From 282597447615c1a234c37c411d571b0115229805 Mon Sep 17 00:00:00 2001 From: Karthik Hadagali Date: Sat, 29 Mar 2025 20:22:15 +0530 Subject: [PATCH 1/9] Deploy fresh code 29-03 v1 --- .github/workflows/apply-nic-napv5.yml | 48 +++++++++++++++++-------- .github/workflows/destroy-nic-napv5.yml | 43 +++++++++++++++------- arcadia/backend.tf | 2 -- arcadia/data.tf | 12 +++---- arcadia/variables.tf | 11 ++++++ eks-cluster/backend.tf | 2 -- eks-cluster/data.tf | 4 +-- eks-cluster/variables.tf | 14 +++++++- infra/backend.tf | 2 -- infra/provider.tf | 2 +- infra/terraform.tfvars | 6 ++++ infra/variables.tf | 17 +++++++-- nap/backend.tf | 2 -- nap/data.tf | 8 ++--- nap/variables.tf | 11 ++++++ policy/backend.tf | 2 -- policy/data.tf | 12 +++---- policy/variables.tf | 11 ++++++ s3/bootstrap.tf | 6 ++-- s3/iam.tf | 4 +-- s3/outputs.tf | 2 +- s3/provider.tf | 2 +- s3/variables.tf | 18 ++++++---- 23 files changed, 167 insertions(+), 74 deletions(-) create mode 100644 arcadia/variables.tf create mode 100644 infra/terraform.tfvars create mode 100644 policy/variables.tf diff --git a/.github/workflows/apply-nic-napv5.yml b/.github/workflows/apply-nic-napv5.yml index be1131c1..54b5b111 100644 --- a/.github/workflows/apply-nic-napv5.yml +++ b/.github/workflows/apply-nic-napv5.yml @@ -3,7 +3,9 @@ on: push: branches: apply-nic-napv5 env: - AWS_REGION: us-east-1 +# AWS_REGION: us-east-1 + TF_VAR_AWS_S3_BUCKET_NAME: ${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }} + TF_VAR_AWS_REGION: ${{ secrets.TF_VAR_AWS_REGION }} jobs: terraform_bootstrap: name: "Bootstrap S3/DynamoDB" @@ -21,7 +23,7 @@ jobs: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} - aws-region: ${{ env.AWS_REGION }} + aws-region: ${{ secrets.TF_VAR_AWS_REGION }} - name: Setup Terraform uses: hashicorp/setup-terraform@v3 @@ -66,7 +68,7 @@ jobs: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} - aws-region: ${{ env.AWS_REGION }} + aws-region: ${{ secrets.TF_VAR_AWS_REGION }} - name: Setup Terraform uses: hashicorp/setup-terraform@v3 @@ -74,7 +76,9 @@ jobs: - name: Initialize Terraform (S3 Backend) run: | - terraform init + terraform init \ + -backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \ + -backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}" - name: Terraform Plan if: github.event_name == 'pull_request' || github.event_name == 'push' @@ -94,7 +98,6 @@ jobs: - name: Terraform Apply if: github.event_name == 'push' && github.ref == 'refs/heads/apply-nic-napv5' && steps.check_changes.outputs.has_changes == 'true' run: terraform apply -auto-approve tfplan - terraform_eks: name: "AWS EKS" @@ -113,14 +116,17 @@ jobs: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} - aws-region: ${{ env.AWS_REGION }} + aws-region: ${{ secrets.TF_VAR_AWS_REGION }} - name: Setup Terraform uses: hashicorp/setup-terraform@v3 - name: Terraform Init - run: terraform init + run: | + terraform init \ + -backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \ + -backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}" - name: Terraform Plan if: github.event_name == 'pull_request' || github.event_name == 'push' @@ -158,13 +164,16 @@ jobs: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} - aws-region: ${{ env.AWS_REGION }} + aws-region: ${{ secrets.TF_VAR_AWS_REGION }} - name: Setup Terraform uses: hashicorp/setup-terraform@v3 - name: Terraform Init - run: terraform init + run: | + terraform init \ + -backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \ + -backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}" - name: Terraform Plan if: github.event_name == 'pull_request' || github.event_name == 'push' @@ -208,14 +217,17 @@ jobs: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} - aws-region: ${{ env.AWS_REGION }} + aws-region: ${{ secrets.TF_VAR_AWS_REGION }} - name: Setup Terraform uses: hashicorp/setup-terraform@v3 - name: Terraform Init (EKS) - run: terraform init + run: | + terraform init \ + -backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \ + -backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}" working-directory: ./eks-cluster - name: Print EKS Terraform