junte/Model
1
0
Fork 0
mirror of https://github.com/Hestia-Homes/Model.git synced 2026-06-08 11:17:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
Model/infrastructure/terraform
History
Khalim Conn-Kowlessar d7b24ccdd1 add prevent detroy
2023-07-05 19:26:32 +01:00
..
dev.tfvars Got the database creation working 2023-07-05 18:09:44 +01:00
main.tf add prevent detroy 2023-07-05 19:26:32 +01:00
README.md Updated readme to test ci/cd 2023-07-05 19:03:13 +01:00
secrets.tf first commit of the infrastructure repo, setting up 2023-07-05 14:57:50 +01:00
variables.tf Got the database creation working 2023-07-05 18:09:44 +01:00

README.md

Infrastructure Terraform Repository

This repository manages the permanent infrastructure behind the assessment model. Key components to this include

  • Database
  • Blob storage (s3 buckets)

Terraform AWS Deployment

This project uses Terraform to create infrastructure in AWS. This README covers the steps necessary to deploy the resources.

Prerequisites

  • AWS CLI v2 installed and configured with profiles
  • Terraform v1.2.0 or higher

Deploying

The deployment process can be broken down into the following steps:

  1. Initialization: This downloads the necessary provider plugins for Terraform.
terraform init
  1. Workspace setup: Before you deploy, create a workspace for the environment. For example, if you're setting up the development environment:
terraform workspace new dev
  1. Planning: This step creates an execution plan, showing what changes Terraform will make to reach the desired state.
terraform plan -var-file=dev.tfvars

Note: replace dev.tfvars with your appropriate variables file. For a production deployment, this would be the prod.tfvars file.

  1. Apply: This step applies the desired changes to reach the desired infrastructure state.
terraform apply -var-file=dev.tfvars

Note: replace dev.tfvars with your appropriate variables file.

AWS Profiles

This project uses AWS profiles for managing different environments. Ensure you have your profiles set up in your AWS credentials file (~/.aws/credentials). Here is a sample:

[DevAdmin]
aws_access_key_id = YOUR_ACCESS_KEY
aws_secret_access_key = YOUR_SECRET_KEY

In the given example, DevAdmin is the profile for the development environment. Replace YOUR_ACCESS_KEY and YOUR_SECRET_KEY with your actual AWS credentials.

Switching Environments

If you need to switch environments (e.g., from development to production), use the following command:

terraform workspace select prod

Remember to update your variables file accordingly when planning and applying changes (-var-file=prod.tfvars for production, for example).

Future TODOS

  • At the moment, the database is publicly accessible. We could add an inbound rule to a security group to restrict access to the ip of the vercel application in prod which would look something like this:
resource "aws_security_group_rule" "allow_specific_ip" {
    type = "ingress"
    from_port = 5432
    to_port = 5432
    protocol = "tcp"
    cidr_blocks = ["your.vercel.app.ip.address/32"]
    security_group_id = aws_db_instance.default.vpc_security_group_ids[0]
}
  • Set up prod!
  • Automate deployments