diff --git a/README.md b/README.md
index fea0ed8..4865e04 100644
--- a/README.md
+++ b/README.md
@@ -31,8 +31,6 @@ jobs:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_SANDBOX}}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_SANDBOX}}
aws_default_region: us-east-1
-
- aws_eks_create: true
```
### Advanced example
@@ -53,9 +51,10 @@ jobs:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_SANDBOX}}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_SANDBOX}}
aws_default_region: us-east-1
+
+ # tf_stack_destroy: true
tf_state_bucket_destroy: true
- aws_eks_create: true
aws_eks_environment: qa
aws_eks_stackname: qa-stack
aws_eks_cluster_version: 1.25
@@ -77,6 +76,7 @@ jobs:
1. [Action Defaults](#action-defaults-inputs)
1. [AWS](#aws-inputs)
1. [EKS](#eks-inputs)
+1. [VPC](#vpc-inputs)
The following inputs can be used as `step.with` keys
@@ -88,8 +88,11 @@ The following inputs can be used as `step.with` keys
| `checkout` | Boolean | Set to `false` if the code is already checked out. (Default is `true`). |
| `bitops_code_only` | Boolean | Set to `true` to run a code generation test. |
| `bitops_code_store` | Boolean | Store the generated code in an artifact to download. |
+| `tf_stack_destroy` | Boolean | Set to `true` to destroy the stack - Will delete the `elb logs bucket` after the destroy action runs. |
+| `tf_state_file_name` | String | Change this to be anything you want to. Carefull to be consistent here. A missing file could trigger recreation, or stepping over destruction of non-defined objects. Defaults to `tf-state-aws`. |
+| `tf_state_file_name_append` | String | Appends a string to the tf-state-file. Setting this to `unique` will generate `tf-state-aws-unique`. (Can co-exist with `tf_state_file_name`) |
| `tf_state_bucket` | String | AWS S3 bucket name to use for Terraform state. See [note](#s3-buckets-naming) |
-| `tf_state_bucket_destroy` | Boolean | Force purge and deletion of S3 bucket defined. Any file contained there will be destroyed. `aws_eks_create` must also be `false`. |
+| `tf_state_bucket_destroy` | Boolean | Force purge and deletion of S3 bucket defined. Any file contained there will be destroyed. `tf_stack_destroy` must also be `true`. Default is `false`. |
@@ -100,24 +103,22 @@ The following inputs can be used as `step.with` keys
| `aws_secret_access_key` | String | AWS secret access key |
| `aws_session_token` | String | AWS session token |
| `aws_default_region` | String | AWS default region. Defaults to `us-east-1` |
+| `aws_resource_identifier` | String | Set to override the AWS resource identifier for the deployment. Defaults to `${GITHUB_ORG_NAME}-${GITHUB_REPO_NAME}-${GITHUB_BRANCH_NAME}`. |
+| `aws_additional_tags` | JSON | Add additional tags to the terraform [default tags](https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider), any tags put here will be added to all provisioned resources.|
#### **EKS Inputs**
| Name | Type | Description |
|------------------|---------|------------------------------------|
-| `aws_eks_create` | Boolean | Define if an EKS cluster should be created |
-| `aws_eks_region` | String | Define the region where EKS cluster should be created. Defaults to `us-east-1`. |
-| `aws_eks_security_group_name_master` | String | Define the security group name master. Defaults to `SG for ${GITHUB_ORG_NAME}-${GITHUB_REPO_NAME}-${GITHUB_BRANCH_NAME} - ${aws_eks_environment} - EKS Master`. |
-| `aws_eks_security_group_name_worker` | String | Define the security group name worker. Defaults to `SG for ${GITHUB_ORG_NAME}-${GITHUB_REPO_NAME}-${GITHUB_BRANCH_NAME} - ${aws_eks_environment} - EKS Worker`. |
+| `aws_eks_create` | Boolean | Define if an EKS cluster should be created. Defaults to `true`. |
+f| `aws_eks_security_group_name_master` | String | Define the security group name master. Defaults to `SG for ${var.aws_resource_identifier} - EKS Master`. |
+| `aws_eks_security_group_name_worker` | String | Define the security group name worker. Defaults to `SG for ${var.aws_resource_identifier} - EKS Worker`. |
| `aws_eks_environment` | String | Specify the eks environment name. Defaults to `env` |
-| `aws_eks_stackname` | String | Specify the eks stack name for your environment. Defaults to `eks-stack`. |
-| `aws_eks_cidr_block` | String | Define Base CIDR block which is divided into subnet CIDR blocks. Defaults to `10.0.0.0/16`. |
