Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[WIP] Implement terraform bootstrap stage #65

Closed
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
0f5ad2d
Move state storage modules to bootstrap step in anticipation of refactor
smokestacklightnin Sep 22, 2024
cb4d9af
Refactor state bootstrap to use variables and output modules
smokestacklightnin Sep 22, 2024
ef36547
Use variables in names
smokestacklightnin Sep 22, 2024
40ea64b
Refactor versioning and encryption resources
smokestacklightnin Sep 22, 2024
1d79ae3
Add dynamodb policy
smokestacklightnin Sep 22, 2024
e0f5437
Add empty bootstrap modules for staging and production
smokestacklightnin Sep 22, 2024
abbc775
Add bootstrap modules for state storage for staging and production
smokestacklightnin Sep 22, 2024
a5c5f9a
Temporarily comment out IAM policy resources
smokestacklightnin Sep 22, 2024
4072fbc
Add required version
smokestacklightnin Sep 23, 2024
e5a3c8f
Run validate before lint and format
smokestacklightnin Sep 23, 2024
6ed16ca
Refactor outputs to their own files
smokestacklightnin Sep 23, 2024
d62a7eb
Remove logic for iam policy from bootstrap stage
smokestacklightnin Sep 24, 2024
552e816
Refactor to move variables to separate file
smokestacklightnin Sep 24, 2024
6a569b1
Rename `development_environment` variable to `environment`x
smokestacklightnin Sep 24, 2024
31dd6a0
Move all state bootstrap files to a single directory
smokestacklightnin Sep 24, 2024
8376d61
Add deprecated files for reference
smokestacklightnin Sep 24, 2024
6d82ff6
Reorganize modules
smokestacklightnin Sep 26, 2024
6c99c12
Add shared state storage
smokestacklightnin Sep 26, 2024
7aaf0d0
Prevent destruction of state infrastructure
smokestacklightnin Sep 26, 2024
bf7263f
Add `.terraform.lock.hcl` to version control
smokestacklightnin Sep 26, 2024
ceaa2b9
Move state modules to appropriate directory
smokestacklightnin Sep 28, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,6 @@ repos:
- repo: https://github.com/tofuutils/pre-commit-opentofu
rev: v1.0.4
hooks:
- id: tofu_validate
- id: tofu_fmt
- id: tofu_tflint
- id: tofu_validate
Original file line number Diff line number Diff line change
Expand Up @@ -9,34 +9,6 @@ terraform {
}
}

# tflint-ignore: terraform_unused_declarations
variable "aws_region" {
description = "AWS region"
default = "us-east-1"
type = string
}

# tflint-ignore: terraform_unused_declarations
variable "s3_bucket" {
description = "S3 bucket for Terraform state"
default = "osm-storage"
type = string
}

# tflint-ignore: terraform_unused_declarations
variable "dynamodb_table" {
description = "DynamoDB table for Terraform state locking"
default = "terraform-locks"
type = string
}

# tflint-ignore: terraform_unused_declarations
variable "ssh_port" {
description = "Non-standard port for SSH"
default = 22
type = number
}

# VPC
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
Expand Down Expand Up @@ -192,29 +164,3 @@ data "aws_ami" "ubuntu" {
values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
}
}




# Outputs
output "vpc_id" {
value = aws_vpc.main.id
}
output "subnet_id" {
value = aws_subnet.main.id
}
output "security_group_id" {
value = aws_security_group.allow_all.id
}
output "internet_gateway_id" {
value = aws_internet_gateway.main.id
}
output "route_table_id" {
value = aws_route_table.main.id
}
output "aws_network_acl_id" {
value = aws_network_acl.allow_all.id
}
output "ami_id" {
value = data.aws_ami.ubuntu.id
}
27 changes: 27 additions & 0 deletions web/deploy/terraform/shared/networking/outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
output "vpc_id" {
value = aws_vpc.main.id
}

output "subnet_id" {
value = aws_subnet.main.id
}

output "security_group_id" {
value = aws_security_group.allow_all.id
}

output "internet_gateway_id" {
value = aws_internet_gateway.main.id
}

output "route_table_id" {
value = aws_route_table.main.id
}

output "aws_network_acl_id" {
value = aws_network_acl.allow_all.id
}

output "ami_id" {
value = data.aws_ami.ubuntu.id
}
27 changes: 27 additions & 0 deletions web/deploy/terraform/shared/networking/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
# tflint-ignore: terraform_unused_declarations
variable "aws_region" {
description = "AWS region"
default = "us-east-1"
type = string
}

# tflint-ignore: terraform_unused_declarations
variable "s3_bucket" {
description = "S3 bucket for Terraform state"
default = "osm-storage"
type = string
}

# tflint-ignore: terraform_unused_declarations
variable "dynamodb_table" {
description = "DynamoDB table for Terraform state locking"
default = "terraform-locks"
type = string
}