Outputs @@ -306,7 +318,10 @@ jobs: kubectl cp ${{ github.workspace }}/policy/compiled_policy.tgz $NGINX_POD:/etc/app_protect/bundles/compiled_policy.tgz -n nginx-ingress - name: Terraform Init - run: terraform init + run: | + terraform init \ + -backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \ + -backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}" - name: Terraform Plan run: | @@ -343,13 +358,16 @@ jobs: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} - aws-region: ${{ env.AWS_REGION }} + aws-region: ${{ secrets.TF_VAR_AWS_REGION }} - name: Setup Terraform uses: hashicorp/setup-terraform@v3 - name: Terraform Init - run: terraform init + run: | + terraform init \ + -backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \ + -backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}" - name: Terraform Validate run: terraform validate -no-color @@ -383,4 +401,4 @@ jobs: else echo "external_name=$EXTERNAL_NAME" >> $GITHUB_ENV echo "NGINX Ingress External Name: $EXTERNAL_NAME" - fi + fi \ No newline at end of file diff --git a/.github/workflows/destroy-nic-napv5.yml b/.github/workflows/destroy-nic-napv5.yml index fa1fbde5..84ecde33 100644 --- a/.github/workflows/destroy-nic-napv5.yml +++ b/.github/workflows/destroy-nic-napv5.yml @@ -5,7 +5,9 @@ on: - destroy-nic-napv5 pull_request: env: - AWS_REGION: us-east-1 +# AWS_REGION: us-east-1 + TF_VAR_AWS_S3_BUCKET_NAME: ${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }} + TF_VAR_AWS_REGION: ${{ secrets.TF_VAR_AWS_REGION }} jobs: terraform_arcadia: name: "Destroy Arcadia WebApp" @@ -24,13 +26,16 @@ jobs: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} - aws-region: ${{ env.AWS_REGION }} + aws-region: ${{ secrets.TF_VAR_AWS_REGION }} - name: Setup Terraform uses: hashicorp/setup-terraform@v3 - name: Terraform Init - run: terraform init + run: | + terraform init \ + -backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \ + -backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}" - name: Terraform Validate run: terraform validate -no-color @@ -71,13 +76,16 @@ jobs: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} - aws-region: ${{ env.AWS_REGION }} + aws-region: ${{ secrets.TF_VAR_AWS_REGION }} - name: Setup Terraform uses: hashicorp/setup-terraform@v3 - name: Terraform Init - run: terraform init + run: | + terraform init \ + -backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \ + -backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}" - name: Terraform Destroy run: terraform destroy -auto-approve -lock=false @@ -99,13 +107,16 @@ jobs: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} - aws-region: ${{ env.AWS_REGION }} + aws-region: ${{ secrets.TF_VAR_AWS_REGION }} - name: Setup Terraform uses: hashicorp/setup-terraform@v3 - name: Terraform Init - run: terraform init + run: | + terraform init \ + -backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \ + -backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}" - name: Terraform Plan (Destroy) run: | @@ -152,13 +163,16 @@ jobs: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} - aws-region: ${{ env.AWS_REGION }} + aws-region: ${{ secrets.TF_VAR_AWS_REGION }} - name: Setup Terraform uses: hashicorp/setup-terraform@v3 - name: Terraform Init - run: terraform init + run: | + terraform init \ + -backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \ + -backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}" - name: Terraform Plan (Destroy) if: github.event_name == 'pull_request' || github.event_name == 'push' @@ -196,13 +210,16 @@ jobs: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} - aws-region: ${{ env.AWS_REGION }} + aws-region: ${{ secrets.TF_VAR_AWS_REGION }} - name: Setup Terraform uses: hashicorp/setup-terraform@v3 - name: Terraform Init - run: terraform init + run: | + terraform init \ + -backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \ + -backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}" - name: Terraform Plan (Destroy) if: github.event_name == 'pull_request' || github.event_name == 'push' @@ -244,12 +261,12 @@ jobs: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} - aws-region: ${{ env.AWS_REGION }} + aws-region: ${{ secrets.TF_VAR_AWS_REGION }} - name: Set Bucket Name id: set_bucket run: | - echo "bucket_name= your-unique-bucket-name" >> $GITHUB_OUTPUT + echo "bucket_name= ${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" >> $GITHUB_OUTPUT - name: Nuclear S3 Bucket Deletion run: | diff --git a/arcadia/backend.tf b/arcadia/backend.tf index 0b94793e..337363bf 100644 --- a/arcadia/backend.tf +++ b/arcadia/backend.tf @@ -1,8 +1,6 @@ terraform { backend "s3" { - bucket = "your-unique-bucket-name" # Replace with your actual bucket name key = "arcadia/terraform.tfstate" # Path to state file - region = "us-east-1" # AWS region dynamodb_table = "terraform-lock-table" # DynamoDB table for state locking encrypt = true # Encrypt state file at rest } diff --git a/arcadia/data.tf b/arcadia/data.tf index 8314a4fa..9ca0135b 100644 --- a/arcadia/data.tf +++ b/arcadia/data.tf @@ -2,9 +2,9 @@ data "terraform_remote_state" "infra" { backend = "s3" config = { - bucket = "your-unique-bucket-name" # Your S3 bucket name + bucket = var.AWS_S3_BUCKET_NAME # Your S3 bucket name key = "infra/terraform.tfstate" # Path to infra's state file - region = "us-east-1" # AWS region + region = var.AWS_REGION # AWS region } } @@ -12,18 +12,18 @@ data "terraform_remote_state" "infra" { data "terraform_remote_state" "nap" { backend = "s3" config = { - bucket = "your-unique-bucket-name" # Your S3 bucket name + bucket = var.AWS_S3_BUCKET_NAME # Your S3 bucket name key = "nap/terraform.tfstate" # Path to NAP state file - region = "us-east-1" # AWS region + region = var.AWS_REGION # AWS region } } data "terraform_remote_state" "eks" { backend = "s3" config = { - bucket = "your-unique-bucket-name" # Your S3 bucket name + bucket = var.AWS_S3_BUCKET_NAME # Your S3 bucket name key = "eks-cluster/terraform.tfstate" # Path to EKS state file - region = "us-east-1" # AWS region + region = var.AWS_REGION # AWS region } } diff --git a/arcadia/variables.tf b/arcadia/variables.tf new file mode 100644 index 00000000..a4fd1215 --- /dev/null +++ b/arcadia/variables.tf @@ -0,0 +1,11 @@ +variable "AWS_REGION" { + description = "aws region" + type = string + default = "" +} + +variable "AWS_S3_BUCKET_NAME" { + description = "aws s3 bucket name" + type = string + default = "" +} \ No newline at end of file diff --git a/eks-cluster/backend.tf b/eks-cluster/backend.tf index 15ad426e..05cc03e4 100644 --- a/eks-cluster/backend.tf +++ b/eks-cluster/backend.tf @@ -1,8 +1,6 @@ terraform { backend "s3" { - bucket = "your-unique-bucket-name" # Your S3 bucket name key = "eks-cluster/terraform.tfstate" # Path to state file - region = "us-east-1" # AWS region dynamodb_table = "terraform-lock-table" # DynamoDB table for state locking encrypt = true } diff --git a/eks-cluster/data.tf b/eks-cluster/data.tf index ccb139b9..81588032 100644 --- a/eks-cluster/data.tf +++ b/eks-cluster/data.tf @@ -1,9 +1,9 @@ data "terraform_remote_state" "infra" { backend = "s3" config = { - bucket = "your-unique-bucket-name" # Your S3 bucket name + bucket = var.AWS_S3_BUCKET_NAME # Your S3 bucket name key = "infra/terraform.tfstate" # Path to infra's state file - region = "us-east-1" # AWS region + region = var.AWS_REGION # AWS region } } diff --git a/eks-cluster/variables.tf b/eks-cluster/variables.tf index 3441659d..9be3a0d9 100644 --- a/eks-cluster/variables.tf +++ b/eks-cluster/variables.tf @@ -5,10 +5,22 @@ variable "admin_src_addr" { default = "0.0.0.0/0" } +variable "AWS_REGION" { + description = "aws region" + type = string + default = "" +} + +variable "AWS_S3_BUCKET_NAME" { + description = "aws s3 bucket name" + type = string + default = "" +} + variable "aws_region" { description = "The AWS region to deploy the EKS cluster" type = string - default = "us-east-1" + default = "ap-south-1" } #AWS diff --git a/infra/backend.tf b/infra/backend.tf index 4c22af28..d2d7d80a 100644 --- a/infra/backend.tf +++ b/infra/backend.tf @@ -1,8 +1,6 @@ terraform { backend "s3" { - bucket = "your-unique-bucket-name" # Your S3 bucket name key = "infra/terraform.tfstate" # Path to state file - region = "us-east-1" # AWS region dynamodb_table = "terraform-lock-table" # DynamoDB table for state locking encrypt = true } diff --git a/infra/provider.tf b/infra/provider.tf index 0996a6ed..831601b6 100644 --- a/infra/provider.tf +++ b/infra/provider.tf @@ -1,5 +1,5 @@ # AWS Provider Configuration provider "aws" { - region = var.aws_region + region = var.AWS_REGION } diff --git a/infra/terraform.tfvars b/infra/terraform.tfvars new file mode 100644 index 00000000..e50e4a87 --- /dev/null +++ b/infra/terraform.tfvars @@ -0,0 +1,6 @@ +project_prefix = "gh-hk-nic-nap" #"Your project identifier name in lowercase letters only - this will be applied as a prefix to all assets" +resource_owner = "karthik" +aws_region = "ap-south-1" +azs = ["ap-south-1a", "ap-south-1b"] + + diff --git a/infra/variables.tf b/infra/variables.tf index 958545ea..1e816b32 100644 --- a/infra/variables.tf +++ b/infra/variables.tf @@ -5,11 +5,24 @@ variable "project_prefix" { description = "This value is inserted at the beginning of each AWS object (alpha-numeric, no special character)" } +variable "AWS_REGION" { + description = "aws region" + type = string + default = "" +} + +variable "AWS_S3_BUCKET_NAME" { + description = "aws s3 bucket name" + type = string + default = "" +} + variable "aws_region" { description = "aws region" type = string - default = "us-east-1" + default = "ap-south-1" } + variable "resource_owner" { type = string description = "owner of the deployment, for tagging purposes" @@ -24,8 +37,8 @@ variable "cidr" { condition = can(regex("^([0-9]{1,3}.){3}[0-9]{1,3}($|/(15|16|24))$", var.cidr)) error_message = "The value must conform to a CIDR block format." } - } + variable "azs" { description = "Availability Zones" type = list diff --git a/nap/backend.tf b/nap/backend.tf index 2c1c918e..7431f76e 100644 --- a/nap/backend.tf +++ b/nap/backend.tf @@ -1,8 +1,6 @@ terraform { backend "s3" { - bucket = "your-unique-bucket-name" # Replace with your actual bucket name key = "nap/terraform.tfstate" # Path to state file - region = "us-east-1" # AWS region dynamodb_table = "terraform-lock-table" # DynamoDB table for state locking encrypt = true # Encrypt state file at rest } diff --git a/nap/data.tf b/nap/data.tf index a2ce00cb..30fe149c 100644 --- a/nap/data.tf +++ b/nap/data.tf @@ -1,9 +1,9 @@ data "terraform_remote_state" "infra" { backend = "s3" config = { - bucket = "your-unique-bucket-name" # Your S3 bucket name + bucket = var.AWS_S3_BUCKET_NAME # Your S3 bucket name key = "infra/terraform.tfstate" # Path to infra's state file - region = "us-east-1" # AWS region + region = var.AWS_REGION # AWS region } } @@ -11,9 +11,9 @@ data "terraform_remote_state" "infra" { data "terraform_remote_state" "eks" { backend = "s3" config = { - bucket = "your-unique-bucket-name" # Your S3 bucket name + bucket = var.AWS_S3_BUCKET_NAME # Your S3 bucket name key = "eks-cluster/terraform.tfstate" # Path to EKS state file - region = "us-east-1" # AWS region + region = var.AWS_REGION # AWS region } } diff --git a/nap/variables.tf b/nap/variables.tf index f2318eb7..e84789a2 100644 --- a/nap/variables.tf +++ b/nap/variables.tf @@ -22,3 +22,14 @@ variable "nginx_jwt" { sensitive = true # Mark as sensitive to avoid exposing it in logs } +variable "AWS_REGION" { + description = "aws region" + type = string + default = "" +} + +variable "AWS_S3_BUCKET_NAME" { + description = "aws s3 bucket name" + type = string + default = "" +} \ No newline at end of file diff --git a/policy/backend.tf b/policy/backend.tf index 1e23d6bb..5c207f5f 100644 --- a/policy/backend.tf +++ b/policy/backend.tf @@ -1,8 +1,6 @@ terraform { backend "s3" { - bucket = "your-unique-bucket-name" # Replace with your actual bucket name key = "policy/terraform.tfstate" # Path to state file - region = "us-east-1" # AWS region dynamodb_table = "terraform-lock-table" # DynamoDB table for state locking encrypt = true # Encrypt state file at rest } diff --git a/policy/data.tf b/policy/data.tf index 5f3c32e4..f85188ed 100755 --- a/policy/data.tf +++ b/policy/data.tf @@ -2,9 +2,9 @@ data "terraform_remote_state" "infra" { backend = "s3" config = { - bucket = "your-unique-bucket-name" # Your S3 bucket namee + bucket = var.AWS_S3_BUCKET_NAME # Your S3 bucket namee key = "infra/terraform.tfstate" # Path to infra's state file - region = "us-east-1" # AWS region + region = var.AWS_REGION # AWS region } } @@ -12,9 +12,9 @@ data "terraform_remote_state" "infra" { data "terraform_remote_state" "eks" { backend = "s3" config = { - bucket = "your-unique-bucket-name" # Your S3 bucket name + bucket = var.AWS_S3_BUCKET_NAME # Your S3 bucket name key = "eks-cluster/terraform.tfstate" # Path to EKS state file - region = "us-east-1" # AWS region + region = var.AWS_REGION # AWS region } } @@ -22,9 +22,9 @@ data "terraform_remote_state" "eks" { data "terraform_remote_state" "nap" { backend = "s3" config = { - bucket = "your-unique-bucket-name" # Your S3 bucket name + bucket = var.AWS_S3_BUCKET_NAME # Your S3 bucket name key = "nap/terraform.tfstate" # Path to NAP state file - region = "us-east-1" # AWS region + region = var.AWS_REGION # AWS region } } diff --git a/policy/variables.tf b/policy/variables.tf new file mode 100644 index 00000000..a4fd1215 --- /dev/null +++ b/policy/variables.tf @@ -0,0 +1,11 @@ +variable "AWS_REGION" { + description = "aws region" + type = string + default = "" +} + +variable "AWS_S3_BUCKET_NAME" { + description = "aws s3 bucket name" + type = string + default = "" +} \ No newline at end of file diff --git a/s3/bootstrap.tf b/s3/bootstrap.tf index 50317f1a..ec3c7479 100644 --- a/s3/bootstrap.tf +++ b/s3/bootstrap.tf @@ -3,7 +3,7 @@ data "external" "bucket_check" { program = ["bash", "-c", <&1) + output=$(aws s3api head-bucket --bucket ${var.AWS_S3_BUCKET_NAME} --region ${var.AWS_REGION} 2>&1) status=$? if [ $status -eq 0 ]; then @@ -23,7 +23,7 @@ data "external" "dynamodb_table_check" { program = ["bash", "-c", <&1); then + --region ${var.AWS_REGION} 2>&1); then echo '{"exists":"true"}' elif echo "$output" | grep -q 'ResourceNotFoundException'; then echo '{"exists":"false"}' @@ -49,7 +49,7 @@ locals { ) # Generate unique bucket name if needed - unique_bucket_name = "${var.tf_state_bucket}-${data.aws_caller_identity.current.account_id}" + unique_bucket_name = "${var.AWS_S3_BUCKET_NAME}-${data.aws_caller_identity.current.account_id}" } # S3 Bucket Resources diff --git a/s3/iam.tf b/s3/iam.tf index 017bedef..432abce9 100644 --- a/s3/iam.tf +++ b/s3/iam.tf @@ -38,8 +38,8 @@ resource "aws_iam_policy" "terraform_state_access" { "s3:ListBucket" ], Resource = [ - "arn:aws:s3:::${var.tf_state_bucket}", - "arn:aws:s3:::${var.tf_state_bucket}/*" + "arn:aws:s3:::${var.AWS_S3_BUCKET_NAME}", + "arn:aws:s3:::${var.AWS_S3_BUCKET_NAME}/*" ] }] }) diff --git a/s3/outputs.tf b/s3/outputs.tf index 5f5f84a1..df538004 100644 --- a/s3/outputs.tf +++ b/s3/outputs.tf @@ -6,7 +6,7 @@ output "s3_bucket_created" { } output "s3_bucket_name" { - value = local.bucket_exists ? var.tf_state_bucket : aws_s3_bucket.terraform_state[0].bucket + value = local.bucket_exists ? var.AWS_S3_BUCKET_NAME : aws_s3_bucket.terraform_state[0].bucket description = "Name of the S3 bucket used for Terraform state" } diff --git a/s3/provider.tf b/s3/provider.tf index 0996a6ed..831601b6 100644 --- a/s3/provider.tf +++ b/s3/provider.tf @@ -1,5 +1,5 @@ # AWS Provider Configuration provider "aws" { - region = var.aws_region + region = var.AWS_REGION } diff --git a/s3/variables.tf b/s3/variables.tf index ade31b82..1ee7cff2 100644 --- a/s3/variables.tf +++ b/s3/variables.tf @@ -1,16 +1,20 @@ -variable "tf_state_bucket" { - type = string - description = "S3 bucket for Terraform state" - default = "your-unique-bucket-name" -} +# variable "tf_state_bucket" { +# type = string +# description = "S3 bucket for Terraform state" +# default = "your-unique-bucket-name" +# } variable "create_iam_resources" { description = "Whether to create IAM resources (role and policy)." type = bool default = true } -variable "aws_region" { +variable "AWS_REGION" { description = "aws region" type = string - default = "us-east-1" } + +variable "AWS_S3_BUCKET_NAME" { + description = "aws s3 bucket name" + type = string +} \ No newline at end of file From 0fb8f7873cf2d7266cf03755abf83af6ab38ff9d Mon Sep 17 00:00:00 2001 From: Karthik Hadagali Date: Sat, 29 Mar 2025 21:31:38 +0530 Subject: [PATCH 2/9] Deploy fresh code 29-03 v2 - Removed unique bucket name variable --- s3/bootstrap.