Merge pull request #71 from mihai-satmarean/feature/aws-s3-module-darius

Feature/aws s3 module darius

.github/workflows/terraform-apply.yml

@@ -0,0 +1,130 @@
+name: Terraform Apply with Remote State
+run-name: ${{ github.actor }} is deploying on AWS 🚀
+on:
+  push:
+    branches: 
+      - feature/aws-s3-module
+jobs:
+  Deploy-AWS-Ec2:
+    runs-on: ubuntu-latest
+    steps:
+      #Step 0: Read user mapping
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Read User Mapping
+        id: user-mapping
+        run: |
+          user_mapping=$(cat .github/workflows/user-mapping.json)
+          github_actor=${{ github.actor }}
+
+          echo "User mapping: $user_mapping"
+          echo "GitHub actor: $github_actor"
+
+          user_data=$(echo "$user_mapping" | jq -r '[".$github_actor"]')
+
+          if [[ -z "$user_data" ]]; then
+              echo "No user mapping found for $github_actor"
+              exit 1
+          fi
+
+          access_key_id=$(echo $user_data | jq -r '.AWS_SECRET_ACCESS_KEY_ID')
+          secret_access_key=$(echo $user_data | jq -r '.AWS_SECRET_ACCESS_KEY')
+
+          echo "Access key ID: $access_key_id"
+          echo "Secret access key: $secret_access_key"
+
+          echo "::set-output name=access_key_id::${access_key_id}"
+          echo "::set-output name=secret_access_key::${secret_access_key}"
+
+      - name: Print User Mapping
+        run: echo "${{ steps.user-mapping.outputs.user-mapping }}"
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v3
+        with:
+          aws-access-key-id: ${{ steps.read_mapping.outputs.access_key_id }}
+          aws-secret-access-key: ${{ steps.read_mapping.outputs.secret_access_key }}
+          aws-region: us-central-1
+
+      #- name: Checkout Repository
+      #  uses: actions/checkout@v4
+
+      # Step 3: Ensure Terraform state S3 bucket exists
+      - name: Create Terraform State Bucket
+        run: |
+          cd terraform/terraform-modules/state-bucket
+          terraform init
+          terraform apply -auto-approve || echo "Bucket already exists, continuing..."
+      # Step 4: Reconfigure Backend to Use S3
+      - name: Reconfigure Backend to S3
+        run: |
+          cd terraform/terraform-modules/tf-ec2-module/
+          terraform init -backend-config="bucket=terraform_state_bucket" \
+                         -backend-config="key=state/${GITHUB_REF#refs/heads/}/terraform.tfstate" \
+                         -backend-config="region=eu-central-1"
+
+      # Step 5: Apply Terraform with S3 backend
+      - name: Finalize Infrastructure Deployment
+        run: |
+          cd terraform/terraform-modules/tf-ec2-module/
+          terraform apply -auto-approve
+
+      # Step 6: Refresh Terraform State to ensure it's up to date with AWS
+      - name: Refresh Terraform State
+        run: |
+          cd terraform/terraform-modules/tf-ec2-module/
+          terraform refresh
+      # Step 7: Capture Terraform Outputs to Variables
+      - name: Capture Terraform Outputs
+        id: terraform_outputs
+        run: |
+          cd terraform/terraform-modules/tf-ec2-module/
+          export VPC_ID=$(terraform output -raw vpc_id)
+          export PUBLIC_SUBNET_ID=$(terraform output -raw public_subnet_id)
+          export PRIVATE_SUBNET_ID=$(terraform output -raw private_subnet_id)
+          export SECURITY_GROUP_ID=$(terraform output -raw security_group_id)
+          echo "VPC_ID=$VPC_ID" >> $GITHUB_ENV
+          echo "PUBLIC_SUBNET_ID=$PUBLIC_SUBNET_ID" >> $GITHUB_ENV
+          echo "PRIVATE_SUBNET_ID=$PRIVATE_SUBNET_ID" >> $GITHUB_ENV
+          echo "SECURITY_GROUP_ID=$SECURITY_GROUP_ID" >> $GITHUB_ENV
+
+      # Step 8: Validate Resources with AWS CLI
+      - name: List Resources Created by Terraform
+        run: |
+          # List VPC
+          echo "Listing VPC with ID: $VPC_ID"
+          aws ec2 describe-vpcs --vpc-ids $VPC_ID || echo "Failed to list VPC with ID: $VPC_ID"
+
+          # List Public Subnet
+          echo "Listing Public Subnet with ID: $PUBLIC_SUBNET_ID"
+          aws ec2 describe-subnets --subnet-ids $PUBLIC_SUBNET_ID || echo "Failed to list Public Subnet with ID: $PUBLIC_SUBNET_ID"
+
+          # List Private Subnet
+          echo "Listing Private Subnet with ID: $PRIVATE_SUBNET_ID"
+          aws ec2 describe-subnets --subnet-ids $PRIVATE_SUBNET_ID || echo "Failed to list Private Subnet with ID: $PRIVATE_SUBNET_ID"
+
+          # List Security Group
+          echo "Listing Security Group with ID: $SECURITY_GROUP_ID"
+          aws ec2 describe-security-groups --group-ids $SECURITY_GROUP_ID || echo "Failed to list Security Group with ID: $SECURITY_GROUP_ID"
+
+      # Step 9: Destroy Infrastructure
+      - name: Destroy Infrastructure
+        run: |
+          cd terraform/terraform-modules/tf-ec2-module/
+          terraform destroy -auto-approve
+
+      # Step 10: Verify Resources are Destroyed
+      - name: Verify Resources are Destroyed
+        run: |
+          # Verify that resources were destroyed by listing them again
+          echo "Verifying VPC Destruction..."
+          aws ec2 describe-vpcs --vpc-ids $VPC_ID || echo "VPC with ID $VPC_ID does not exist."
+          echo "Verifying Public Subnet Destruction..."
+          aws ec2 describe-subnets --subnet-ids $PUBLIC_SUBNET_ID || echo "Public Subnet with ID $PUBLIC_SUBNET_ID does not exist."
+          echo "Verifying Private Subnet Destruction..."
+          aws ec2 describe-subnets --subnet-ids $PRIVATE_SUBNET_ID || echo "Private Subnet with ID $PRIVATE_SUBNET_ID does not exist."
+          echo "Verifying Security Group Destruction..."
+          aws ec2 describe-security-groups --group-ids $SECURITY_GROUP_ID || echo "Security Group with ID $SECURITY_GROUP_ID does not exist."

