Giter Site home page Giter Site logo

terraform-aws's Introduction

terraform-aws

AWS のリソースを Terraform で構成する。

GitHub Actions Status badges

Name Environment Result
Linterなどによる検証 pre-commit pre-commit
AWS 検証環境 Sandbox Terraform - sandbox
AWS ポートフォリオ Management Terraform - management
AWS 全体管理 Management Terraform - management

ブランチ設計

gitGraph
    commit
    branch feature/update-readme
    commit
    commit
    commit
    checkout main
    merge feature/update-readme
    commit
    commit
  1. GitHub Flow で運用します。
  2. main がデフォルトブランチです。
  3. main ブランチにマージされると GitHub Actions で terraform apply でインフラが更新されます。
    • マージのタイミングがデプロイに相当します。

module 化しないリソース

リソース 理由
aws_iam_role_policy_attachment パラメータが少なすぎて module 化するメリットがない
aws_route53_record リソースの種類が多く汎用的な module にするコストに見合うメリットがない

セキュリティポリシー

AWS の認証方法

  • GitHub Actions から AWS のリソースをデプロイするときの認証方式は OIDC です。
  • Credential は管理面の手間がかかるため採用していません。

EditorConfig 設定

包括的なコーディング規約として EditorConfig を使用しているため、公式ページの Download a Plugin のエディタ・IDE を使用している場合は、プラグインを追加してください。

Setup

Homebrew

# install brew see: https://brew.sh/index_ja
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

# install software
brew bundle

anyenv

zsh

anyenv init
anyenv install --init
echo 'eval "$(anyenv init -)"' >> ~/.zshrc
exec $SHELL -l
mkdir -p "$(anyenv root)/plugins"
git clone https://github.com/znz/anyenv-update.git "$(anyenv root)/plugins/anyenv-update"

fish

anyenv init - fish | source
anyenv install --init
set -Ux fish_user_paths $HOME/.anyenv/bin $fish_user_paths
echo 'set -x PATH ~/.anyenv/bin $PATH' >> ~/.config/fish/config.fish
echo 'eval (anyenv init - | source)' >> ~/.config/fish/config.fish
exec fish -l
mkdir -p (anyenv root)/plugins
git clone https://github.com/znz/anyenv-update.git (anyenv root)/plugins/anyenv-update
which anyenv

tfenv

anyenv install tfenv
which tfenv

Terraform

tfenv install
which terraform
terraform install
terraform -version

Rancher Desktop

Linux

see Rancher Desktop - Linux

curl -s https://download.opensuse.org/repositories/isv:/Rancher:/stable/deb/Release.key | gpg --dearmor | sudo dd status=none of=/usr/share/keyrings/isv-rancher-stable-archive-keyring.gpg
echo 'deb [signed-by=/usr/share/keyrings/isv-rancher-stable-archive-keyring.gpg] https://download.opensuse.org/repositories/isv:/Rancher:/stable/deb/ ./' | sudo dd status=none of=/etc/apt/sources.list.d/isv-rancher-stable.list
sudo apt update
sudo apt install rancher-desktop

os reboot.

Session Manager Plugin

see: (オプション) AWS CLI 用の Session Manager プラグインをインストールする

Linux (Debian | amd64)

curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_64bit/session-manager-plugin.deb" -o "session-manager-plugin.deb"
sudo dpkg -i session-manager-plugin.deb
rm -rf session-manager-plugin.deb

pre-commit

# setup
pre-commit install --install-hooks

ローカルから Terraform CLI を実行する方法

AWS Profile の設定

これは Makefile の aws-vault で使用されます。 下記の内容を ~/.aws/config に設定します。

[profile terraform-aws-management]
sso_start_url = https://tqer39-management.awsapps.com/start/
sso_region = ap-northeast-1
sso_account_id = 577523824419
sso_role_name = <AWS SSO Role Name>
region = ap-northeast-1
output = json

Terraform のセットアップ

tfenv install
terraform -v

コマンドのフォーマット

  • AWS CLI (SSO) の profile: 前項で設定した AWS CLI の profile
  • 実行先のパス: Terraform CLI を実行するパス
  • Terraform コマンド: terraform に続くコマンド
# Format:
aws-vault exec "${AWS CLI (SSO) の profile}" -- terraform -chdir="${実行先のパス}" "${Terraform コマンド}"

terraform init(初期化)

# Example:
aws-vault exec terraform-aws-management -- terraform -chdir=./terraform/environments/dev/base_apne1 init

terraform validate

# Example:
aws-vault exec terraform-aws-management -- terraform -chdir=./terraform/environments/dev/base_apne1 validate

terraform plan

# Example:
aws-vault exec terraform-aws-management -- terraform -chdir=./terraform/environments/dev/base_apne1 plan

terraform apply

※ローカルからのデプロイは原則禁止です。

# Example:
aws-vault exec terraform-aws-management -- terraform -chdir=./terraform/environments/dev/base_apne1 apply -auto-approve

