Skip to content

Updated code to use S3 bucket name and AWS region from GitHub secrets #11

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 9 commits into from
Mar 31, 2025
Merged

Updated code to use S3 bucket name and AWS region from GitHub secrets #11

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
2825974
Deploy fresh code 29-03 v1
hadagalikarthik Mar 29, 2025
0fb8f78
Deploy fresh code 29-03 v2 - Removed unique bucket name variable
hadagalikarthik Mar 29, 2025
8ad8425
Deploy fresh code 29-03 v3 - Made AZS dynamic
hadagalikarthik Mar 29, 2025
1c6631a
Deploy fresh code 29-03 v3 - Made AZS dynamic
hadagalikarthik Mar 29, 2025
e3f9952
Deploy fresh code 29-03 v3 - Made AZS dynamic
hadagalikarthik Mar 29, 2025
ba9bc60
Deploy fresh code 29-03 v3 - Made AZS dynamic
hadagalikarthik Mar 29, 2025
9f4fb2f
Deploy fresh code 29-03 v3 - Made AZS dynamic using local
hadagalikarthik Mar 29, 2025
f856c06
Deploy fresh code 29-03 v3 - Made AZS dynamic using local
hadagalikarthik Mar 29, 2025
1671274
Code ready to merge to master
hadagalikarthik Mar 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 33 additions & 15 deletions .github/workflows/apply-nic-napv5.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,9 @@ on:
push:
branches: apply-nic-napv5
env:
AWS_REGION: us-east-1
# AWS_REGION: us-east-1
TF_VAR_AWS_S3_BUCKET_NAME: ${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}
TF_VAR_AWS_REGION: ${{ secrets.TF_VAR_AWS_REGION }}
jobs:
terraform_bootstrap:
name: "Bootstrap S3/DynamoDB"
Expand All @@ -21,7 +23,7 @@ jobs:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
aws-region: ${{ env.AWS_REGION }}
aws-region: ${{ secrets.TF_VAR_AWS_REGION }}

- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
Expand Down Expand Up @@ -66,15 +68,17 @@ jobs:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
aws-region: ${{ env.AWS_REGION }}
aws-region: ${{ secrets.TF_VAR_AWS_REGION }}

- name: Setup Terraform
uses: hashicorp/setup-terraform@v3


- name: Initialize Terraform (S3 Backend)
run: |
terraform init
terraform init \
-backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \
-backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}"

- name: Terraform Plan
if: github.event_name == 'pull_request' || github.event_name == 'push'
Expand All @@ -94,7 +98,6 @@ jobs:
- name: Terraform Apply
if: github.event_name == 'push' && github.ref == 'refs/heads/apply-nic-napv5' && steps.check_changes.outputs.has_changes == 'true'
run: terraform apply -auto-approve tfplan


terraform_eks:
name: "AWS EKS"
Expand All @@ -113,14 +116,17 @@ jobs:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
aws-region: ${{ env.AWS_REGION }}
aws-region: ${{ secrets.TF_VAR_AWS_REGION }}

- name: Setup Terraform
uses: hashicorp/setup-terraform@v3


- name: Terraform Init
run: terraform init
run: |
terraform init \
-backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \
-backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}"

- name: Terraform Plan
if: github.event_name == 'pull_request' || github.event_name == 'push'
Expand Down Expand Up @@ -158,13 +164,16 @@ jobs:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
aws-region: ${{ env.AWS_REGION }}
aws-region: ${{ secrets.TF_VAR_AWS_REGION }}

- name: Setup Terraform
uses: hashicorp/setup-terraform@v3

- name: Terraform Init
run: terraform init
run: |
terraform init \
-backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \
-backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}"

- name: Terraform Plan
if: github.event_name == 'pull_request' || github.event_name == 'push'
Expand Down Expand Up @@ -208,14 +217,17 @@ jobs:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
aws-region: ${{ env.AWS_REGION }}
aws-region: ${{ secrets.TF_VAR_AWS_REGION }}

- name: Setup Terraform
uses: hashicorp/setup-terraform@v3


- name: Terraform Init (EKS)
run: terraform init
run: |
terraform init \
-backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \
-backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}"
working-directory: ./eks-cluster

