From 517632ef6831d2d606707391ae9c4d6cad63d92f Mon Sep 17 00:00:00 2001
From: lza_menace <lza_menace@protonmail.com>
Date: Thu, 25 Feb 2021 15:10:00 -0800
Subject: [PATCH] add example code so far

---
 .gitignore                 |  2 ++
 README.md                  | 32 +++++++++++++++++++++++++++++
 atlantis.tf                | 41 ++++++++++++++++++++++++++++++++++++++
 main.tf                    | 12 +++++++++++
 outputs.tf                 |  7 +++++++
 terraform-backend-cft.yaml | 34 +++++++++++++++++++++++++++++++
 6 files changed, 128 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 atlantis.tf
 create mode 100644 main.tf
 create mode 100644 outputs.tf
 create mode 100644 terraform-backend-cft.yaml

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..def1e7b
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+.terraform*
+*.tfstate*
diff --git a/README.md b/README.md
index 761461a..9361b62 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,34 @@
 # terraform-live-example
 Example of a Terraform repo for managing infrastructure
+
+
+## Atlantis Setup
+
+1. Setup terraform state backend (S3 + DynamoDB)
+
+```
+aws cloudformation deploy \
+    --stack-name missionsa-atlantis-backend \
+    --template-file ./terraform-backend-cft.yaml
+```
+
+2. Setup secrets
+
+```
+aws ssm put-parameter \
+    --name "github_user" \
+    --type "String" \
+    --value "myusername"
+
+aws ssm put-parameter \
+    --name "github_token" \
+    --type "String" \
+    --value "myusertoken"
+```
+
+3. Terraform init and apply
+
+```
+terraform init
+terraform apply
+```
diff --git a/atlantis.tf b/atlantis.tf
new file mode 100644
index 0000000..3314361
--- /dev/null
+++ b/atlantis.tf
@@ -0,0 +1,41 @@
+module "vpc" {
+  source = "terraform-aws-modules/vpc/aws"
+
+  name = "atlantis"
+  cidr = "10.80.0.0/16"
+
+  azs             = ["us-west-2a", "us-west-2b", "us-west-2c"]
+  private_subnets = ["10.80.1.0/24", "10.80.2.0/24", "10.80.3.0/24"]
+  public_subnets  = ["10.80.11.0/24", "10.80.12.0/24", "10.80.13.0/24"]
+
+  enable_nat_gateway = true
+  single_nat_gateway = true
+}
+
+
+module "atlantis" {
+  source  = "terraform-aws-modules/atlantis/aws"
+  version = "~> 2.0"
+
+  name = "atlantis"
+
+  vpc_id             = module.vpc.vpc_id
+  private_subnet_ids = module.vpc.private_subnets
+  public_subnet_ids  = module.vpc.public_subnets
+  route53_zone_name = "missionsa.net"
+
+  atlantis_github_user       = data.aws_ssm_parameter.github_user.value
+  atlantis_github_user_token = data.aws_ssm_parameter.github_token.value
+  atlantis_repo_whitelist    = ["github.com/lalanza808/terraform-live-example"]
+
+  allow_unauthenticated_access = true
+  allow_github_webhooks        = true
+}
+
+data "aws_ssm_parameter" "github_user" {
+  name = "github_user"
+}
+
+data "aws_ssm_parameter" "github_token" {
+  name = "github_token"
+}
diff --git a/main.tf b/main.tf
new file mode 100644
index 0000000..996770a
--- /dev/null
+++ b/main.tf
@@ -0,0 +1,12 @@
+provider "aws" {
+  region = "us-west-2"
+}
+
+terraform {
+  backend "s3" {
+    region = "us-west-2"
+    bucket = "missionsa-atlantis-backend"
+    key = "terraform.tfstate"
+    dynamodb_table = "missionsa-atlantis-backend"
+  }
+}
diff --git a/outputs.tf b/outputs.tf
new file mode 100644
index 0000000..4891133
--- /dev/null
+++ b/outputs.tf
@@ -0,0 +1,7 @@
+output "atlantis_url" {
+  value = module.atlantis.atlantis_url
+}
+
+output "webhook_secret" {
+  value = module.atlantis.webhook_secret
+}
diff --git a/terraform-backend-cft.yaml b/terraform-backend-cft.yaml
new file mode 100644
index 0000000..4013b5c
--- /dev/null
+++ b/terraform-backend-cft.yaml
@@ -0,0 +1,34 @@
+AWSTemplateFormatVersion: 2010-09-09
+Description: Terraform backend - versioned, encrypted state storage and locking table
+Resources:
+  TerraformStateBucket:
+    Type: AWS::S3::Bucket
+    Properties:
+      AccessControl: Private
+      BucketEncryption:
+        ServerSideEncryptionConfiguration:
+        - ServerSideEncryptionByDefault:
+            SSEAlgorithm: AES256
+      BucketName: !Ref AWS::StackName
+      VersioningConfiguration:
+        Status: Enabled
+  TerraformStateTable:
+    Type: AWS::DynamoDB::Table
+    Properties:
+      AttributeDefinitions:
+        - AttributeName: LockID
+          AttributeType: S
+      KeySchema:
+        - AttributeName: LockID
+          KeyType: HASH
+      ProvisionedThroughput:
+        ReadCapacityUnits: 5
+        WriteCapacityUnits: 5
+      TableName: !Ref AWS::StackName
+Outputs:
+  TerraformStateBucketOutput:
+    Description: Bucket used to store Terraform remote state file
+    Value: !Ref TerraformStateBucket
+  TerraformStateTableOutput:
+    Description: DynamoDB table used for Terraform state locking functionality
+    Value: !Ref TerraformStateTable