新しい環境の作成方法

手動で s3 バケットを作成。 リソースを作成。

.github/workflows/terraform-aws-<環境名>.yml
.github/labeler.yml
terraform/environments/<環境名>/base/main.tf
terraform/environments/<環境名>/base/provider.tf
terraform/environments/<環境名>/base/terraform.tf
terraform/environments/<環境名>/base/shared-locals.tf
terraform/environments/<環境名>/shared/locals.tf
# https://xxxxx.awsapps.com/start#/
export AWS_ACCESS_KEY_ID="XXXXXXXXXX"
export AWS_SECRET_ACCESS_KEY="XXXXXXXXXX"
export AWS_SESSION_TOKEN="XXXXXXXXXX"

terraform -chdir=terraform/environments/<環境名>/base init

手動で作成した s3 バケットを import。

$TF_PATH="terraform/environments/<環境名>/base"
terraform -chdir="$TF_PATH" import module.terraform-backend.module.s3-bucket.aws_s3_bucket.this <バケット名>
terraform -chdir="$TF_PATH" import module.terraform-backend.module.s3-bucket.aws_s3_bucket_acl.this <バケット名>
terraform -chdir="$TF_PATH" import module.terraform-backend.module.s3-bucket.aws_s3_bucket_public_access_block.this <バケット名>
terraform -chdir="$TF_PATH" import module.terraform-backend.module.s3-bucket.aws_s3_bucket_versioning.this <バケット名>

OIDC 関連のリソースの新規作成と s3 バケットのパラメータ更新を行います。

$TF_PATH="terraform/environments/<環境名>/base"
terraform -chdir="$TF_PATH" fmt
terraform -chdir="$TF_PATH" validate
terraform -chdir="$TF_PATH" plan
terraform -chdir="$TF_PATH" apply -auto-approve

terraform-aws's People

Contributors

renovate[bot] avatar tqer39 avatar renovate-bot avatar mergify[bot] avatar github-actions[bot] avatar

Stargazers

avatar

Watchers

avatar avatar Jeffrey Turner avatar

terraform-aws's Issues

Action Required: Fix Renovate Configuration

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Error type: Cannot find preset's package (github>tqer39/renovate-config:automergeStrategy). Note: this is a nested preset so please contact the preset author if you are unable to fix it yourself.

タイトル:

変更の要請者(またはチーム)

申請者本人

変更する理由

hoge のバージョンアップを行うため。

変更をすることによって得られること

xxx のパフォーマンスが向上する。

変更することによるリスク

同一の問題が他のリポジトリにもある。

変更を実施するときに必要になるリソース

追加で通知の設定が必要。

この変更における責任者

作業担当者本人

他の変更との関係

xxx のリリースの前に実施する必要がある。

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Repository problems

These problems occurred while renovating this repository. View logs.