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/s3/bootstrap.tf b/s3/bootstrap.tf index ec3c7479..3e6b0f4e 100644 --- a/s3/bootstrap.tf +++ b/s3/bootstrap.tf @@ -49,14 +49,14 @@ locals { ) # Generate unique bucket name if needed - unique_bucket_name = "${var.AWS_S3_BUCKET_NAME}-${data.aws_caller_identity.current.account_id}" + # unique_bucket_name = "${var.AWS_S3_BUCKET_NAME}-${data.aws_caller_identity.current.account_id}" } # S3 Bucket Resources resource "aws_s3_bucket" "terraform_state" { count = local.bucket_exists ? 0 : 1 - bucket = local.unique_bucket_name + bucket = var.AWS_S3_BUCKET_NAME force_destroy = false tags = { From 8ad8425a0b4fab2cbd21b5f436d755fde3b321b3 Mon Sep 17 00:00:00 2001 From: Karthik Hadagali Date: Sat, 29 Mar 2025 23:14:40 +0530 Subject: [PATCH 3/9] Deploy fresh code 29-03 v3 - Made AZS dynamic --- infra/terraform.tfvars | 4 ++-- infra/variables.tf | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/infra/terraform.tfvars b/infra/terraform.tfvars index e50e4a87..2988063f 100644 --- a/infra/terraform.tfvars +++ b/infra/terraform.tfvars @@ -1,6 +1,6 @@ project_prefix = "gh-hk-nic-nap" #"Your project identifier name in lowercase letters only - this will be applied as a prefix to all assets" resource_owner = "karthik" -aws_region = "ap-south-1" -azs = ["ap-south-1a", "ap-south-1b"] +# aws_region = "ap-south-1" +azs = ["${AWS_REGION}a", "${AWS_REGION}b"] diff --git a/infra/variables.tf b/infra/variables.tf index 1e816b32..6591e36f 100644 --- a/infra/variables.tf +++ b/infra/variables.tf @@ -17,11 +17,11 @@ variable "AWS_S3_BUCKET_NAME" { default = "" } -variable "aws_region" { - description = "aws region" - type = string - default = "ap-south-1" -} +# variable "aws_region" { +# description = "aws region" +# type = string +# default = "ap-south-1" +# } variable "resource_owner" { type = string From 1c6631ad3734ba6c1ad0dc24a08f20579c5e3428 Mon Sep 17 00:00:00 2001 From: Karthik Hadagali Date: Sat, 29 Mar 2025 23:28:25 +0530 Subject: [PATCH 4/9] Deploy fresh code 29-03 v3 - Made AZS dynamic --- infra/terraform.tfvars | 2 +- infra/variables.tf | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/infra/terraform.tfvars b/infra/terraform.tfvars index 2988063f..71ef3529 100644 --- a/infra/terraform.tfvars +++ b/infra/terraform.tfvars @@ -1,6 +1,6 @@ project_prefix = "gh-hk-nic-nap" #"Your project identifier name in lowercase letters only - this will be applied as a prefix to all assets" resource_owner = "karthik" # aws_region = "ap-south-1" -azs = ["${AWS_REGION}a", "${AWS_REGION}b"] +# azs = ["${var.AWS_REGION}a", "${var.AWS_REGION}b"] diff --git a/infra/variables.tf b/infra/variables.tf index 6591e36f..0b10739d 100644 --- a/infra/variables.tf +++ b/infra/variables.tf @@ -43,6 +43,11 @@ variable "azs" { description = "Availability Zones" type = list } + +locals { + azs = ["${var.AWS_REGION}a", "${var.AWS_REGION}b"] +} + variable "create_nat_gateway" { type = bool default = false From e3f9952df388bf337d8dfa398ad3ababb8dddce8 Mon Sep 17 00:00:00 2001 From: Karthik Hadagali Date: Sat, 29 Mar 2025 23:38:12 +0530 Subject: [PATCH 5/9] Deploy fresh code 29-03 v3 - Made AZS dynamic --- infra/variables.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/infra/variables.tf b/infra/variables.tf index 0b10739d..fa7928cc 100644 --- a/infra/variables.tf +++ b/infra/variables.tf @@ -39,10 +39,10 @@ variable "cidr" { } } -variable "azs" { - description = "Availability Zones" - type = list -} +# variable "azs" { +# description = "Availability Zones" +# type = list +# } locals { azs = ["${var.AWS_REGION}a", "${var.AWS_REGION}b"] From ba9bc602b4d6a62d3760fd5a6f7ffce0283c9651 Mon Sep 17 00:00:00 2001 From: Karthik Hadagali Date: Sat, 29 Mar 2025 23:46:22 +0530 Subject: [PATCH 6/9] Deploy fresh code 29-03 v3 - Made AZS dynamic --- infra/outputs.