Skip to content

Commit

Permalink
Update
Browse files Browse the repository at this point in the history
  • Loading branch information
@carlssonk
carlssonk committed Sep 27, 2024
1 parent 030ad1a commit 5d7dbd6
Showing 1 changed file with 29 additions and 27 deletions.
56 changes: 29 additions & 27 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,33 +26,35 @@
4. Done

### Project Structure
| Path | Description |
|--------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| .github/workflows/bootstrap.yml | Sets up initial infrastructure (tf backend, oidc, terraform-execution role, etc.) for a new environment |
| .github/workflows/deploy.yml | Deploys infrastructure in 2 steps; iam -> resources. Environment is branch based. TF_VARS are defined here |
| .github/workflows/destroy.yml | Destroys infrastructure in 2 steps; resources -> iam. Can only be dispatched throught GHA. If `tf-rm` is specified it will only delete a specific resource from the state bucket and not perform a destroy operation |
| .vscode/settings.json | Project settings |
| apps/ | Directory where all apps and services are defined |
| apps/app_name/iam_deploy.tf | Create role with necessary IAM permissions for deploying the app |
| apps/app_name/main.tf | App infrastructure defined here |
| apps/app_name/outputs.tf | Every app which has aws resources needs to output a policy_document to the root (main.tf) file |
| apps/app_name/variables.tf | Variables from the common module |
| bootstrap/setup-backend/ | Bootstraps backend state (s3 + dynamodb) |
| bootstrap/setup-oidc/ | Sets up terraform-execution-role and OIDC so deploy and destroy can be executed |
| common/ | Common infrastructure |
| globals/ | Global module that can be imported in other modules. Prevents "prop drilling". This module reads from globals.json that gets generated in CI workflow |
| iam_policy/ | Combines multiple policy documents into one policy |
| modules/ | Cloud resources |
| modules/module_name/iam | Creates and outputs policy document dynamically based on resource and input variables |
| modules/module_name/resources | Resources are defined here |
| modules/module_name/variables.tf | Variables which are symlinked into resources/ and iam/ when running |
| modules/module_name/default (HIDDEN) | After running ./symlink_modules.sh a hidden default/ folder will be created and contain symlinked resources/ and variables.tf. This is done so modules can be called with a static path ./path/to/module_name/default. The CI workflow symlinks iam/ or resources/ to default/ based on current workflow_step |
| create_globals.py | Used in CI workflows to generate globals.json |
| main.tf | Terraform entry file for deploy.yml and destroy.yml |
| retry_command.sh | Used in CI workflows to retry terraform commands |
| symlink_modules.sh | First it creates variables.tf inside iam/ and resource/ for every module. Then it creates a default/ folder that points to either iam/ or resource/ |
| terraform_show.json (in branch: terraform-state) | Generated by the CI workflows and has the current state of the infrastructure in json format. Its fetched from this repo in this project https://github.com/carlssonk/terraform-diagram |
| variables.tf | Terraform entry variables for deploy.yml and destroy.yml |
| Path | Description |
|---------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| .github/workflows/bootstrap.yml | Sets up initial infrastructure (tf backend, oidc, terraform-execution role, etc.) for a new environment |
| .github/workflows/deploy.yml | Deploys infrastructure in 2 steps; iam -> resources. Trunk-based development is used + separation for dev environment. |
| .github/workflows/destroy.yml | Destroys infrastructure in 2 steps; resources -> iam. Can only be dispatched throught GHA. |
| .github/workflows/destroy.yml | Destroys infrastructure in 2 steps; resources -> iam. Can only be dispatched throught GHA. |
| .github/workflows/remove_tf_state.yml | Remove a specific resource from state bucket for situations when there's a mismatch between terraform state and real life state |
| .vscode/settings.json | Project settings |
| apps/ | Directory where all apps and services are defined |
| apps/app_name/iam_deploy.tf | Create role with necessary IAM permissions for deploying the app |
| apps/app_name/main.tf | App infrastructure defined here |
| apps/app_name/outputs.tf | Every app which has aws resources needs to output a policy_document to the root (main.tf) file |
| apps/app_name/variables.tf | Variables from the common module |
| bootstrap/setup-backend/ | Bootstraps backend state (s3 + dynamodb) |
| bootstrap/setup-oidc/ | Sets up terraform-execution-role and OIDC so deploy and destroy can be executed |
| common/ | Common infrastructure |
| environments/ | Configuration for different environments. Terraform execution are in these folders |
| environments/dev/ | Config for dev environment. Apply will be ran on pushes to branch names starting with dev/* |
| environments/staging-and-prod/ | Config for staging and prod. We keep them in same directory because staging should essentially be a copy of prod with some different configurations defined in prod.tfvars and staging.tfvars |
| globals/ | Global module that can be imported in other modules. Prevents "prop drilling". This module reads from globals.json that gets generated in CI workflow |
| iam_policy/ | Combines multiple policy documents into one policy |
| modules/ | Cloud resources |
| modules/module_name/iam | Creates and outputs policy document dynamically based on resource and input variables |
| modules/module_name/resources | Resources are defined here |
| modules/module_name/variables.tf | Variables which are symlinked into resources/ and iam/ when running |
| modules/module_name/default (HIDDEN) | After running ./symlink_modules.sh a hidden default/ folder will be created and contain symlinked resources/ and variables.tf. This is done so modules can be called with a static path ./path/to/module_name/default. The CI workflow symlinks iam/ or resources/ to default/ based on current workflow_step |
| scripts/create_globals.py | Used in CI workflows to generate globals.json |
| scripts/retry_command.sh | Used in CI workflows to retry terraform commands |
| scripts/symlink_modules.sh | First it creates variables.tf inside iam/ and resource/ for every module. Then it creates a default/ folder that points to either iam/ or resource/ |


### Security Measures Checklist
Expand Down

0 comments on commit 5d7dbd6

Please sign in to comment.