diff --git a/.github/workflows/terraform-apply.yml b/.github/workflows/terraform-apply.yml index 74d8d1f..82307bb 100644 --- a/.github/workflows/terraform-apply.yml +++ b/.github/workflows/terraform-apply.yml @@ -1,23 +1,98 @@ -name: Terraform apply +name: Terraform Apply with Remote State run-name: ${{ github.actor }} is deploying on AWS 🚀 on: push: branches: - - feature/aws-s3-module + - mihai-satmarean-patch-1 jobs: Deploy-AWS-Ec2: runs-on: ubuntu-latest steps: + # Step 1: Configure AWS credentials - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v3 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_MARIUS }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_MARIUS }} aws-region: eu-central-1 + + # Step 2: Checkout the repository code - name: Checkout Repository uses: actions/checkout@v4 - - name: Deploy Infrastructure + + # Step 3: Ensure Terraform state S3 bucket exists + - name: Create Terraform State Bucket run: | - cd terraform/terraform-modules/tf-ec2-module/ + cd terraform/terraform-modules/state-bucket terraform init + terraform apply -auto-approve || echo "Bucket already exists, continuing..." + # Step 4: Reconfigure Backend to Use S3 + - name: Reconfigure Backend to S3 + run: | + cd terraform/terraform-modules/tf-ec2-module/ + terraform init -backend-config="bucket=terraform_state_bucket" \ + -backend-config="key=state/${GITHUB_REF#refs/heads/}/terraform.tfstate" \ + -backend-config="region=eu-central-1" + + # Step 5: Apply Terraform with S3 backend + - name: Finalize Infrastructure Deployment + run: | + cd terraform/terraform-modules/tf-ec2-module/ + terraform apply -auto-approve + + # Step 6: Refresh Terraform State to ensure it's up to date with AWS + - name: Refresh Terraform State + run: | + cd terraform/terraform-modules/tf-ec2-module/ + terraform refresh + # Step 7: Capture Terraform Outputs to Variables + - name: Capture Terraform Outputs + id: terraform_outputs + run: | + cd terraform/terraform-modules/tf-ec2-module/ + export VPC_ID=$(terraform output -raw vpc_id) + export PUBLIC_SUBNET_ID=$(terraform output -raw public_subnet_id) + export PRIVATE_SUBNET_ID=$(terraform output -raw private_subnet_id) + export SECURITY_GROUP_ID=$(terraform output -raw security_group_id) + echo "VPC_ID=$VPC_ID" >> $GITHUB_ENV + echo "PUBLIC_SUBNET_ID=$PUBLIC_SUBNET_ID" >> $GITHUB_ENV + echo "PRIVATE_SUBNET_ID=$PRIVATE_SUBNET_ID" >> $GITHUB_ENV + echo "SECURITY_GROUP_ID=$SECURITY_GROUP_ID" >> $GITHUB_ENV + + # Step 8: Validate Resources with AWS CLI + - name: List Resources Created by Terraform + run: | + # List VPC + echo "Listing VPC with ID: $VPC_ID" + aws ec2 describe-vpcs --vpc-ids $VPC_ID || echo "Failed to list VPC with ID: $VPC_ID" + + # List Public Subnet + echo "Listing Public Subnet with ID: $PUBLIC_SUBNET_ID" + aws ec2 describe-subnets --subnet-ids $PUBLIC_SUBNET_ID || echo "Failed to list Public Subnet with ID: $PUBLIC_SUBNET_ID" + + # List Private Subnet + echo "Listing Private Subnet with ID: $PRIVATE_SUBNET_ID" + aws ec2 describe-subnets --subnet-ids $PRIVATE_SUBNET_ID || echo "Failed to list Private Subnet with ID: $PRIVATE_SUBNET_ID" + + # List Security Group + echo "Listing Security Group with ID: $SECURITY_GROUP_ID" + aws ec2 describe-security-groups --group-ids $SECURITY_GROUP_ID || echo "Failed to list Security Group with ID: $SECURITY_GROUP_ID" + + # Step 9: Destroy Infrastructure + - name: Destroy Infrastructure + run: | + cd terraform/terraform-modules/tf-ec2-module/ terraform destroy -auto-approve + + # Step 10: Verify Resources are Destroyed + - name: Verify Resources are Destroyed + run: | + # Verify that resources were destroyed by listing them again + echo "Verifying VPC Destruction..." + aws ec2 describe-vpcs --vpc-ids $VPC_ID || echo "VPC with ID $VPC_ID does not exist." + echo "Verifying Public Subnet Destruction..." + aws ec2 describe-subnets --subnet-ids $PUBLIC_SUBNET_ID || echo "Public Subnet with ID $PUBLIC_SUBNET_ID does not exist." + echo "Verifying Private Subnet Destruction..." + aws ec2 describe-subnets --subnet-ids $PRIVATE_SUBNET_ID || echo "Private Subnet with ID $PRIVATE_SUBNET_ID does not exist." + echo "Verifying Security Group Destruction..." + aws ec2 describe-security-groups --group-ids $SECURITY_GROUP_ID || echo "Security Group with ID $SECURITY_GROUP_ID does not exist." diff --git a/terraform/terraform-modules/state-bucket/main.tf b/terraform/terraform-modules/state-bucket/main.tf new file mode 100644 index 0000000..72d2d70 --- /dev/null +++ b/terraform/terraform-modules/state-bucket/main.tf @@ -0,0 +1,42 @@ +# main.tf +provider "aws" { + region = "eu-central-1" +} + +# Local backend for initial setup +terraform { + backend "local" { + path = "terraform.tfstate" + } +} + +resource "aws_s3_bucket" "terraform_state_bucket" { + bucket = "terraform-state-${terraform.workspace}" + acl = "private" + force_destroy = true # For simplicity in training scenarios; remove in production. + + tags = { + Name = "Terraform State Bucket" + } +} + +resource "aws_s3_bucket_versioning" "state_bucket_versioning" { + bucket = aws_s3_bucket.terraform_state_bucket.id + + versioning_configuration { + status = "Enabled" + } +} + +# Terraform backend configuration post-initialization +output "backend_config" { + value = <