This is the documentation of the Terraform scripts that create an environment for hosting the Authentication System API on AWS
The following AWS Resources are deployed, but not limited to:
- AWS VPC
- NAT Gateway
- Internet Gateway
- Public and Private Subnets
- AWS EKS
- AWS EKS Fargate Profile
- AWS RDS
- AWS Secrets Manager for database credentials
- AWS EC2
- Bastion instance
- AWS IAM Roles
Create a variables file, such as variables.tfvars, and fill the following variables:
infra_env = "test"
aws_access_key_id = ""
aws_secret_access_key = ""
aws_region = "us-east-1"
vpc_cidr = "10.0.0.0/16"
public_subnet_map = {
"us-east-1a" = "10.0.0.0/20"
"us-east-1b" = "10.0.16.0/20"
}
private_subnet_map = {
"us-east-1a" = "10.0.32.0/20"
"us-east-1b" = "10.0.48.0/20"
}
bastion_ami = "ami-053053586808c3e70"
bastion_ssh_public_key = ""
db_name = ""
db_schema_name = ""
db_username = ""
db_password = ""The variables that are already filled are mere examples and may be changed accordingly if needed.
First, it is necessary to install the Terraform dependencies by running the following command:
terraform initThen, plan and apply:
terraform plan -out=tfplan -var-file=variables.tfvars
terraform apply tfplanThe commands shown above can also be run to make changes to the architecture, as it will check what resources need to be created/modified/destroyed.
In order to ensure proper cluster functionality, the following commands must be executed:
export AWS_REGION=<AWS_REGION>
aws eks update-kubeconfig --region $AWS_REGION --name authentication-cluster-test
# After fargate profile has been created
kubectl rollout restart deployment coredns -n kube-systemIn order to destroy the whole infrastructure, follow the steps carefully:
- Remove all images from the
authentication-apipublic ECR repository - Destroy the Application Load Balancer created by EKS
- Destroy the Security Groups created by EKS
Then run the following command:
terraform destroy -var-file=variables.tfvars