Repurpose PSE terraform config to initialize cloud resources

[zschira]

This PR takes sets up cloud infrastructure using terraform. We will be using similar infrastructure to that used for the PSE project, so most of this was repurposed from there. Specifically, we will have storage bucket with raw 10-K filings, and postgres instance containing filing metadata. This will be used during development so we can quickly search through filings, manually inspect them, and do experimental development with minimal hassle. Eventually this infrastructure will likely be taken down, as all of the dev work for mozilla should be migrated into PUDL, and we will access filings using our normal archiver workflow.

[zschira]

Is there anything weird about using the PUDL project from a different repo? Should we just create a mozilla project?

[jdangerx]

If we're billing infrastructure costs to Mozilla, we should probably make a separate mozilla project - that will make the bookkeeping much easier.

If not, I think it's fine to use the same GCP project - though if we do that, I'd rather this terraform configuration live in the pudl repo. I think one tfstate per GCP project is easier to think about.

[jdangerx]

The terraform stuff is a little funky. I personally think we should make a new Mozilla project in GCP, and set stuff up for that.

But if we're going to end up reusing a bunch of this infrastructure for PUDL one day, it might make sense to bring it into the main project + terraform state.

[jdangerx]

If we're billing infrastructure costs to Mozilla, we should probably make a separate mozilla project - that will make the bookkeeping much easier.

If not, I think it's fine to use the same GCP project - though if we do that, I'd rather this terraform configuration live in the pudl repo. I think one tfstate per GCP project is easier to think about.

[jdangerx]

Might want to add @bendnorman too.

[jdangerx]

So if we create a new Mozilla project, we'll need to actually follow this guide which basically says:

1. use a block such as this one to create a bucket to hold tfstate
2. only then do you configure the tfstate to be remote like in lines 1-4 - though point the gcs backend at the new bucket

If you want to stay in the PUDL project because the billing isn't separate, you can avoid making this new bucket and just use what we have already set up (the f344... bucket).

[jdangerx]

Note that you'll have to create a new "secret version" manually to actually hold a secret password value.

[zschira]

Ok so I've switched to using a dedicated mozilla project. We do have some funding for cloud resources, so we should be billing separately. It seems like that solves many of these problems.

I think I need someone else to create the project though, as I don't have permission

[jdangerx]

This seems like it'll mostly work, except for the whole "remote tfstate has to have a bucket, but the bucket has to be created by terraform first" thing. 🐣 I'm happy to pair on the operations of that if that makes life easier for you!

[jdangerx]

This is the right shape of things, but you'll run into issues with f34... bucket not existing in the new project! You'll have to:

1. take away this gcs backend
2. create a new state bucket with a new random prefix
3. re-configure this gcs backend with the new state bucket

It's fine to do that all locally before committing the changes, which should look exactly like this but with a different bucket name.

[jdangerx]

super-nit: might be a little easier to read later if this bucket prefix is defined right next to the only place it's used - the tfstate bucket.

[jdangerx]

Oh and I think either @zaneselvans or @bendnorman have permissions to create a new project.

[bendnorman]

Is this making everyone an editor on the entire project?