provision aws resources

Tarhche · Dec 22, 2024 · 049873d · 049873d
1 parent 0e8b49d
commit 049873d
Show file tree

Hide file tree

Showing 7 changed files with 323 additions and 5 deletions.
diff --git a/.github/workflows/backend.yaml b/.github/workflows/backend.yaml
@@ -11,6 +11,10 @@ on:
       - .github/**
       - backend/**
 
+defaults:
+  run:
+    working-directory: ./backend
+
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: backend
@@ -30,7 +34,7 @@ jobs:
 
       - name: Run unit tests
         run: |
-          cd ./backend && go test ./... -v -race -cover
+          go test ./... -v -race -cover
 
       - name: Provide image name and version
         run: |
@@ -41,7 +45,7 @@ jobs:
 
       - name: Build image
         run: |
-          cd ./backend && docker build . --file Dockerfile --target production --tag $IMAGE_ID:$IMAGE_VERSION --tag $IMAGE_ID:latest
+          docker build . --file Dockerfile --target production --tag $IMAGE_ID:$IMAGE_VERSION --tag $IMAGE_ID:latest
 
   cd:
     runs-on: ubuntu-latest
@@ -69,7 +73,7 @@ jobs:
 
       - name: Build image
         run: |
-          cd ./backend && docker build . --file Dockerfile --target production --tag $IMAGE_ID:$IMAGE_VERSION --tag $IMAGE_ID:latest
+          docker build . --file Dockerfile --target production --tag $IMAGE_ID:$IMAGE_VERSION --tag $IMAGE_ID:latest
 
       - name: Log in to registry
         run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin

diff --git a/.github/workflows/frontend.yaml b/.github/workflows/frontend.yaml
@@ -11,6 +11,10 @@ on:
       - .github/**
       - frontend/**
 
+defaults:
+  run:
+    working-directory: ./frontend
+
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: frontend
@@ -36,7 +40,7 @@ jobs:
 
       - name: Build image
         run: |
-          cd ./frontend && docker build . --file Dockerfile --target production --tag $IMAGE_ID:$IMAGE_VERSION --tag $IMAGE_ID:latest
+          docker build . --file Dockerfile --target production --tag $IMAGE_ID:$IMAGE_VERSION --tag $IMAGE_ID:latest
 
   cd:
     runs-on: ubuntu-latest
@@ -64,7 +68,7 @@ jobs:
 
       - name: Build image
         run: |
-          cd ./frontend && docker build . --file Dockerfile --target production --tag $IMAGE_ID:$IMAGE_VERSION --tag $IMAGE_ID:latest
+          docker build . --file Dockerfile --target production --tag $IMAGE_ID:$IMAGE_VERSION --tag $IMAGE_ID:latest
 
       - name: Log in to registry
         run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin

