Skip to content

feat: make S3 bucket for Terraform unique #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mgogoulos merged 1 commit into from
Jan 30, 2026
Merged

feat: make S3 bucket for Terraform unique #4

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 7 additions & 3 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
<img src="scaf-logo.png" width="250px">
</p>

**scaf-talos-template** provides DevOps engineers and infrastructure teams with a complete blueprint for deploying production-ready Talos Linux Kubernetes clusters on AWS.
**talos-template** provides DevOps engineers and infrastructure teams with a complete blueprint for deploying production-ready Talos Linux Kubernetes clusters on AWS.

This template generates infrastructure-as-code for a secure, immutable Kubernetes cluster using Talos Linux. A new project contains the following:

Expand Down Expand Up @@ -37,10 +37,10 @@ Run the following command to create a new project:

```bash
# If you have the template checked out locally:
scaf myproject ./scaf-talos-template
scaf myproject ./talos-template

# Or use the GitHub URL directly:
scaf myproject https://github.com/getscaf/scaf-talos-template.git
scaf myproject https://github.com/getscaf/talos-template.git
```

Answer all the questions, and you'll have your new Talos cluster infrastructure project!
Expand Down Expand Up @@ -123,6 +123,10 @@ cd ../../bootstrap-cluster/sandbox # or staging, production
rm -f talosconfig kubeconfig controlplane.yaml

# 3. (Optional) Remove secrets from AWS Secrets Manager
# You can use the task command:
task talos:delete_all_secrets

# Or manually delete them:
aws secretsmanager delete-secret --secret-id sandbox_talos_controlplane_yaml --force-delete-without-recovery
aws secretsmanager delete-secret --secret-id sandbox_kubeconfig --force-delete-without-recovery
aws secretsmanager delete-secret --secret-id sandbox_talosconfig_yaml --force-delete-without-recovery
Expand Down
6 changes: 6 additions & 0 deletions copier.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,12 @@ copier__aws_account_id:
"AWS account ID cannot be empty."
{% endif %}

copier__terraform_state_name:
type: str
default: "{{ copier__project_dash }}-tfstate-{{ copier__aws_account_id[-8:] }}"
help: "The name for S3 bucket and DynamoDB table for Terraform state."
when: false

copier__talos_version:
type: str
default: "1.12.1"
Expand Down
4 changes: 2 additions & 2 deletions package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"name": "scaf-talos-template",
"name": "talos-template",
"version": "1.11.1",
"devDependencies": {
"@semantic-release/changelog": "^6.0.3",
Expand Down
8 changes: 7 additions & 1 deletion template/docs/deployment.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -521,7 +521,13 @@ rm -f talosconfig kubeconfig controlplane.yaml

### Step 3 (Optional): Remove Secrets from AWS Secrets Manager

If you want to remove the stored credentials:
If you want to remove the stored credentials, you can use the task command:

```bash
task talos:delete_all_secrets
```

Or manually delete them:

```bash
aws secretsmanager delete-secret --secret-id sandbox_talosconfig_yaml --force-delete-without-recovery
Expand Down
4 changes: 2 additions & 2 deletions template/terraform/bootstrap/init.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ terraform {
}

resource "aws_s3_bucket" "terraform_state" {
bucket = "${module.global_variables.application}-terraform-state"
bucket = "{{ copier__terraform_state_name }}"

# Allows deleting the bucket even if it contains objects.
# This is useful for teardown environments.
Expand All @@ -37,7 +37,7 @@ resource "aws_s3_bucket_versioning" "tf_state_versioning" {
}

resource "aws_dynamodb_table" "terraform_state" {
name = "${module.global_variables.application}-terraform-state"
name = "{{ copier__terraform_state_name }}"
read_capacity = 5
write_capacity = 5
hash_key = "LockID"
Expand Down
5 changes: 5 additions & 0 deletions template/terraform/modules/global_variables/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,3 +29,8 @@ output "existing_hosted_zone" {
description = "Existing hosted zone name"
value = "{{ copier__existing_hosted_zone }}"
}

output "terraform_state_name" {
description = "Name for S3 bucket and DynamoDB table for Terraform state"
value = "{{ copier__terraform_state_name }}"
}
4 changes: 2 additions & 2 deletions template/terraform/production/backend.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@ terraform {
required_version = ">= 1.4"
backend "s3" {
region = "{{ copier__aws_region }}"
bucket = "{{ copier__project_dash }}-terraform-state"
bucket = "{{ copier__terraform_state_name }}"
key = "{{ copier__project_slug }}.prod.json"
encrypt = true
dynamodb_table = "{{ copier__project_dash }}-terraform-state"
dynamodb_table = "{{ copier__terraform_state_name }}"
}
}

Expand Down
4 changes: 2 additions & 2 deletions template/terraform/sandbox/backend.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@ terraform {
required_version = ">= 1.4"
backend "s3" {
region = "{{ copier__aws_region }}"
bucket = "{{ copier__project_dash }}-terraform-state"
bucket = "{{ copier__terraform_state_name }}"
key = "{{ copier__project_slug }}.sandbox.json"
encrypt = true
dynamodb_table = "{{ copier__project_dash }}-terraform-state"
dynamodb_table = "{{ copier__terraform_state_name }}"
}
}

Expand Down
4 changes: 2 additions & 2 deletions template/terraform/staging/backend.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@ terraform {
required_version = ">= 1.4"
backend "s3" {
region = "{{ copier__aws_region }}"
bucket = "{{ copier__project_dash }}-terraform-state"
bucket = "{{ copier__terraform_state_name }}"
key = "{{ copier__project_dash }}.staging.json"
encrypt = true
dynamodb_table = "{{ copier__project_dash }}-terraform-state"
dynamodb_table = "{{ copier__terraform_state_name }}"
}
}

Expand Down