Merge pull request #10 from rahuls512/three-tier-project

Created rds and stored username, password in github secret repo. and …
rahuls512 · Jul 11, 2023 · 5c9be45 · 5c9be45
2 parents 8dc4657 + 849dc65
commit 5c9be45
Show file tree

Hide file tree

Showing 6 changed files with 110 additions and 38 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,37 @@
+on:
+    workflow_dispatch:
+    push:
+      paths:
+        - .github/workflows/build.yml
+        - ../image-builder
+      branches: [main]
+jobs:
+    provision-three-tier:
+        runs-on: ubuntu-latest
+        env:
+            AWS_ACCESS_KEY_ID: ${{ secrets.aws_access_key }}
+            AWS_SECRET_ACCESS_KEY: ${{ secrets.aws_secret_key }}
+
+        steps:
+            - name: Checkout
+              uses: actions/checkout@v2
+
+            - name: setup the Packer
+              id: setup
+              uses: hashicorp/setup-packer@main
+
+            - name: initialize packer
+              id: initpacker
+              run: "packer init ./image-builder/"
+
+            - name: fmt packer
+              id: fmtpacker
+              run: "packer fmt ./image-builder/"
+
+            - name: validate packer
+              id: validate
+              run: "packer validate ./image-builder/"
+
+            - name: build image
+              id: build
+              run: "packer build ./image-builder/"
diff --git a/.github/workflows/provision.yml b/.github/workflows/provision.yml
@@ -1,51 +1,32 @@
+
 name: Provision three tier architecture using terraform
 
 on:
-  push:
-    branches: [ "main" ]
-
   workflow_dispatch:
-
+#   push:
+#     branches: [main]
+
 jobs:
   provision-three-tier:
     runs-on: ubuntu-latest
     env:
+      TF_VAR_mykey: ${{ secrets.ssh_private_key }}
       AWS_ACCESS_KEY_ID: ${{ secrets.aws_access_key }}
       AWS_SECRET_ACCESS_KEY: ${{ secrets.aws_secret_key }}
-      TF_VAR_awskey01: ${{ secrets.ssh_private_key }}
+      TF_VAR_db_user_name: ${{ secrets.db_user_name }}
+      TF_VAR_db_password: ${{ secrets.db_password }}
 
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-
-      - name: setup the Packer
-        id: setup
-        uses: hashicorp/setup-packer@main
-
-      - name: initialize packer
-        id: initpacker
-        run: "packer init ./image-builder/"
-
-      - name: fmt packer
-        id: fmtpacker
-        run: "packer fmt ./image-builder/"
-
-      - name: validate packer
-        id: validate
-        run: "packer validate ./image-builder/"
-
-      - name: build image
-        id: build
-        run: "packer build ./image-builder/"
-
+
       - name: set up terraform
         uses: hashicorp/setup-terraform@v2
         id: setupterraform
 
       - name: terraform init
         id: initailizeterraform
-        run: terraform init -migrate-state
-
+        run: terraform init -migrate-state 
 
       - name: format terraform
         id: formatterraform
@@ -62,10 +43,6 @@ jobs:
       - name: terraform apply
         id: apply
         run: terraform apply --auto-approve
-
-
-
-
-
+
+
 
-
diff --git a/alb.tf b/alb.tf
@@ -1,14 +1,14 @@
 ############# Application Load Balancer ################################################################################################
 resource "aws_lb" "this" {
-  name               = "three-tier-alb"
+  name               = "rsinfotech-alb"
   internal           = false
   load_balancer_type = "application"
   security_groups    = [aws_security_group.lb_sg.id]
   subnets            = [for each_subnet in aws_subnet.public_subnet : each_subnet.id]
 }
 ############# Target group ALB ################################################################################################
 resource "aws_lb_target_group" "this" {
-  name     = "three-tier-tg"
+  name     = "rsinfotech-alb-tg"
   port     = 80
   protocol = "HTTP"
   vpc_id   = aws_vpc.this.id

diff --git a/rds.tf b/rds.tf
@@ -0,0 +1,22 @@
+############# RDS Instance ################################################################################################
+resource "aws_db_instance" "default" {
+  allocated_storage      = 10
+  db_name                = "threetierdb"
+  engine                 = "mysql"
+  engine_version         = "8.0.32"
+  instance_class         = "db.t3.micro"
+  username               = var.db_user_name
+  password               = var.db_password
+  skip_final_snapshot    = true
+  vpc_security_group_ids = [aws_security_group.db_sg.id]
+  db_subnet_group_name   = aws_db_subnet_group.this.id
+}
+############# RDS Instance Subnet Group ################################################################################################
+resource "aws_db_subnet_group" "this" {
+  name       = "threetierdb_subnet_group"
+  subnet_ids = [for each_subnet in aws_subnet.private_subnet : each_subnet.id]
+
+  tags = {
+    Name = "rsinfotech DB subnet group"
+  }
+}
diff --git a/sg.tf b/sg.tf
@@ -51,7 +51,7 @@ resource "aws_security_group" "bastion_host" {
     Name = "bastion-host-sg-allow"
   }
 }
-############# Application Server Security group ####################################################################################
+############# Application Server Security Group ####################################################################################
 resource "aws_security_group" "application_server" {
   name   = "allow_application_traffic"
   vpc_id = aws_vpc.this.id
@@ -78,7 +78,7 @@ resource "aws_security_group" "application_server" {
     Name = "allow_app_server"
   }
 }
-############# Application Load Balancer ####################################################################################
+############# Application Load Balancer Security Group ####################################################################################
 resource "aws_security_group" "lb_sg" {
   name        = "allow_lb"
   description = "Allow access to load balancer from internet"
@@ -103,3 +103,28 @@ resource "aws_security_group" "lb_sg" {
     Name = "allow_alb_sg"
   }
 }
+############# RDS Security Group ####################################################################################
+resource "aws_security_group" "db_sg" {
+  name        = "allow_db"
+  description = "Allow access to db from app server"
+  vpc_id      = aws_vpc.this.id
+
+  ingress {
+    description     = "Allow access to db from app server"
+    from_port       = 3306
+    to_port         = 3306
+    protocol        = "tcp"
+    security_groups = [aws_security_group.application_server.id]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name = "allow_db_sg"
+  }
+}
diff --git a/variable.tf b/variable.tf
@@ -90,4 +90,15 @@ variable "inbound_rules_application" {
       protocol    = "tcp"
   }]
 }
+################# RDS Instance username and Password ###################################################################
+variable "db_user_name" {
+  description = "User name to connect with RDS"
+  type        = string
+  sensitive   = true
+}
 
+variable "db_password" {
+  description = "Password for db user"
+  type        = string
+  sensitive   = true
+}