gitmurali · arun028 · Nov 12, 2025 · Nov 12, 2025 · Mar 4, 2026 · Mar 4, 2026
diff --git a/.github/workflows/cleanup.yml b/.github/workflows/cleanup.yml
@@ -1,3 +1,5 @@
+
+/*
 name: Terraform Cleanup
 
 on:
@@ -37,4 +39,6 @@ jobs:
       run: terraform plan -destroy -out=tfplan-destroy
 
     - name: 'Terraform Apply Destroy'
-      run: terraform apply -auto-approve tfplan-destroy
+      run: terraform apply -auto-approve tfplan-
+
+*/
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -16,8 +16,8 @@ jobs:
     env:
       AWS_REGION: 'us-east-1'
       TF_VERSION: '1.4.0'
-      TFLINT_VERSION: '0.46.1'  # Updated to a more recent version
-      TFSEC_VERSION: '1.28.1'   # Updated to a more recent version
+      #TFLINT_VERSION: '0.46.1'  # Updated to a more recent version
+      #TFSEC_VERSION: '1.28.1'   # Updated to a more recent version
 
     steps:
     - name: 'Checkout GitHub repository'
@@ -35,19 +35,6 @@ jobs:
       with:
         terraform_version: ${{ env.TF_VERSION }}
 
-    - name: 'Install TFLint'
-      run: |
-        curl -sLo tflint.zip https://github.com/terraform-linters/tflint/releases/download/v${{ env.TFLINT_VERSION }}/tflint_linux_amd64.zip
-        unzip tflint.zip -d /usr/local/bin/
-        tflint --version
-
-    - name: 'Install tfsec'
-      run: |
-        curl -sLo tfsec https://github.com/aquasecurity/tfsec/releases/download/v${{ env.TFSEC_VERSION }}/tfsec-linux-amd64
-        chmod +x tfsec
-        mv tfsec /usr/local/bin/
-        tfsec --version
-
     - name: 'Terraform Init'
       run: terraform init
 
@@ -57,14 +44,6 @@ jobs:
     - name: 'Terraform Validate'
       run: terraform validate
 
-    - name: 'TFLint'
-      run: |
-        tflint --init
-        tflint
-
-    - name: 'tfsec'
-      run: tfsec .
-
     - name: 'Terraform Plan'
       run: terraform plan -out=tfplan
 

diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,39 @@
+# --------------------------------------------------------------------
+# TERRAFORM FILES
+# --------------------------------------------------------------------
+# Local .terraform directories (contains downloaded providers & modules)
+.terraform/
+
+# Terraform state files (sensitive!)
+*.tfstate
+*.tfstate.*
+*.tfvars
+*.tfvars.json
+
+# Crash logs
+crash.log
+crash.*.log
+
+# Terraform plan output files
+*.plan
+
+# Override files (used locally)
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Provider plugins (large binaries)
+.terraformrc
+terraform.rc
+
+# --------------------------------------------------------------------
+# GITHUB ACTIONS FILES
+# --------------------------------------------------------------------
+# Workflow runs cache and logs
+*.log
+*.bak
+
+# Node modules if using JS-based actions
+node_modules/
+dist/
diff --git a/.tflint.hcl b/.tflint.hcl
diff --git a/backend.tf b/backend.tf
@@ -1,8 +1,8 @@
 terraform {
   backend "s3" {
-    bucket         = "my-terraform-state-bobby"
+    bucket         = "poyeda"
     region         = "us-east-1"
-    key            = "s3-github-actions/terraform.tfstate"
+    key            = "terraform/terraform-state/terraform.tfstate"
     encrypt = true
   }
   required_version = ">=0.13.0"

diff --git a/data.tf b/data.tf
@@ -0,0 +1,18 @@
+data "aws_vpc" "default" {
+  default = true
+}
+
+data "aws_subnets" "default" {
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.default.id]
+  }
+}
+
+data "aws_iam_role" "eks_cluster_role" {
+  name = "eksclusterrole"
+}
+
+data "aws_iam_role" "node_group_role" {
+  name = "ec2eksnode"
+}
diff --git a/main.tf b/main.tf
@@ -1,7 +1,7 @@
 provider "aws" {
   region = "us-east-1"
 }
-
+/*
 #tfsec:ignore:aws-s3-enable-bucket-logging
 resource "aws_s3_bucket" "example" {
   bucket = "my-tf-example-bucket-999"
@@ -38,7 +38,7 @@ resource "aws_s3_bucket_versioning" "versioning_example" {
 }
 
 resource "aws_kms_key" "mykey" {
-  description             = "This key is used to encrypt bucket objects"
+  description             = "This key is used to encrypt objects"
   enable_key_rotation     = true
   deletion_window_in_days = 7
 }
@@ -52,4 +52,36 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "example" {
       sse_algorithm     = "aws:kms"
     }
   }
+}
+*/
+
+
+resource "aws_eks_cluster" "eks_cluster" {
+
+  name     = var.cluster_name
+  role_arn = data.aws_iam_role.eks_cluster_role.arn
+
+  vpc_config {
+    subnet_ids = data.aws_subnets.default.ids
+  }
+
+}
+
+resource "aws_eks_node_group" "node_group" {
+
+  cluster_name    = aws_eks_cluster.eks_cluster.name
+  node_group_name = "demo-node-group"
+
+  node_role_arn = data.aws_iam_role.node_group_role.arn
+
+  subnet_ids = data.aws_subnets.default.ids
+
+  scaling_config {
+    desired_size = 2
+    max_size     = 3
+    min_size     = 1
+  }
+
+  instance_types = ["t3.micro"]
+
 }
diff --git a/output.tf b/output.tf
@@ -0,0 +1,7 @@
+output "cluster_endpoint" {
+  value = aws_eks_cluster.eks_cluster.endpoint
+}
+
+output "cluster_name" {
+  value = aws_eks_cluster.eks_cluster.name
+}
diff --git a/variable.tf b/variable.tf
@@ -0,0 +1,3 @@
+variable "cluster_name" {
+  default = "demo-eks-cluster"
+}