/Deploying-a-Bulletproof-Photo-Sharing-App-with-DevSecOps-Terraform-AWS-EKS-and-Chaos-Engineering

Deploying a Bulletproof Photo Sharing App with DevSecOps, Terraform, AWS EKS, and Chaos Engineering involves creating a highly secure and resilient photo-sharing application using automated infrastructure management, Kubernetes orchestration on AWS, and proactive failure testing to ensure robustness under stress.

Primary LanguageHCL

AWS DevSecops CICDPipeline

CICD

Step 1: After successfully creating the infrastructure, add and install the Nginx Ingress Controller and repository using the following Helm commands:

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install ingress-nginx ingress-nginx/ingress-nginx --version 4.10.0 --namespace ingress-nginx --create-namespace --set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-ssl-cert"="acm-cert-arn" -f nginx-config.yaml

You can also customize the Nginx value: [https://github.com/kubernetes/ingress-nginx]

Step 2: Run a bash script to create and authenticate CodeBuild with AWS EKS and update the EKS cluster's aws-auth ConfigMap with the new role.

  1. chmod +x iam-role-autenticate-eks.sh
  2. ./iam-role-autenticate-eks.sh

Prowler

PROWLER

GITLEAK

GITLEAK

Sonarqube

SONARQUBE

Hadolint

HADOLINT

Trivy

TRIVY

Slack

SLACK

Kubescape

KUBESCAPE

TFSEC

TFSEC

Checkov

CHECKOV

Chaos Engineering

CE

Requirements

Name Version
terraform >= 0.15.0
aws >= 4.29.0
random >= 3.6.0
template >= 2.2.0

Providers

Name Version
aws 5.47.0

Modules

Name Source Version
acm_backend terraform-aws-modules/acm/aws 4.0.1
acm_cf terraform-aws-modules/acm/aws 4.0.1
ui terraform-aws-modules/s3-bucket/aws 3.3.0
ui-cf terraform-aws-modules/cloudfront/aws 3.4.0

Resources

Name Type
aws_dynamodb_table.photos_metadata resource
aws_ecr_repository.foo resource
aws_eip.nat resource
aws_eks_cluster.cluster resource
aws_eks_node_group.private-nodes-01 resource
aws_eks_node_group.private-nodes-02 resource
aws_iam_policy.node_additional_permissions resource
aws_iam_role.demo resource
aws_iam_role.nodes resource
aws_iam_role_policy_attachment.demo-AmazonEKSClusterPolicy resource
aws_iam_role_policy_attachment.node-additional-permissions resource
aws_iam_role_policy_attachment.nodes-AmazonEC2ContainerRegistryReadOnly resource
aws_iam_role_policy_attachment.nodes-AmazonEKSWorkerNodePolicy resource
aws_iam_role_policy_attachment.nodes-AmazonEKS_CNI_Policy resource
aws_iam_role_policy_attachment.nodes-EC2RoleForSSM resource
aws_iam_role_policy_attachment.nodes-SSMFullAccess resource
aws_iam_role_policy_attachment.nodes-SSMManagedInstanceCore resource
aws_iam_role_policy_attachment.nodes-SessionManager resource
aws_internet_gateway.igw resource
aws_kms_key.kms resource
aws_nat_gateway.nat resource
aws_route_table.private resource
aws_route_table.public resource
aws_route_table_association.private-ap-south-1a resource
aws_route_table_association.private-ap-south-1b resource
aws_route_table_association.public-ap-south-1a resource
aws_route_table_association.public-ap-south-1b resource
aws_subnet.private-ap-south-1a resource
aws_subnet.private-ap-south-1b resource
aws_subnet.public-ap-south-1a resource
aws_subnet.public-ap-south-1b resource
aws_vpc.vpc resource
aws_wafv2_ip_set.block_ip_set resource
aws_wafv2_web_acl.main_acl resource
aws_caller_identity.current data source
aws_iam_policy_document.s3_policy data source
aws_route53_zone.main data source

Inputs

Name Description Type Default Required
cluster_config Configuration for the cluster, detailing specifics like size, type, and other cluster-related settings. any n/a yes
ecr_names Names of the Elastic Container Registry repositories required for the deployment. any n/a yes
env The deployment environment name, e.g., 'prod', 'dev', or 'test'. string n/a yes
ui_conf UI configuration settings, which may include theming, layout, and feature toggles. any n/a yes
vpc_config Configuration parameters for the VPC including subnets, CIDR blocks, and other network-related settings. any n/a yes

Outputs

Name Description
acm_arn n/a
cloudfront_url The URL of the CloudFront distribution.
dynamodb_table_name The name of the DynamoDB table.
ecr_repository_details Details of the ECR repositories including URLs and ARNs
eks_values_private_nodes_01 Values related to the AWS EKS managed node group for private-nodes-01
eks_values_private_nodes_02 Values related to the AWS EKS managed node group for private-nodes-02
s3_bucket_name The name of the S3 bucket.
vpc_details Details of the main VPC

You can find the video at https://youtu.be/Uxx3Mkgc58k .