MariusB-DevOps is deploying on AWS π #34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Terraform Apply with Remote State | |
run-name: ${{ github.actor }} is deploying on AWS π | |
on: | |
push: | |
branches: | |
- feature/aws-s3-module | |
jobs: | |
Deploy-AWS-Ec2: | |
runs-on: ubuntu-latest | |
steps: | |
#Step 0: Read user mapping | |
- name: Read User Mapping | |
id: user-mapping | |
run: | | |
USER_MAPPING=$(cat user-mapping.json) | |
echo "::set-output name=user-mapping::$USER_MAPPING" | |
# Step 0.1: Set AWS credentials | |
- name: Set AWS Credentials | |
run: | | |
USERNAME="${{ github.actor }}" | |
USER_MAPPING="${{ steps.user-mapping.outputs.user-mapping }}" | |
AWS_SECRET_ACCESS_KEY=$(echo $USER_MAPPING | jq -r --arg USERNAME "$USERNAME" '.[$USERNAME].AWS_SECRET_ACCESS_KEY') | |
AWS_SECRET_KEY_ID=$(echo $USER_MAPPING | jq -r --arg USERNAME "$USERNAME" '.[$USERNAME].AWS_SECRET_KEY_ID') | |
echo "AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}" >> $GITHUB_ENV | |
echo "AWS_SECRET_KEY_ID=${AWS_SECRET_KEY_ID}" >> $GITHUB_ENV | |
# Step 1: Configure AWS credentials | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v3 | |
with: | |
aws-access-key-id: ${{ env.AWS_SECRET_KEY_ID }} | |
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
aws-region: eu-central-1 | |
# Step 2: Checkout the repository code | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
# Step 3: Ensure Terraform state S3 bucket exists | |
- name: Create Terraform State Bucket | |
run: | | |
cd terraform/terraform-modules/state-bucket | |
terraform init | |
terraform apply -auto-approve || echo "Bucket already exists, continuing..." | |
# Step 4: Reconfigure Backend to Use S3 | |
- name: Reconfigure Backend to S3 | |
run: | | |
cd terraform/terraform-modules/tf-ec2-module/ | |
terraform init -backend-config="bucket=terraform_state_bucket" \ | |
-backend-config="key=state/${GITHUB_REF#refs/heads/}/terraform.tfstate" \ | |
-backend-config="region=eu-central-1" | |
# Step 5: Apply Terraform with S3 backend | |
- name: Finalize Infrastructure Deployment | |
run: | | |
cd terraform/terraform-modules/tf-ec2-module/ | |
terraform apply -auto-approve | |
# Step 6: Refresh Terraform State to ensure it's up to date with AWS | |
- name: Refresh Terraform State | |
run: | | |
cd terraform/terraform-modules/tf-ec2-module/ | |
terraform refresh | |
# Step 7: Capture Terraform Outputs to Variables | |
- name: Capture Terraform Outputs | |
id: terraform_outputs | |
run: | | |
cd terraform/terraform-modules/tf-ec2-module/ | |
export VPC_ID=$(terraform output -raw vpc_id) | |
export PUBLIC_SUBNET_ID=$(terraform output -raw public_subnet_id) | |
export PRIVATE_SUBNET_ID=$(terraform output -raw private_subnet_id) | |
export SECURITY_GROUP_ID=$(terraform output -raw security_group_id) | |
echo "VPC_ID=$VPC_ID" >> $GITHUB_ENV | |
echo "PUBLIC_SUBNET_ID=$PUBLIC_SUBNET_ID" >> $GITHUB_ENV | |
echo "PRIVATE_SUBNET_ID=$PRIVATE_SUBNET_ID" >> $GITHUB_ENV | |
echo "SECURITY_GROUP_ID=$SECURITY_GROUP_ID" >> $GITHUB_ENV | |
# Step 8: Validate Resources with AWS CLI | |
- name: List Resources Created by Terraform | |
run: | | |
# List VPC | |
echo "Listing VPC with ID: $VPC_ID" | |
aws ec2 describe-vpcs --vpc-ids $VPC_ID || echo "Failed to list VPC with ID: $VPC_ID" | |
# List Public Subnet | |
echo "Listing Public Subnet with ID: $PUBLIC_SUBNET_ID" | |
aws ec2 describe-subnets --subnet-ids $PUBLIC_SUBNET_ID || echo "Failed to list Public Subnet with ID: $PUBLIC_SUBNET_ID" | |
# List Private Subnet | |
echo "Listing Private Subnet with ID: $PRIVATE_SUBNET_ID" | |
aws ec2 describe-subnets --subnet-ids $PRIVATE_SUBNET_ID || echo "Failed to list Private Subnet with ID: $PRIVATE_SUBNET_ID" | |
# List Security Group | |
echo "Listing Security Group with ID: $SECURITY_GROUP_ID" | |
aws ec2 describe-security-groups --group-ids $SECURITY_GROUP_ID || echo "Failed to list Security Group with ID: $SECURITY_GROUP_ID" | |
# Step 9: Destroy Infrastructure | |
- name: Destroy Infrastructure | |
run: | | |
cd terraform/terraform-modules/tf-ec2-module/ | |
terraform destroy -auto-approve | |
# Step 10: Verify Resources are Destroyed | |
- name: Verify Resources are Destroyed | |
run: | | |
# Verify that resources were destroyed by listing them again | |
echo "Verifying VPC Destruction..." | |
aws ec2 describe-vpcs --vpc-ids $VPC_ID || echo "VPC with ID $VPC_ID does not exist." | |
echo "Verifying Public Subnet Destruction..." | |
aws ec2 describe-subnets --subnet-ids $PUBLIC_SUBNET_ID || echo "Public Subnet with ID $PUBLIC_SUBNET_ID does not exist." | |
echo "Verifying Private Subnet Destruction..." | |
aws ec2 describe-subnets --subnet-ids $PRIVATE_SUBNET_ID || echo "Private Subnet with ID $PRIVATE_SUBNET_ID does not exist." | |
echo "Verifying Security Group Destruction..." | |
aws ec2 describe-security-groups --group-ids $SECURITY_GROUP_ID || echo "Security Group with ID $SECURITY_GROUP_ID does not exist." |