Background

As part of the AAP Terraform integration users need the ability to create a remote Terraform state backend that they can use to manage Terraform state. We will create several validated content roles to make this process easier.

For the S3 backend, create a new role in cloud.terraform_ops repo that will ensure the necessary AWS infrastructure is present for an S3 remote backend for Terraform. This role should ensure that:

• the specified s3 bucket is present
• bucket versioning is enabled on the S3 bucket
• the S3 bucket has the required permissions for Terraform

The role should also allow for optionally creating a DynamoDB table with the required permissions for state locking. Per the backend docs, the table must have a partition key named LockID with type of String.

The role should be able to either accept an existing IAM role to be granted the above permissions or create a new one.

Definition of Done

• A new role exists in the cloud.terraform_ops collection that can create the AWS resources described above
• A user should be able to create the resources using the role and then run terraform init && terraform apply on a TF project with the newly created backend configuration
• A short demo showcasing the functionality has been recorded