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/infra/outputs.tf b/infra/outputs.tf index 923e8384..7b4671b2 100644 --- a/infra/outputs.tf +++ b/infra/outputs.tf @@ -12,12 +12,12 @@ output "build_suffix" { } # AWS Region and Availability Zones -output "aws_region" { - value = var.aws_region +output "AWS_REGION" { + value = var.AWS_REGION } output "azs" { - value = var.azs + value = local.azs } # VPC Details From 9f4fb2ffdd6b84ecda2f6a8de0a5359f227f49db Mon Sep 17 00:00:00 2001 From: Karthik Hadagali Date: Sat, 29 Mar 2025 23:51:08 +0530 Subject: [PATCH 7/9] Deploy fresh code 29-03 v3 - Made AZS dynamic using local --- infra/network.tf | 26 +++++++++++++------------- infra/outputs.tf | 20 ++++++++++---------- 2 files changed, 23 insertions(+), 23 deletions(-) diff --git a/infra/network.tf b/infra/network.tf index f96b3471..6c19f1b9 100644 --- a/infra/network.tf +++ b/infra/network.tf @@ -10,7 +10,7 @@ module "vpc" { name = "${var.project_prefix}-vpc-${random_id.build_suffix.hex}" cidr = var.cidr - azs = var.azs + azs = local.azs enable_dns_support = true enable_dns_hostnames = true @@ -31,9 +31,9 @@ resource "aws_internet_gateway" "igw" { # Subnets resource "aws_subnet" "management" { - for_each = toset(var.azs) + for_each = toset(local.azs) vpc_id = module.vpc.vpc_id - cidr_block = cidrsubnet(module.vpc.vpc_cidr_block, 4, index(var.azs, each.key) * 4) + cidr_block = cidrsubnet(module.vpc.vpc_cidr_block, 4, index(local.azs, each.key) * 4) availability_zone = each.key tags = { Name = format("%s-mgmt-subnet-%s", var.project_prefix, each.key) @@ -41,9 +41,9 @@ resource "aws_subnet" "management" { } resource "aws_subnet" "internal" { - for_each = toset(var.azs) + for_each = toset(local.azs) vpc_id = module.vpc.vpc_id - cidr_block = cidrsubnet(module.vpc.vpc_cidr_block, 4, index(var.azs, each.key) * 4 + 1) + cidr_block = cidrsubnet(module.vpc.vpc_cidr_block, 4, index(local.azs, each.key) * 4 + 1) availability_zone = each.key tags = { Name = format("%s-int-subnet-%s", var.project_prefix, each.key) @@ -51,9 +51,9 @@ resource "aws_subnet" "internal" { } resource "aws_subnet" "external" { - for_each = toset(var.azs) + for_each = toset(local.azs) vpc_id = module.vpc.vpc_id - cidr_block = cidrsubnet(module.vpc.vpc_cidr_block, 4, index(var.azs, each.key) * 4 + 2) + cidr_block = cidrsubnet(module.vpc.vpc_cidr_block, 4, index(local.azs, each.key) * 4 + 2) map_public_ip_on_launch = true availability_zone = each.key tags = { @@ -62,9 +62,9 @@ resource "aws_subnet" "external" { } resource "aws_subnet" "app_cidr" { - for_each = toset(var.azs) + for_each = toset(local.azs) vpc_id = module.vpc.vpc_id - cidr_block = cidrsubnet(module.vpc.vpc_cidr_block, 4, index(var.azs, each.key) * 4 + 3) + cidr_block = cidrsubnet(module.vpc.vpc_cidr_block, 4, index(local.azs, each.key) * 4 + 3) availability_zone = each.key tags = { Name = format("%s-app-subnet-%s", var.project_prefix, each.key) @@ -85,25 +85,25 @@ resource "aws_route_table" "main" { # Route Table Associations resource "aws_route_table_association" "subnet-association-internal" { - for_each = toset(var.azs) + for_each = toset(local.azs) subnet_id = aws_subnet.internal[each.key].id route_table_id = aws_route_table.main.id } resource "aws_route_table_association" "subnet-association-management" { - for_each = toset(var.azs) + for_each = toset(local.azs) subnet_id = aws_subnet.management[each.key].id route_table_id = aws_route_table.main.id } resource "aws_route_table_association" "subnet-association-external" { - for_each = toset(var.azs) + for_each = toset(local.azs) subnet_id = aws_subnet.external[each.key].id route_table_id = aws_route_table.main.id } resource "aws_route_table_association" "subnet-association-app-cidr" { - for_each = toset(var.azs) + for_each = toset(local.azs) subnet_id = aws_subnet.app_cidr[each.key].id route_table_id = aws_route_table.main.id } \ No newline at end of file diff --git a/infra/outputs.tf b/infra/outputs.tf index 7b4671b2..5f76ee60 100644 --- a/infra/outputs.tf +++ b/infra/outputs.tf @@ -62,44 +62,44 @@ output "management_cidr_blocks" { # Specific AZ Subnet CIDR Blocks output "public_az1_cidr_block" { - value = aws_subnet.external[element(tolist(var.azs), 0)].cidr_block # Reference