Provisioning AWS Infrastructure with Terraform and GitHub Actions CICD
Recently Twala neo bank received funding for their startup. Nanna who is a manager at Twala has to log in to the system every morning. Create tables to compare expenses, profits, and losses incurred. At the same time make necessary changes and share the file with the audit team. Nanna gets exhausted and wastes a lot of time doing the same thing every morning.
Now let's apply the same concept to understanding terraform. What if Nanna could create a script that creates the tables and then get a tool that automatically reflects her changes to the audit team? For this article Nanna’s script is Terraform and the audit tool is GitHub Actions. Well terraform is here to ease all the burden of setting up your infrastructure one by one manually.
For this article, we write a Terraform script that creates ec2 instances with a virtual private network for our Docker Swarm clusters. Pushes the Terraform Script to GitHub for version control, and with the help of the GitHub actions workflow file automatic changes are detected and deployed.
Infrastructure Architecture:
Prerequisites:
- AWS Account with IAM user credentials / AWS CLI installed
2. Terraform installed
3. GitHub account
In Terraform, you define your desired resources, their properties, and dependencies. You can also specify providers. tf file (This file helps to define the configuration details and any required authentication credentials) output. tf file and variables. tf file (The variables. tf helps to define the input variables and helps customize values and can be used for different environments.)
VPC: This represents a logically isolated virtual network. We assign a CIDR block of 10.0.0.0/16 to the VPC. This means all IP addresses falling within this range can be assigned to resources in this VPC.
Internet Gateway: Allows traffic in a VPC to the public internet.
Route Tables: Route tables are for redirecting traffic within the VPC and are associated with subnets. For our case, it routes IP addresses to our ec2 instances in the VPC to an internet gateway.
EC2 Instance: In Docker swarm, we have the master and worker node, as a result, we will create two instances representing each in our ec2.tf fileEC2 instances are virtual servers launched within the VPC. The chosen instance type for this demo would be t2micro which is a free tier eligibility.
Security Groups: security group controls inbound and outbound traffic within the VPC.They allow access to the internet using SSH to EC2 instances.
Setting up AWS Credentials:
aws configure command, from the IAM user in the AWS console we can then generate Access Key and Secret Key, together with the region.
Configuring terraform:
Terraform has 4 main commands. The first command Terraform init is usually used to initialize and download necessary modules. Then terraform plan command which drafts the resources to be created or deleted.
Remember to add a .ignore file for the terraform state files.
Note the -var-file=tfvars/dev.tfvars addition in our terminal, well this loads the variable values defined in the tfvars/dev. tfvars file. Terraform reads the variable values from the file and uses them during execution.
Terraform apply -var-file=tfvars/dev.tfvars — command creates the ec2 instances and vpc we specified earlier. Once you’ve run the commands you can navigate to your AWS console to see your created resources.
Terraform destroy -var-file=tfvars/dev.tfvars — this command destroys the infrastructure and usually is run once the deployment is done.
GitHub Configuration:
The Terraform files are then pushed to GitHub and a workflow file is created for auto-deployment. To push the script we use git add. command, git commit -m “your commit message” and finally git push origin command.
GitHub Actions
This is a Continuous Integration and Deployment tool. First, we create a workflow file with all the steps we need.
The steps include: Once a Pull Request is made to the main branch, terraform and aws cli is installed then aws user credentials are configured, then terraform commands run. The output IP addresses from the terraform command can then be used to deploy the clusters. Here’s a link to my workflow configuration.
Note: For security best practices, all the sensitive environment variables values should not be pushed directly to your GitHub account, instead you always want to add them as secrets in your Repo.
Next is navigating to the Actions tab under the Repository and creating a new workflow. This gets triggered every time a commit is made to this.GitHub/workflow/ main.yaml file
By completing this project steps, we demonstrate our skills in using Terraform to provision infrastructure, Git for version control, and GitHub Actions for our workflow. Here’s the Github Repo with the source code.
Thank you for taking the time to read.
