Home
The project goal is to make the developer's life easier from the perspective of repetitive DevOps tasks.
When using this project you will be able to create AWS Infrastructure for REST API applications, both server, and client.
This project use terraform to automate the process of creating and maintaining the infrastructure.
-
Application -
-
Server example app includes connection to Atlas MongoDB
-
Client example app includes Sign in with MFA, Read/Write events to server API.
-
-
Certificate - Both the server and the client can use a custom domain.
-
Authentication - Cognito implementation for user management including MFA.
-
Mongodb - Creation of infrastructure for DB and connect by PrivateLink to AWS infrastructure.
-
Turrgrant - Easy way to duplicate infrastructure for multiple environments.
-
CI/CD - Auto deployment process by AWS CodePipeline.
-
Security - Each resource is protected by WAF rules.
Installation Docs link
brew install awscli
$ aws configure
AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: us-west-2
Default output format [None]: json
Installation Docs (link)
First, install the HashiCorp tap, a repository of all our Homebrew packages.
brew tap hashicorp/tap
Now, install Terraform with
hashicorp/tap/terraform.
brew install hashicorp/tap/terraform
Installation Docs link
brew install terragrunt
Before running the examples you will need to create a Github Personal Access Token that will give terraform access to your repository to be able connecting the repository with AWS Codepipline (CI/CD).
You can follow this link to create a new Access Token.
After creating the github secret you need to save it in the AWS Secret Manager service.
The name must be: github_secret
In the secret key use the same key: GitHubPersonalAccessToken
And the value will be your key you generated from Github.
After this stage terraform will be able to connect the github repository with your project.
- Create Mongodb atlas account. doc link
- Create organization API key. doc link
- Copy the private and public keys.
- Create
sensitive.tffile inside the example folder in this project.
The file should look like this:
sensitive.tf
public_key="eeeeee"
private_key="aaaaaa-bbbb-cccc-54342-5432ggg"
atlas_org_id = "324214321432aaa"
This example will use the minimum required variables to create the infrastructure. This example doesn't include the ACM custom domain.
simple.tf
module "infrastructure" {
source = "../../infra-modules"
stage = "test"
name = "terraform-moveo"
cognito_default_user_email = "< PROVIDE YOUR EMAIL >"
client_repository_name = "terraform"
client_branch_name = "develop"
server_repository_name = "terraform"
server_branch_name = "develop"
github_org = "MoveoTech"
public_key = var.public_key
private_key = var.private_key
atlas_org_id = var.atlas_org_id
module = var.module
}
This example will use a custom domain and all configurable variables.
complete.tf
module "infrastructure" {
source = "../../infra-modules"
region = "eu-west-3"
availability_zones = ["eu-west-3a"]
instance_type = "t3.micro"
stage = "test"
name = "terraform-moveo"
cognito_default_user_email = "dev@moveohls.com"
client_repository_name = "terraform"
client_branch_name = "develop"
server_repository_name = "terraform"
server_branch_name = "develop"
github_org = "MoveoTech"
public_key = var.public_key
private_key = var.private_key
atlas_org_id = var.atlas_org_id
module = var.module
atlas_users = ["dev@moveohls.com"]
private_endpoint_enabled = true
enable_atlas_whitelist_ips = false
atlas_whitelist_ips = []
client_logout_urls = ["https://www.test.terraform.moveodevelop.com/logout"]
client_default_redirect_uri = "https://www.test.terraform.moveodevelop.com"
client_callback_urls = ["https://www.test.terraform.moveodevelop.com"]
parent_zone_id = "ZZG2X8KI3MIQB"
aliases_client = ["test.terraform.moveodevelop.com", "www.test.terraform.moveodevelop.com"]
domain_name = "test.terraform.moveodevelop.com"
subject_alternative_names = ["www.test.terraform.moveodevelop.com"]
dns_alias_enabled = true
}