add example code so far
parent
0088d7c8c1
commit
517632ef68
@ -0,0 +1,2 @@
|
||||
.terraform*
|
||||
*.tfstate*
|
@ -1,2 +1,34 @@
|
||||
# terraform-live-example
|
||||
Example of a Terraform repo for managing infrastructure
|
||||
|
||||
|
||||
## Atlantis Setup
|
||||
|
||||
1. Setup terraform state backend (S3 + DynamoDB)
|
||||
|
||||
```
|
||||
aws cloudformation deploy \
|
||||
--stack-name missionsa-atlantis-backend \
|
||||
--template-file ./terraform-backend-cft.yaml
|
||||
```
|
||||
|
||||
2. Setup secrets
|
||||
|
||||
```
|
||||
aws ssm put-parameter \
|
||||
--name "github_user" \
|
||||
--type "String" \
|
||||
--value "myusername"
|
||||
|
||||
aws ssm put-parameter \
|
||||
--name "github_token" \
|
||||
--type "String" \
|
||||
--value "myusertoken"
|
||||
```
|
||||
|
||||
3. Terraform init and apply
|
||||
|
||||
```
|
||||
terraform init
|
||||
terraform apply
|
||||
```
|
||||
|
@ -0,0 +1,41 @@
|
||||
module "vpc" {
|
||||
source = "terraform-aws-modules/vpc/aws"
|
||||
|
||||
name = "atlantis"
|
||||
cidr = "10.80.0.0/16"
|
||||
|
||||
azs = ["us-west-2a", "us-west-2b", "us-west-2c"]
|
||||
private_subnets = ["10.80.1.0/24", "10.80.2.0/24", "10.80.3.0/24"]
|
||||
public_subnets = ["10.80.11.0/24", "10.80.12.0/24", "10.80.13.0/24"]
|
||||
|
||||
enable_nat_gateway = true
|
||||
single_nat_gateway = true
|
||||
}
|
||||
|
||||
|
||||
module "atlantis" {
|
||||
source = "terraform-aws-modules/atlantis/aws"
|
||||
version = "~> 2.0"
|
||||
|
||||
name = "atlantis"
|
||||
|
||||
vpc_id = module.vpc.vpc_id
|
||||
private_subnet_ids = module.vpc.private_subnets
|
||||
public_subnet_ids = module.vpc.public_subnets
|
||||
route53_zone_name = "missionsa.net"
|
||||
|
||||
atlantis_github_user = data.aws_ssm_parameter.github_user.value
|
||||
atlantis_github_user_token = data.aws_ssm_parameter.github_token.value
|
||||
atlantis_repo_whitelist = ["github.com/lalanza808/terraform-live-example"]
|
||||
|
||||
allow_unauthenticated_access = true
|
||||
allow_github_webhooks = true
|
||||
}
|
||||
|
||||
data "aws_ssm_parameter" "github_user" {
|
||||
name = "github_user"
|
||||
}
|
||||
|
||||
data "aws_ssm_parameter" "github_token" {
|
||||
name = "github_token"
|
||||
}
|
@ -0,0 +1,12 @@
|
||||
provider "aws" {
|
||||
region = "us-west-2"
|
||||
}
|
||||
|
||||
terraform {
|
||||
backend "s3" {
|
||||
region = "us-west-2"
|
||||
bucket = "missionsa-atlantis-backend"
|
||||
key = "terraform.tfstate"
|
||||
dynamodb_table = "missionsa-atlantis-backend"
|
||||
}
|
||||
}
|
@ -0,0 +1,7 @@
|
||||
output "atlantis_url" {
|
||||
value = module.atlantis.atlantis_url
|
||||
}
|
||||
|
||||
output "webhook_secret" {
|
||||
value = module.atlantis.webhook_secret
|
||||
}
|
@ -0,0 +1,34 @@
|
||||
AWSTemplateFormatVersion: 2010-09-09
|
||||
Description: Terraform backend - versioned, encrypted state storage and locking table
|
||||
Resources:
|
||||
TerraformStateBucket:
|
||||
Type: AWS::S3::Bucket
|
||||
Properties:
|
||||
AccessControl: Private
|
||||
BucketEncryption:
|
||||
ServerSideEncryptionConfiguration:
|
||||
- ServerSideEncryptionByDefault:
|
||||
SSEAlgorithm: AES256
|
||||
BucketName: !Ref AWS::StackName
|
||||
VersioningConfiguration:
|
||||
Status: Enabled
|
||||
TerraformStateTable:
|
||||
Type: AWS::DynamoDB::Table
|
||||
Properties:
|
||||
AttributeDefinitions:
|
||||
- AttributeName: LockID
|
||||
AttributeType: S
|
||||
KeySchema:
|
||||
- AttributeName: LockID
|
||||
KeyType: HASH
|
||||
ProvisionedThroughput:
|
||||
ReadCapacityUnits: 5
|
||||
WriteCapacityUnits: 5
|
||||
TableName: !Ref AWS::StackName
|
||||
Outputs:
|
||||
TerraformStateBucketOutput:
|
||||
Description: Bucket used to store Terraform remote state file
|
||||
Value: !Ref TerraformStateBucket
|
||||
TerraformStateTableOutput:
|
||||
Description: DynamoDB table used for Terraform state locking functionality
|
||||
Value: !Ref TerraformStateTable
|
Loading…
Reference in New Issue