Terraform Sandbox

.gitignore

# Local .terraform directories
**/.terraform/*

# .tfstate files
*.tfstate
*.tfstate.*

# Crash log files
crash.log

# Exclude all .tfvars files, which are likely to contain sentitive data, 
# such as password, private keys, and other secrets. These should not be part of version control
*.tfvars

cleanup_bucket.sh

#!/bin/bash

application_id=$1
aws_account_id=$2
aws_region=$3

bucket_name="polaris-${application_id}-${aws_account_id}-tf-state"
dynamodb_table_name="polaris-${application_id}-${aws_account_id}-tf-lock"

# Empty the S3 bucket
aws s3 rm s3://$bucket_name --recursive

# Delete the S3 bucket
aws s3api delete-bucket --bucket $bucket_name --region $aws_region

# Delete the DynamoDB table
aws dynamodb delete-table --table-name $dynamodb_table_name --region $aws_region

create_bucket.sh

#!/bin/bash

# Fail script on any error
set -e

# Input arguments
APP_ID=$1
AWS_REGION=$2

# Get AWS account id
AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)

# Define the bucket name
BUCKET_NAME="polaris-${APP_ID}-${AWS_ACCOUNT_ID}-tf-state"

# Check if the S3 bucket exists and create if it does not
if ! aws s3api head-bucket --bucket $BUCKET_NAME 2>/dev/null; then
  echo "Bucket does not exist, creating..."
  aws s3api create-bucket --bucket $BUCKET_NAME --region $AWS_REGION --create-bucket-configuration LocationConstraint=$AWS_REGION
else
  echo "Bucket exists"
fi

github-actions.service.ts

import { Injectable } from '@nestjs/common';
import { Octokit } from "@octokit/rest";

@Injectable()
export class GithubActionsService {

  private octokit: Octokit;

  constructor() {
    this.octokit = new Octokit({ auth: `YOUR_PERSONAL_GITHUB_TOKEN` });
  }

  async triggerWorkflow(applications: { [key: string]: string }) {
    await this.octokit.actions.createWorkflowDispatch({
      owner: "GITHUB_USERNAME",
      repo: "REPO_NAME",
      workflow_id: "terraform_apply.yml",
      ref: "master",
      inputs: {
        logLevel: "INFO",
        applications: JSON.stringify(applications),
      },
    });
  }

  async triggerWorkflow1(inputs: {
    logLevel: string,
    viz_vector_deploy: string,
    chyron_deploy: string,
    tag_vs_deploy: string,
    telos_deploy: string,
    application_id: string,
  }) {
    await this.octokit.actions.createWorkflowDispatch({
      owner: "GITHUB_USERNAME",
      repo: "REPO_NAME",
      workflow_id: "terraform_apply.yml",
      ref: "master",
      inputs,
    });
  }
}

main.tf

terraform {
  backend "s3" {
    key            = "state"
    encrypt        = true
  }
}

provider "aws" {
  region = "us-east-1"
}

module "VizVectar" {
  source    = "./module"
  app_id    = var.applications["VizVectar"]
  ami_id    = var.ami_id
  subnet_id = var.subnet_id
  sg_id     = var.security_group_id
  instance_type = var.instance_type
}

module "Chyron" {
  source    = "./module"
  app_id    = var.applications["Chyron"]
  ami_id    = var.ami_id
  subnet_id = var.subnet_id
  sg_id     = var.security_group_id
  instance_type = var.instance_type
}

module "TagVS" {
  source    = "./module"
  app_id    = var.applications["TagVS"]
  ami_id    = var.ami_id
  subnet_id = var.subnet_id
  sg_id     = var.security_group_id
  instance_type = var.instance_type
}

module "Telos" {
  source    = "./module"
  app_id    = var.applications["Telos"]
  ami_id    = var.ami_id
  subnet_id = var.subnet_id
  sg_id     = var.security_group_id
  instance_type = var.instance_type
}

module_main.tf

resource "aws_instance" "application" {
  ami           = var.ami_id
  instance_type = var.instance_type
  subnet_id     = var.subnet_id
  vpc_security_group_ids = [var.sg_id]
  
  user_data = <<-EOF
    #!/bin/bash
    apt-get update
    apt-get install -y apache2
    sed -i -e 's/80/8080/' /etc/apache2/ports.conf
    echo "${var.app_id}" > /var/www/html/index.html
    systemctl restart apache2
  EOF

