Skip to content

Latest commit

 

History

History
27 lines (24 loc) · 4.88 KB

ReadMe.md

File metadata and controls

27 lines (24 loc) · 4.88 KB

License: UnlicenseGitHub pull-requests closedGitHub pull-requests GitHub issues-closedGitHub issues terraform-infra-provisioning checkov-static-analysis-scan infracost Image

Motivation

My objectives was to create an application load balancer and attach that to three Amazon EC2 instances hosted in three different availability zones in a region using Terraform and GitHub Actions.


If you are interested in learning about how to create an external application load balancer with Amazon EC2 instances in a private subnet, check out the code in this repository: add-aws-elb-ec2-private-subnet-terraform
Later, I also automated the process of provisioning the resources using GitHub Actions pipeline and I discussed that in detail at -CI-CD with Terraform and GitHub Actions to deploy to AWS.
If you are interested in learning about how to create an external application load balancer with Amazon EC2 instances in a private subnet, check out the code in this repository: add-aws-elb-ec2-terraform
I also added Infracost estimates to this repository. You can checkout the monthly cost badge at the top of this ReadMe file with the cost details. If you are interested in learning about that, checkout my note on - estimate AWS Cloud resource cost with Infracost, Terraform, and GitHub Actions.


Note: I did not include the concepts of creating the EC2 instances, or installing a certificate, or route53 in this note.

Prerequisites

For this code to function without errors, I created an OpenID connect identity provider in Amazon Identity and Access Management that has a trust relationship with this GitHub repository. You can read about it here to get a detailed explanation with steps.
I stored the ARN of the IAM Role as a GitHub secret which is referred in the terraform.yml file.
As part of the Infracost integration, I also created a INFRACOST_API_KEY and stored that as a GitHub Actions secret. I also managed the cost estimate process using a GitHub Actions variable INFRACOST_SCAN_TYPE where the value is either hcl_code or tf_plan, depending on the type of scan desired.

Usage

Ensure that the policy attached to the IAM role whose credentials are being used in this configuration has permission to create and manage all the resources that are included in this repository.

Review the code including the terraform.yml to understand the steps in the GitHub Actions pipeline. Also review the terraform code to understand all the concepts associated with creating an AWS VPC, subnets, internet gateway, route table, and route table association.
If you want to check the pipeline logs, click on the Build Badge (terrform-infra-provisioning) above the image in this ReadMe.

License

This code is released under the Unlincse License. See LICENSE.