-| `aws_eks_workstation_cidr` | String | Comma separated list of remote public CIDRs blocks to add it to Worker nodes security groups. |
-| `aws_eks_availability_zones` | String | Comma separated list of availability zones. Defaults to `us-east-1a,us-east-1b`. |
-| `aws_eks_private_subnets` | String | Comma separated list of private subnets. Defaults to `10.0.1.0/24,10.0.2.0/24`. |
-| `aws_eks_public_subnets` | String | Comma separated list of public subnets. Defaults to `10.0.101.0/24,10.0.102.0/24`|
-| `aws_eks_cluster_name` | String | Specify the k8s cluster name. Defaults to `${GITHUB_ORG_NAME}-${GITHUB_REPO_NAME}-${GITHUB_BRANCH_NAME}-cluster` |
+| `aws_eks_management_cidr` | String | Comma separated list of remote public CIDRs blocks to add it to Worker nodes security groups. |
+| `aws_eks_allowed_ports` | String | Allow incoming traffic from this port. Accepts comma separated values, matching 1 to 1 with `aws_eks_allowed_ports_cidr`. |
+| `aws_eks_allowed_ports_cidr` | String | Allow incoming traffic from this CIDR block. Accepts comma separated values, matching 1 to 1 with `aws_eks_allowed_ports`. If none defined, will allow all incoming traffic. |
+| `aws_eks_cluster_name` | String | Specify the k8s cluster name. Defaults to `${var.aws_resource_identifier}-cluster` |
| `aws_eks_cluster_log_types` | String | Comma separated list of cluster log type. See [this AWS doc](https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html). Defaults to `none`. |
| `aws_eks_cluster_version` | String | Specify the k8s cluster version. Defaults to `1.27` |
| `aws_eks_instance_type` | String | Define the EC2 instance type. See [this list](https://aws.amazon.com/ec2/instance-types/) for reference. Defaults to `t3a.medium`. |
@@ -128,10 +129,29 @@ The following inputs can be used as `step.with` keys
| `aws_eks_desired_capacity` | String | Enter the desired capacity for the worker nodes. Defaults to `2`. |
| `aws_eks_max_size` | String | Enter the max_size for the worker nodes. Defaults to `4`. |
| `aws_eks_min_size` | String | Enter the min_size for the worker nodes. Defaults to `2`. |
+| `aws_eks_additional_tags` | JSON | Add additional tags to the terraform [default tags](https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider), any tags put here will be added to eks provisioned resources.|
| `input_helm_charts` | String | Relative path to the folder from project containing Helm charts to be installed. Could be uncompressed or compressed (.tgz) files. |
+#### **VPC Inputs**
+| Name | Type | Description |
+|------------------|---------|------------------------------------|
+| `aws_vpc_create` | Boolean | Define if a VPC should be created. Defaults to `true`. |
+| `aws_vpc_name` | String | Define a name for the VPC. Defaults to `VPC for ${aws_resource_identifier}`. |
+| `aws_vpc_cidr_block` | String | Define Base CIDR block which is divided into subnet CIDR blocks. Defaults to `10.0.0.0/16`. |
+| `aws_vpc_public_subnets` | String | Comma separated list of public subnets. Defaults to `10.0.101.0/24,10.0.102.0/24`. |
+| `aws_vpc_private_subnets` | String | Comma separated list of private subnets. If no input, no private subnet will be created. Defaults to `10.0.1.0/24,10.0.2.0/24`. |
+| `aws_vpc_availability_zones` | String | Comma separated list of availability zones. Defaults to `us-east-1a,us-east-1b` value. |
+| `aws_vpc_id` | String | **Existing** AWS VPC ID to use. Accepts `vpc-###` values. |
+| `aws_vpc_subnet_id` | String | **Existing** AWS VPC Subnet ID. If none provided, will pick one. (Ideal when there's only one). |
+| `aws_vpc_enable_nat_gateway` | String | Adds a NAT gateway for each public subnet. Defaults to `true`. |
+| `aws_vpc_single_nat_gateway` | String | Toggles only one NAT gateway for all of the public subnets. Defaults to `false`. |
+| `aws_vpc_external_nat_ip_ids` | String | **Existing** comma separated list of IP IDs if reusing. (ElasticIPs). |
+| `aws_vpc_additional_tags` | JSON | Add additional tags to the terraform [default tags](https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider), any tags put here will be added to vpc provisioned resources.|
+
+
+
## Note about resource identifiers
Most resources will contain the tag `${GITHUB_ORG_NAME}-${GITHUB_REPO_NAME}-${GITHUB_BRANCH_NAME}`, some of them, even the resource name after.
