first commit of the infrastructure repo, setting up

2026-06-08 11:17:27 +00:00 · 2023-07-05 14:57:50 +01:00 · 2023-07-05 14:57:50 +01:00 · 2274e644f9
commit 2274e644f9
parent 485cfcc203
5 changed files with 140 additions and 0 deletions
--- a/infrastructure/terraform/README.md
+++ b/infrastructure/terraform/README.md
@ -0,0 +1,53 @@
+# Infrastructure Terraform Repository
+
+This repository manages the permanent infrastructure behind the assessment model. Key components to this include
+
+- Database
+- Blob storage (s3 buckets)
+
+# Terraform AWS Deployment
+
+This project uses Terraform to create infrastructure in AWS. This README covers the steps necessary to deploy the resources.
+
+## Prerequisites
+
+- AWS CLI v2 installed and configured with profiles
+- Terraform v1.2.0 or higher
+
+## Deploying
+
+The deployment process can be broken down into the following steps:
+
+1. Initialization: This downloads the necessary provider plugins for Terraform.
+
+```bash
+terraform init
+```
+
+2. Planning: This step creates an execution plan, showing what changes Terraform will make to reach the desired state.
+
+```bash
+terraform plan -var-file=dev.tfvars
+```
+
+Note: replace dev.tfvars with your appropriate variables file. For a production deployment, this would be the prod.tfvars file.
+
+3. Apply: This step applies the desired changes to reach the desired infrastructure state.
+
+```bash
+terraform apply -var-file=dev.tfvars
+```
+
+Note: replace dev.tfvars with your appropriate variables file.
+
+## AWS Profiles
+
+This project uses AWS profiles for managing different environments. Ensure you have your profiles set up in your AWS credentials file `(~/.aws/credentials)`. Here is a sample:
+
+```ini
+[DevAdmin]
+aws_access_key_id = YOUR_ACCESS_KEY
+aws_secret_access_key = YOUR_SECRET_KEY
+```
+
+In the given example, DevAdmin is the profile for the development environment. Replace YOUR_ACCESS_KEY and YOUR_SECRET_KEY with your actual AWS credentials.
--- a/infrastructure/terraform/dev.tfvars
+++ b/infrastructure/terraform/dev.tfvars
@ -0,0 +1,6 @@
+profile = "DevAdmin"
+
+# Database
+allocated_storage = 20
+instance_class = "db.t2.micro"
+database_name = "DevAssessmentModelDB"
--- a/infrastructure/terraform/main.tf
+++ b/infrastructure/terraform/main.tf
@ -0,0 +1,56 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.16"
+    }
+  }
+
+  required_version = ">= 1.2.0"
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.region
+}
+
+resource "random_password" "password" {
+  length  = 16
+  special = true
+}
+
+# Check if a secret already exists with this name
+data "aws_secretsmanager_secret" "existing_secret" {
+  name = "db_credentials"
+  count = "${can(data.aws_secretsmanager_secret.existing_secret.name) ? 1 : 0}"
+}
+
+# Only create a new secret if one does not already exist
+resource "aws_secretsmanager_secret" "db_credentials" {
+  name = "db_credentials"
+  count = "${data.aws_secretsmanager_secret.existing_secret.name != "db_credentials" ? 1 : 0}"
+}
+
+# Only create a new secret version if one does not already exist
+# We can update this approach at a later stage if we wish to rotate the password on a regular basis but because of potental
+# side affects, we make it so that we only create a new secret version if one does not already exist
+resource "aws_secretsmanager_secret_version" "db_credentials" {
+  secret_id     = aws_secretsmanager_secret.db_credentials[count.index].id
+  secret_string = jsonencode({
+    username = "your_db_username"
+    password = random_password.password.result
+  })
+  count = "${data.aws_secretsmanager_secret.existing_secret.name != "db_credentials" ? 1 : 0}"
+}
+
+resource "aws_db_instance" "default" {
+  allocated_storage    = var.allocated_storage
+  engine               = "postgres"
+  engine_version       = "13.3"
+  instance_class       = var.instance_class
+  name                 = var.database_name
+  username             = jsondecode(aws_secretsmanager_secret_version.db_credentials.secret_string)["username"]
+  password             = jsondecode(aws_secretsmanager_secret_version.db_credentials.secret_string)["password"]
+  parameter_group_name = "default.postgres13"
+  skip_final_snapshot  = true
+}
--- a/infrastructure/terraform/secrets.tf
+++ b/infrastructure/terraform/secrets.tf
@ -0,0 +1 @@
+# This script contains secrets which for the moment, are being stored in aws secrets manager
--- a/infrastructure/terraform/variables.tf
+++ b/infrastructure/terraform/variables.tf
@ -0,0 +1,24 @@
+variable "profile" {
+  description = "AWS profile to use"
+  type        = string
+}
+
+variable "region" {
+  description = "AWS region"
+  type        = string
+}
+
+variable allocated_storage {
+  description = "The allocated storage in gigabytes"
+  type        = number
+}
+
+variable instance_class {
+  description = "The instance type of the RDS instance"
+  type        = string
+}
+
+variable database_name {
+  description = "The name of the database to create when the DB instance is created"
+  type        = string
+}
				`@ -0,0 +1 @@`
				`# This script contains secrets which for the moment, are being stored in aws secrets manager`