This repository manages infrastructure resources for Yandex Cloud using Infrastructure as Code (IaC) principles. The project utilizes Terraform with Yandex Object Storage (S3-compatible) as the backend for storing state files, ensuring reliable and consistent infrastructure management.
All infrastructure deployments and teardowns are orchestrated through manually triggered GitHub Actions workflows, providing controlled and auditable changes to the cloud environment.
The CI/CD pipeline leverages a Docker image specifically designed for Terragrunt and Yandex Cloud operations, available at leonidgrishenkov/ci-terragrunt-yc.
Uploading Terraform states to Yandex Object Storage
Create S3 bucket for terraform states and special service account for terraform with editor role:
cd ./live/global/s3/terraform-state
terraform applyCreate auth key for SA:
yc iam key create \
--service-account-id $(yc iam service-account list --format json | jq -r '.[] | select(.name == "terraform-sa") | .id') \
--folder-id $(yc config get folder-id) \
--output /tmp/.terraform-sa-auth-key.jsonCreate yc profile for SA:
$ yc config profile create terraform-sa
Profile 'sa-terraform' created and activatedConfigure profile:
yc config set service-account-key /tmp/.terraform-sa-auth-key.json
yc config set cloud-id $YC_CLOUD_ID
yc config set folder-id $YC_FOLDER_IDGrab output of access and secret keys:
terraform output -json