Deploy AWS infrastructure with Terraform
We use Terraform for configuring the GOV.UK infrastructure in AWS.
1. Check what you can deploy
Which changes you can deploy depends on the level of access you have to our AWS environments.
govuk-userscan’t deploy anything
govuk-poweruserscan deploy everything except IAM, ie users and policies.
govuk-administratorscan deploy everything including IAM.
You can find which class of user you are in the infra-security project in govuk-aws-data.
2. Get your credentials
Before deploying you’ll have to assume a role for the environment you’re deploying to.
aws sts assume-role \ --role-session-name "$(whoami)-$(date +%d-%m-%y_%H-%M)" \ --role-arn <Role ARN> \ --serial-number <MFA ARN> \ --duration-seconds 28800 \ --profile gds \ --token-code <MFA token>
If you’ve set up AWS CLI correctly you can get the Role ARN and MFA ARN with
More about Deployment
- Block apps from being deployed
- Deploy an application to GOV.UK
- Deploy fixes for a security vulnerability
- Deploy Puppet
- Deploy when GitHub is unavailable
- Fall back to the static mirrors
- Handle encrypted hieradata
- Monitor your app during deployment
- Restart an application
- Run a rake task
- Set up Heroku review apps for pull requests
- Switch an app off temporarily