AZ1's public CIDR + value = aws_subnet.external[element(tolist(local.azs), 0)].cidr_block # Reference AZ1's public CIDR } output "private_az1_cidr_block" { - value = aws_subnet.internal[element(tolist(var.azs), 0)].cidr_block # Reference AZ1's private CIDR + value = aws_subnet.internal[element(tolist(local.azs), 0)].cidr_block # Reference AZ1's private CIDR } output "public_az2_cidr_block" { - value = aws_subnet.external[element(tolist(var.azs), 1)].cidr_block # Reference AZ2's public CIDR + value = aws_subnet.external[element(tolist(local.azs), 1)].cidr_block # Reference AZ2's public CIDR } output "private_az2_cidr_block" { - value = aws_subnet.internal[element(tolist(var.azs), 1)].cidr_block # Reference AZ2's private CIDR + value = aws_subnet.internal[element(tolist(local.azs), 1)].cidr_block # Reference AZ2's private CIDR } # Subnet IDs for specific AZs output "ext_subnet_az1" { - value = aws_subnet.external[element(tolist(var.azs), 0)].id # Reference AZ1's external subnet ID + value = aws_subnet.external[element(tolist(local.azs), 0)].id # Reference AZ1's external subnet ID } output "ext_subnet_az2" { - value = aws_subnet.external[element(tolist(var.azs), 1)].id # Reference AZ2's external subnet ID + value = aws_subnet.external[element(tolist(local.azs), 1)].id # Reference AZ2's external subnet ID } output "int_subnet_az1" { - value = aws_subnet.internal[element(tolist(var.azs), 0)].id # Reference AZ1's internal subnet ID + value = aws_subnet.internal[element(tolist(local.azs), 0)].id # Reference AZ1's internal subnet ID } output "int_subnet_az2" { - value = aws_subnet.internal[element(tolist(var.azs), 1)].id # Reference AZ2's internal subnet ID + value = aws_subnet.internal[element(tolist(local.azs), 1)].id # Reference AZ2's internal subnet ID } output "mgmt_subnet_az1" { - value = aws_subnet.management[element(tolist(var.azs), 0)].id # Reference AZ1's management subnet ID + value = aws_subnet.management[element(tolist(local.azs), 0)].id # Reference AZ1's management subnet ID } output "mgmt_subnet_az2" { - value = aws_subnet.management[element(tolist(var.azs), 1)].id # Reference AZ2's management subnet ID + value = aws_subnet.management[element(tolist(local.azs), 1)].id # Reference AZ2's management subnet ID } # CIDR Block for Application and EKS Subnets From f856c06d20f322a92df7bec1476f70de3f707b31 Mon Sep 17 00:00:00 2001 From: Karthik Hadagali Date: Sat, 29 Mar 2025 23:57:28 +0530 Subject: [PATCH 8/9] Deploy fresh code 29-03 v3 - Made AZS dynamic using local --- infra/outputs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/outputs.tf b/infra/outputs.tf index 5f76ee60..f5990c0c 100644 --- a/infra/outputs.tf +++ b/infra/outputs.tf @@ -12,7 +12,7 @@ output "build_suffix" { } # AWS Region and Availability Zones -output "AWS_REGION" { +output "aws_region" { value = var.AWS_REGION } From 1671274094d413869a93a068bce031887cbc5b8d Mon Sep 17 00:00:00 2001 From: Karthik Hadagali Date: Sun, 30 Mar 2025 13:27:18 +0530 Subject: [PATCH 9/9] Code ready to merge to master --- infra/terraform.tfvars | 4 +--- infra/terraform.tfvars.examples | 6 +----- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/infra/terraform.tfvars b/infra/terraform.tfvars index 71ef3529..f896cbcf 100644 --- a/infra/terraform.tfvars +++ b/infra/terraform.tfvars @@ -1,6 +1,4 @@ project_prefix = "gh-hk-nic-nap" #"Your project identifier name in lowercase letters only - this will be applied as a prefix to all assets" resource_owner = "karthik" # aws_region = "ap-south-1" -# azs = ["${var.AWS_REGION}a", "${var.AWS_REGION}b"] - - +# azs = ["${var.AWS_REGION}a", "${var.AWS_REGION}b"] \ No newline at end of file diff --git a/infra/terraform.tfvars.examples b/infra/terraform.tfvars.examples index 087f42d9..47b067d7 100644 --- a/infra/terraform.tfvars.examples +++ b/infra/terraform.tfvars.examples @@ -1,6 +1,2 @@ project_prefix = " " #"Your project identifier name in lowercase letters only - this will be applied as a prefix to all assets" -resource_owner = "Your-name" -aws_region = "us-east-1" -azs = ["us-east-1a", "us-east-1b"] - - +resource_owner = "Your-name" \ No newline at end of file