Table of contents

Deploy AWS infrastructure with Terraform

We use Terraform for configuring the GOV.UK infrastructure in AWS.

1. Check what you can deploy

Which changes you can deploy depends on the level of access you have to our AWS environments.

  • govuk-users can’t deploy anything
  • govuk-powerusers and govuk-platformhealth-powerusers can deploy everything except IAM (users and policies).
  • govuk-administrators can deploy everything including IAM.

You can find which class of user you are in the infra-security project in govuk-aws-data.

2. Get your credentials

Before deploying you’ll have to assume a role for the environment you’re deploying to.

aws sts assume-role \
  --role-session-name "$(whoami)-$(date +%d-%m-%y_%H-%M)" \
  --role-arn <Role ARN> \
  --serial-number <MFA ARN> \
  --duration-seconds 28800 \
  --profile gds \
  --token-code <MFA token>

If you’ve set up AWS CLI correctly you can get the Role ARN and MFA ARN with cat ~/.aws/config.

3. Terraform plan & deploy

👉 Deploy to integration using Jenkins

This page was last reviewed . It needs to be reviewed again by the page owner #govuk-2ndline.