README.md

cloudflare-terraform-infra

Overview

This is an infrastructure as code real time implementation built with:

• Terraform
• GitHub Actions
• Cloudflare DNS

Modules used:

• cloudflare/terraform-provider-cloudflare
• cloudposse/terraform-aws-tfstate-backend

Deployments and resources:

• vortex.name with HCL vortexdotname.tf
• tiamat.tech with HCL tiamatdottech.tf

Folder structure

A quick look at the top-level files and directories you'll see in a HCL project.

├──── aws-terraform-infra
│  ├── .github/
│  ├── .editorconfig
│  ├── .gitattributes
│  ├── .gitignore
│  ├── .terraform.lock.hcl
│  ├── _config.yml
│  ├── backend.tf
│  ├── compose.yaml
│  ├── LICENSE
│  ├── main.tf
│  ├── Makefile
│  ├── README.md
│  ├── tiamatdottech.tf
│  ├── variables.tf
│  ├── versions.tf
│  └── vortexdotname.tf

Installation

Clone the package via git:

git clone git@github.com:0-vortex/cloudflare-terraform-infra.git

Requirements

This repository requires terraform>=v0.14, docker>=20 and gnumake>=3.82 to be installed.

How to use

Local development should not write to an existing environment or the global state.

To be able to check changes before a pull request build set up environment variables as defined in the repository secrets:

# setup aws backend credentials 
export AWS_ACCESS_KEY_ID=DDDD0000000000000000
export AWS_SECRET_ACCESS_KEY=DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
# setup cloudflare infrastructure credentials
export CLOUDFLARE_EMAIL=your.example@mail.com
export CLOUDFLARE_API_KEY=BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
# enable logging
export CLOUDFLARE_API_CLIENT_LOGGING=true

The simplest way to do that is to dry-run as follows:

# see a list of all commands
make

# setup local environment
make init

# plan infrastructure changes
make plan

To scan for Infrastructure-as-Code compliance:

# run all the scans
make scan

# run scans individually
make tflint
make tfsec
make tfscan

License

This library is released under BSD-3 license clause.