From 183f0d24685018a57b534fc727b3501de89addc2 Mon Sep 17 00:00:00 2001
From: Angela Tran <angela@compiler.la>
Date: Thu, 12 Oct 2023 22:31:27 +0000
Subject: [PATCH] docs(infra): add details on steps to be done manually

---
 terraform/README.md | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/terraform/README.md b/terraform/README.md
index a161985b..59d2ac19 100644
--- a/terraform/README.md
+++ b/terraform/README.md
@@ -125,4 +125,12 @@ Terraform is [`plan`](https://www.terraform.io/cli/commands/plan)'d when code is
 
 The steps we took to set up MST's environment are documented in [a separate Google Doc](https://docs.google.com/document/d/12uzuKyvyabHAOaeQc6k2jQIG5pQprdEyBpfST_dY2ME/edit#heading=h.1vs880ltbo58).
 
-This is not a complete step-by-step guide; more a list of things to remember. This may be useful as part of incident response.
+In general, the steps that must be done manually before the pipeline can be run are:
+
+- Create Resource Group and storage account dedicated to the Terraform state
+- Create container in storage account for Terraform state
+- Create environment Resource Group for each environment, Region: West US
+    - We create these manually to avoid having to give the pipeline service connection permissions for creating resource groups
+- Create Terraform workspace for each environment
+- Trigger a pipeline run to verify `plan` and `apply`
+- Known chicken-and-egg problem: Terraform both creates the Key Vault and expects a secret within it, so will always fail on the first deploy. Add the Benefits slack email secret and re-run the pipeline.