Skip to content

jason4151/opentofu

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

89 Commits
.github
.github
 
 
analytics
analytics
 
 
ecr
ecr
 
 
eks
eks
 
 
eks_auto
eks_auto
 
 
iam
iam
 
 
jump_box
jump_box
 
 
remote_state
remote_state
 
 
vpc
vpc
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

OpenTofu

Setup Environment Teardown Environment

Purpose

This repository contains Infrastructure-as-Code (IaC) configurations using OpenTofu, an open-source fork of Terraform managed by the Linux Foundation. It manages AWS cloud resources for my personal lab environment. OpenTofu maintains full compatibility with Terraform, utilizing identical syntax, providers, and modules, while being community-driven.

  • Designed for my AWS lab environment in us-east-2, this configuration is easily adaptable for production use with enhancements for an AWS multi-account organization.
  • Currently defines AWS resources such as VPC, IAM, EC2 (jump box), EKS, ECR, S3 (state storage and flow logs), and analytics (Athena/Glue).
  • Deploys infrastructure automatically or manually using GitHub Actions workflows with OIDC authentication to AWS.
  • Top-level GitHub Actions workflows allow me to set up and tear down this lab environment within minutes.
  • Applications are deployed to EKS using Helm Charts and GitHub Actions, with app code stored in separate repositories within my GitHub account.

Structure

  • vpc/: Defines a VPC with public/private subnets, NAT Gateway (optional), and VPC Endpoints (S3, ECR, DynamoDB).
  • iam/: Configures IAM roles and OIDC provider for GitHub Actions.
  • jump_box/: Deploys an EC2 instance in a private subnet with SSM access.
  • eks/: Sets up an EKS cluster with Spot instances and a load balancer for app exposure.
  • ecr/: Manages ECR repositories (lab/*) for app container images.
  • remote_state/: Creates an S3 bucket and DynamoDB table for OpenTofu state and locking.
  • analytics/: Configures Athena and Glue to analyze VPC Flow Logs stored in parquet format in S3.
  • .github/workflows/: GitHub Actions workflows for lifecycle management.

Architecture

(Diagram in progress)

Future Enhancements

  • Harden the jump box to CIS Amazon Linux 2023 standards using Ansible.
  • Add API Gateway with CloudFront and WAF for secure, scalable app frontends.
  • Implement an event-driven application using AWS Lambda and EventBridge.
  • Complete an architecture diagram to visualize the infrastructure.
  • Expand modularity to support multi-region or multi-account setups.
  • Enhance EKS with monitoring (e.g., Prometheus, Grafana).

About

OpenTofu/Terraform Configurations.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages