From d9c7ccda09c14b49914aa2154b95fd84b3182085 Mon Sep 17 00:00:00 2001 From: Christian Carlsson Date: Fri, 16 Aug 2024 11:03:35 +0100 Subject: [PATCH 01/15] feat: github workflows --- .github/workflows/terraform.yml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 .github/workflows/terraform.yml diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml new file mode 100644 index 00000000..25b4c880 --- /dev/null +++ b/.github/workflows/terraform.yml @@ -0,0 +1,28 @@ +name: terraform + +on: + push: + branches: + - main + +jobs: + terraform: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Terraform + uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.1.7 + + - name: Terraform Init + run: terraform init + + - name: Terraform Apply + run: terraform apply -auto-approve + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} From 1ab5ab3bc2237ece22a995d4c26b4e1d2a806be6 Mon Sep 17 00:00:00 2001 From: Christian Carlsson Date: Fri, 16 Aug 2024 11:04:09 +0100 Subject: [PATCH 02/15] checkpoint --- .github/workflows/terraform.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 25b4c880..8f98a103 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -4,6 +4,7 @@ on: push: branches: - main + - workflows jobs: terraform: From a163a7305e2782213b5d65c36693bbd536577c5b Mon Sep 17 00:00:00 2001 From: Christian Carlsson Date: Fri, 16 Aug 2024 11:07:10 +0100 Subject: [PATCH 03/15] checkpoint --- .github/workflows/terraform.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 8f98a103..e46a759d 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -21,9 +21,11 @@ jobs: - name: Terraform Init run: terraform init + working-directory: ./infra - name: Terraform Apply run: terraform apply -auto-approve + working-directory: ./infra env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} From 5b8fcb97e18a55dcc93d53231f961bf5fce2db96 Mon Sep 17 00:00:00 2001 From: Christian Carlsson Date: Fri, 16 Aug 2024 11:19:00 +0100 Subject: [PATCH 04/15] checkpoint --- infra/db.tf | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 infra/db.tf diff --git a/infra/db.tf b/infra/db.tf new file mode 100644 index 00000000..a31b6bfa --- /dev/null +++ b/infra/db.tf @@ -0,0 +1,58 @@ +provider "aws" { + region = "eu-west-2" +} + +resource "aws_db_instance" "db" { + allocated_storage = 20 # Minimum required storage in GB + storage_type = "gp2" # General Purpose SSD + engine = "postgres" # Specifies the database engine as PostgreSQL + engine_version = "16.4" # PostgreSQL version 16.4 + instance_class = "db.t3.micro" # Smallest instance type available + db_name = "getstronger" # Name of your database + username = "admin" # Master username + password = "yourpassword" # Master password + parameter_group_name = "default.postgres16" # Parameter group for PostgreSQL 16 + skip_final_snapshot = true # Skips the final snapshot on deletion + + # VPC & Subnet group settings + db_subnet_group_name = aws_db_subnet_group.default.name + publicly_accessible = false # Set to true if you need public access + + # Security group settings + vpc_security_group_ids = [aws_security_group.default.id] +} + +# Optional: Create a DB subnet group if you don't have one already +resource "aws_db_subnet_group" "default" { + name = "my-db-subnet-group" + subnet_ids = ["subnet-0977de5206e697577", "subnet-040d4c7a3aaa9a63d", "subnet-0cf0e0b715c1ec540"] # Replace with your subnet IDs + + tags = { + Name = "My DB subnet group" + } +} + +# Optional: Create a security group if you don't have one already +resource "aws_security_group" "default" { + name = "my-db-security-group" + description = "Allow DB access" + vpc_id = "vpc-016eba058ed193190" # Replace