  tags = {
    Name          = "${var.app_name}"
    applicationId = "${var.app_id}"
  }
}

module_variables.tf

variable "app_id" {
  description = "Application ID for tagging the EC2 instance"
  type        = string
}

variable "ami_id" {
  description = "AMI ID for the EC2 instance"
  type        = string
}

variable "subnet_id" {
  description = "Subnet ID for the EC2 instance"
  type        = string
}

variable "sg_id" {
  description = "Security Group ID for the EC2 instance"
  type        = string
}

variable "instance_type" {
  description = "Instance type for the EC2 instance"
  type        = string
  default     = "t2.micro"
}

variable "app_name" {
  description = "Application name for tagging the EC2 instance"
  type        = string
}

params.json

{
  "VizVectar": {
    "application_id": "viz1",
    "instance_type": "t2.micro",
    "ami": "ami-0abcdef1234567890"
  },
  "Chyron": {
    "application_id": "chyron1",
    "instance_type": "t2.micro",
    "ami": "ami-0abcdef1234567890"
  },
  "TagVS": {
    "application_id": "tagvs1",
    "instance_type": "t2.micro",
    "ami": "ami-0abcdef1234567890"
  },
  "Telos": {
    "application_id": "telos1",
    "instance_type": "t2.micro",
    "ami": "ami-0abcdef1234567890"
  }
}

terraform_apply.yml

name: 'Terraform Apply'

on:
  workflow_dispatch:
    inputs:
      awsAccountId:
        description: 'AWS Account Id'
        required: true
      awsRegion:
        description: 'AWS Region'
        required: true
      applicationId:
        description: 'Application Id'
        required: true

jobs:
  terraform:
    name: 'Terraform'
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: ./terraform

    steps:
    - name: Checkout
      uses: actions/checkout@v2

    - name: Setup Terraform
      uses: hashicorp/setup-terraform@v1
      with:
        terraform_version: 0.12.x

    - name: Check and Create S3 Bucket and DynamoDB Table
      run: bash ./scripts/check_and_create_bucket.sh ${{ github.event.inputs.applicationId }} ${{ github.event.inputs.awsAccountId }} ${{ github.event.inputs.awsRegion }}

    - name: Terraform Init
      run: terraform init

    - name: Terraform Validate
      run: terraform validate

    - name: Terraform Plan
      run: terraform plan -var-file="application.tfvars.json"

    - name: Terraform Apply
      run: terraform apply -auto-approve -var-file="application.tfvars.json"

terraform_destroy.yml

name: 'Terraform Destroy'

on:
  workflow_dispatch:
    inputs:
      awsAccountId:
        description: 'AWS Account Id'
        required: true
      awsRegion:
        description: 'AWS Region'
        required: true
      applicationId:
        description: 'Application Id'
        required: true

jobs:
  terraform:
    name: 'Terraform'
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: ./terraform

    steps:
    - name: Checkout
      uses: actions/checkout@v2

    - name: Setup Terraform
      uses: hashicorp/setup-terraform@v1
      with:
        terraform_version: 0.12.x

    - name: Terraform Init
      run: terraform init

    - name: Terraform Validate
      run: terraform validate

    - name: Terraform Plan Destroy
      run: terraform plan -destroy -var-file="application.tfvars.json"

    - name: Terraform Apply Destroy
      run: terraform destroy -auto-approve -var-file="application.tfvars.json"

    - name: Cleanup S3 Bucket and DynamoDB Table
      run: bash ./scripts/cleanup_resources.sh ${{ github.event.inputs.applicationId }} ${{ github.event.inputs.awsAccountId }} ${{ github.event.inputs.awsRegion }}

variables.tf

variable "applications" {
  description = "A map of applications to be deployed with their respective application_id"
  type        = map(string)
}

variable "instance_type" {
  description = "Instance type for the EC2 instances"
  type        = string
  default     = "t2.micro"
}

variable "ami_id" {
  description = "AMI ID for the EC2 instances"
  type        = string
}

variable "subnet_id" {
  description = "Subnet ID for the EC2 instances"
  type        = string
}

variable "security_group_id" {
  description = "Security Group ID for the EC2 instances"
  type        = string
}