Merge pull request #11 from hadagalikarthik/apply-nic-napv5

Updated code to use S3 bucket name and AWS region from GitHub secrets

Author: akananth

.github/workflows/apply-nic-napv5.yml

@@ -3,7 +3,9 @@ on:
   push:
     branches: apply-nic-napv5
 env:
-  AWS_REGION: us-east-1
+#  AWS_REGION: us-east-1
+  TF_VAR_AWS_S3_BUCKET_NAME: ${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}
+  TF_VAR_AWS_REGION: ${{ secrets.TF_VAR_AWS_REGION }}
 jobs:
   terraform_bootstrap:
     name: "Bootstrap S3/DynamoDB"
@@ -21,7 +23,7 @@ jobs:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
-          aws-region: ${{ env.AWS_REGION }}
+          aws-region: ${{ secrets.TF_VAR_AWS_REGION }}
 
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v3
@@ -66,15 +68,17 @@ jobs:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
-          aws-region: ${{ env.AWS_REGION }}
+          aws-region: ${{ secrets.TF_VAR_AWS_REGION }}
 
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v3
 
 
       - name: Initialize Terraform (S3 Backend)
         run: |
-          terraform init
+          terraform init \
+            -backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \
+            -backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}"
 
       - name: Terraform Plan
         if: github.event_name == 'pull_request' || github.event_name == 'push'
@@ -94,7 +98,6 @@ jobs:
       - name: Terraform Apply
         if: github.event_name == 'push' && github.ref == 'refs/heads/apply-nic-napv5' && steps.check_changes.outputs.has_changes == 'true'
         run: terraform apply -auto-approve tfplan
-
 
   terraform_eks:
     name: "AWS EKS"
@@ -113,14 +116,17 @@ jobs:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
-          aws-region: ${{ env.AWS_REGION }}
+          aws-region: ${{ secrets.TF_VAR_AWS_REGION }}
 
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v3
 
 
       - name: Terraform Init
-        run: terraform init
+        run: |
+          terraform init \
+            -backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \
+            -backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}"
 
       - name: Terraform Plan
         if: github.event_name == 'pull_request' || github.event_name == 'push'
@@ -158,13 +164,16 @@ jobs:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
-          aws-region: ${{ env.AWS_REGION }}
+          aws-region: ${{ secrets.TF_VAR_AWS_REGION }}
 
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v3
 
       - name: Terraform Init
-        run: terraform init
+        run: |
+          terraform init \
+            -backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \
+            -backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}"
 
       - name: Terraform Plan
         if: github.event_name == 'pull_request' || github.event_name == 'push'
@@ -208,14 +217,17 @@ jobs:
         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
         aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
         aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
-        aws-region: ${{ env.AWS_REGION }}
+        aws-region: ${{ secrets.TF_VAR_AWS_REGION }}
 
     - name: Setup Terraform
       uses: hashicorp/setup-terraform@v3
 
 
     - name: Terraform Init (EKS)
-      run: terraform init
+      run: |
+        terraform init \
+          -backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \
+          -backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}"
       working-directory: ./eks-cluster
 
     - name: Print EKS Terraform Outputs
@@ -306,7 +318,10 @@ jobs:
         kubectl cp ${{ github.workspace }}/policy/compiled_policy.tgz $NGINX_POD:/etc/app_protect/bundles/compiled_policy.tgz -n nginx-ingress 
 
     - name: Terraform Init
-      run: terraform init
+      run: |
+        terraform init \
+          -backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \
+          -backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}"
 
     - name: Terraform Plan
       run: |
@@ -343,13 +358,16 @@ jobs:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
-          aws-region: ${{ env.AWS_REGION }}
+          aws-region: ${{ secrets.TF_VAR_AWS_REGION }}
 
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v3
 
       - name: Terraform Init
-        run: terraform init
+        run: |
+          terraform init \
+            -backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \
+            -backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}"
 
       - name: Terraform Validate
         run: terraform validate -no-color
@@ -383,4 +401,4 @@ jobs:
           else
             echo "external_name=$EXTERNAL_NAME" >> $GITHUB_ENV
             echo "NGINX Ingress External Name: $EXTERNAL_NAME"
-          fi
+          fi

.github/workflows/destroy-nic-napv5.yml

@@ -5,7 +5,9 @@ on:
       - destroy-nic-napv5
   pull_request:
 env:
-  AWS_REGION: us-east-1
+#  AWS_REGION: us-east-1
+  TF_VAR_AWS_S3_BUCKET_NAME: ${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}
+  TF_VAR_AWS_REGION: ${{ secrets.TF_VAR_AWS_REGION }}
 jobs:
   terraform_arcadia:
     name: "Destroy Arcadia WebApp"
@@ -24,13 +26,16 @@ jobs:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
-          aws-region: ${{ env.AWS_REGION }}
+          aws-region: ${{ secrets.TF_VAR_AWS_REGION }}
 
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v3
 
       - name: Terraform Init
-        run: terraform init
+        run: |
+          terraform init \
+            -backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \
+            -backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}"
 
       - name: Terraform Validate
         run: terraform validate -no-color
@@ -71,13 +76,16 @@ jobs:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
-          aws-region: ${{ env.AWS_REGION }}
+          aws-region: ${{ secrets.TF_VAR_AWS_REGION }}
 
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v3
 
       - name: Terraform Init
-        run: terraform init
+        run: |
+          terraform init \
+            -backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \
+            -backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}"
 
       - name: Terraform Destroy
         run: terraform destroy -auto-approve -lock=false
@@ -99,13 +107,16 @@ jobs:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
-          aws-region: ${{ env.AWS_REGION }}
+          aws-region: ${{ secrets.TF_VAR_AWS_REGION }}
 