diff --git a/action.yaml b/action.yaml
index 9ab566c..4f5c99f 100644
--- a/action.yaml
+++ b/action.yaml
@@ -15,11 +15,20 @@ inputs:
bitops_code_store:
description: 'Store BitOps code as a GitHub artifact'
required: false
+ tf_stack_destroy:
+ description: 'Set to "true" to Destroy the stack through Terraform.'
+ required: false
+ tf_state_file_name:
+ description: 'Change this to be anything you want to. Carefull to be consistent here. A missing file could trigger recreation, or stepping over destruction of non-defined objects.'
+ required: false
+ tf_state_file_name_append:
+ description: 'Append a string to the tf-state-file. Setting this to `unique` will generate `tf-state-aws-unique`. Can co-exist with the tf_state_file_name variable. '
+ required: false
tf_state_bucket:
description: 'AWS S3 bucket to use for Terraform state. Defaults to `${org}-${repo}-{branch}-tf-state`'
required: false
tf_state_bucket_destroy:
- description: 'Force purge and deletion of S3 bucket defined. Any file contained there will be destroyed. Will only run if aws_eks_create is set to false.'
+ description: 'Force purge and deletion of S3 bucket defined. Any file contained there will be destroyed. `tf_stack_destroy` must also be `true`'
required: false
# AWS
@@ -36,47 +45,42 @@ inputs:
description: 'AWS default region'
default: us-east-1
required: false
+ aws_resource_identifier:
+ description: 'Set to override the AWS resource identifier for the deployment. Defaults to `${org}-{repo}-{branch}`. Use with destroy to destroy specific resources.'
+ required: false
+ aws_additional_tags:
+ description: 'A JSON object of additional tags that will be included on created resources. Example: `{"key1": "value1", "key2": "value2"}`'
+ required: false
# EKS
aws_eks_create:
description: 'Define if an EKS cluster should be created'
required: false
- aws_eks_region:
- description: 'Define the region where EKS cluster should be created'
- required: false
+ default: true
aws_eks_security_group_name_master:
- description: 'Define the security group name master'
+ description: "SG for ${var.aws_resource_identifier} - ${var.aws_eks_environment} - EKS Master"
required: false
aws_eks_security_group_name_worker:
- description: 'Define the security group name worker'
- required: false
+ description: "SG for ${var.aws_resource_identifier} - ${var.aws_eks_environment} - EKS Worker"
+ required: false
aws_eks_environment:
- description: 'Specify the eks environment name. ex: dev or test'
- required: false
- aws_eks_stackname:
- description: 'Specify the eks stack name for your environment. Ex: eks-test'
- required: false
- aws_eks_cidr_block:
- description: 'Define Base CIDR block which is divided into subnet CIDR blocks (e.g. `10.0.0.0/16`)'
- required: false
- aws_eks_workstation_cidr:
- description: 'Enter your local workstation public IP to add it to Worker nodes security groups'
- required: true
- aws_eks_availability_zones:
- description: "List of Availability Zones, Ex: `['us-east-1a', 'us-east-1b', 'us-east-1c']`"
- required: false
- aws_eks_private_subnets:
- description: "List of private subnets (e.g. `['10.0.1.0/24', '10.0.2.0/24']`)"
- required: false
- aws_eks_public_subnets:
- description: "List of public subnets (e.g. `['10.0.101.0/24', '10.0.102.0/24']`)"
+ description: 'Specify the eks environment name. Defaults to env'
+ required: false
+ aws_eks_management_cidr:
+ description: 'Enter your public IP or CIDR to add it to the allowed master security groups port 443.'
required: false
+ aws_eks_allowed_ports:
+ description: 'Allow incoming traffic from this port. Accepts comma separated values, matching 1 to 1 with aws_eks_allowed_ports_cidr.'
