From 4152f3efdcf573e84b2b41e5c4adc0569f1ec82e Mon Sep 17 00:00:00 2001
From: hyein Na <105573782+hyeinNa@users.noreply.github.com>
Date: Fri, 23 May 2025 04:35:50 +0900
Subject: [PATCH 1/5] Create ami-build.yml

---
 .github/workflows/ami-build.yml | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 .github/workflows/ami-build.yml

diff --git a/.github/workflows/ami-build.yml b/.github/workflows/ami-build.yml
new file mode 100644
index 0000000..c1a88ce
--- /dev/null
+++ b/.github/workflows/ami-build.yml
@@ -0,0 +1,30 @@
+name: Build AMI
+
+on:
+  push:
+    paths:
+      - 'packer-template.json'
+      - 'ansible/**'
+      - '.github/workflows/ami-build.yml'
+
+jobs:
+  build-ami:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Set up Packer
+        uses: hashicorp/setup-packer@v2.0.0
+
+      - name: Run Packer build
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        run: |
+          packer build \
+            -var "vpc_id=${{ secrets.VPC_ID }}" \
+            -var "subnet_id=${{ secrets.SUBNET_ID }}" \
+            -var "security_group_id=${{ secrets.SG_ID }}" \
+            packer-template.json

From 7de34432b08b9655ed283dc64ec29b8262129b45 Mon Sep 17 00:00:00 2001
From: nhi33 <nhi3373@gmail.com>
Date: Fri, 23 May 2025 04:49:42 +0900
Subject: [PATCH 2/5] =?UTF-8?q?feat:=20packer=20ansible=20=EC=8B=A4?=
 =?UTF-8?q?=EC=8A=B5=EC=BD=94=EB=93=9C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .gitignore                          |  4 ++++
 ansible/playbook.yml                |  5 +++++
 ansible/roles/common/tasks/main.yml |  4 ++++
 ansible/roles/docker/tasks/main.yml | 10 +++++++++
 packer-template.json                | 35 +++++++++++++++++++++++++++++
 5 files changed, 58 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 ansible/playbook.yml
 create mode 100644 ansible/roles/common/tasks/main.yml
 create mode 100644 ansible/roles/docker/tasks/main.yml
 create mode 100644 packer-template.json

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..920fca2
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+.env
+*.log
+*-local.json
+.packer_cache/
diff --git a/ansible/playbook.yml b/ansible/playbook.yml
new file mode 100644
index 0000000..a93e656
--- /dev/null
+++ b/ansible/playbook.yml
@@ -0,0 +1,5 @@
+- hosts: all
+  become: true
+  roles:
+    - common
+    - docker
diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml
new file mode 100644
index 0000000..eb9c49d
--- /dev/null
+++ b/ansible/roles/common/tasks/main.yml
@@ -0,0 +1,4 @@
+- name: Update all packages
+  yum:
+    name: '*'
+    state: latest
diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml
new file mode 100644
index 0000000..be3dd69
--- /dev/null
+++ b/ansible/roles/docker/tasks/main.yml
@@ -0,0 +1,10 @@
+- name: Install Docker
+  yum:
+    name: docker
+    state: present
+
+- name: Start Docker service
+  service:
+    name: docker
+    state: started
+    enabled: true
diff --git a/packer-template.json b/packer-template.json
new file mode 100644
index 0000000..22ce488
--- /dev/null
+++ b/packer-template.json
@@ -0,0 +1,35 @@
+{
+    "variables": {
+        "vpc_id": "",
+        "subnet_id": "",
+        "security_group_id": ""
+    },
+    "builders": [
+        {
+            "type": "amazon-ebs",
+            "region": "ap-northeast-2",
+            "source_ami": "ami-05377cf8cfef186c2",
+            "vpc_id": "{{user `vpc_id`}}",
+            "subnet_id": "{{user `subnet_id`}}",
+            "security_group_id": "{{user `security_group_id`}}",
+            "instance_type": "t2.micro",
+            "ssh_interface": "public_ip",
+            "ssh_username": "ec2-user",
+            "ami_name": "devsecops-ami-{{timestamp}}",
+            "ami_description": "Base DevSecOps AMI with Ansible Provisioning",
+            "tags": {
+                "Name": "devsecops-ami",
+                "BaseAMI_Id": "ami-05377cf8cfef186c2",
+                "TEAM": "DevSecOps Team",
+                "Environment": "Development",
+                "BuildDate": "{{timestamp}}"
+            }
+        }
+    ],
+    "provisioners": [
+        {
+            "type": "ansible",
+            "playbook_file": "ansible/playbook.yml"
+        }
+    ]
+}
\ No newline at end of file

