Repository to store terraform code used while studying for the ANS-C01 exam. I am using Adrian Cantrill's AWS Certified Advanced Networking - Specialty course to study for the exam. The course does provide CloudFormation stacks for a number of the demos, but I thought it would be fun challenging to recreate all some of the CloudFormation stacks with terraform code.
- ✅ VPC Deep Dive 🚀
- ✅ CloudTrail 🚀
- ✅ CloudFront - but see open issue
- ✅ VPC Peering 🚀
We use trunk.io's code quality function for formatting and linting. Trunk git hooks run pre-commit and pre-push. The Github App is integrated into the repository to run trunk in pull requests. Because OpenTofu and tflint, with the AWS plugin and deep checking, are enabled, some additional setup for trunk is required. This is done using a GitHub composite action stored in the .trunk/setup-ci folder described in trunk's CI custom setup logic documentation.
This action runs a series of steps to find terraform changes in the dev environment, login to the AWS dev environment, using the GitHub OIDC provider, and store the credentials as environment variables. Subsequent steps, install tflint and OpenTofu and then init both those tools in the directories discovered in the first step. The AWS environment variable credentials are passed into trunk's environment via the tflint definition to allow the tflint AWS plugin to perform deep checking. The AWS plugin is kept up to date by renovate bot.
Note
To keep things simple, tflint deep checking will only work in the dev environment currently because the setup action is configured with the AWS dev account role. A nested action could be used in the future for other accounts.