+ required: false
+ aws_eks_allowed_ports_cidr:
+ description: 'Allow incoming traffic from this CIDR block. Accepts comma separated values, matching 1 to 1 with aws_eks_allowed_ports. If none defined, will allow all incoming traffic.'
+ required: false
aws_eks_cluster_name:
- description: 'Specify the k8s cluster name'
- required: false
+ description: "EKS Cluster name. Defaults to eks-cluster"
+ required: false
aws_eks_cluster_log_types:
- description: 'Specify the k8s cluster log type'
- required: false
+ description: "EKS Log types, csv list"
+ required: false
aws_eks_cluster_version:
description: 'Specify the k8s cluster version'
required: false
@@ -87,11 +91,11 @@ inputs:
description: 'AWS AMI ID. Will default to the latest Amazon EKS Node image for the cluster version.'
required: false
aws_eks_instance_user_data_file:
- description: 'Relative path in the repo for a user provided script to be executed with the EC2 Instance creation.'
+ description: 'Relative path in the repo for a user provided script to be executed with Terraform EKS Node creation.'
required: false
aws_eks_ec2_key_pair:
- description: 'Enter the existing ec2 key pair for worker nodes'
- required: true
+ description: 'Enter the existing ec2 key pair for worker nodes. If none, one will be created.'
+ required: false
aws_eks_store_keypair_sm:
description: 'If true, will store the newly created keys in Secret Manager'
required: false
@@ -104,7 +108,55 @@ inputs:
aws_eks_min_size:
description: 'Enter the min_size for the worker nodes'
required: false
+ aws_eks_additional_tags:
+ description: 'A JSON object of additional tags that will be included on created resources. Example: `{"key1": "value1", "key2": "value2"}`'
+ required: false
+ # AWS VPC Inputs
+ aws_vpc_create:
+ description: 'Define if a VPC should be created'
+ required: false
+ default: true
+ aws_vpc_name:
+ description: 'Set a specific name for the VPC'
+ required: false
+ aws_vpc_cidr_block:
+ description: 'Define Base CIDR block which is divided into subnet CIDR blocks. Defaults to 10.0.0.0/16.'
+ required: false
+ default: 10.0.0.0/16
+ aws_vpc_public_subnets:
+ description: 'Comma separated list of public subnets. Defaults to 10.10.110.0/24'
+ required: false
+ default: 10.0.101.0/24,10.0.102.0/24
+ aws_vpc_private_subnets:
+ description: 'Comma separated list of private subnets. If none, none will be created.'
+ required: false
+ default: 10.0.1.0/24,10.0.2.0/24
+ aws_vpc_availability_zones:
+ description: 'Comma separated list of availability zones. Defaults to `aws_default_region.'
+ required: false
+ default: us-east-1a,us-east-1b
+ aws_vpc_id:
+ description: 'AWS VPC ID. Accepts `vpc-###` values.'
+ required: false
+ aws_vpc_subnet_id:
+ description: 'Specify a Subnet to be used with the instance. If none provided, will pick one.'
+ required: false
+ aws_vpc_enable_nat_gateway:
+ description: 'Enables NAT gateway'
+ required: false
+ default: true
+ aws_vpc_single_nat_gateway:
+ description: 'Creates only one NAT gateway'
+ required: false
+ aws_vpc_external_nat_ip_ids:
+ description: 'Comma separated list of IP IDS to reuse in the NAT gateways'
+ required: false
+ aws_vpc_additional_tags:
+ description: 'A JSON object of additional tags that will be included on created resources. Example: `{"key1": "value1", "key2": "value2"}`'
+ required: false
+
+ # Helm input
input_helm_charts:
description: 'Relative path to the folder from project containing Helm charts to be installed. Could be uncompressed or compressed (.tgz) files.'
