-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
0e8b49d
commit 8cd935e
Showing
5 changed files
with
234 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
name: Infrastructure CI and CD | ||
on: | ||
push: | ||
branches: | ||
- main | ||
paths: | ||
- .github/** | ||
- infrastructure/** | ||
pull_request: | ||
paths: | ||
- .github/** | ||
- infrastructure/** | ||
|
||
env: | ||
TF_VAR_PROJECT_NAME: tarhche | ||
TF_VAR_INSTANCE_NAME: backend | ||
TF_VAR_SSH_PUBLIC_KEY: $(shell cat ssh-public-key.pub) | ||
|
||
jobs: | ||
ci: | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
|
||
- name: Set up AWS credentials | ||
uses: aws-actions/configure-aws-credentials@v1 | ||
with: | ||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
|
||
- name: Setup Terraform | ||
uses: hashicorp/setup-terraform@v3 | ||
|
||
- name: Terraform Format | ||
id: fmt | ||
run: terraform fmt -check | ||
|
||
- name: Terraform Init | ||
id: init | ||
run: terraform init | ||
|
||
- name: Terraform Validate | ||
id: validate | ||
run: terraform validate -no-color | ||
|
||
- name: Terraform Plan | ||
run: terraform plan -no-color -input=false | ||
continue-on-error: true | ||
|
||
cd: | ||
runs-on: ubuntu-latest | ||
|
||
# This job will be invoked only on default branch | ||
if: ${{ always() && format('refs/heads/{0}', github.event.repository.default_branch) == github.ref }} | ||
|
||
needs: | ||
- ci | ||
|
||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
|
||
- name: Set up AWS credentials | ||
uses: aws-actions/configure-aws-credentials@v1 | ||
with: | ||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
|
||
- name: Setup Terraform | ||
uses: hashicorp/setup-terraform@v3 | ||
|
||
- name: Terraform Apply | ||
run: terraform apply -auto-approve -input=false | ||
continue-on-error: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
/.idea | ||
|
||
# SSH keys | ||
/*.pem | ||
/*.pub | ||
|
||
# Terraform files | ||
*.tfstate | ||
*.tfstate.backup | ||
.terraform/ |
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
export TF_VAR_PROJECT_NAME = tarhche | ||
export TF_VAR_INSTANCE_NAME = backend | ||
export TF_VAR_SSH_PUBLIC_KEY = $(shell cat ssh-public-key.pub) | ||
export TF_VAR_EC2_PRIVATE_KEY = | ||
|
||
validate: | ||
terraform validate | ||
|
||
init: | ||
terraform init | ||
|
||
plan: | ||
terraform plan | ||
|
||
apply: | ||
terraform apply | ||
|
||
public_key: | ||
ssh-keygen -y -f ssh-private-key.pem > ssh-public-key.pub | ||
|
||
ssh: | ||
ssh -i "ssh-private-key.pem" ${TF_VAR_EC2_PRIVATE_KEY} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,102 @@ | ||
provider "aws" { | ||
region = "eu-central-1" | ||
} | ||
|
||
variable "project_name" { | ||
description = "Project tag given to each deployed Instance" | ||
type = string | ||
} | ||
|
||
variable "instance_name" { | ||
description = "instance_name" | ||
type = string | ||
} | ||
|
||
variable "ssh_public_key" { | ||
description = "SSH public key" | ||
type = string | ||
} | ||
|
||
resource "aws_security_group" "backend" { | ||
name = var.instance_name | ||
description = "Allow HTTP, HTTPS, and SSH inbound traffic" | ||
|
||
tags = { | ||
project_name = var.project_name | ||
} | ||
|
||
# Allow SSH (port 22) from any IP address | ||
ingress { | ||
from_port = 22 | ||
to_port = 22 | ||
protocol = "tcp" | ||
cidr_blocks = ["0.0.0.0/0"] | ||
} | ||
|
||
# Allow HTTP (port 80) from any IP address | ||
ingress { | ||
from_port = 80 | ||
to_port = 80 | ||
protocol = "tcp" | ||
cidr_blocks = ["0.0.0.0/0"] # Allow HTTP from anywhere | ||
} | ||
|
||
# Allow HTTPS (port 443) from any IP address | ||
ingress { | ||
from_port = 443 | ||
to_port = 443 | ||
protocol = "tcp" | ||
cidr_blocks = ["0.0.0.0/0"] | ||
} | ||
|
||
# Allow all outbound traffic | ||
egress { | ||
from_port = 0 | ||
to_port = 0 | ||
protocol = "-1" # all protocols | ||
cidr_blocks = ["0.0.0.0/0"] | ||
} | ||
} | ||
|
||
resource "aws_key_pair" "ssh_public_key" { | ||
key_name = var.instance_name | ||
public_key = var.ssh_public_key | ||
|
||
tags = { | ||
project_name = var.project_name | ||
} | ||
} | ||
|
||
resource "aws_instance" "backend" { | ||
ami = "ami-0e54671bdf3c8ed8d" # Amazon linux 2023 | ||
instance_type = "t2.micro" | ||
key_name = aws_key_pair.ssh_public_key.key_name | ||
|
||
root_block_device { | ||
delete_on_termination = true | ||
encrypted = false | ||
volume_size = 15 | ||
volume_type = "gp3" | ||
|
||
tags = { | ||
project_name = var.project_name | ||
} | ||
} | ||
|
||
security_groups = [ | ||
aws_security_group.backend.name | ||
] | ||
|
||
tags = { | ||
project_name = var.project_name | ||
} | ||
} | ||
|
||
resource "aws_eip" "backend" { | ||
instance = aws_instance.backend.id | ||
domain = "vpc" | ||
|
||
tags = { | ||
project_name = var.project_name | ||
} | ||
} |