/tf-hashicafe-fullstack-aws

Terraform demo environment with a bunch of AWS services

Primary LanguageHCLMIT LicenseMIT

hashicafe-fullstack-aws

Terraform repo for larger-scale AWS demos.

Currently includes the following services:

  • VPC
  • IAM
  • EC2 (with HCP Packer used for AMI references)
  • S3
  • ECS
  • EKS
  • ELB
  • DynamoDB

The main branch is flat - some public modules are used, but mostly direct resource references, and intentionally minimal security/compliance hardening so IaC scanning tools can be demonstrated with a fair number of issues to find.

The security-fix branch shows the same resources but with security findings fixed (currently based on Checkov scans).

Over time I'll add more branches to show refactoring into local, then TFC private modules.

Using

To use in your own environment, update main.tf to change the Terraform Cloud organization and workspace selection to your own.

Requirements

Name Version
terraform >= 1.3
aws ~> 5.9
hcp ~> 0.82

Providers

Name Version
aws ~> 5.9
hcp ~> 0.82

Modules

Name Source Version
bastion_sg terraform-aws-modules/security-group/aws ~> 5.1
ecs_alb_sg terraform-aws-modules/security-group/aws ~> 5.1
ecs_nginx_sg terraform-aws-modules/security-group/aws ~> 5.1
vpc terraform-aws-modules/vpc/aws ~> 5.1

Resources

Name Type
aws_dynamodb_table.products resource
aws_dynamodb_table_item.products resource
aws_ecs_cluster.frontend resource
aws_ecs_cluster_capacity_providers.default resource
aws_ecs_service.nginx resource
aws_ecs_task_definition.nginx resource
aws_eks_addon.cni resource
aws_eks_addon.dns resource
aws_eks_addon.proxy resource
aws_eks_cluster.backend resource
aws_eks_node_group.backend resource
aws_iam_instance_profile.bastion resource
aws_iam_role.bastion resource
aws_iam_role.ecs_task resource
aws_iam_role.ecs_task_execution resource
aws_iam_role.eks resource
aws_iam_role.eks_node_group resource
aws_iam_role_policy_attachment.ecs_task_execution resource
aws_iam_role_policy_attachment.eks_cluster_policy resource
aws_iam_role_policy_attachment.eks_cluster_vpc_resource_controller resource
aws_iam_role_policy_attachment.eks_cni resource
aws_iam_role_policy_attachment.eks_registry resource
aws_iam_role_policy_attachment.eks_worker resource
aws_instance.bastion resource
aws_launch_template.eks_nodes resource
aws_lb.ecs_frontend resource
aws_lb_listener.ecs_frontend resource
aws_lb_target_group.ecs_frontend resource
aws_s3_bucket.assets resource
aws_s3_bucket_ownership_controls.assets resource
aws_s3_bucket_policy.assets resource
aws_s3_bucket_server_side_encryption_configuration.assets resource
aws_s3_bucket_versioning.assets resource
aws_s3_object.images resource
aws_default_tags.default data source
aws_iam_policy_document.assets_bucket data source
aws_iam_policy_document.ecs_assume_role data source
hcp_packer_artifact.base data source

Inputs

Name Description Type Default Required
bastion_packer_bucket The HCP Packer bucket name for the bastion instance. string n/a yes
owner Name of the person responsible for this deployment. string n/a yes
prefix A prefix for resource names. Will be combined with env to generate unique names. string n/a yes
region AWS region. string n/a yes
bastion_instance_type EC2 instance type for the bastion instance. string "t3.micro" no
bastion_packer_channel The HCP Packer channel name for the bastion instance. string "development" no
eks_node_instance_type EC2 instance type for the EKS nodes. string "t3.medium" no
env Environment for this deployment. string "dev" no

Outputs

Name Description
asset_bucket_name Name of the S3 bucket for app assets.
bastion_hostname Public hostname of the bastion instance.
eks_endpoint API endpoint of the EKS cluster.
frontend_url URL of the frontend load balancer.