-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
29942e1
commit 7c05819
Showing
7 changed files
with
146 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1,76 @@ | ||
| # CD Pipeline deployment of devops-create-image-nest-api project | ||
| # CD Pipeline deployment of devops-create-image-nest-api project | ||
|
|
||
| ## Prerequisites | ||
|
|
||
| **AWS CLI** | ||
|
|
||
| - You need an AWS account | ||
| - You need to install AWS CLI | ||
| https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html | ||
|
|
||
| **AWS SSO** | ||
|
|
||
| ```bash | ||
| aws sso configure | ||
| aws sso login --profile {$profileName} | ||
| ``` | ||
|
|
||
| ## Sensitive data | ||
|
|
||
| For the `thumbprint` run the command below | ||
|
|
||
| ```bash | ||
| echo | openssl s_client -servername token.actions.githubusercontent.com -connect token.actions.githubusercontent.com:443 2>/dev/null | openssl x509 -fingerprint -noout | sed 's/SHA1 Fingerprint=//' | tr -d ':' | ||
| ``` | ||
|
|
||
| ```bash | ||
| cp secret.tfvars.sample secret.tfvars | ||
| ``` | ||
|
|
||
| Edit `secret.tfvars` and add your Github repository | ||
|
|
||
| ```hcl | ||
| aws_account_id = "{AWS Account ID}" | ||
| thumbprint = "{SHA1 Fingerprint}" | ||
| gh_iac_repo = "repo:{username}/{repo}:ref:refs/heads/{branch}" | ||
| gh_app_repo = "repo:{username}/{repo}:ref:refs/heads/{branch}" | ||
| ``` | ||
|
|
||
| Run the command to check if everything is ok | ||
|
|
||
| ```bash | ||
| terraform plan -var-file=secret.tfvars | ||
| ``` | ||
|
|
||
| These steps are only for running Terraform locally. | ||
|
|
||
| We also need to store these variables in Github Secrets. | ||
| You can create them in the Github UI: | ||
| `https://github.com/{user}/{repo}/settings/secrets/actions` | ||
|  | ||
|
|
||
| ## Creating the role for the Terraform CLI on AWS | ||
|
|
||
| Now we need to apply the changes locally, and get the ARN of the role that we will use in the next step. | ||
|
|
||
| ```bash | ||
| terraform apply -var-file=secret.tfvars | ||
| ``` | ||
|
|
||
| Type `yes` to apply the changes. | ||
|
|
||
| Go to your AWS console and open the IAM console. | ||
| On Roles, click in the new role that was created `tf_role` and copy the ARN. | ||
|
|
||
|  | ||
|
|
||
| Now we need to create a Github Secret with the ARN of the role, and the name `ARN_TF_ROLE`. | ||
| You can follow the same steps as in the previous section. | ||
|
|
||
| ## Deployment | ||
|
|
||
| ```bash | ||
| terraform init | ||
| terraform plan | ||
| terraform apply | ||
| ``` |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| aws_account_id = "{AWS Account ID}" | ||
| thumbprint = "{SHA1 Fingerprint}" | ||
| gh_iac_repo = "repo:{username}/{repo}:ref:refs/heads/{branch}" | ||
| gh_app_repo = "repo:{username}/{repo}:ref:refs/heads/{branch}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| variable "aws_account_id" { | ||
| description = "AWS Account ID" | ||
| type = string | ||
| sensitive = true | ||
| } | ||
|
|
||
| variable "thumbprint" { | ||
| description = "SHA1 Fingerprint" | ||
| type = string | ||
| sensitive = true | ||
| } | ||
|
|
||
| variable "github_iac_repo" { | ||
| description = "Github repository, e.g. repo:{username}/{repo}:ref:refs/heads/{branch}" | ||
| type = string | ||
| sensitive = true | ||
| } | ||
|
|
||
| variable "github_app_repo" { | ||
| description = "Github repository, e.g. repo:{username}/{repo}:ref:refs/heads/{branch}" | ||
| type = string | ||
| sensitive = true | ||
| } |