From 56148b474ab67a14f0df99731e1205f5e03ff022 Mon Sep 17 00:00:00 2001
From: nhi33 <nhi3373@gmail.com>
Date: Fri, 23 May 2025 07:01:34 +0900
Subject: [PATCH 3/5] =?UTF-8?q?feat:=20packer=20hcl=20=EB=B2=84=EC=A0=84?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 devsecops.pkr.hcl | 49 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 devsecops.pkr.hcl

diff --git a/devsecops.pkr.hcl b/devsecops.pkr.hcl
new file mode 100644
index 0000000..d977a7d
--- /dev/null
+++ b/devsecops.pkr.hcl
@@ -0,0 +1,49 @@
+packer {
+  required_plugins {
+    amazon = {
+      version = ">= 1.0.8"
+      source  = "github.com/hashicorp/amazon"
+    }
+  }
+}
+
+variable "vpc_id" {}
+variable "subnet_id" {}
+variable "security_group_id" {}
+
+source "amazon-ebs" "devsecops" {
+  region                     = "ap-northeast-2"
+  source_ami                 = "ami-05377cf8cfef186c2" # Amazon Linux 2023
+  instance_type              = "t2.micro"
+  ssh_username               = "ec2-user"
+  ssh_interface              = "public_ip"
+  associate_public_ip_address = true
+  pause_before_connecting    = "10s"
+  temporary_key_pair_type    = "ed25519"
+
+  vpc_id           = var.vpc_id
+  subnet_id        = var.subnet_id
+  security_group_id = var.security_group_id
+
+  ami_name         = "devsecops-ami-{{timestamp}}"
+  ami_description  = "Base DevSecOps AMI with Ansible Provisioning"
+
+  tags = {
+    Name           = "devsecops-ami"
+    BaseAMI_Id     = "ami-05377cf8cfef186c2"
+    TEAM           = "DevSecOps Team"
+    Environment    = "Development"
+    BuildDate      = "{{timestamp}}"
+  }
+}
+
+build {
+  sources = ["source.amazon-ebs.devsecops"]
+
+  provisioner "ansible" {
+    playbook_file = "ansible/playbook.yml"
+    extra_arguments = [
+      "--ssh-extra-args=-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa"
+    ]
+  }
+}

From dc26bf9c445fc3cdde2ac5c02d6cc2599c61fb9b Mon Sep 17 00:00:00 2001
From: nhi33 <nhi3373@gmail.com>
Date: Fri, 23 May 2025 07:02:26 +0900
Subject: [PATCH 4/5] =?UTF-8?q?fix:=20ansible=20yum=20->=20dnf=EB=A1=9C=20?=
 =?UTF-8?q?=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/ami-build.yml     | 30 -----------------------------
 ansible/roles/common/tasks/main.yml |  2 +-
 ansible/roles/docker/tasks/main.yml |  2 +-
 3 files changed, 2 insertions(+), 32 deletions(-)
 delete mode 100644 .github/workflows/ami-build.yml

diff --git a/.github/workflows/ami-build.yml b/.github/workflows/ami-build.yml
deleted file mode 100644
index c1a88ce..0000000
--- a/.github/workflows/ami-build.yml
+++ /dev/null
@@ -1,30 +0,0 @@
-name: Build AMI
-
-on:
-  push:
-    paths:
-      - 'packer-template.json'
-      - 'ansible/**'
-      - '.github/workflows/ami-build.yml'
-
-jobs:
-  build-ami:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v3
-
-      - name: Set up Packer
-        uses: hashicorp/setup-packer@v2.0.0
-
-      - name: Run Packer build
-        env:
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        run: |
-          packer build \
-            -var "vpc_id=${{ secrets.VPC_ID }}" \
-            -var "subnet_id=${{ secrets.SUBNET_ID }}" \
-            -var "security_group_id=${{ secrets.SG_ID }}" \
-            packer-template.json
diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml
index eb9c49d..8a979bc 100644
--- a/ansible/roles/common/tasks/main.yml
+++ b/ansible/roles/common/tasks/main.yml
@@ -1,4 +1,4 @@
 - name: Update all packages
-  yum:
+  dnf:
     name: '*'
     state: latest
diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml
index be3dd69..1ba53a9 100644
--- a/ansible/roles/docker/tasks/main.yml
+++ b/ansible/roles/docker/tasks/main.yml
@@ -1,5 +1,5 @@
 - name: Install Docker
-  yum:
+  dnf:
     name: docker
     state: present
 

From 8746c9a6234a7774af34213a193a51fdcd6be39e Mon Sep 17 00:00:00 2001
From: nhi33 <nhi3373@gmail.com>
Date: Fri, 23 May 2025 07:02:36 +0900
Subject: [PATCH 5/5] Update README.md

---
 README.md | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 93cbf56..7cad193 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,18 @@
-# AMI
+# 📦 DevSecOps 표준 AMI 빌드 프로젝트
+
+본 프로젝트는 Packer와 Ansible을 사용하여 보안 설정이 내재된 AWS AMI를 자동으로 빌드하고, GitHub Actions를 통해 CI 파이프라인을 구성하는 DevSecOps 인프라 구성 예제입니다.
+
+---
+
+## 프로젝트 구성
+
+| 구성 요소 | 설명 |
+|-----------|------|
+| `packer-template.json` | AMI 빌드를 위한 Packer 템플릿 |
+| `ansible/playbook.yml` | EC2 프로비저닝을 위한 Ansible 플레이북 |
+| `ansible/roles/` | 역할 기반 하드닝 및 설치 스크립트 |
+| `.github/workflows/ami-build.yml` | GitHub Actions 자동화 워크플로우 |
+
+---
+
+