POC Project with Terraform IaC. It includes a ECS service running Nginx container and Cognito Authorization.
Use aws-vault to manage your credentials or another of your preference.
| Name | Description |
|---|---|
| backend | resources to configure terraform S3 remote state and lock table |
| shared | shared resources used by applications |
| modules | reusable modules |
| applications | you find all applications here |
- terraform cli 0.14.8 (tfswitch it's a good option)
- checkov
- go
- terratest
There is a order to apply all resources:
- backend
- shared
- applications
aws-vault exec <your-profile> -d 12h --
cd backend
terraform init
terraform plan -out plan.apply
terraform apply plan.apply
cd -
cd shared
terraform init
terraform plan -out plan.apply
terraform apply plan.apply
cd -
cd applications/nginx-app
terraform init
terraform workspace new stg
terraform workspace new prd
terraform plan -out plan.apply
terraform apply plan.apply
cd -
There is a basic test in test folder.
terraform fmt --recursive
# with local installation
checkov -d .
# with docker
docker run -v $(pwd):/data --rm -it bridgecrew/checkov -d /data --quiet
aws-vault exec <your-profile> -d 12h --
cd test
go test
cd -
There is a order to destroy all resources:
- applications
- shared
- backend
cd applications/nginx-app
terraform init
terraform plan -out plan.destroy -destroy
terraform apply plan.destroy
cd -
cd shared
terraform init
terraform plan -out plan.destroy -destroy
terraform apply plan.destroy
cd -
cd backend
terraform init
terraform plan -out plan.destroy -destroy
terraform apply plan.destroy
cd -
- Add moto for mocked tests
- Add ECR Repository to build a custom image
- Automated plan/apply with Atlantis or Github Actions