diff --git a/.github/workflows/apply.yml b/.github/workflows/apply.yml index 2416919..f09c4f4 100644 --- a/.github/workflows/apply.yml +++ b/.github/workflows/apply.yml @@ -5,54 +5,52 @@ on: types: [ closed ] jobs: - terraform-management: - name: "Terraform-modules" - runs-on: ubuntu-latest - env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRETE_ID }} - AWS_REGION: 'us-east-2' + # terraform-module: + # name: "Terraform-modules" + # runs-on: ubuntu-latest + # env: + # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_KEY_ID }} + # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRETE_ID }} + # AWS_REGION: 'ap-east-1' - steps: - - name: 'Checkout' - uses: actions/checkout@master - - name: 'Terraform Init' - uses: hashicorp/terraform-github-actions@master - with: - tf_actions_version: 0.12.13 - tf_actions_subcommand: 'init' - tf_actions_working_dir: './modules/vpc' - tf_actions_comment: true - - name: 'Terraform plan' - uses: hashicorp/terraform-github-actions@master - - with: - tf_actions_version: 0.12.13 - tf_actions_subcommand: 'plan' - tf_actions_working_dir: './modules/vpc' - tf_actions_comment: true - - name: 'Terraform apply' - uses: hashicorp/terraform-github-actions@master - with: - tf_actions_version: 0.12.13 - tf_actions_subcommand: 'apply' - tf_actions_working_dir: './modules/vpc' - tf_actions_comment: true - - name: run shell script - run: | - chmod +x ./deploy.sh - ./deploy.sh + # steps: + # - name: 'Checkout' + # uses: actions/checkout@master + # - name: 'Terraform Init' + # uses: hashicorp/terraform-github-actions@master + # with: + # tf_actions_version: 0.12.13 + # tf_actions_subcommand: 'init' + # tf_actions_working_dir: './modules/vpc' + # tf_actions_comment: true + # - name: 'Terraform plan' + # uses: hashicorp/terraform-github-actions@master + # with: + # tf_actions_version: 0.12.13 + # tf_actions_subcommand: 'plan' + # tf_actions_working_dir: './modules/vpc' + # tf_actions_comment: true + # - name: 'Terraform apply' + # uses: hashicorp/terraform-github-actions@master + # with: + # tf_actions_version: 0.12.13 + # tf_actions_subcommand: 'apply' + # tf_actions_working_dir: './modules/vpc' + # tf_actions_comment: true terraform: name: "Terraform" + needs: terraform-sandbox runs-on: ubuntu-latest env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRETE_ID }} - AWS_REGION: 'us-east-2' + AWS_REGION: 'eu-central-1' steps: - name: 'Checkout' uses: actions/checkout@master + - name: set-env + run: echo "tf_actions_working_dir=$(echo $tf_actions_working_dir | cut -c 1-6)" >> $GITHUB_ENV - name: 'Terraform Init' uses: hashicorp/terraform-github-actions@master with: @@ -60,8 +58,11 @@ jobs: tf_actions_subcommand: 'init' tf_actions_working_dir: './environments/production' tf_actions_comment: true + - name: 'Terraform plan' uses: hashicorp/terraform-github-actions@master + - name: set env + run: ./bin/deploy.sh -e $tf_actions_working_dir -o plan >> $GITHUB_ENV with: tf_actions_version: 0.12.13 tf_actions_subcommand: 'plan' @@ -76,11 +77,12 @@ jobs: tf_actions_comment: true terraform-sandbox: name: "sandbox-Terraform" + runs-on: ubuntu-latest env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRETE_ID }} - AWS_REGION: 'us-east-2' + AWS_REGION: 'ap-south-1' steps: - name: 'Checkout' @@ -105,4 +107,4 @@ jobs: tf_actions_version: 0.12.13 tf_actions_subcommand: 'apply' tf_actions_working_dir: './environments/sandbox' - tf_actions_comment: true + tf_actions_comment: true \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index aab3e64..bfce7b5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -11,7 +11,7 @@ jobs: env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRETE_ID }} - AWS_REGION: 'us-east-2' + AWS_REGION: 'ap-east-1' steps: - name: 'Checkout' @@ -23,20 +23,21 @@ jobs: tf_actions_subcommand: 'init' tf_actions_working_dir: './modules/vpc' tf_actions_comment: true - - name: 'Terraform plan' - uses: hashicorp/terraform-github-actions@master - with: - tf_actions_version: 0.12.13 - tf_actions_subcommand: 'plan' - tf_actions_working_dir: './modules/vpc' - tf_actions_comment: true - terraform-prod: - name: "Terraform-prod" + # - name: 'Terraform plan' + # uses: hashicorp/terraform-github-actions@master + # with: + # tf_actions_version: 0.12.13 + # tf_actions_subcommand: 'plan' + # tf_actions_working_dir: './modules/vpc' + # tf_actions_comment: true + terraform-sandbox: + name: "sandbox-Terraform" + needs: terraform-module runs-on: ubuntu-latest env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRETE_ID }} - AWS_REGION: 'us-east-2' + AWS_REGION: 'ap-south-1' steps: - name: 'Checkout' @@ -46,22 +47,23 @@ jobs: with: tf_actions_version: 0.12.13 tf_actions_subcommand: 'init' - tf_actions_working_dir: './environments/production' + tf_actions_working_dir: './environments/sandbox' tf_actions_comment: true - name: 'Terraform plan' uses: hashicorp/terraform-github-actions@master with: tf_actions_version: 0.12.13 tf_actions_subcommand: 'plan' - tf_actions_working_dir: './environments/production' - tf_actions_comment: true - terraform-sandbox: - name: "sandbox-Terraform" + tf_actions_working_dir: './environments/sandbox' + tf_actions_comment: true + terraform-prod: + name: "Terraform-prod" + needs: terraform-sandbox runs-on: ubuntu-latest env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRETE_ID }} - AWS_REGION: 'us-east-2' + AWS_REGION: 'eu-central-1' steps: - name: 'Checkout' @@ -71,12 +73,12 @@ jobs: with: tf_actions_version: 0.12.13 tf_actions_subcommand: 'init' - tf_actions_working_dir: './environments/sandbox' + tf_actions_working_dir: './environments/production' tf_actions_comment: true - name: 'Terraform plan' uses: hashicorp/terraform-github-actions@master with: tf_actions_version: 0.12.13 tf_actions_subcommand: 'plan' - tf_actions_working_dir: './environments/sandbox' + tf_actions_working_dir: './environments/production' tf_actions_comment: true \ No newline at end of file diff --git a/bin/deploy.sh b/bin/deploy.sh new file mode 100644 index 0000000..4e2baa5 --- /dev/null +++ b/bin/deploy.sh @@ -0,0 +1,145 @@ +#!/usr/bin/env bash + +# set -x # Un-comment to debug this script + +#TF_LOG=DEBUG; TF_LOG_PATH=~tf.log # Un-comment to debug terraform + +if [ -z "${BASH_VERSINFO[*]}" ] || [ -z "${BASH_VERSINFO[0]}" ] || [ "${BASH_VERSINFO[0]}" -lt 4 ]; then + echo "This script requires Bash version >= 4" + exit 1 +fi + +programname=$0 +SCRIPT_REL_DIR=$(dirname "${0}") +ROOT=$(realpath "$SCRIPT_REL_DIR/../") +cd "$ROOT" || exit + +TERRAFORM_OPTS=() + +# echo 'pull latest code ...' +# git pull origin master + +usage() { + echo "usage: $programname [-e environment] [-o operation]" + echo "MANDATORY:" + echo " -e, --environment VAL specify environment [global sandbox staging production management ops new_sandbox]" + echo " -o, --operation VAL specify operation [plan print_output apply]" + echo "OPTIONAL:" + echo " -a, --auto-approve TERRAFORM_OPTS: auto-approve on apply" + exit 1 +} + +parse_params() { + while [ ! $# -eq 0 ]; do + case "$1" in + --help | -h) + usage + exit + ;; + --environment | -e) + ENV=$2 + if [[ $ENV != "global" && $ENV != "sandbox" && $ENV != "staging" && $ENV != "production" && $ENV != "management" && $ENV != "ops" && $ENV != "new_sandbox" ]]; then + echo "Wrong environment: $ENV. Valid options: global sandbox staging production management ops" + exit 1 + fi + ;; + --operation | -o) + OPER=$2 + if [[ $OPER != "plan" && $OPER != "print_output" && $OPER != "apply" ]]; then + echo "Wrong operation: $OPER. Valid options: plan print_output apply" + exit 1 + fi + ;; + --auto-approve | -a) + if [[ $OPER == "apply" ]]; then + TERRAFORM_OPTS+=('-auto-approve') + fi + ;; + esac + shift + done +} + +print_params() { + echo "-------------------------------" + echo "ENV : $ENV" + echo "OPER : $OPER" + echo "-------------------------------" +} + +select_environment() { + ENVS=("global" "sandbox" "staging" "production" "management" "ops") + echo "Select environment:" + select var in "${ENVS[@]}"; do + ENV=$var + break + done +} + +select_oper() { + OPERS=("apply" "plan" "print_output") + echo "Select operation:" + select oper in "${OPERS[@]}"; do + OPER=$oper + break + done +} + +release_notes() { + RELEASE="RELEASES.md" + if ! grep -q "$PROJECT" $RELEASE; then + echo "#$PROJECT" >>$RELEASE + fi + DATE=$(date +%Y-%m-%d) + sed -i "/$PROJECT/a * **$DATE** - $DESCRIPTION" $RELEASE +} + +get_output_var() { + terraform output -json | jq -r ".