[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/02: cdn: Hard-code the region to us-east-1.
|
From: |
Chris Marusich |
|
Subject: |
01/02: cdn: Hard-code the region to us-east-1. |
|
Date: |
Fri, 4 Jan 2019 03:06:40 -0500 (EST) |
marusich pushed a commit to branch master
in repository maintenance.
commit fd899edad31a94aa855b6b4e042f6cd6c61a68f4
Author: Chris Marusich <address@hidden>
Date: Thu Jan 3 23:13:32 2019 -0800
cdn: Hard-code the region to us-east-1.
* cdn/terraform/main.tf (provider) <region>: New field. Set it to
us-east-1.
(guix-terraform-state) <region>: Remove it.
---
cdn/terraform/main.tf | 33 ++++++++++++++++-----------------
1 file changed, 16 insertions(+), 17 deletions(-)
diff --git a/cdn/terraform/main.tf b/cdn/terraform/main.tf
index 08617bb..539139e 100644
--- a/cdn/terraform/main.tf
+++ b/cdn/terraform/main.tf
@@ -6,6 +6,10 @@ terraform {
# TODO: Add a Dynamo DB table for locking.
bucket = "guix-terraform-state"
key = "state"
+ # The backend documentation does not clarify if it respects the
+ # region specified in the provider configuration, so we explicitly
+ # set the region here, too. To understand why the region must be
+ # us-east-1, see the coments in the provider configuration.
region = "us-east-1"
# Locking will not work if you delete the corresponding table.
dynamodb_table = "terraform-locking"
@@ -26,20 +30,19 @@ terraform {
#
# Then you can invoke "terraform" like this to use the credentials:
#
-# AWS_PROFILE=guix AWS_DEFAULT_REGION=us-east-1 terraform apply
+# AWS_PROFILE=guix terraform apply
#
-# The first environment variable tells the AWS provider to look for a
-# "profile" named "guix". You can use any profile name you want, but
-# it needs to match the profile name in the AWS credentials file.
-#
-# The second environment variable tells the AWS provider what region
-# to use. For global services like IAM or CloudFront, you can use any
-# region, but you might get better performance when using a region
-# that is geographically close to you. If we ever use any services
-# that are not global (e.g., EC2), then the region will specify where
-# those resources (e.g., EC2 instances) will exist.
-
-provider "aws" {}
+# The environment variable AWS_PROFILE tells the AWS provider to look
+# for a "profile" named "guix". You can use any profile name you
+# want, but it needs to match the profile name in the AWS credentials
+# file.
+
+provider "aws" {
+ # We must use us-east-1 because that's where our certificate must
+ # exist. See the comments near the definition of
+ # berlin-mirror-certificate for details.
+ region = "us-east-1"
+}
# A friendly name for our account. This is displayed in various
# places, such as the AWS Management Console.
@@ -289,10 +292,6 @@ resource "aws_s3_bucket" "guix-terraform-state" {
# bucket deletion succeeds. Of course, you should think twice
# before deleting this bucket!
force_destroy = true
- # The best region! :-) This could be any region, really, but since
- # I'm the primary user right now, I'm choosing the one that's
- # closest to me.
- region = "us-east-1"
# Encrypt data at rest using S3's server side encryption. See:
# https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
server_side_encryption_configuration {