A Terraform-based infrastructure automation project with CI/CD integration using GitHub Actions.
.
├── .github/ # GitHub Actions workflows & reusable composite actions (setup, plan)
├── backend/ # Terraform configuration for remote backend (S3 + DynamoDB)
├── environments/ # Environment-specific folders (e.g., dev, prod)
├── global/ # Global providers and shared configuration
├── runner/ # Provisions GitHub self-hosted runner and SSH key pairs
- ✅ An AWS Account with CLI access configured
- ✅ Terraform v1.11.2
git clone git@github.com:vti-do2402/infra-provisioning.git
cd mock-projectUse the provided terraform.tfvars.example to structure your variables for:
backend/runner/environments/dev/environments/prod/
Run the following in each folder:
cd backend
terraform init
terraform plan
terraform applycd ../runner
terraform init
terraform plan
terraform applycd ../environments/dev # or prod
terraform init
terraform plan
terraform apply| Workflow | Trigger | Description |
|---|---|---|
| Plan | pull_request (opened or reopened) |
Validates and generates Terraform plan for both dev and prod |
| Apply | push to main (i.e., PR merge) |
Applies the approved plan automatically |
| Destroy | workflow_dispatch (manual trigger) |
Requires user input to select environment and confirm destroy plan |
- All state is stored remotely (S3) with locking via DynamoDB.
- EC2 SSH keypair is stored securely during CI/CD via GitHub Secrets or external storage (not committed).
- No open security group to
0.0.0.0/0— whitelistadmin_ipvia tfvars.
Quentin Vu
📧 s3981278@rmit.edu.vn
For academic/demonstration purposes only.