required: false
@@ -115,10 +167,13 @@ runs:
- name: Deploy with BitOps
id: deploy
- uses: bitovi/github-actions-commons@v0.0.2
+ uses: bitovi/github-actions-commons@main
with:
bitops_code_only: ${{ inputs.bitops_code_only }}
bitops_code_store: ${{ inputs.bitops_code_store }}
+ tf_stack_destroy: ${{ inputs.tf_stack_destroy }}
+ tf_state_file_name: ${{ inputs.tf_state_file_name }}
+ tf_state_file_name_append: ${{ inputs.tf_state_file_name_append }}
tf_state_bucket: ${{ inputs.tf_state_bucket }}
tf_state_bucket_destroy: ${{ inputs.tf_state_bucket_destroy }}
@@ -127,24 +182,22 @@ runs:
gh_action_input_helm_charts: operations/deployment/helm
gh_deployment_input_helm_charts: ${{ inputs.input_helm_charts }}
- #AWS
+ #AWS
aws_access_key_id: ${{ inputs.aws_access_key_id }}
aws_secret_access_key: ${{ inputs.aws_secret_access_key }}
aws_session_token: ${{ inputs.aws_session_token }}
- aws_default_region: ${{ inputs.aws_default_region }}
+ aws_default_region: ${{ inputs.aws_default_region }}
+ aws_resource_identifier: ${{ inputs.aws_resource_identifier }}
+ aws_additional_tags: ${{ inputs.aws_additional_tags }}
- # AWS EKS
+ # EKS
aws_eks_create: ${{ inputs.aws_eks_create }}
- aws_eks_region: ${{ inputs.aws_eks_region }}
aws_eks_security_group_name_master: ${{ inputs.aws_eks_security_group_name_master }}
aws_eks_security_group_name_worker: ${{ inputs.aws_eks_security_group_name_worker }}
aws_eks_environment: ${{ inputs.aws_eks_environment }}
- aws_eks_stackname: ${{ inputs.aws_eks_stackname }}
- aws_eks_cidr_block: ${{ inputs.aws_eks_cidr_block }}
- aws_eks_workstation_cidr: ${{ inputs.aws_eks_workstation_cidr }}
- aws_eks_availability_zones: ${{ inputs.aws_eks_availability_zones }}
- aws_eks_private_subnets: ${{ inputs.aws_eks_private_subnets }}
- aws_eks_public_subnets: ${{ inputs.aws_eks_public_subnets }}
+ aws_eks_management_cidr: ${{ inputs.aws_eks_management_cidr }}
+ aws_eks_allowed_ports: ${{ inputs.aws_eks_allowed_ports }}
+ aws_eks_allowed_ports_cidr: ${{ inputs.aws_eks_allowed_ports_cidr }}
aws_eks_cluster_name: ${{ inputs.aws_eks_cluster_name }}
aws_eks_cluster_log_types: ${{ inputs.aws_eks_cluster_log_types}}
aws_eks_cluster_version: ${{ inputs.aws_eks_cluster_version }}
@@ -155,4 +208,19 @@ runs:
aws_eks_store_keypair_sm: ${{ inputs.aws_eks_store_keypair_sm }}
aws_eks_desired_capacity: ${{ inputs.aws_eks_desired_capacity}}
aws_eks_max_size: ${{ inputs.aws_eks_max_size }}
- aws_eks_min_size: ${{ inputs.aws_eks_min_size }}
+ aws_eks_min_size: ${{ inputs.aws_eks_min_size }}
+ aws_eks_additional_tags: ${{ inputs.aws_eks_additional_tags }}
+
+ # VPC
+ aws_vpc_create: ${{ inputs.aws_vpc_create }}
+ aws_vpc_name: ${{ inputs.aws_vpc_name }}
+ aws_vpc_cidr_block: ${{ inputs.aws_vpc_cidr_block }}
+ aws_vpc_public_subnets: ${{ inputs.aws_vpc_public_subnets }}
+ aws_vpc_private_subnets: ${{ inputs.aws_vpc_private_subnets }}
+ aws_vpc_availability_zones: ${{ inputs.aws_vpc_availability_zones }}
+ aws_vpc_id: ${{ inputs.aws_vpc_id }}
+ aws_vpc_subnet_id: ${{ inputs.aws_vpc_subnet_id }}
+ aws_vpc_enable_nat_gateway: ${{ inputs.aws_vpc_enable_nat_gateway }}
+ aws_vpc_single_nat_gateway: ${{ inputs.aws_vpc_single_nat_gateway }}
+ aws_vpc_external_nat_ip_ids: ${{ inputs.aws_vpc_external_nat_ip_ids }}
+ aws_vpc_additional_tags: ${{ inputs.aws_vpc_additional_tags }}
\ No newline at end of file