diff --git a/.github/workflows/cleanup.yml b/.github/workflows/cleanup.yml index 1e5e957..081c66d 100644 --- a/.github/workflows/cleanup.yml +++ b/.github/workflows/cleanup.yml @@ -1,3 +1,5 @@ + +/* name: Terraform Cleanup on: @@ -37,4 +39,6 @@ jobs: run: terraform plan -destroy -out=tfplan-destroy - name: 'Terraform Apply Destroy' - run: terraform apply -auto-approve tfplan-destroy + run: terraform apply -auto-approve tfplan- + +*/ \ No newline at end of file diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index fb7d2d5..a748d44 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -16,8 +16,8 @@ jobs: env: AWS_REGION: 'us-east-1' TF_VERSION: '1.4.0' - TFLINT_VERSION: '0.46.1' # Updated to a more recent version - TFSEC_VERSION: '1.28.1' # Updated to a more recent version + #TFLINT_VERSION: '0.46.1' # Updated to a more recent version + #TFSEC_VERSION: '1.28.1' # Updated to a more recent version steps: - name: 'Checkout GitHub repository' @@ -35,19 +35,6 @@ jobs: with: terraform_version: ${{ env.TF_VERSION }} - - name: 'Install TFLint' - run: | - curl -sLo tflint.zip https://github.com/terraform-linters/tflint/releases/download/v${{ env.TFLINT_VERSION }}/tflint_linux_amd64.zip - unzip tflint.zip -d /usr/local/bin/ - tflint --version - - - name: 'Install tfsec' - run: | - curl -sLo tfsec https://github.com/aquasecurity/tfsec/releases/download/v${{ env.TFSEC_VERSION }}/tfsec-linux-amd64 - chmod +x tfsec - mv tfsec /usr/local/bin/ - tfsec --version - - name: 'Terraform Init' run: terraform init @@ -57,14 +44,6 @@ jobs: - name: 'Terraform Validate' run: terraform validate - - name: 'TFLint' - run: | - tflint --init - tflint - - - name: 'tfsec' - run: tfsec . - - name: 'Terraform Plan' run: terraform plan -out=tfplan diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..8ab511e --- /dev/null +++ b/.gitignore @@ -0,0 +1,39 @@ +# -------------------------------------------------------------------- +# TERRAFORM FILES +# -------------------------------------------------------------------- +# Local .terraform directories (contains downloaded providers & modules) +.terraform/ + +# Terraform state files (sensitive!) +*.tfstate +*.tfstate.* +*.tfvars +*.tfvars.json + +# Crash logs +crash.log +crash.*.log + +# Terraform plan output files +*.plan + +# Override files (used locally) +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Provider plugins (large binaries) +.terraformrc +terraform.rc + +# -------------------------------------------------------------------- +# GITHUB ACTIONS FILES +# -------------------------------------------------------------------- +# Workflow runs cache and logs +*.log +*.bak + +# Node modules if using JS-based actions +node_modules/ +dist/ \ No newline at end of file diff --git a/.tflint.hcl b/.tflint.hcl deleted file mode 100644 index 2b680b1..0000000 --- a/.tflint.hcl +++ /dev/null @@ -1,5 +0,0 @@ -plugin "aws" { - enabled = true - version = "0.24.0" - source = "github.com/terraform-linters/tflint-ruleset-aws" -} \ No newline at end of file diff --git a/backend.tf b/backend.tf index 7183871..52b79b5 100644 --- a/backend.tf +++ b/backend.tf @@ -1,8 +1,8 @@ terraform { backend "s3" { - bucket = "my-terraform-state-bobby" + bucket = "poyeda" region = "us-east-1" - key = "s3-github-actions/terraform.tfstate" + key = "terraform/terraform-state/terraform.tfstate" encrypt = true } required_version = ">=0.13.0" diff --git a/data.tf b/data.tf new file mode 100644 index 0000000..26b89da --- /dev/null +++ b/data.tf @@ -0,0 +1,18 @@ +data "aws_vpc" "default" { + default = true +} + +data "aws_subnets" "default" { + filter { + name = "vpc-id" + values = [data.aws_vpc.default.id] + } +} + +data "aws_iam_role" "eks_cluster_role" { + name = "eksclusterrole" +} + +data "aws_iam_role" "node_group_role" { + name = "ec2eksnode" +} \ No newline at end of file diff --git a/main.tf b/main.tf index 6165cc4..9573f19 100644 --- a/main.tf +++ b/main.tf @@ -1,7 +1,7 @@ provider "aws" { region = "us-east-1" } - +/* #tfsec:ignore:aws-s3-enable-bucket-logging resource "aws_s3_bucket" "example" { bucket = "my-tf-example-bucket-999" @@ -38,7 +38,7 @@ resource "aws_s3_bucket_versioning" "versioning_example" { } resource "aws_kms_key" "mykey" { - description = "This key is used to encrypt bucket objects" + description = "This key is used to encrypt objects" enable_key_rotation = true deletion_window_in_days = 7 } @@ -52,4 +52,36 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "example" { sse_algorithm = "aws:kms" } } +} +*/ + + +resource "aws_eks_cluster" "eks_cluster" { + + name = var.cluster_name + role_arn = data.aws_iam_role.eks_cluster_role.arn + + vpc_config { + subnet_ids = data.aws_subnets.default.ids + } + +} + +resource "aws_eks_node_group" "node_group" { + + cluster_name = aws_eks_cluster.eks_cluster.name + node_group_name = "demo-node-group" + + node_role_arn = data.aws_iam_role.node_group_role.arn + + subnet_ids = data.aws_subnets.default.ids + + scaling_config { + desired_size = 2 + max_size = 3 + min_size = 1 + } + + instance_types = ["t3.micro"] + } \ No newline at end of file diff --git a/output.tf b/output.tf new file mode 100644 index 0000000..ea39c35 --- /dev/null +++ b/output.tf @@ -0,0 +1,7 @@ +output "cluster_endpoint" { + value = aws_eks_cluster.eks_cluster.endpoint +} + +output "cluster_name" { + value = aws_eks_cluster.eks_cluster.name +} \ No newline at end of file diff --git a/variable.tf b/variable.tf new file mode 100644 index 0000000..0e010b4 --- /dev/null +++ b/variable.tf @@ -0,0 +1,3 @@ +variable "cluster_name" { + default = "demo-eks-cluster" +} \ No newline at end of file