Skip to content

Commit

Permalink
provision aws resources
Browse files Browse the repository at this point in the history
  • Loading branch information
khanzadimahdi committed Dec 21, 2024
1 parent 0e8b49d commit 76a8853
Show file tree
Hide file tree
Showing 5 changed files with 239 additions and 0 deletions.
78 changes: 78 additions & 0 deletions .github/workflows/infrastructure.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
name: Infrastructure CI and CD
on:
push:
branches:
- main
paths:
- .github/**
- infrastructure/**
pull_request:
paths:
- .github/**
- infrastructure/**

env:
TF_VAR_project_name: tarhche
TF_VAR_instance_name: backend
TF_VAR_ssh_public_key: $(shell cat ssh-public-key.pub)

jobs:
ci:
runs-on: ubuntu-latest

steps:
- name: Checkout
uses: actions/checkout@v3

- name: Set up AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}

- name: Setup Terraform
uses: hashicorp/setup-terraform@v3

- name: Terraform Format
id: fmt
run: terraform fmt -check

- name: Terraform Init
id: init
run: terraform init

- name: Terraform Validate
id: validate
run: terraform validate -no-color

- name: Terraform Plan
run: terraform plan -no-color -input=false
continue-on-error: true

cd:
runs-on: ubuntu-latest

# This job will be invoked only on default branch
if: ${{ always() && format('refs/heads/{0}', github.event.repository.default_branch) == github.ref }}

needs:
- ci

steps:
- name: Checkout
uses: actions/checkout@v3

- name: Set up AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}

- name: Setup Terraform
uses: hashicorp/setup-terraform@v3

- name: Terraform Apply
run: terraform apply -auto-approve -input=false
continue-on-error: true
10 changes: 10 additions & 0 deletions infrastructure/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
/.idea

# SSH keys
/*.pem
/*.pub

# Terraform files
*.tfstate
*.tfstate.backup
.terraform/
24 changes: 24 additions & 0 deletions infrastructure/.terraform.lock.hcl

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

25 changes: 25 additions & 0 deletions infrastructure/Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
export TF_VAR_project_name = tarhche
export TF_VAR_instance_name = backend
export TF_VAR_ssh_public_key = $(shell cat ssh-public-key.pub)
export EC2_SSH_ADDRESS =

validate:
terraform validate

init:
terraform init

state:
terraform state list

plan:
terraform plan

apply:
terraform apply

public_key:
ssh-keygen -y -f ssh-private-key.pem > ssh-public-key.pub

ssh:
ssh -i "ssh-private-key.pem" ${EC2_SSH_ADDRESS}
102 changes: 102 additions & 0 deletions infrastructure/backend.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
provider "aws" {
region = "eu-central-1"
}

variable "project_name" {
description = "Project tag given to each deployed Instance"
type = string
}

variable "instance_name" {
description = "instance_name"
type = string
}

variable "ssh_public_key" {
description = "SSH public key"
type = string
}

resource "aws_security_group" "backend" {
name = var.instance_name
description = "Allow HTTP, HTTPS, and SSH inbound traffic"

tags = {
project_name = var.project_name
}

# Allow SSH (port 22) from any IP address
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}

# Allow HTTP (port 80) from any IP address
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"] # Allow HTTP from anywhere
}

# Allow HTTPS (port 443) from any IP address
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}

# Allow all outbound traffic
egress {
from_port = 0
to_port = 0
protocol = "-1" # all protocols
cidr_blocks = ["0.0.0.0/0"]
}
}

resource "aws_key_pair" "ssh_public_key" {
key_name = var.instance_name
public_key = var.ssh_public_key

tags = {
project_name = var.project_name
}
}

resource "aws_instance" "backend" {
ami = "ami-0e54671bdf3c8ed8d" # Amazon linux 2023
instance_type = "t2.micro"
key_name = aws_key_pair.ssh_public_key.key_name

root_block_device {
delete_on_termination = true
encrypted = false
volume_size = 15
volume_type = "gp3"

tags = {
project_name = var.project_name
}
}

security_groups = [
aws_security_group.backend.name
]

tags = {
project_name = var.project_name
}
}

resource "aws_eip" "backend" {
instance = aws_instance.backend.id
domain = "vpc"

tags = {
project_name = var.project_name
}
}

0 comments on commit 76a8853

Please sign in to comment.