# tflint-ignore: terraform_unused_declarations
variable "ssh_port" {
description = "Non-standard port for SSH"
default = 22
type = number
}
31 changes: 0 additions & 31 deletions web/deploy/terraform/staging/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -69,34 +69,3 @@ resource "aws_eip_association" "staging" {
instance_id = aws_instance.staging.id
allocation_id = aws_eip.staging.id
}

output "vpc_id" {
value = module.shared_resources.vpc_id
}
output "internet_gateway_id" {
value = module.shared_resources.internet_gateway_id
}
output "route_table_id" {
value = module.shared_resources.route_table_id
}
output "network_acl_id" {
value = module.shared_resources.aws_network_acl_id
}
output "security_group_id" {
value = module.shared_resources.security_group_id
}
output "subnet_id" {
value = module.shared_resources.subnet_id
}

output "instance_id" {
value = aws_instance.staging.id
}

output "public_dns" {
value = aws_eip.staging.public_dns
}

output "public_ip" {
value = aws_eip.staging.public_ip
}
35 changes: 35 additions & 0 deletions web/deploy/terraform/staging/outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
output "vpc_id" {
value = module.shared_resources.vpc_id
}

output "internet_gateway_id" {
value = module.shared_resources.internet_gateway_id
}

output "route_table_id" {
value = module.shared_resources.route_table_id
}

output "network_acl_id" {
value = module.shared_resources.aws_network_acl_id
}

output "security_group_id" {
value = module.shared_resources.security_group_id
}

output "subnet_id" {
value = module.shared_resources.subnet_id
}

output "instance_id" {
value = aws_instance.staging.id
}

output "public_dns" {
value = aws_eip.staging.public_dns
}

output "public_ip" {
value = aws_eip.staging.public_ip
}
20 changes: 20 additions & 0 deletions web/deploy/terraform/state/.terraform.lock.hcl

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions web/deploy/terraform/state/deprecated/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
The files in this directory are deprecated and only included for reference.

This directory might be removed in the future
18 changes: 18 additions & 0 deletions web/deploy/terraform/state/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
terraform {
required_version = ">= 1.0.0, < 2.0.0"
}

module "stage_state" {
source = "./modules/state/"
environment = "stage"
}

module "prod_state" {
source = "./modules/state/"
environment = "prod"
}

module "shared_state" {
source = "./modules/state/"
environment = "shared"
}
92 changes: 92 additions & 0 deletions web/deploy/terraform/state/modules/state/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
terraform {
required_version = ">= 1.0.0, < 2.0.0"

required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
}
}

provider "aws" {
region = var.aws_region
}

resource "aws_s3_bucket" "tf_state" {
bucket = "${var.bucket_name}-${var.environment}"

lifecycle {
prevent_destroy = true
}

tags = {
Name = "${var.bucket_name}-${var.environment}"
}
}

resource "aws_s3_bucket_lifecycle_configuration" "tf_state" {
bucket = aws_s3_bucket.tf_state.id
rule {
id = "tf_state_${var.environment}"
status = "Enabled"

transition {
days = 30
storage_class = "STANDARD_IA"
}

expiration {
days = 365
}
}

lifecycle {
prevent_destroy = true
}
}

resource "aws_s3_bucket_versioning" "enabled" {
bucket = aws_s3_bucket.tf_state.id

versioning_configuration {
status = "Enabled"
}

lifecycle {
prevent_destroy = true
}
}

resource "aws_s3_bucket_server_side_encryption_configuration" "default" {
bucket = aws_s3_bucket.tf_state.id

rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}

lifecycle {
prevent_destroy = true
}
}

resource "aws_dynamodb_table" "tf_locks" {
name = "${var.table_name}-${var.environment}"
billing_mode = "PAY_PER_REQUEST"
hash_key = "LockID"

attribute {
name = "LockID"
type = "S"
}

lifecycle {
prevent_destroy = true
}

tags = {
Name = "${var.bucket_name}-${var.environment}"
}
}
9 changes: 9 additions & 0 deletions web/deploy/terraform/state/modules/state/outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
output "s3_bucket_arn" {
value = aws_s3_bucket.tf_state.arn
description = "The ARN of the S3 bucket"
}

output "dynamodb_table_name" {
value = aws_dynamodb_table.tf_locks.name
description = "The name of the DynamoDB table"
}
22 changes: 22 additions & 0 deletions web/deploy/terraform/state/modules/state/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
variable "bucket_name" {
description = "The name of the S3 bucket to store Terraform state. Must be globally unique."
type = string
default = "osm-terraform-state-storage"
}

variable "table_name" {
description = "The name of the DynamoDB table. Must be unique in this AWS account."
type = string
default = "terraform-state-locks"
}

variable "aws_region" {
description = "The AWS region used by the deployment"
type = string
default = "us-east-1"
}

variable "environment" {
description = "The name of the development environment. Usually `stage` or `prod`."
type = string
}
Loading
Loading