Deploying the AWS-ServiceBroker prerequisites using Terraform

Share on:

aws-servicebroker-tf

I was unable to find a Terraform version of the CloudFormation stack that deploys the prerequisites for AWS-ServiceBroker. I’ve since created this in Terraform, along with improving upon some of the initial concepts adapted in the CloudFormation template.

GitHub Repository

https://github.com/troydieter/aws-servicebroker-tf

Terraform Manifest

├── AwsServiceBrokerPolicy.json

  • IAM policy for the aws-servicebroker

├── AwsServiceBrokerProvisioningPolicy.json

  • IAM policy for the aws-servicebroker provisioning (ability to create CloudFormation stacks)

├── LICENSE

  • Apache License 2.0

├── README.md

  • Details for deployment

├── dynamodb.tf

  • DynamoDB table creation (table settings, global secondary index settings)

├── iam.tf

  • IAM user
  • IAM policies (x2 as shown above in the .json files)
  • IAM policy attachments
  • Output of IAM username for use in desired application

├── provider.tf

  • Sets region, profile

├── terraform.tfvars

  • Sets variable values

└── variables.tf

  • Variable definition

After terraform apply is initiated, you will be provided the IAM username as the output. You may need to generate IAM access key, secret access key manually if needed by the application utilizing aws-servicebroker

Improvements

  1. DynamoDB table name is appended with a random_id 6 digit value (to prevent duplicates)
  2. IAM user is appended with a random_id 6 digit value (to prevent duplicates)
  3. IAM policies are appended with a random_id 6 digit value (to prevent duplicates)

The above improvements allow for multiple service broker deployments, when needed.

For more information, read more about AWS ServiceBroker.