Skip to content

Commit

Permalink
Add Terraform instructions and documentation
Browse files Browse the repository at this point in the history
  • Loading branch information
andrewlod committed Apr 10, 2024
1 parent 1e94e2c commit 75d6b90
Show file tree
Hide file tree
Showing 2 changed files with 89 additions and 1 deletion.
6 changes: 6 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ The Authentication System API is a robust authentication system REST API built i
- [Production](#production)
- [Documentation](#documentation)
- [Running Tests](#running-tests)
- [Deployment on AWS](#deployment-on-aws)
- [Work-in-progress](#work-in-progress)
- [Authors](#authors)
- [License](#license)
Expand Down Expand Up @@ -113,6 +114,11 @@ In order to run unit tests, simply run the following script:
npm test
```

## Deployment on AWS
Terraform scripts are available for AWS deployment, as well as a GitHub action `deploy-eks` for deployment on AWS EKS.

For more instructions on how to deploy the Terraform infrastructure, check the [Terraform instructions](terraform/README.md)

## Work-in-progress
This section describes features that are either work-in-progress or will be implemented in the future. Features are sorted by priority.
- 🚧: Work-in-progress
Expand Down
84 changes: 83 additions & 1 deletion terraform/README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,76 @@
# Terraform deployment for Authentication API
This is the documentation of the Terraform scripts that create an environment for hosting the Authentication System API on AWS

Script order:
## Resources
The following AWS Resources are deployed, but not limited to:
- AWS VPC
- NAT Gateway
- Internet Gateway
- Public and Private Subnets
- AWS EKS
- AWS EKS Fargate Profile
- AWS RDS
- AWS Secrets Manager for database credentials
- AWS EC2
- Bastion instance
- AWS IAM Roles

## Getting Started
### Requirements
- [AWS CLI v2+](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html)
- [AWS Account](https://aws.amazon.com)
- [Terraform](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli)
- [Kubectl](https://kubernetes.io/docs/tasks/tools/)

### Variables
Create a variables file, such as `variables.tfvars`, and fill the following variables:
```tfvars
infra_env = "test"
aws_access_key_id = ""
aws_secret_access_key = ""
aws_region = "us-east-1"
vpc_cidr = "10.0.0.0/16"
public_subnet_map = {
"us-east-1a" = "10.0.0.0/20"
"us-east-1b" = "10.0.16.0/20"
}
private_subnet_map = {
"us-east-1a" = "10.0.32.0/20"
"us-east-1b" = "10.0.48.0/20"
}
bastion_ami = "ami-053053586808c3e70"
bastion_ssh_public_key = ""
db_name = ""
db_schema_name = ""
db_username = ""
db_password = ""
```

The variables that are already filled are mere examples and may be changed accordingly if needed.

## Deployment
### Running Terraform
First, it is necessary to install the Terraform dependencies by running the following command:
```sh
terraform init
```

Then, plan and apply:
```sh
terraform plan -out=tfplan -var-file=variables.tfvars
terraform apply tfplan
```

The commands shown above can also be run to make changes to the architecture, as it will check what resources need to be created/modified/destroyed.

### Post-Run Commands
In order to ensure proper cluster functionality, the following commands must be executed:

```sh
export AWS_REGION=<AWS_REGION>
Expand All @@ -10,4 +80,16 @@ aws eks update-kubeconfig --region $AWS_REGION --name authentication-cluster-tes
kubectl rollout restart deployment coredns -n kube-system
```

### Destroying
In order to destroy the whole infrastructure, follow the steps carefully:
- Remove all images from the `authentication-api` public ECR repository
- Destroy the Application Load Balancer created by EKS
- Destroy the Security Groups created by EKS

Then run the following command:
```sh
terraform destroy -var-file=variables.tfvars
```

## Architecture Diagram
![Authentication API Architecture](./assets/architecture.png)

0 comments on commit 75d6b90

Please sign in to comment.