$1.value" +} + +# Display output +display_output() { + terraform output +} + +do_project() { + # cd to env folder + cd "environments/$ENV" || exit + + # Deploy architecture + if [[ $OPER == "print_output" ]]; then + display_output + else + echo "Performing $OPER" + terraform "$OPER" "${TERRAFORM_OPTS[@]}" || exit 1 + fi +} + +update_shared_json() { + if [[ $ENV == "global" ]]; then + echo "[Skipping] Uploading shared.json to S3 - global env does not expose shared.json" + elif [[ $OPER != "apply" ]]; then + echo "[Skipping] Uploading shared.json to S3 - terraform outputs are updated only on apply" + else + echo 'Uploading shared.json to S3 ...' + + output=$(terraform output -json) + echo "$output" >shared.json + + aws s3 cp shared.json "s3://lambda-$ENV.spire.io/shared.json" + fi +} + +# execution sequence: +[[ $# -eq 0 ]] && usage +parse_params "$@" +print_params +# select_project +# select_environment +# select_oper +do_project +update_shared_json + +echo '' +echo 'done.' diff --git a/deploy.sh b/deploy.sh deleted file mode 100644 index 541ddaa..0000000 --- a/deploy.sh +++ /dev/null @@ -1 +0,0 @@ -this is madhu diff --git a/environments/production/variables.tf b/environments/production/variables.tf index 1d77dfa..45cdb67 100644 --- a/environments/production/variables.tf +++ b/environments/production/variables.tf @@ -3,7 +3,7 @@ variable "env" { } variable "region" { - default = "us-east-2" + default = "eu-central-1" } variable "zones" { @@ -11,21 +11,21 @@ variable "zones" { } variable "vpc_cidr" { - default = "10.0.0.0/16" + default = "10.100.0.0/16" } variable "public_subnet_cidr_blocks" { default = { - zone0 = "10.0.10.0/24" - zone1 = "10.0.20.0/24" - zone2 = "10.0.30.0/24" + zone0 = "10.100.10.0/24" + zone1 = "10.100.20.0/24" + zone2 = "10.100.30.0/24" } } variable "private_subnet_cidr_blocks" { default = { - zone0 = "10.0.11.0/24" - zone1 = "10.0.21.0/24" - zone2 = "10.0.31.0/24" + zone0 = "10.100.11.0/24" + zone1 = "10.100.21.0/24" + zone2 = "10.100.31.0/24" } } diff --git a/environments/production/vpc.tf b/environments/production/vpc.tf index 5ba3782..f58b0cd 100644 --- a/environments/production/vpc.tf +++ b/environments/production/vpc.tf @@ -1,3 +1,4 @@ +# VPC module "vpc" { source = "../../modules/vpc" vpc_cidr = var.vpc_cidr @@ -5,3 +6,5 @@ module "vpc" { region = var.region zones = var.zones } + +## Security groups diff --git a/environments/sandbox/variables.tf b/environments/sandbox/variables.tf index 1d77dfa..d9784ea 100644 --- a/environments/sandbox/variables.tf +++ b/environments/sandbox/variables.tf @@ -3,7 +3,7 @@ variable "env" { } variable "region" { - default = "us-east-2" + default = "ap-south-1" } variable "zones" { diff --git a/environments/sandbox/vpc.tf b/environments/sandbox/vpc.tf index 5ba3782..c3108d1 100644 --- a/environments/sandbox/vpc.tf +++ b/environments/sandbox/vpc.tf @@ -1,3 +1,4 @@ +# VPC module "vpc" { source = "../../modules/vpc" vpc_cidr = var.vpc_cidr diff --git a/modules/core/variables.tf b/modules/core/variables.tf new file mode 100644 index 0000000..e69de29 diff --git a/modules/vpc/main.tf b/modules/vpc/main.tf index 341708f..ce1d93a 100644 --- a/modules/vpc/main.tf +++ b/modules/vpc/main.tf @@ -5,7 +5,7 @@ # VPC resource "aws_vpc" "default" { cidr_block = var.vpc_cidr - enable_dns_hostnames = false + enable_dns_hostnames = true tags = { Environment = var.env diff --git a/modules/vpc/output.tf b/modules/vpc/output.tf new file mode 100644 index 0000000..846c56e --- /dev/null +++ b/modules/vpc/output.tf @@ -0,0 +1,23 @@ +output "vpc_id" { + value = aws_vpc.default.id +} + +output "vpc_public_subnets" { + value = aws_subnet.public.*.id +} + +output "vpc_private_subnets" { + value = aws_subnet.private.*.id +} + +output "lambda_subnets" { + value = aws_subnet.private.*.id +} + +output "vpc_private_rt" { + value = aws_route_table.main.id +} + +output "vpc_public_rt" { + value = aws_route_table.custom.id +} diff --git a/modules/vpc/variables.tf b/modules/vpc/variables.tf index 1d63aed..83df322 100644 --- a/modules/vpc/variables.tf +++ b/modules/vpc/variables.tf @@ -3,7 +3,7 @@ variable "env" { } variable "region" { - default = "us-west-2" + default = "ap-east-1" } variable "zones" { diff --git a/provider.tf b/provider.tf index 336dd3a..4c75b5a 100644 --- a/provider.tf +++ b/provider.tf @@ -1,4 +1,5 @@ provider "aws" { - region = var.region - version = "~> 2.70.0" + region = "us-east-2" + access_key = "AKIAXDSL7DJCYKZR6MFU" + secret_key = "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" } \ No newline at end of file