's server side encryption. See: # https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html server_side_encryption_configuration {