diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..920fca2 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +.env +*.log +*-local.json +.packer_cache/ diff --git a/README.md b/README.md index 93cbf56..7cad193 100644 --- a/README.md +++ b/README.md @@ -1 +1,18 @@ -# AMI +# ๐Ÿ“ฆ DevSecOps ํ‘œ์ค€ AMI ๋นŒ๋“œ ํ”„๋กœ์ ํŠธ + +๋ณธ ํ”„๋กœ์ ํŠธ๋Š” Packer์™€ Ansible์„ ์‚ฌ์šฉํ•˜์—ฌ ๋ณด์•ˆ ์„ค์ •์ด ๋‚ด์žฌ๋œ AWS AMI๋ฅผ ์ž๋™์œผ๋กœ ๋นŒ๋“œํ•˜๊ณ , GitHub Actions๋ฅผ ํ†ตํ•ด CI ํŒŒ์ดํ”„๋ผ์ธ์„ ๊ตฌ์„ฑํ•˜๋Š” DevSecOps ์ธํ”„๋ผ ๊ตฌ์„ฑ ์˜ˆ์ œ์ž…๋‹ˆ๋‹ค. + +--- + +## ํ”„๋กœ์ ํŠธ ๊ตฌ์„ฑ + +| ๊ตฌ์„ฑ ์š”์†Œ | ์„ค๋ช… | +|-----------|------| +| `packer-template.json` | AMI ๋นŒ๋“œ๋ฅผ ์œ„ํ•œ Packer ํ…œํ”Œ๋ฆฟ | +| `ansible/playbook.yml` | EC2 ํ”„๋กœ๋น„์ €๋‹์„ ์œ„ํ•œ Ansible ํ”Œ๋ ˆ์ด๋ถ | +| `ansible/roles/` | ์—ญํ•  ๊ธฐ๋ฐ˜ ํ•˜๋“œ๋‹ ๋ฐ ์„ค์น˜ ์Šคํฌ๋ฆฝํŠธ | +| `.github/workflows/ami-build.yml` | GitHub Actions ์ž๋™ํ™” ์›Œํฌํ”Œ๋กœ์šฐ | + +--- + + diff --git a/ansible/playbook.yml b/ansible/playbook.yml new file mode 100644 index 0000000..a93e656 --- /dev/null +++ b/ansible/playbook.yml @@ -0,0 +1,5 @@ +- hosts: all + become: true + roles: + - common + - docker diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml new file mode 100644 index 0000000..8a979bc --- /dev/null +++ b/ansible/roles/common/tasks/main.yml @@ -0,0 +1,4 @@ +- name: Update all packages + dnf: + name: '*' + state: latest diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml new file mode 100644 index 0000000..1ba53a9 --- /dev/null +++ b/ansible/roles/docker/tasks/main.yml @@ -0,0 +1,10 @@ +- name: Install Docker + dnf: + name: docker + state: present + +- name: Start Docker service + service: + name: docker + state: started + enabled: true diff --git a/devsecops.pkr.hcl b/devsecops.pkr.hcl new file mode 100644 index 0000000..d977a7d --- /dev/null +++ b/devsecops.pkr.hcl @@ -0,0 +1,49 @@ +packer { + required_plugins { + amazon = { + version = ">= 1.0.8" + source = "github.com/hashicorp/amazon" + } + } +} + +variable "vpc_id" {} +variable "subnet_id" {} +variable "security_group_id" {} + +source "amazon-ebs" "devsecops" { + region = "ap-northeast-2" + source_ami = "ami-05377cf8cfef186c2" # Amazon Linux 2023 + instance_type = "t2.micro" + ssh_username = "ec2-user" + ssh_interface = "public_ip" + associate_public_ip_address = true + pause_before_connecting = "10s" + temporary_key_pair_type = "ed25519" + + vpc_id = var.vpc_id + subnet_id = var.subnet_id + security_group_id = var.security_group_id + + ami_name = "devsecops-ami-{{timestamp}}" + ami_description = "Base DevSecOps AMI with Ansible Provisioning" + + tags = { + Name = "devsecops-ami" + BaseAMI_Id = "ami-05377cf8cfef186c2" + TEAM = "DevSecOps Team" + Environment = "Development" + BuildDate = "{{timestamp}}" + } +} + +build { + sources = ["source.amazon-ebs.devsecops"] + + provisioner "ansible" { + playbook_file = "ansible/playbook.yml" + extra_arguments = [ + "--ssh-extra-args=-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa" + ] + } +} diff --git a/packer-template.json b/packer-template.json new file mode 100644 index 0000000..22ce488 --- /dev/null +++ b/packer-template.json @@ -0,0 +1,35 @@ +{ + "variables": { + "vpc_id": "", + "subnet_id": "", + "security_group_id": "" + }, + "builders": [ + { + "type": "amazon-ebs", + "region": "ap-northeast-2", + "source_ami": "ami-05377cf8cfef186c2", + "vpc_id": "{{user `vpc_id`}}", + "subnet_id": "{{user `subnet_id`}}", + "security_group_id": "{{user `security_group_id`}}", + "instance_type": "t2.micro", + "ssh_interface": "public_ip", + "ssh_username": "ec2-user", + "ami_name": "devsecops-ami-{{timestamp}}", + "ami_description": "Base DevSecOps AMI with Ansible Provisioning", + "tags": { + "Name": "devsecops-ami", + "BaseAMI_Id": "ami-05377cf8cfef186c2", + "TEAM": "DevSecOps Team", + "Environment": "Development", + "BuildDate": "{{timestamp}}" + } + } + ], + "provisioners": [ + { + "type": "ansible", + "playbook_file": "ansible/playbook.yml" + } + ] +} \ No newline at end of file