-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
0e8b49d
commit 76a8853
Showing
5 changed files
with
239 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
name: Infrastructure CI and CD | ||
on: | ||
push: | ||
branches: | ||
- main | ||
paths: | ||
- .github/** | ||
- infrastructure/** | ||
pull_request: | ||
paths: | ||
- .github/** | ||
- infrastructure/** | ||
|
||
env: | ||
TF_VAR_project_name: tarhche | ||
TF_VAR_instance_name: backend | ||
TF_VAR_ssh_public_key: $(shell cat ssh-public-key.pub) | ||
|
||
jobs: | ||
ci: | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
|
||
- name: Set up AWS credentials | ||
uses: aws-actions/configure-aws-credentials@v1 | ||
with: | ||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
aws-region: ${{ secrets.AWS_REGION }} | ||
|
||
- name: Setup Terraform | ||
uses: hashicorp/setup-terraform@v3 | ||
|
||
- name: Terraform Format | ||
id: fmt | ||
run: terraform fmt -check | ||
|
||
- name: Terraform Init | ||
id: init | ||
run: terraform init | ||
|
||
- name: Terraform Validate | ||
id: validate | ||
run: terraform validate -no-color | ||
|
||
- name: Terraform Plan | ||
run: terraform plan -no-color -input=false | ||
continue-on-error: true | ||
|
||
cd: | ||
runs-on: ubuntu-latest | ||
|
||
# This job will be invoked only on default branch | ||
if: ${{ always() && format('refs/heads/{0}', github.event.repository.default_branch) == github.ref }} | ||
|
||
needs: | ||
- ci | ||
|
||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
|
||
- name: Set up AWS credentials | ||
uses: aws-actions/configure-aws-credentials@v1 | ||
with: | ||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
aws-region: ${{ secrets.AWS_REGION }} | ||
|
||
- name: Setup Terraform | ||
uses: hashicorp/setup-terraform@v3 | ||
|
||
- name: Terraform Apply | ||
run: terraform apply -auto-approve -input=false | ||
continue-on-error: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
/.idea | ||
|
||
# SSH keys | ||
/*.pem | ||
/*.pub | ||
|
||
# Terraform files | ||
*.tfstate | ||
*.tfstate.backup | ||
.terraform/ |
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
export TF_VAR_project_name = tarhche | ||
export TF_VAR_instance_name = backend | ||
export TF_VAR_ssh_public_key = $(shell cat ssh-public-key.pub) | ||
export EC2_SSH_ADDRESS = | ||
|
||
validate: | ||
terraform validate | ||
|
||
init: | ||
terraform init | ||
|
||
state: | ||
terraform state list | ||
|
||
plan: | ||
terraform plan | ||
|
||
apply: | ||
terraform apply | ||
|
||
public_key: | ||
ssh-keygen -y -f ssh-private-key.pem > ssh-public-key.pub | ||
|
||
ssh: | ||
ssh -i "ssh-private-key.pem" ${EC2_SSH_ADDRESS} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,102 @@ | ||
provider "aws" { | ||
region = "eu-central-1" | ||
} | ||
|
||
variable "project_name" { | ||
description = "Project tag given to each deployed Instance" | ||
type = string | ||
} | ||
|
||
variable "instance_name" { | ||
description = "instance_name" | ||
type = string | ||
} | ||
|
||
variable "ssh_public_key" { | ||
description = "SSH public key" | ||
type = string | ||
} | ||
|
||
resource "aws_security_group" "backend" { | ||
name = var.instance_name | ||
description = "Allow HTTP, HTTPS, and SSH inbound traffic" | ||
|
||
tags = { | ||
project_name = var.project_name | ||
} | ||
|
||
# Allow SSH (port 22) from any IP address | ||
ingress { | ||
from_port = 22 | ||
to_port = 22 | ||
protocol = "tcp" | ||
cidr_blocks = ["0.0.0.0/0"] | ||
} | ||
|
||
# Allow HTTP (port 80) from any IP address | ||
ingress { | ||
from_port = 80 | ||
to_port = 80 | ||
protocol = "tcp" | ||
cidr_blocks = ["0.0.0.0/0"] # Allow HTTP from anywhere | ||
} | ||
|
||
# Allow HTTPS (port 443) from any IP address | ||
ingress { | ||
from_port = 443 | ||
to_port = 443 | ||
protocol = "tcp" | ||
cidr_blocks = ["0.0.0.0/0"] | ||
} | ||
|
||
# Allow all outbound traffic | ||
egress { | ||
from_port = 0 | ||
to_port = 0 | ||
protocol = "-1" # all protocols | ||
cidr_blocks = ["0.0.0.0/0"] | ||
} | ||
} | ||
|
||
resource "aws_key_pair" "ssh_public_key" { | ||
key_name = var.instance_name | ||
public_key = var.ssh_public_key | ||
|
||
tags = { | ||
project_name = var.project_name | ||
} | ||
} | ||
|
||
resource "aws_instance" "backend" { | ||
ami = "ami-0e54671bdf3c8ed8d" # Amazon linux 2023 | ||
instance_type = "t2.micro" | ||
key_name = aws_key_pair.ssh_public_key.key_name | ||
|
||
root_block_device { | ||
delete_on_termination = true | ||
encrypted = false | ||
volume_size = 15 | ||
volume_type = "gp3" | ||
|
||
tags = { | ||
project_name = var.project_name | ||
} | ||
} | ||
|
||
security_groups = [ | ||
aws_security_group.backend.name | ||
] | ||
|
||
tags = { | ||
project_name = var.project_name | ||
} | ||
} | ||
|
||
resource "aws_eip" "backend" { | ||
instance = aws_instance.backend.id | ||
domain = "vpc" | ||
|
||
tags = { | ||
project_name = var.project_name | ||
} | ||
} |