This project automates the provisioning of EC2 instances and the deployment of your application on AWS using Terraform and GitHub Actions. It supports different environments (Dev, Prod) via configuration files.
tech_eazy_devops_git-user-9/
├── README.md # Project documentation
├── .gitignore # Lists files to exclude from version control
├── .github/
│ └── workflows/
│ └── deploy.yml # GitHub Actions workflow for deployment
├── terraform/ # Terraform configurations
│ ├── main.tf # Main Terraform configuration file
│ ├── outputs.tf # Defines Terraform outputs (e.g., EC2 public IP)
│ ├── variables.tf # Common variables (e.g., region, key pair name)
│ ├── dev_config.tfvars # Variable values for 'Dev' environment
│ ├── prod_config.tfvars # Variable values for 'Prod' environment
├── scripts/ # Shell scripts for configuration and log validation
│ ├── deploy.sh # [OBSOLETE] Legacy deployment script (replaced by deploy.yml)
│ ├── dev_script.sh # Dev-specific configuration script for EC2
│ ├── prod_script.sh # Production-specific script for EC2
│ ├── verify_logs.sh # Validates and uploads logs
├── mylogs/ # Application and system logs
│ ├── app/ # Stores runtime application logs
│ │ └── my-app.log # Main application log
│ └── system/ # Tracks provisioning/system logs
│ └── cloud-init.log # Logs of initialization processes
-
Fork this repository – You must fork it to your own GitHub account so you can add secrets (you cannot add secrets to a repo you don't own).
-
AWS Account with IAM permissions to provision EC2, S3, etc.
-
GitHub Secrets
AWS_ACCESS_KEY_ID– IAM user access keyAWS_SECRET_ACCESS_KEY– IAM user secret keySSH_PRIVATE_KEY– Private key for SSH access to EC2 instances
-
Terraform installed (for local testing if required)
-
EC2 Key Pair configured in AWS and referenced in Terraform configs
For enhanced security, production configuration should be stored in a separate private repository:
- Create a new private repository on GitHub (e.g.,
your-username/terraform-prod-configs) - Copy the
prod_config.tfvarsfile from./terraform/prod_config.tfvarsin this repository - Add the
prod_config.tfvarsfile to your private repository
- Go to GitHub Settings → Developer settings → Personal Access Tokens → Tokens (classic)
- Generate a new token with repo access permissions
- Copy the generated token for use in GitHub Secrets
Add these secrets to your forked repository:
-
PRIVATE_REPO– URL of your private repositorygithub.com/your-username/terraform-prod-configs(note: do not keep https:// in repo link above)
-
PRIVATE_REPO_KEY– Personal Access Token with repo accessghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
your-username with your actual GitHub username and ensure the private repository contains your production Terraform variables.
Before triggering deployment, update the Terraform configuration files for your AWS environment:
- Open
terraform/variables.tf - Set the default values for common variables like EC2 Key Pair name:
variable "key_name" {
default = "your-ec2-keypair-name" # Set your AWS Key Pair name
}- Edit
terraform/dev_config.tfvarsandterraform/prod_config.tfvars:
- Example (
dev_config.tfvars):
key_name = "your-ec2-keypair-name"- Example (
prod_config.tfvars):
key_name = "your-ec2-keypair-name"When you create an AWS EC2 Key Pair, AWS provides a .pem file. To use this in GitHub Actions, you must convert it to a format that can be stored as a secret.
- Generate the Key Pair in AWS Console (download the
.pemfile) - Open the
.pemfile in a text editor and copy its contents. - Add it as a GitHub secret named
SSH_PRIVATE_KEYin your forked repository.
Example:
cat path/to/your-key.pemCopy the entire output (including -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY-----) into the GitHub secret.
.pem file permissions are secure:
chmod 400 path/to/your-key.pemThe deployment is managed via GitHub Actions.
- Push to Branch:
devops/a3 - Git Tags:
deploy-dev(for Dev),deploy-prod(for Prod) - Manual Trigger: Run from GitHub Actions → Select Stage (dev/prod)
To deploy to Dev or Prod, create and push the appropriate Git tag:
git tag deploy-dev
git push origin deploy-devgit tag deploy-prod
git push origin deploy-prodThe GitHub Actions workflow will automatically detect the tag and deploy to the respective environment.
The workflow performs the following steps:
-
Checkout Repository – Fetches the code from the repository.
-
Configure AWS Credentials – Uses GitHub Secrets to authenticate with AWS.
-
Setup Terraform – Installs Terraform and initializes configuration.
-
Determine Stage – Sets the target environment (dev or prod) based on trigger type.
-
Provision App EC2 Instance (Write Access)
- Deploys the first EC2 instance with write access to S3.
- Installs required software (Java, Maven, Git, etc.).
- Pulls source code from the repository and builds the Maven application.
- Runs the application and pushes logs (system and app logs) to the S3 bucket.
-
Provision Verifier EC2 Instance (Read Access)
- Deploys a second EC2 instance with read-only access to S3.
- Uses AWS CLI to pull logs from the S3 bucket to the instance.
-
Log Validation via SSH
- SSH into the Verifier EC2 instance.
- Validates that required logs exist in S3.
- Prints the last 20 lines of each log for inspection.
-
App Health Check – Ensures the application is healthy (HTTP 200 response).
-
Destroy Infrastructure – After validation, destroys all provisioned resources and cleans up Terraform workspaces.
This workflow fully automates the lifecycle: provisioning, deployment, validation, and cleanup, ensuring no manual intervention is needed during the process.