Skip to content

Latest commit

 

History

History
27 lines (23 loc) · 5.17 KB

README.md

File metadata and controls

27 lines (23 loc) · 5.17 KB

License: UnlicenseGitHub pull-requests closedGitHub pull-requests GitHub issues-closedGitHub issues terraform-infra-provisioning checkov-static-analysis-scan Image

Motivation

I aimed to create an Amazon Auto Scaling group and launch template consisting EC2 instances hosted in three different availability zones in three separate private subnets in a region. Then, attach the Amazon EC2 instances to a target group of an application load balancer in the public subnet using Terraform and GitHub Actions.


I discussed the concept in detail in my notes at -create Amazon EC2 Auto Scaling group and load balancer using Terraform and GitHub Actions.


If you are interested in learning about the CPU based scaling policies check out this note: create an Amazon EC2 Auto Scaling group with metric scaling policies using Terraform.


To learn how to trigger an instance refresh with a launch_template update, head over to this note: trigger instance refresh of Amazon EC2 Auto Scaling group with a launch template update using Terraform


I also used Infracost to generate a cost estimate for building the architecture. Checkout the cool monthly cost badge at the top of this file. To learn more about adding Infracost estimates to your repository, head over to this note -estimate AWS Cloud resource cost with Infracost, Terraform, and GitHub Actions.
Lastly, I also automated the resource provision process using the GitHub Actions pipeline. I discussed that in detail at -CI-CD with Terraform and GitHub Actions to deploy to AWS.

Prerequisites

For this code to function without errors, I created an OpenID Connect identity provider in Amazon Identity and Access Management that has a trust relationship with this GitHub repository. You can read about it here to get a detailed explanation with steps.
I stored the ARN of the IAM Role as a GitHub secret which is referred to in the terraform.yml file.
Since I used Infracost in this repository, I stored the INFRACOST_API_KEY as a repository secret. It is referenced in the terraform.yml GitHub actions workflow file.
As part of the Infracost integration, I also created an INFRACOST_API_KEY and stored that as a GitHub Actions secret. I also managed the cost estimate process using a GitHub Actions variable INFRACOST_SCAN_TYPE where the value is either hcl_code or tf_plan, depending on the type of scan desired.

Usage

Ensure that the policy attached to the IAM role whose credentials are being used in this configuration has permission to create and manage all the resources that are included in this repository.

Review the code, including the terraform.yml to understand the steps in the GitHub Actions pipeline. Also, review the terraform code to understand all the concepts associated with creating an AWS Auto Scaling group.
To check the pipeline logs, click on the Build Badge (terrform-infra-provisioning) above the image in this ReadMe.

License

This code is released under the Unlincse License. See LICENSE.