You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+9-6Lines changed: 9 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ Template useful to create a AWS infrastructures with terraform
5
5
## Howo to use this template
6
6
7
7
1. Create your github repository starting form this template.
8
-
2. Configure your aws cli and set the [credentials](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html). Also refer the conflunece page to work with [AWS SSO](https://pagopa.atlassian.net/wiki/spaces/DEVOPS/pages/466846955/AWS+-+Users+groups+and+roles#SSO-with-GSuite).
8
+
2. Configure your aws cli and set the [credentials](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html). Also refer the confluence page to work with [AWS SSO](https://pagopa.atlassian.net/wiki/spaces/DEVOPS/pages/466846955/AWS+-+Users+groups+and+roles#SSO-with-GSuite).
9
9
3. The __src/init__ directory contains the terraform code to setup the S3 backend, the Dynamodb lock table, github openid connection and the iam role to use in the github actions
10
10
4. The __src/main__ directory cointains the terraform code to setup the core infrastructure.
11
11
5. The __.github/workflows__ directory contains two yaml files to run a terraform plan and apply actions. They need a github environment secret to be created: IAM_ROLE (see below.)
@@ -47,19 +47,22 @@ cd src/main
47
47
48
48
In the repository two github actions are already provided:
49
49
50
-
***terraform-plan**: it runs every time a new Pull request(PR) is created and every time a push is made within the PR branch. It runs terraform plan through all the environments.
50
+
***terraform-plan**: it runs every time new code is pushed in every branch excluded main and master. It runs terraform plan through all the environments in parallel.
51
+
52
+
***terraform-apply**: it run terraform apply in all the environments once a PR is merged with main.
53
+
* The apply in PROD should require an approval: it depends on the Environment protection rules.
54
+
* It can also be triggerd manually in all the environment expect main.
51
55
52
-
***terraform-apply**: it runs terraform apply in one of the environment (uat by default) every time a PR is merged into main branch or it can be triggered manually and users have the facolty to choose on which environment to apply it.
53
56
54
57
### Configurations
55
58
56
-
* Create [github environment](https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment) every environments:dev, uat, prod, and prod_w.
59
+
* Create [github environment](https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment)for every environments:dev, uat, prod, and prod_w.
57
60
***prod_w** is like prod but it is meant to be used only in the apply action in production.
58
61
59
62
60
63
61
-
* In each environmen create a secret named **IAM_ROLE** and set as a value the **arn** of the role created at the very beginnig when you set up the environment (init).
62
-
* Within the **prod_w** set two **Environment protection rules* as shown in the screenshot above:
64
+
* In each environment create a secret named **IAM_ROLE** and set its value with the **arn** of the role created at the very beginnig (init).
65
+
* Within the **prod_w** set two **Environment protection rules* as shown in the screenshot below:
0 commit comments