add example code so far

3 years ago · 517632ef68
parent 0088d7c8c1
commit 517632ef68
6 changed files with 128 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
+.terraform*
+*.tfstate*
--- a/README.md
+++ b/README.md
@ -1,2 +1,34 @@
 # terraform-live-example
 Example of a Terraform repo for managing infrastructure
+
+
+## Atlantis Setup
+
+1. Setup terraform state backend (S3 + DynamoDB)
+
+```
+aws cloudformation deploy \
+    --stack-name missionsa-atlantis-backend \
+    --template-file ./terraform-backend-cft.yaml
+```
+
+2. Setup secrets
+
+```
+aws ssm put-parameter \
+    --name "github_user" \
+    --type "String" \
+    --value "myusername"
+
+aws ssm put-parameter \
+    --name "github_token" \
+    --type "String" \
+    --value "myusertoken"
+```
+
+3. Terraform init and apply
+
+```
+terraform init
+terraform apply
+```
--- a/atlantis.tf
+++ b/atlantis.tf
@ -0,0 +1,41 @@
+module "vpc" {
+  source = "terraform-aws-modules/vpc/aws"
+
+  name = "atlantis"
+  cidr = "10.80.0.0/16"
+
+  azs             = ["us-west-2a", "us-west-2b", "us-west-2c"]
+  private_subnets = ["10.80.1.0/24", "10.80.2.0/24", "10.80.3.0/24"]
+  public_subnets  = ["10.80.11.0/24", "10.80.12.0/24", "10.80.13.0/24"]
+
+  enable_nat_gateway = true
+  single_nat_gateway = true
+}
+
+
+module "atlantis" {
+  source  = "terraform-aws-modules/atlantis/aws"
+  version = "~> 2.0"
+
+  name = "atlantis"
+
+  vpc_id             = module.vpc.vpc_id
+  private_subnet_ids = module.vpc.private_subnets
+  public_subnet_ids  = module.vpc.public_subnets
+  route53_zone_name = "missionsa.net"
+
+  atlantis_github_user       = data.aws_ssm_parameter.github_user.value
+  atlantis_github_user_token = data.aws_ssm_parameter.github_token.value
+  atlantis_repo_whitelist    = ["github.com/lalanza808/terraform-live-example"]
+
+  allow_unauthenticated_access = true
+  allow_github_webhooks        = true
+}
+
+data "aws_ssm_parameter" "github_user" {
+  name = "github_user"
+}
+
+data "aws_ssm_parameter" "github_token" {
+  name = "github_token"
+}
--- a/main.tf
+++ b/main.tf
@ -0,0 +1,12 @@
+provider "aws" {
+  region = "us-west-2"
+}
+
+terraform {
+  backend "s3" {
+    region = "us-west-2"
+    bucket = "missionsa-atlantis-backend"
+    key = "terraform.tfstate"
+    dynamodb_table = "missionsa-atlantis-backend"
+  }
+}
--- a/outputs.tf
+++ b/outputs.tf
@ -0,0 +1,7 @@
+output "atlantis_url" {
+  value = module.atlantis.atlantis_url
+}
+
+output "webhook_secret" {
+  value = module.atlantis.webhook_secret
+}
--- a/terraform-backend-cft.yaml
+++ b/terraform-backend-cft.yaml
@ -0,0 +1,34 @@
+AWSTemplateFormatVersion: 2010-09-09
+Description: Terraform backend - versioned, encrypted state storage and locking table
+Resources:
+  TerraformStateBucket:
+    Type: AWS::S3::Bucket
+    Properties:
+      AccessControl: Private
+      BucketEncryption:
+        ServerSideEncryptionConfiguration:
+        - ServerSideEncryptionByDefault:
+            SSEAlgorithm: AES256
+      BucketName: !Ref AWS::StackName
+      VersioningConfiguration:
+        Status: Enabled
+  TerraformStateTable:
+    Type: AWS::DynamoDB::Table
+    Properties:
+      AttributeDefinitions:
+        - AttributeName: LockID
+          AttributeType: S
+      KeySchema:
+        - AttributeName: LockID
+          KeyType: HASH
+      ProvisionedThroughput:
+        ReadCapacityUnits: 5
+        WriteCapacityUnits: 5
+      TableName: !Ref AWS::StackName
+Outputs:
+  TerraformStateBucketOutput:
+    Description: Bucket used to store Terraform remote state file
+    Value: !Ref TerraformStateBucket
+  TerraformStateTableOutput:
+    Description: DynamoDB table used for Terraform state locking functionality
+    Value: !Ref TerraformStateTable