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v3
 
       - name: Terraform Init
-        run: terraform init
+        run: |
+          terraform init \
+            -backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \
+            -backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}"
 
       - name: Terraform Plan (Destroy)
         run: |
@@ -152,13 +163,16 @@ jobs:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
-          aws-region: ${{ env.AWS_REGION }}
+          aws-region: ${{ secrets.TF_VAR_AWS_REGION }}
 
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v3
 
       - name: Terraform Init
-        run: terraform init
+        run: |
+          terraform init \
+            -backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \
+            -backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}"
 
       - name: Terraform Plan (Destroy)
         if: github.event_name == 'pull_request' || github.event_name == 'push'
@@ -196,13 +210,16 @@ jobs:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
-          aws-region: ${{ env.AWS_REGION }}
+          aws-region: ${{ secrets.TF_VAR_AWS_REGION }}
 
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v3
 
       - name: Terraform Init
-        run: terraform init
+        run: |
+          terraform init \
+            -backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \
+            -backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}"
 
       - name: Terraform Plan (Destroy)
         if: github.event_name == 'pull_request' || github.event_name == 'push'
@@ -244,12 +261,12 @@ jobs:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
-          aws-region: ${{ env.AWS_REGION }}
+          aws-region: ${{ secrets.TF_VAR_AWS_REGION }}
 
       - name: Set Bucket Name
         id: set_bucket
         run: |
-          echo "bucket_name= your-unique-bucket-name" >> $GITHUB_OUTPUT
+          echo "bucket_name= ${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" >> $GITHUB_OUTPUT
 
       - name: Nuclear S3 Bucket Deletion
         run: |

arcadia/backend.tf

@@ -1,8 +1,6 @@
 terraform {
   backend "s3" {
-    bucket         = "your-unique-bucket-name"         # Replace with your actual bucket name  
     key            = "arcadia/terraform.tfstate"       # Path to state file
-    region         = "us-east-1"                     # AWS region
     dynamodb_table = "terraform-lock-table"          # DynamoDB table for state locking
     encrypt        = true                            # Encrypt state file at rest
   }

arcadia/data.tf

@@ -2,28 +2,28 @@
 data "terraform_remote_state" "infra" {
   backend = "s3"
   config = {
-    bucket =  "your-unique-bucket-name"       # Your S3 bucket name
+    bucket =  var.AWS_S3_BUCKET_NAME       # Your S3 bucket name
     key    = "infra/terraform.tfstate"       # Path to infra's state file
-    region = "us-east-1"                     # AWS region
+    region = var.AWS_REGION                    # AWS region
   }
 }
 
 
 data "terraform_remote_state" "nap" {
   backend = "s3"
   config = {
-    bucket =  "your-unique-bucket-name"       # Your S3 bucket name
+    bucket =  var.AWS_S3_BUCKET_NAME       # Your S3 bucket name
     key    = "nap/terraform.tfstate"         # Path to NAP state file
-    region = "us-east-1"                     # AWS region
+    region = var.AWS_REGION                    # AWS region
   }
 }
 
 data "terraform_remote_state" "eks" {
   backend = "s3"
   config = {
-    bucket =  "your-unique-bucket-name"       # Your S3 bucket name
+    bucket =  var.AWS_S3_BUCKET_NAME       # Your S3 bucket name
     key    = "eks-cluster/terraform.tfstate"  # Path to EKS state file
-    region = "us-east-1"                     # AWS region
+    region = var.AWS_REGION                     # AWS region
   }
 }
 

arcadia/variables.tf

@@ -0,0 +1,11 @@
+variable "AWS_REGION" {
+  description = "aws region"
+  type        = string
+  default     = ""
+}
+
+variable "AWS_S3_BUCKET_NAME" {
+  description = "aws s3 bucket name"
+  type        = string
+  default     = ""
+}

eks-cluster/backend.tf

@@ -1,8 +1,6 @@
 terraform {
   backend "s3" {
-    bucket         = "your-unique-bucket-name"       # Your S3 bucket name
     key            = "eks-cluster/terraform.tfstate"       # Path to state file
-    region         = "us-east-1"                     # AWS region
     dynamodb_table = "terraform-lock-table"          # DynamoDB table for state locking
     encrypt        = true                        
   }

eks-cluster/data.tf

@@ -1,9 +1,9 @@
 data "terraform_remote_state" "infra" {
   backend = "s3"
   config = {
-    bucket =  "your-unique-bucket-name"       # Your S3 bucket name
+    bucket =  var.AWS_S3_BUCKET_NAME       # Your S3 bucket name
     key    = "infra/terraform.tfstate"       # Path to infra's state file
-    region = "us-east-1"                     # AWS region
+    region = var.AWS_REGION                    # AWS region
   }
 }
 

eks-cluster/variables.tf

@@ -5,10 +5,22 @@ variable "admin_src_addr" {
   default     = "0.0.0.0/0"
 }
 
+variable "AWS_REGION" {
+  description = "aws region"
+  type        = string
+  default     = ""
+}
+
+variable "AWS_S3_BUCKET_NAME" {
+  description = "aws s3 bucket name"
+  type        = string
+  default     = ""
+}
+
 variable "aws_region" {
   description = "The AWS region to deploy the EKS cluster"
   type        = string
-  default     = "us-east-1"
+  default     = "ap-south-1"
 }
 
 #AWS

infra/backend.tf

@@ -1,8 +1,6 @@
 terraform {
   backend "s3" {
-    bucket         = "your-unique-bucket-name"       # Your S3 bucket name
     key            = "infra/terraform.tfstate"       # Path to state file
-    region         = "us-east-1"                     # AWS region
     dynamodb_table = "terraform-lock-table"          # DynamoDB table for state locking
     encrypt        = true                        
   }