terraform-code-analysis-and-alerting

Demo of using code analysis and alerting for infrastructure as code (Terraform) in a CI/CD pipeline (Jenkins)

Getting Started

Deploy the CloudFormation infrastructure/cloudformation.json template. The template creates a user with the following credentials and minimal required permisisons to complete the Lab:

• Username: student
• Password: password

Instructions

1. In the Cloud9 environment, download the sample Terraform configuration files:

   wget https://github.com/cloudacademy/terraform-highly-available-website-on-aws/blob/master/config.zip?raw=true -O tf.zip
   unzip tf.zip -d tf

2. Run TFLint on the configuration files:

   docker run -v $(pwd):/tf --workdir=/tf --rm wata727/tflint:0.5.4 --error-with-issues

3. Create an Amazon SNS Topic and subscribe to it. Copy the Topic ARN for later.

4. Create a new Jenkins project that watches a Git repo at git://localhost/lab.git with Poll SCM enabled and the following execute shell build step:

   #!/bin/bash
   docker run -v $(pwd):/src --workdir=/src --rm wata727/tflint:0.5.4 --error-with-issues

5. Add a post-build action for Amazon SNS Notifier using the Topic ARN you copied earlier.

6. Clone the Jenkins server Git repo:

   cd ~/environment
   repo_url=$(aws ec2 describe-instances --filters "Name=tag:Type,Values=Build" --query "Reservations[0].Instances[0].PublicDnsName" \
           | sed 's/"\(.*\)"/git:\/\/\1\/lab.git/')
   git clone $repo_url src

7. Add, commit, and push the configuration files to the remote Git repo

8. Check your emails and inspect the build failure using the link in the email

Cleaning Up

Delete the CloudFormation stack to remove all the resources used in the Lab.