with your VPC ID + + ingress { + from_port = 5432 # PostgreSQL default port + to_port = 5432 + protocol = "tcp" + cidr_blocks = ["10.0.0.0/16"] # Adjust this range as needed + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + + tags = { + Name = "My DB security group" + } +} From 8cc1016e7047bf030cc3f7b4717b41623924a8fe Mon Sep 17 00:00:00 2001 From: Christian Carlsson Date: Fri, 16 Aug 2024 11:32:47 +0100 Subject: [PATCH 05/15] checkpoint --- .gitignore | 1 + infra/db.tf | 4 ++-- infra/variables.tf | 10 ++++++++++ 3 files changed, 13 insertions(+), 2 deletions(-) create mode 100644 infra/variables.tf diff --git a/.gitignore b/.gitignore index 8408599d..e7fa117f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ # Files .DS_Store +*.tfvars # Folders .idea/* diff --git a/infra/db.tf b/infra/db.tf index a31b6bfa..8a13678c 100644 --- a/infra/db.tf +++ b/infra/db.tf @@ -9,8 +9,8 @@ resource "aws_db_instance" "db" { engine_version = "16.4" # PostgreSQL version 16.4 instance_class = "db.t3.micro" # Smallest instance type available db_name = "getstronger" # Name of your database - username = "admin" # Master username - password = "yourpassword" # Master password + username = var.db_username # Master username + password = var.db_password # Master password parameter_group_name = "default.postgres16" # Parameter group for PostgreSQL 16 skip_final_snapshot = true # Skips the final snapshot on deletion diff --git a/infra/variables.tf b/infra/variables.tf new file mode 100644 index 00000000..2c5de1d6 --- /dev/null +++ b/infra/variables.tf @@ -0,0 +1,10 @@ +variable "db_username" { + description = "The username for the RDS instance" + type = string +} + +variable "db_password" { + description = "The password for the RDS instance" + type = string + sensitive = true +} From a69d99f0b6f882bc8af5e008141eaf53f6804cad Mon Sep 17 00:00:00 2001 From: Christian Carlsson Date: Fri, 16 Aug 2024 11:37:25 +0100 Subject: [PATCH 06/15] add env vars --- .github/workflows/terraform.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index e46a759d..9f79b63d 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -29,3 +29,5 @@ jobs: env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + TF_VAR_db_username: ${{ secrets.TF_VAR_DB_USERNAME }} + TF_VAR_db_password: ${{ secrets.TF_VAR_DB_PASSWORD }} From dd8b5bfc3491d260d119adbf3c2824ad921734da Mon Sep 17 00:00:00 2001 From: Christian Carlsson Date: Fri, 16 Aug 2024 11:40:20 +0100 Subject: [PATCH 07/15] checkpoint --- .github/workflows/{terraform.yml => terraform-apply.yml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename .github/workflows/{terraform.yml => terraform-apply.yml} (97%) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform-apply.yml similarity index 97% rename from .github/workflows/terraform.yml rename to .github/workflows/terraform-apply.yml index 9f79b63d..153475e5 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform-apply.yml @@ -1,4 +1,4 @@ -name: terraform +name: Terraform Apply on: push: From fa2449283562f7a6f6981fbc2c439ef9fc0e4a36 Mon Sep 17 00:00:00 2001 From: Christian Carlsson Date: Fri, 16 Aug 2024 11:40:30 +0100 Subject: [PATCH 08/15] checkpoint --- .github/workflows/terraform-apply.