- This repo contains the source for a Azure DevOps CI/CD Pipeline that integrates and deploys WordPress on AWS EKS with monitoring, logging, static application security testing, and container vulnerability scanning
- The pipeline script builds a container image of our custom WordPress installation using Docker.
- Then it pushes the image to Docker Hub.
- Then it provisions an EKS Kubernetes cluster on AWS using Terraform.
- After that, it creates a Let's Encrypt SSL Certificate still using Terraform.
- Sensitive data are passed to the cluster by converting Ansible Jinja2 template files to regular files while passing secrets to them from Ansible Vault
- Then it provisions an AWS load balancer controller on AWS using Terraform and Helm
- Afterwards, it deploys Prometheus and Grafana for monitoring using Terraform and Helm charts.
- Using Terraform and Helm again, it deploys the Elastic Stack (Elasticsearch, Logstash, Kibana, and Filebeat)
- Next, it scans the docker image for vulnerabilities using Trivy.
- Then it deploys WordPress.
Create the following variables in a file called secrets.yml
- db_user
- db_password
- dp_port
- email_password
- mail_server
- slack_api
Then encrypt the secrets.yml file with ansible vault.
- Once the variables and sensitive information are in place,
cd
into the backend directory and adjust thevariables.tf
. - Open the
s3.tf
file and comment outforce_destroy = true
in theaws_s3_bucket
resource block. - Then run
terraform init && terraform apply -auto-approve
- Install SonarQube extension and Trivy extension from Visual Studio Marketplace
- Create a file -
.pass.txt
- containing your ansible vault password. - Upload the file to the secure files library of your Azure DevOps project.
- Create a variable group with the following variable names:
- access_key_id
- account_id
- arn
- db_name
- docker_password
- docker_username
- password
- region
- secret_access_key
- username
- Value of
access_key_id
should be AWS access key ID - Value of
secret_access_key
should be AWS secret access key - Value of
account_id
should be AWS Account ID - Value of
docker_password
should be your Docker password - Value of
docker_username
should be your Docker username - Value of
username
should be database username - Value of
password
should be database password - Value of
db_name
should be database name - Value of
arn
should be your AWS ARN - Value of
email
should be email address for SSL certificate - Value of
region
should be the AWS region you're working in
- Then Build.