- name: Print EKS Terraform Outputs
Expand Down Expand Up @@ -306,7 +318,10 @@ jobs:
kubectl cp ${{ github.workspace }}/policy/compiled_policy.tgz $NGINX_POD:/etc/app_protect/bundles/compiled_policy.tgz -n nginx-ingress

- name: Terraform Init
run: terraform init
run: |
terraform init \
-backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \
-backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}"

- name: Terraform Plan
run: |
Expand Down Expand Up @@ -343,13 +358,16 @@ jobs:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
aws-region: ${{ env.AWS_REGION }}
aws-region: ${{ secrets.TF_VAR_AWS_REGION }}

- name: Setup Terraform
uses: hashicorp/setup-terraform@v3

- name: Terraform Init
run: terraform init
run: |
terraform init \
-backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \
-backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}"

- name: Terraform Validate
run: terraform validate -no-color
Expand Down Expand Up @@ -383,4 +401,4 @@ jobs:
else
echo "external_name=$EXTERNAL_NAME" >> $GITHUB_ENV
echo "NGINX Ingress External Name: $EXTERNAL_NAME"
fi
fi
43 changes: 30 additions & 13 deletions .github/workflows/destroy-nic-napv5.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,9 @@ on:
- destroy-nic-napv5
pull_request:
env:
AWS_REGION: us-east-1
# AWS_REGION: us-east-1
TF_VAR_AWS_S3_BUCKET_NAME: ${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}
TF_VAR_AWS_REGION: ${{ secrets.TF_VAR_AWS_REGION }}
jobs:
terraform_arcadia:
name: "Destroy Arcadia WebApp"
Expand All @@ -24,13 +26,16 @@ jobs:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
aws-region: ${{ env.AWS_REGION }}
aws-region: ${{ secrets.TF_VAR_AWS_REGION }}

- name: Setup Terraform
uses: hashicorp/setup-terraform@v3

- name: Terraform Init
run: terraform init
run: |
terraform init \
-backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \
-backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}"

- name: Terraform Validate
run: terraform validate -no-color
Expand Down Expand Up @@ -71,13 +76,16 @@ jobs:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
aws-region: ${{ env.AWS_REGION }}
aws-region: ${{ secrets.TF_VAR_AWS_REGION }}

- name: Setup Terraform
uses: hashicorp/setup-terraform@v3

- name: Terraform Init
run: terraform init
run: |
terraform init \
-backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \
-backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}"

- name: Terraform Destroy
run: terraform destroy -auto-approve -lock=false
Expand All @@ -99,13 +107,16 @@ jobs:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
aws-region: ${{ env.AWS_REGION }}
aws-region: ${{ secrets.TF_VAR_AWS_REGION }}

- name: Setup Terraform
uses: hashicorp/setup-terraform@v3

- name: Terraform Init
run: terraform init
run: |
terraform init \
-backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \
-backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}"

- name: Terraform Plan (Destroy)
run: |
Expand Down Expand Up @@ -152,13 +163,16 @@ jobs:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
aws-region: ${{ env.AWS_REGION }}
aws-region: ${{ secrets.TF_VAR_AWS_REGION }}

- name: Setup Terraform
uses: hashicorp/setup-terraform@v3

- name: Terraform Init
run: terraform init
run: |
terraform init \
-backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \
-backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}"

- name: Terraform Plan (Destroy)
if: github.event_name == 'pull_request' || github.event_name == 'push'
Expand Down Expand Up @@ -196,13 +210,16 @@ jobs:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
aws-region: ${{ env.AWS_REGION }}
aws-region: ${{ secrets.TF_VAR_AWS_REGION }}

- name: Setup Terraform
uses: hashicorp/setup-terraform@v3

- name: Terraform Init
run: terraform init
run: |
terraform init \
-backend-config="bucket=${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" \
-backend-config="region=${{ secrets.TF_VAR_AWS_REGION }}"

- name: Terraform Plan (Destroy)
if: github.event_name == 'pull_request' || github.event_name == 'push'
Expand Down Expand Up @@ -244,12 +261,12 @@ jobs:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
aws-region: ${{ env.AWS_REGION }}
aws-region: ${{ secrets.TF_VAR_AWS_REGION }}

