This project provides an automated DevSecOps pipeline for deploying infrastructure using Terraform, AWS, and Snyk for vulnerability scanning. The pipeline is designed to streamline infrastructure management while ensuring security through continuous integration and deployment practices.
- Terraform (latest stable version)
- Terraform Cloud account
- Snyk account for vulnerability scanning
- AWS account with appropriate permissions
- Create an account on Terraform Cloud and generate an API key.
- Store the API key as a token on your local machine.
- In your GitHub repository settings, add the API token for Terraform Cloud.
-
Clone or download this repository.
-
Update the
terraform-apply.ymlfile with your organization name. -
Within
terraform/eks-clusterandterraform/pipelines, carryo out the follwowing:- Modify the
provider.tffile to include your correct Terraform Cloud workspace name (do not use "DSB"). - Run the following commands to ensure things work properly:
terraform init terraform plan
- Modify the
- Create an account on Snyk and generate an API Token.
- Follow the Snyk CLI documentation to configure your CLI.
- Save your Snyk organization ID as an environment variable in Terraform Cloud as a protected
Workspace Variable:
Set up the following environment variables within your Terraform Cloud workspace or locally:
SNYK_TOKEN: Your Snyk API token.SNYK_ORG_ID: Your Snyk organization ID.
Run the following commands in both the eks-cluster and pipelines folder to initialize Terraform, plan the deployment, and apply the changes:
terraform applyLog in to the AWS Console and verify the changes made by Terraform:
- Navigate to the AWS Codesuite Settings.
- Update the pending connection to make it active.
Once the pipeline is set up and verified, you can move to the next codebase for further configurations or deployments.
The modules directory contains reusable Terraform modules designed for different parts of the infrastructure. Below is a brief overview of each module:
This module is responsible for provisioning and managing AWS S3 buckets. It defines the main configurations for creating S3 buckets, specifying variables such as bucket name and region.
- Files:
main.tf: S3 bucket creation and configuration.variables.tf: Variables such as bucket name, region, etc.outputs.tf: Outputs for the S3 bucket, such as the bucket name or ARN.
The CodePipeline module automates the setup of an AWS CodePipeline for continuous integration and deployment. It includes configuration for stages, actions, and integration with other AWS services like ECR and Secrets Manager.
- Files:
main.tf: Defines the pipeline, stages, and actions.ecr.tf: Configures ECR (Elastic Container Registry) to store Docker images.buildspecs: Contains build instructions for CodeBuild.secrets.tf: Configures secrets management for the pipeline.configmap.tf: Configures Kubernetes ConfigMaps for integration with EKS (if applicable).variables.tf: Defines variables specific to the pipeline.provider.tf: Specifies AWS provider details.
This module provisions an EKS (Elastic Kubernetes Service) cluster, including the configuration for node groups and cluster resources.
- Files:
main.tf: Defines the EKS cluster, node groups, and related resources.variables.tf: Variables such as cluster name, region, and node configurations.outputs.tf: Outputs like the EKS cluster name or endpoint.