diff --git a/.github/workflows/infrastructure.yaml b/.github/workflows/infrastructure.yaml
@@ -0,0 +1,82 @@
+name: Infrastructure CI and CD
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - .github/**
+      - infrastructure/**
+  pull_request:
+    paths:
+      - .github/**
+      - infrastructure/**
+
+defaults:
+  run:
+    working-directory: ./infrastructure
+
+env:
+  TF_VAR_project_name: tarhche
+  TF_VAR_instance_name: backend
+  TF_VAR_ssh_public_key: $(shell cat ssh-public-key.pub)
+
+jobs:
+  ci:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+
+      - name: Terraform Format
+        id: fmt
+        run: terraform fmt -check
+
+      - name: Terraform Init
+        id: init
+        run: terraform init
+
+      - name: Terraform Validate
+        id: validate
+        run: terraform validate -no-color
+
+      - name: Terraform Plan
+        run: terraform plan -no-color -input=false
+        continue-on-error: true
+
+  cd:
+    runs-on: ubuntu-latest
+
+    # This job will be invoked only on default branch
+    if: ${{ always() && format('refs/heads/{0}', github.event.repository.default_branch) == github.ref }}
+
+    needs:
+      - ci
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+
+      - name: Terraform Apply
+        run: terraform apply -auto-approve -input=false
+        continue-on-error: true
diff --git a/infrastructure/.gitignore b/infrastructure/.gitignore
@@ -0,0 +1,10 @@
+/.idea
+
+# SSH keys
+/*.pem
+/*.pub
+
+# Terraform files
+*.tfstate
+*.tfstate.backup
+.terraform/
diff --git a/infrastructure/.terraform.lock.hcl b/infrastructure/.terraform.lock.hcl
diff --git a/infrastructure/Makefile b/infrastructure/Makefile
@@ -0,0 +1,28 @@
+export TF_VAR_project_name	 = tarhche
+export TF_VAR_instance_name	 = backend
+export TF_VAR_ssh_public_key = $(shell cat ssh-public-key.pub)
+export EC2_SSH_ADDRESS		 =
+
+validate:
+	terraform validate
+
+fmt: 
+	terraform fmt
+
+init:
+	terraform init
+
+state:
+	terraform state list
+
+plan:
+	terraform plan
+
+apply:
+	terraform apply
+
+public_key:
+	ssh-keygen -y -f ssh-private-key.pem > ssh-public-key.pub
+
+ssh:
+	ssh -i "ssh-private-key.pem" ${EC2_SSH_ADDRESS}
diff --git a/infrastructure/backend.tf b/infrastructure/backend.tf
@@ -0,0 +1,166 @@
+provider "aws" {
+  region = "eu-central-1"
+}
+
+variable "project_name" {
+  description = "Project tag given to each deployed Instance"
+  type        = string
+}
+
+variable "instance_name" {
+  description = "instance_name"
+  type        = string
+}
+
+variable "ssh_public_key" {
+  description = "SSH public key"
+  type        = string
+}
+
+import {
+  to = aws_security_group.backend
+  id = "sg-0c4446cdf14777251"
+}
+
+resource "aws_security_group" "backend" {
+  name        = var.instance_name
+  description = "Allow HTTP, HTTPS, and SSH inbound traffic"
+
+  tags = {
+    project_name = var.project_name
+  }
+
+  # Allow SSH (port 22) from any IP address
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  # Allow HTTP (port 80) from any IP address
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"] # Allow HTTP from anywhere
+  }
+
+  # Allow HTTPS (port 443) from any IP address
+  ingress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  # Allow all outbound traffic
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1" # all protocols
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+import {
+  to = aws_key_pair.ssh_public_key
+  id = var.instance_name
+}
+
+resource "aws_key_pair" "ssh_public_key" {
+  key_name   = var.instance_name
+  public_key = var.ssh_public_key
+
+  tags = {
+    project_name = var.project_name
+  }
+}
+
+import {
+  to = aws_ebs_volume.backend
+  id = "vol-049e49d7d06022dbf"
+}
+
+resource "aws_ebs_volume" "backend" {
+  availability_zone = aws_instance.backend.availability_zone
+  encrypted   = false
+  size        = 10
+
+  tags = {
+    project_name = var.project_name
+  }
+}
+
+import {
+  to = aws_volume_attachment.backend
+  id = "/dev/xvdf:vol-049e49d7d06022dbf:i-056a0d00c631a50c8"
+}
+
+resource "aws_volume_attachment" "backend" {
+  device_name = "/dev/xvdf"
+  instance_id = aws_instance.backend.id
+  volume_id   = aws_ebs_volume.backend.id
+}
+
+import {
+  to = aws_instance.backend
+  id = "i-056a0d00c631a50c8"
+}
+
+resource "aws_instance" "backend" {
+  ami           = "ami-0e54671bdf3c8ed8d" # Amazon linux 2023
+  instance_type = "t2.micro"
+  key_name      = aws_key_pair.ssh_public_key.key_name
+
+  user_data = <<-EOT
+    #!/bin/bash
+    sudo mkfs.ext4 /dev/xvdf
+    sudo mkdir /volume_01
+    sudo mount /dev/xvdf /volume_01
+    sudo echo "/dev/xvdf /volume_01 ext4 defaults,nofail 0 0" | sudo tee -a /etc/fstab
+
+    sudo yum install wget -y python3
+    sudo yum install -y amazon-cloudwatch-agent jq htop vim docker
+    sudo systemctl enable docker.service
+    sudo systemctl start docker.service
+    sudo usermod -a -G docker ec2-user
+    id ec2-user
+    newgrp docker
+
+    docker swarm init --advertise-addr 192.168.99.100
+  EOT
+
+  root_block_device {
+    delete_on_termination = true
+    encrypted             = false
+    volume_size           = 20
+    volume_type           = "gp3"
+
+    tags = {
+      project_name = var.project_name
+    }
+  }
+
+  security_groups = [
+    aws_security_group.backend.name
+  ]
+
+  tags = {
+    project_name = var.project_name
+  }
+}
+
+import {
+  to = aws_eip.backend
+  id = "eipalloc-059996cf3898c0ab2"
+}
+
+resource "aws_eip" "backend" {
+  instance = aws_instance.backend.id
+  domain   = "vpc"
+
+  tags = {
+    project_name = var.project_name
+  }
+}