From 75d6b90755edfd8f5d3352d217bf346d326f12bc Mon Sep 17 00:00:00 2001 From: Andre Wlodkovski Date: Wed, 10 Apr 2024 14:23:58 -0300 Subject: [PATCH] Add Terraform instructions and documentation --- README.md | 6 ++++ terraform/README.md | 84 ++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 89 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index cfbe2c4..ee9e970 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,7 @@ The Authentication System API is a robust authentication system REST API built i - [Production](#production) - [Documentation](#documentation) - [Running Tests](#running-tests) + - [Deployment on AWS](#deployment-on-aws) - [Work-in-progress](#work-in-progress) - [Authors](#authors) - [License](#license) @@ -113,6 +114,11 @@ In order to run unit tests, simply run the following script: npm test ``` +## Deployment on AWS +Terraform scripts are available for AWS deployment, as well as a GitHub action `deploy-eks` for deployment on AWS EKS. + +For more instructions on how to deploy the Terraform infrastructure, check the [Terraform instructions](terraform/README.md) + ## Work-in-progress This section describes features that are either work-in-progress or will be implemented in the future. Features are sorted by priority. - 🚧: Work-in-progress diff --git a/terraform/README.md b/terraform/README.md index 64ba042..aee8aed 100644 --- a/terraform/README.md +++ b/terraform/README.md @@ -1,6 +1,76 @@ # Terraform deployment for Authentication API +This is the documentation of the Terraform scripts that create an environment for hosting the Authentication System API on AWS -Script order: +## Resources +The following AWS Resources are deployed, but not limited to: +- AWS VPC + - NAT Gateway + - Internet Gateway + - Public and Private Subnets +- AWS EKS + - AWS EKS Fargate Profile +- AWS RDS + - AWS Secrets Manager for database credentials +- AWS EC2 + - Bastion instance +- AWS IAM Roles + +## Getting Started +### Requirements +- [AWS CLI v2+](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) +- [AWS Account](https://aws.amazon.com) +- [Terraform](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli) +- [Kubectl](https://kubernetes.io/docs/tasks/tools/) + +### Variables +Create a variables file, such as `variables.tfvars`, and fill the following variables: +```tfvars +infra_env = "test" + +aws_access_key_id = "" +aws_secret_access_key = "" +aws_region = "us-east-1" + +vpc_cidr = "10.0.0.0/16" + +public_subnet_map = { + "us-east-1a" = "10.0.0.0/20" + "us-east-1b" = "10.0.16.0/20" +} + +private_subnet_map = { + "us-east-1a" = "10.0.32.0/20" + "us-east-1b" = "10.0.48.0/20" +} + +bastion_ami = "ami-053053586808c3e70" +bastion_ssh_public_key = "" + +db_name = "" +db_schema_name = "" +db_username = "" +db_password = "" +``` + +The variables that are already filled are mere examples and may be changed accordingly if needed. + +## Deployment +### Running Terraform +First, it is necessary to install the Terraform dependencies by running the following command: +```sh +terraform init +``` + +Then, plan and apply: +```sh +terraform plan -out=tfplan -var-file=variables.tfvars +terraform apply tfplan +``` + +The commands shown above can also be run to make changes to the architecture, as it will check what resources need to be created/modified/destroyed. + +### Post-Run Commands +In order to ensure proper cluster functionality, the following commands must be executed: ```sh export AWS_REGION= @@ -10,4 +80,16 @@ aws eks update-kubeconfig --region $AWS_REGION --name authentication-cluster-tes kubectl rollout restart deployment coredns -n kube-system ``` +### Destroying +In order to destroy the whole infrastructure, follow the steps carefully: +- Remove all images from the `authentication-api` public ECR repository +- Destroy the Application Load Balancer created by EKS +- Destroy the Security Groups created by EKS + +Then run the following command: +```sh +terraform destroy -var-file=variables.tfvars +``` + +## Architecture Diagram ![Authentication API Architecture](./assets/architecture.png) \ No newline at end of file