.github/workflows/user-mapping.json

@@ -0,0 +1,11 @@
+{
+  "MariusB-DevOps": {
+    "AWS_SECRET_ACCESS_KEY": "AWS_SECRET_ACCESS_KEY_MARIUS",
+    "AWS_SECRET_KEY_ID": "AWS_SECRET_KEY_ID_MARIUS"
+  },
+  "another-user": {
+    "AWS_SECRET_ACCESS_KEY": "AWS_SECRET_ACCESS_KEY_USER2",
+    "AWS_SECRET_KEY_ID": "AWS_SECRET_KEY_ID_USER2"
+  }
+}
+

terraform/terraform-modules/state-bucket/main.tf

@@ -0,0 +1,41 @@
+# main.tf
+provider "aws" {
+  region = "eu-west-1"
+}
+
+# Local backend for initial setup
+terraform {
+  backend "local" {
+    path = "terraform.tfstate"
+  }
+}
+
+resource "aws_s3_bucket" "terraform_state_bucket" {
+  bucket        = "terraform-state-${terraform.workspace}"
+  force_destroy = true # For simplicity in training scenarios; remove in production.
+
+  tags = {
+    Name = "Terraform State Bucket"
+  }
+}
+
+resource "aws_s3_bucket_versioning" "state_bucket_versioning" {
+  bucket = aws_s3_bucket.terraform_state_bucket.id
+
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+# Terraform backend configuration post-initialization
+output "backend_config" {
+  value = <<EOT
+  bucket = "${aws_s3_bucket.terraform_state_bucket.bucket}"
+  key    = "state/${terraform.workspace}/terraform.tfstate"
+  region = "${var.region}"
+  EOT
+}
+
+variable "region" {
+  default = "eu-west-1"
+}

terraform/terraform-modules/tf-ec2-module/.gitignore

@@ -0,0 +1,26 @@
+# Local .terraform directories
+**/.terraform/*
+
+# Ignore variables files
+*.auto.tfvars
+
+# Ignore override files
+*.tfoverride
+
+# Ignore environment-specific files
+.envrc
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+# Ignore Terraform state files and providers
+terraform.tfstate
+terraform.lock.hcl
+
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*

terraform/terraform-modules/tf-ec2-module/README.md

@@ -0,0 +1,32 @@
+
+Project steps:
+1. Set Up Terraform:
+• Install Terraform on your local machine or use a cloud-based development environment.
+sudo apt install terraform
+• Configure Terraform to authenticate with AWS using environment variables or IAM roles.
+aws configure
+
+2. Infrastructure Requirements:
+• VPC: Create a VPC with a custom CIDR block (e.g., 10.0.0.0/16).
+• Subnets: Create two subnets within the VPC (e.g., one public and one private).
+• Route Table: Define a route table and associate it with the public subnet. Add a default route to the internet.
+• Internet Gateway: Attach an internet gateway to the VPC for internet connectivity.
+• Security Group: Security Group allowing HTTP connection from outside.
+
+3. We create the above resources using main.tf and variables.tf files. 
+We create an outputs.tf file to get information about created resources and we format the Terraform files using terraform fmt.
+
+4. Deploy Infrastructure:
+• Run the following Terraform commands:
+- terraform init to initialize the working directory.
+- terraform plan to review the execution plan.
+- terraform apply to deploy the infrastructure.
+
+5.   Validate the Deployment:
+• Verify the VPC and its components in the AWS Management Console.
+• Confirm that the public subnet has internet access.
+
+
+
+
+

terraform/terraform-modules/tf-ec2-module/apache.sh

@@ -0,0 +1,6 @@
+#! /bin/bash
+sudo apt-get update
+sudo apt-get install -y apache2
+sudo systemctl start apache2
+sudo systemctl enable apache2
+

terraform/terraform-modules/tf-ec2-module/key_pair.tf

@@ -0,0 +1,15 @@
+resource "aws_key_pair" "key_devops" {
+  key_name   = "keydevops"
+  public_key = tls_private_key.private_key.public_key_openssh
+}
+
+# RSA key of size 4096 bits
+resource "tls_private_key" "private_key" {
+  algorithm = "RSA"
+  rsa_bits  = 4096
+}
+
+resource "local_file" "tfkey" {
+  content  = tls_private_key.private_key.private_key_pem
+  filename = "tfkey"
+}

terraform/terraform-modules/tf-s3-module/local.tf → terraform/terraform-modules/tf-ec2-module/locals.tf

@@ -1,7 +1,7 @@
 locals {
   common_tags = {
     ManagedBy = "Terraform"
-    Owner     = var.owner
-    Env       = var.name
+
   }
 }
+