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/terraform-apply.yml b/.github/workflows/terraform-apply.yml index 153475e5..db97d190 100644 --- a/.github/workflows/terraform-apply.yml +++ b/.github/workflows/terraform-apply.yml @@ -4,7 +4,6 @@ on: push: branches: - main - - workflows jobs: terraform: From cd94b8ef3220f58a0f2dc70ec581fa40836a53b7 Mon Sep 17 00:00:00 2001 From: Christian Carlsson Date: Fri, 16 Aug 2024 11:46:28 +0100 Subject: [PATCH 09/15] checkpoint --- .github/workflows/terraform-validate.yml | 32 ++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 .github/workflows/terraform-validate.yml diff --git a/.github/workflows/terraform-validate.yml b/.github/workflows/terraform-validate.yml new file mode 100644 index 00000000..2e552555 --- /dev/null +++ b/.github/workflows/terraform-validate.yml @@ -0,0 +1,32 @@ +name: Terraform Validate + +on: + pull_request: + push: + branches: + - '**' + +jobs: + terraform: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Terraform + uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.1.7 + + - name: Terraform Format Check + run: terraform fmt -check -recursive + + - name: Terraform Init + run: terraform init + + - name: Terraform Validate + run: terraform validate + + - name: Terraform Plan + run: terraform plan From e5ed03c7f72627b52cc8941366277f12716c1b5f Mon Sep 17 00:00:00 2001 From: Christian Carlsson Date: Fri, 16 Aug 2024 11:48:25 +0100 Subject: [PATCH 10/15] checkpoint --- .github/workflows/terraform-validate.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/terraform-validate.yml b/.github/workflows/terraform-validate.yml index 2e552555..878c4b4d 100644 --- a/.github/workflows/terraform-validate.yml +++ b/.github/workflows/terraform-validate.yml @@ -1,10 +1,8 @@ name: Terraform Validate on: - pull_request: push: - branches: - - '**' + pull_request: jobs: terraform: From 45d8631966a4e2b561d4884ee44f6706f3305977 Mon Sep 17 00:00:00 2001 From: Christian Carlsson Date: Fri, 16 Aug 2024 11:49:32 +0100 Subject: [PATCH 11/15] checkpoint --- .github/workflows/terraform-validate.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/terraform-validate.yml b/.github/workflows/terraform-validate.yml index 878c4b4d..b5a4b81a 100644 --- a/.github/workflows/terraform-validate.yml +++ b/.github/workflows/terraform-validate.yml @@ -2,7 +2,6 @@ name: Terraform Validate on: push: - pull_request: jobs: terraform: From 73f8d99d8c4d793b00c610e940b10af718cebb48 Mon Sep 17 00:00:00 2001 From: Christian Carlsson Date: Fri, 16 Aug 2024 11:51:38 +0100 Subject: [PATCH 12/15] checkpoint --- infra/db.tf | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/infra/db.tf b/infra/db.tf index 8a13678c..a08e6124 100644 --- a/infra/db.tf +++ b/infra/db.tf @@ -3,20 +3,20 @@ provider "aws" { } resource "aws_db_instance" "db" { - allocated_storage = 20 # Minimum required storage in GB - storage_type = "gp2" # General Purpose SSD - engine = "postgres" # Specifies the database engine as PostgreSQL - engine_version = "16.4" # PostgreSQL version 16.4 - instance_class = "db.t3.micro" # Smallest instance type available - db_name = "getstronger" # Name of your database - username = var.db_username # Master username - password = var.db_password # Master password - parameter_group_name = "default.postgres16" # Parameter group for PostgreSQL 16 - skip_final_snapshot = true # Skips the final snapshot on deletion + allocated_storage = 20 # Minimum required storage in GB + storage_type = "gp2" # General Purpose SSD + engine = "postgres" # Specifies the database engine as PostgreSQL + engine_version = "16.4" # PostgreSQL version 16.4 + instance_class = "db.t3.micro" # Smallest instance type available + db_name = "getstronger" # Name of your database + username = var.db_username # Master username + password = var.db_password # Master password + parameter_group_name = "default.postgres16" # Parameter group for PostgreSQL 16 + skip_final_snapshot = true # Skips the final snapshot on deletion # VPC & Subnet group settings db_subnet_group_name = aws_db_subnet_group.default.name - publicly_accessible = false # Set to true if you need public access + publicly_accessible = false # Set to true if you need public access # Security group settings vpc_security_group_ids = [aws_security_group.default.id] @@ -24,8 +24,8 @@ resource "aws_db_instance" "db" { # Optional: Create a DB subnet group if you don't have one already resource "aws_db_subnet_group" "default" { - name = "my-db-subnet-group" - subnet_ids = ["subnet-0977de5206e697577", "subnet-040d4c7a3aaa9a63d", "subnet-0cf0e0b715c1ec540"] # Replace with your subnet IDs + name = "my-db-subnet-group" + subnet_ids = ["subnet-0977de5206e697577", "subnet-040d4c7a3aaa9a63d", "subnet-0cf0e0b715c1ec540"] # Replace with your subnet IDs tags = { Name = "My DB subnet group" @@ -36,13 +36,13 @@ resource "aws_db_subnet_group" "default" { resource "aws_security_group" "default" { name = "my-db-security-group" description = "Allow DB access" - vpc_id = "vpc-016eba058ed193190" # Replace with your VPC ID + vpc_id = "vpc-016eba058ed193190" # Replace with your VPC ID ingress { - from_port = 5432 # PostgreSQL default port + from_port = 5432 # PostgreSQL default port to_port = 5432 protocol = "tcp" - cidr_blocks = ["10.0.0.0/16"] # Adjust this range as needed + cidr_blocks = ["10.0.0.0/16"] # Adjust this range as needed } egress { From 82f7b65de92bd31d8d44d8d1660d1ac6400b9e75 Mon Sep 17 00:00:00 2001 From: Christian Carlsson Date: Fri, 16 Aug 2024 11:52:29 +0100 Subject: [PATCH 13/15] checkpoint --- .github/workflows/terraform-validate.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/terraform-validate.yml b/.github/workflows/terraform-validate.yml index b5a4b81a..de2ed039 100644 --- a/.github/workflows/terraform-validate.yml +++ b/.github/workflows/terraform-validate.yml @@ -18,12 +18,16 @@ jobs: - name: Terraform Format Check run: terraform fmt -check -recursive + working-directory: ./infra - name: Terraform Init run: terraform init + working-directory: ./infra - name: Terraform Validate run: terraform validate + working-directory: ./infra - name: Terraform Plan run: terraform plan + working-directory: ./infra From 88ddc1ef892d8292853be78be1f19196ef4eb209 Mon Sep 17 00:00:00 2001 From: Christian Carlsson Date: Fri, 16 Aug 2024 11:53:29 +0100 Subject: [PATCH 14/15] checkpoint --- .github/workflows/terraform-validate.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/terraform-validate.yml b/.github/workflows/terraform-validate.yml index de2ed039..80650ab5 100644 --- a/.github/workflows/terraform-validate.yml +++ b/.github/workflows/terraform-validate.yml @@ -31,3 +31,8 @@ jobs: - name: Terraform Plan run: terraform plan working-directory: ./infra + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + TF_VAR_db_username: ${{ secrets.TF_VAR_DB_USERNAME }} + TF_VAR_db_password: ${{ secrets.TF_VAR_DB_PASSWORD }} From 3daf85ebf0257d1fb0f959d2313813f3639d4115 Mon Sep 17 00:00:00 2001 From: Christian Carlsson Date: Fri, 16 Aug 2024 11:56:02 +0100 Subject: [PATCH 15/15] checkpoint --- .github/workflows/terraform-validate.yml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/.github/workflows/terraform-validate.yml b/.github/workflows/terraform-validate.yml index 80650ab5..43c66577 100644 --- a/.github/workflows/terraform-validate.yml +++ b/.github/workflows/terraform-validate.yml @@ -27,12 +27,3 @@ jobs: - name: Terraform Validate run: terraform validate working-directory: ./infra - - - name: Terraform Plan - run: terraform plan - working-directory: ./infra - env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - TF_VAR_db_username: ${{ secrets.TF_VAR_DB_USERNAME }} - TF_VAR_db_password: ${{ secrets.TF_VAR_DB_PASSWORD }}