The following repository shows the way to create an EC2 instance connected to a DynamoDB with LocalStack. All the test are running automatically and using GitHub Actions.
- Automatically test the code with LocalStack.
- Automatically uses tfsec for security testing.
- Implements pre-commit for static testing
- Implements EditorConfig for file format.
Configure the following environment variables for your local tests:
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
In a local dev environment, these could be setup as:
export AWS_ACCESS_KEY_ID=test
export AWS_SECRET_ACCESS_KEY=test
Recommended the use of localstack in docker running:
docker-compose -f docker-compose.yaml up -d
Check the GitHub Actions for pipeline testing reference. Different techniques has been applied to test Terraform code, whether statically and with LocalStack.
For Production environments use a protected pipeline with a secret manager solution (Recommended Hashicorp Vault).
Check how the passwords are used under GitHub Actions for pipeline testing or production deployment reference.
GitGuardian is enabled in the repository to avoid secret leaks.
-
Use pre-commit hooks in this repository to ensure security and formatting for terraform, detect passwords and other static checks before uploading code.
-
Use EditorConfig in your IDE for file formatting.
A makefile has been added to make the cleaning and test easier. Run make help
to review options.
The solution reflected in this repository connects an EC2 instance with DynamoDB by using IAM Policies. Official AWS Modules have been used for EC2 and security group and avoided for the rest of the components for the sake of simplicity. I always recommend local maintained and secured modules with local policies.
Originally created by imjoseangel