Regional resources: An external facing ALB all the way down to the VPC.
Global resources: An IAM role.
Once all resources are deployed (see section on how to deploy resources) then go to EC2 -> Load Balancer (demo*) -> DNS Name -> Copy it and open it in the browser (make sure to use http:// and not https://).
Prerequisites:
Set up the central tooling account as per its README in the sister repo aws-multi-region-cicd-with-terraform that will create the AWS CodeCommit repo.
To push the infra repo code into AWS CodeCommit in the central tooling account:
To destroy the resources in the target workload accounts:
If not done already, use aws configure with your IAM user credentials for the central tooling account and then assume InfraBuildRole:
# You can use below one liner# For details, see [this](https://aws.amazon.com/premiumsupport/knowledge-center/iam-assume-role-cli/
OUT=$(aws sts assume-role --role-arn arn:aws:iam::111122223333:role/InfraBuildRole --role-session-name INFRA_BUILD);export AWS_ACCESS_KEY_ID=$(echo $OUT| jq -r '.Credentials''.AccessKeyId');export AWS_SECRET_ACCESS_KEY=$(echo $OUT| jq -r '.Credentials''.SecretAccessKey');export AWS_SESSION_TOKEN=$(echo $OUT| jq -r '.Credentials''.SessionToken');# Verify you assumed the role
aws sts get-caller-identity
{
"UserId": "AAA:INFRA_BUILD",
"Account": "111122223333",
"Arn": "arn:aws:sts::111122223333:assumed-role/InfraBuildRole/INFRA_BUILD"
}
Use the regional resources destroy shell script in this repo to generate the tf plan for the account and region. Inspect the tf plan and then run terraform apply "tfplan"
Then, use the global resources destroy shell script in this repo to generate the tf plan for the account. Inspect the tf plan and then run terraform apply "tfplan"