- name: Set Bucket Name
id: set_bucket
run: |
echo "bucket_name= your-unique-bucket-name" >> $GITHUB_OUTPUT
echo "bucket_name= ${{ secrets.TF_VAR_AWS_S3_BUCKET_NAME }}" >> $GITHUB_OUTPUT

- name: Nuclear S3 Bucket Deletion
run: |
Expand Down
2 changes: 0 additions & 2 deletions arcadia/backend.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,6 @@
terraform {
backend "s3" {
bucket = "your-unique-bucket-name" # Replace with your actual bucket name
key = "arcadia/terraform.tfstate" # Path to state file
region = "us-east-1" # AWS region
dynamodb_table = "terraform-lock-table" # DynamoDB table for state locking
encrypt = true # Encrypt state file at rest
}
Expand Down
12 changes: 6 additions & 6 deletions arcadia/data.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,28 +2,28 @@
data "terraform_remote_state" "infra" {
backend = "s3"
config = {
bucket = "your-unique-bucket-name" # Your S3 bucket name
bucket = var.AWS_S3_BUCKET_NAME # Your S3 bucket name
key = "infra/terraform.tfstate" # Path to infra's state file
region = "us-east-1" # AWS region
region = var.AWS_REGION # AWS region
}
}


data "terraform_remote_state" "nap" {
backend = "s3"
config = {
bucket = "your-unique-bucket-name" # Your S3 bucket name
bucket = var.AWS_S3_BUCKET_NAME # Your S3 bucket name
key = "nap/terraform.tfstate" # Path to NAP state file
region = "us-east-1" # AWS region
region = var.AWS_REGION # AWS region
}
}

data "terraform_remote_state" "eks" {
backend = "s3"
config = {
bucket = "your-unique-bucket-name" # Your S3 bucket name
bucket = var.AWS_S3_BUCKET_NAME # Your S3 bucket name
key = "eks-cluster/terraform.tfstate" # Path to EKS state file
region = "us-east-1" # AWS region
region = var.AWS_REGION # AWS region
}
}

Expand Down
11 changes: 11 additions & 0 deletions arcadia/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
variable "AWS_REGION" {
description = "aws region"
type = string
default = ""
}

variable "AWS_S3_BUCKET_NAME" {
description = "aws s3 bucket name"
type = string
default = ""
}
2 changes: 0 additions & 2 deletions eks-cluster/backend.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,6 @@
terraform {
backend "s3" {
bucket = "your-unique-bucket-name" # Your S3 bucket name
key = "eks-cluster/terraform.tfstate" # Path to state file
region = "us-east-1" # AWS region
dynamodb_table = "terraform-lock-table" # DynamoDB table for state locking
encrypt = true
}
Expand Down
4 changes: 2 additions & 2 deletions eks-cluster/data.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
data "terraform_remote_state" "infra" {
backend = "s3"
config = {
bucket = "your-unique-bucket-name" # Your S3 bucket name
bucket = var.AWS_S3_BUCKET_NAME # Your S3 bucket name
key = "infra/terraform.tfstate" # Path to infra's state file
region = "us-east-1" # AWS region
region = var.AWS_REGION # AWS region
}
}

14 changes: 13 additions & 1 deletion eks-cluster/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,22 @@ variable "admin_src_addr" {
default = "0.0.0.0/0"
}

variable "AWS_REGION" {
description = "aws region"
type = string
default = ""
}

variable "AWS_S3_BUCKET_NAME" {
description = "aws s3 bucket name"
type = string
default = ""
}

variable "aws_region" {
description = "The AWS region to deploy the EKS cluster"
type = string
default = "us-east-1"
default = "ap-south-1"
}

#AWS
Expand Down
2 changes: 0 additions & 2 deletions infra/backend.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,6 @@
terraform {
backend "s3" {
bucket = "your-unique-bucket-name" # Your S3 bucket name
key = "infra/terraform.tfstate" # Path to state file
region = "us-east-1" # AWS region
dynamodb_table = "terraform-lock-table" # DynamoDB table for state locking
encrypt = true
}
Expand Down
Loading
Loading