I have tfsec and tflint installed locally. Please see .tflint.hcl and the various tfsec:ignore comments. This code passes all checks:
$ tfsec
No problems detected!
0 potential problems detected:
$ tflint
Please note that tflint simply exits if no issues are detected.
JS/ES/TS testing is performed via eslint. More instructions on this below
Script to pull down the latest Terraform version if you don't use tfenv.
ES (ECMAscript aka JS) linting module. Run via npx eslint src/000.js --fix if you want to modify in place as I have done.
tflint requires this config file in order to resolve issues with the latest providers/plugins.
Prevents committing things that are not appropriate.
Test variable values without having to explicitly write terraform plan/apply --var-file=, etc.
Dockerizes the application contained in ./src/ and ./bin/; nothing fancy here except that I used node:current-alpine in order to make a smaller image and not use an ancient version of Node.js.
Updated package.json to include eslint, reflect my changes, etc.
Configuration for the AWS Region, profile, etc. to use for authentication and deploying resources. Note that I am using the latest AWS provider format that just came out about a week ago, and have included a work-around for hashicorp/terraform-provider-aws#23110 which is an issue opened a few days ago and still actively being addressed.
This is a monolith on purpose. Good code starts as a monolith. One should break out parts of the monolith only when needed.
Allows various input variables. I show off an example of a validation condition, comments, conditionals, etc.
Required versions of TF and various providers. I'm using AWS provider 4.1.0, which caused some thrash as I had to rewrite a lot of stuff for the 4.x upgrade, but it was a good exercise. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/guides/version-4-upgrade for more details.
This is just a separate .tf file to separate the module call to cf_waf_acm from the "main" .tf code.
This Terraform module takes a domain name and an origin, wires up a CF distribution + ACM cert + WAF, peforms DNS verification of the ACM cert, attaches the ACM cert to the CF distro, sets up an encrypted S3 logging Buckt for CF, etc. so that you get anti-DDoS protection + a global pull-through cache with HTTPS + a fancy domain with its own HTTPS cert, etc. I wrote this years ago, and just updated it for TF AWS provider 4.x.
I wrote or co-authored both of these modules. They are required by the cf_waf_acm module.
- If you know how to use git, start a git repository (local-only is acceptable) and commit all of your work to it. ✔️
- Deploy the app in any public cloud and navigate to the index page. Use Linux 64-bit x86/64 as your OS (Amazon Linux preferred in AWS, Similar Linux flavor preferred in GCP and Azure) ✔️
- Deploy the app in a Docker container. Use
nodeas the base image. Versionnode:10or later should work. ✔️ - Inject an environment variable (
SECRET_WORD) in the Docker container. The value ofSECRET_WORDshould be the secret word discovered on the index page of the application. ✔️ - Deploy a load balancer in front of the app. ✔️
- Use Infrastructure as Code (IaC) to "codify" your deployment. Terraform is ideal, but use whatever you know, e.g. CloudFormation, CDK, Deployment Manager, etc. ✔️
- Add TLS (https). You may use locally-generated certs. ✔️
- Your work assets, as one or both of the following:
- A link to a hosted git repository. ✔️
- You're looking at it: https://github.com/sskalnik/quest
A ZIP file containing your project directory. Include the.gitsub-directory if you used git.
- Proof of completion, as one or both of the following:
- Link(s) to hosted public cloud deployment(s). ✔️
- One or more screenshots showing, at least, the index page of the final deployment in one or more public cloud(s) you have chosen. ✔️
- An answer to the prompt: "Given more time, I would improve..."
- Discuss any shortcomings/immaturities in your solution and the reasons behind them (lack of time is a perfectly fine reason!) ✔️
- See this README, as well as comments in the code itself.
- This may carry as much weight as the code itself
- IaC files, if you completed that task. ✔️
- Project uses TF IaC.
- One or more Dockerfiles, if you completed that task. ✔️
- Project contains a Dockerfile.
- A sensible README or other file(s) that contain instructions, notes, or other written documentation to help us review and assess your submission. ✔️
- Project contains the README.md file you are reading now.