Skip to content

NikolaDevMne/terraform-assignment-1-ansible

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

42 Commits
.github/workflows
.github/workflows
Β 
Β 
infra
infra
Β 
Β 
.gitignore
.gitignore
Β 
Β 
README.md
README.md
Β 
Β 

Repository files navigation

AWS Infrastructure with Terraform + GitHub Actions

Provision and manage a simple AWS stack using Terraform with GitHub Actions for CI/CD.

πŸ—οΈ What this deploys

  • Networking

    • VPC with 2 public + 2 private subnets across 2 AZs
    • Internet Gateway (NAT disabled by default)
    • DNS support/hostnames enabled

  • Compute

    • EC2 instance (Ubuntu) in a public subnet
    • Elastic IP
    • Security groups for SSH and HTTP/HTTPS

  • Database

    • RDS MySQL 8.0 in private subnets
    • Master credentials stored in AWS Secrets Manager
    • DB SG allows access only from the app/EC2 SG

  • Identity

    • EC2 IAM role + instance profile
    • Policy to read the RDS master secret (least-priv)

  • State

    • Terraform remote state in S3
    • (Locking: S3 lockfile or DynamoDB if configured)

πŸ“¦ Prerequisites

  • Terraform >= 1.11.0
  • AWS account + S3 bucket for remote state
  • GitHub OIDC β†’ AWS IAM role (role ARN stored as secret)
  • (Optional) SSH public key if you still use SSH instead of SSM

πŸ” Secrets & Configuration

Add repository Actions secrets:

  • AWS_ROLE_ARN β€” IAM Role ARN assumed via OIDC by workflows

If you still want SSH:

  • SSH_PUBLIC_KEY β€” your OpenSSH public key (used if wired in variables)

πŸ—‚οΈ Repository Structure

.
β”œβ”€β”€ *.tf                 # Terraform modules/resources (VPC, EC2, RDS, IAM, SGs)
β”œβ”€β”€ backend.tf           # S3 backend (bucket/key/region)
β”œβ”€β”€ variables.tf         # Inputs (name, vpc_cidr, etc.)
β”œβ”€β”€ outputs.tf           # Useful outputs (DB endpoint, secret ARN, etc.)
└── .github/
    └── workflows/
        β”œβ”€β”€ terraform_ci.yml        # PR checks & push-to-main apply
        └── terraform_destroy.yml   # Manual destroy (guarded)

βš™οΈ Workflows

CI/CD (.github/workflows/terraform_ci.yml)

  • on: pull_request β†’ main
    • terraform init, fmt -check, validate, plan (speculative)
  • on: push β†’ main
    • terraform init, fmt -check, validate
    • terraform plan -out=tfplan
    • terraform apply tfplan

Uses AWS OIDC (aws-actions/configure-aws-credentials@v4) with AWS_ROLE_ARN.

Destroy (.github/workflows/terraform_destroy.yml)

  • Manual (workflow_dispatch)
  • Requires typing DESTROY to proceed
  • Runs terraform plan -destroy and then applies after approval

The state bucket and OIDC role are intentionally not part of the destroy plan.

πŸš€ Quickstart

Local (optional)

terraform init
terraform plan
terraform apply

CI/CD

  1. Push a feature branch and open a PR β†’ checks + plan run automatically.
  2. Merge to main β†’ plan + apply run and deploy the infra.

Destroy

  1. GitHub β†’ Actions β†’ Terraform Destroy β†’ Run workflow
  2. Enter DESTROY and run
  3. Review logs; infrastructure is torn down safely

❓ Troubleshooting

  • RDS connection timing: New DBs take a few minutes; wait until status is available.

About

AWS Infrastructure with Terraform, Github Actions and Ansible

Topics

aws ansible github-ac

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages