feat(remote-state): deploy state bucket + lock table to all AWS accounts

Signed-off-by: kolvin <15124052+Kolvin@users.noreply.github.com>

.terraform-version

@@ -1 +1 @@
-1.4.6
+1.5.0

common.hcl

@@ -32,6 +32,22 @@ terraform {
     commands  = ["apply"]
     arguments = ["${get_terragrunt_dir()}/tgplan.out"]
   }
+
+  extra_arguments "retry_lock" {
+    commands = [
+      "init",
+      "apply",
+      "refresh",
+      "import",
+      "plan",
+      "taint",
+      "untaint"
+    ]
+
+    arguments = [
+      "-lock-timeout=10m"
+    ]
+  }
 }
 
 # Generate an AWS provider block
@@ -70,10 +86,10 @@ remote_state {
 
   config = {
     encrypt        = true
-    bucket         = "terragrunt-state-${local.aws_account_id}"
+    bucket         = "terraform-state-${local.aws_account_id}"
     key            = "${join("/", compact([local.component, local.aws_region]))}/terraform.tfstate"
     region         = "eu-west-1" # one state bucket per account, multi region support via file path
-    dynamodb_table = "terragrunt-locks-${local.aws_account_id}"
+    dynamodb_table = "terraform-locks-${local.aws_account_id}"
   }
 
   generate = {

remote-backend/kloud/global/terragrunt.hcl

@@ -0,0 +1,26 @@
+include "root" {
+  path = find_in_parent_folders("common.hcl")
+}
+
+terraform {
+  source = "git::https://github.com/kloud-cnf/terraform-aws-remote-backend//?ref=v0.1.0"
+}
+
+inputs = {
+  state_config = {
+    state_bucket_name_suffix = "terraform-state"
+    lock_table_name_suffix   = "terraform-state-lock"
+    state_bucket_allowed_roles = [
+      "OrgAccessRole",
+      "ci-role-provisioner",
+      "github-ci-infrastructure-provisoner"
+    ]
+    state_bucket_allowed_users = [
+      "root"
+    ]
+    enabled_org_units = [
+      "root/workloads",
+      "root/labs",
+    ]
+  }
+}