  • WARN: Use matchDepNames instead of matchPackageNames

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Detected dependencies

github-actions
.github/actions/aws-credential/action.yml
  • aws-actions/configure-aws-credentials v4
.github/actions/setup-node/action.yml
  • actions/setup-node v4
.github/actions/setup-terraform/action.yml
  • hashicorp/setup-terraform v3
.github/actions/terraform-plan/action.yml
  • rtCamp/action-slack-notify v2
.github/actions/terraform-validate/action.yml
  • actions/cache v4
  • terraform-linters/setup-tflint v4
.github/workflows/_terraform-aws-management.yml
  • actions/checkout v4
  • actions/checkout v4
  • bobheadxi/deployments v1
  • bobheadxi/deployments v1
  • actions/checkout v4
.github/workflows/_terraform-aws-portfolio.yml
  • actions/checkout v4
  • actions/checkout v4
  • bobheadxi/deployments v1
  • bobheadxi/deployments v1
  • actions/checkout v4
.github/workflows/_terraform-aws-sandbox.yml
  • actions/checkout v4
  • actions/checkout v4
  • bobheadxi/deployments v1
  • bobheadxi/deployments v1
  • actions/checkout v4
.github/workflows/auto-assign.yml
  • kentaro-m/auto-assign-action v2.0.0
.github/workflows/labeler.yml
  • actions/labeler v5
.github/workflows/pre-commit.yml
  • actions/checkout v4
  • pre-commit/action v3.0.1
.github/workflows/secrets-manager.yml
  • actions/checkout v4
  • abhilash1in/aws-secrets-manager-action v2.1.0
.github/workflows/terraform-docs.yml
  • actions/checkout v4.1.1
  • terraform-docs/gh-actions v1.1.0
.github/workflows/terraform-renovate.yml
  • actions/checkout v4.1.1
  • hashicorp/setup-terraform v3
  • EndBug/add-and-commit v9
pre-commit
.pre-commit-config.yaml
  • pre-commit/pre-commit-hooks v4.6.0
  • adrienverge/yamllint v1.35.1
  • streetsidesoftware/cspell-cli v8.8.2
  • igorshubovych/markdownlint-cli v0.41.0
  • koalaman/shellcheck-precommit v0.10.0
  • pre-commit/mirrors-prettier v3.1.0
  • rhysd/actionlint v1.7.0
  • renovatebot/pre-commit-hooks 37.340.5
  • antonbabenko/pre-commit-terraform v1.90.0
terraform
terraform/environments/management/base/main.tf
terraform/environments/management/base/provider.tf
terraform/environments/management/base/terraform.tf
  • aws 5.46.0
  • http 3.4.2
  • tls 4.0.5
  • hashicorp/terraform 1.8.1
terraform/environments/management/base_apne1/main.tf
terraform/environments/management/base_apne1/provider.tf
terraform/environments/management/base_apne1/terraform.tf
  • aws 5.46.0
  • http 3.4.2
  • tls 4.0.5
  • hashicorp/terraform 1.8.1
terraform/environments/management/domains/main.tf
terraform/environments/management/domains/provider.tf
terraform/environments/management/domains/terraform.tf
  • aws 5.46.0
  • hashicorp/terraform 1.8.1
terraform/environments/management/multi_account/main.tf
terraform/environments/management/multi_account/provider.tf
terraform/environments/management/multi_account/terraform.tf
  • aws 5.46.0
  • hashicorp/terraform 1.8.1
terraform/environments/management/sso/main.tf
terraform/environments/management/sso/provider.tf
terraform/environments/management/sso/terraform.tf
  • aws 5.46.0
  • hashicorp/terraform 1.8.1
terraform/environments/portfolio/base_apne1/main.tf
terraform/environments/portfolio/base_apne1/provider.tf
terraform/environments/portfolio/base_apne1/terraform.tf
  • aws 5.46.0
  • http 3.4.2
  • tls 4.0.5
  • hashicorp/terraform 1.8.1
terraform/environments/portfolio/domains/main.tf
terraform/environments/portfolio/domains/provider.tf
terraform/environments/portfolio/domains/terraform.tf
  • aws 5.46.0
  • hashicorp/terraform 1.8.1
terraform/environments/portfolio/terraform_github/main.tf
terraform/environments/portfolio/terraform_github/provider.tf
terraform/environments/portfolio/terraform_github/terraform.tf
  • aws 5.46.0
  • http 3.4.2
  • tls 4.0.5
  • hashicorp/terraform 1.8.1
terraform/environments/portfolio/terraform_vercel/main.tf
terraform/environments/portfolio/terraform_vercel/provider.tf
terraform/environments/portfolio/terraform_vercel/terraform.tf
  • aws 5.46.0
  • http 3.4.2
  • tls 4.0.5
  • hashicorp/terraform 1.8.1
terraform/environments/portfolio/time_capsule/main.tf
terraform/environments/portfolio/time_capsule/provider.tf
terraform/environments/portfolio/time_capsule/terraform.tf
  • aws 5.46.0
  • http 3.4.2
  • tls 4.0.5
  • hashicorp/terraform 1.8.1
terraform/environments/sandbox/base_apne1/main.tf
terraform/environments/sandbox/base_apne1/provider.tf
terraform/environments/sandbox/base_apne1/terraform.tf
  • aws 5.46.0
  • http 3.4.2
  • tls 4.0.5
  • hashicorp/terraform 1.8.1
terraform/environments/sandbox/test-statement/main.tf
terraform/environments/sandbox/test-statement/provider.tf
terraform/environments/sandbox/test-statement/terraform.tf
  • aws 5.46.0
  • hashicorp/terraform 1.8.1
terraform/environments/sandbox/time_capsule/main.tf
terraform/environments/sandbox/time_capsule/provider.tf
terraform/environments/sandbox/time_capsule/terraform.tf
  • aws 5.46.0
  • http 3.4.2
  • tls 4.0.5
  • hashicorp/terraform 1.8.1
terraform/usecases/terraform_tfstate_bucket/main.tf
terraform-version
.terraform-version
  • hashicorp/terraform 1.8.1
  • Check this box to trigger a request for Renovate to run again on this repository

[Bug]: test

Contact Details

aaa

What happened?

バグが生じました!

Version

1.0.2 (Default)

What browsers are you seeing the problem on?

No response

Relevant log output

aaa

Code of Conduct

  • I agree

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.