Release - 0.2.0 (#29)

* [#11] Init project from the template

* [#11] Add Terraform linting code

* [#11] Missing EOF

* Update .github/workflows/lint_code.yml

Co-authored-by: Long Nguyen <nguyenduclong@msn.com>

* [#11] Add checkov flow

* [#11] Using concurrency

* [#11] Update permission

* [#11] Setup initial project from Git template (#16)

* [#11] Init project from the template

* [#11] Add Terraform linting code

* [#11] Missing EOF

* Update .github/workflows/lint_code.yml

Co-authored-by: Long Nguyen <nguyenduclong@msn.com>

* [#11] Add checkov flow

* [#11] Using concurrency

* [#11] Update permission

---------

Co-authored-by: Long Nguyen <nguyenduclong@msn.com>

* [#12] Update gitignore

* [#12] Add aws provider

* [#12] Update README.md

* [#12] Integrate Terraform Cloud

* [#12] Add CODEOWNERS

* [#10] Add wiki

* [#4] Setup ECR

* [#4] Linter

* [#4] Linter

* [#4] Linter

* [#4] Linter

* update flow

* [#4] Fix typo

* [#4] Use checkov config file

* [#4] Fix typo

* [#4] Remove redundant local

* [#4] Add sensitive option

* [#4] Move the environment to variable

* [#4] Rename folder to code

* [#4] Missing EOF

* [#4] Update naming

* [#4] Remove redundant tfsec rule

* [#4] Use tags instead of name

* [#4] Remove aws_secret_key and aws_access_key

* [#1] Add IAM group

* [#1] Add IAM groups, users, group_users membership

* [#1] Linter

* [#1] Missing EOF

* [#1] Disable rules inline

* [#1] Update format

* [#1] Linter

* [#1] Remove redundant path

* [#1] User must have MFA enabled

* [#1] Move Path to locals.tf

* [#13] Setup VPC

* [#13] Disable tfsec rule

* [#13] Use commit hash instead

* [#13] Linter

* [#13] Missing EOF

* [#13] Change namespace name

* [#13] Fix syntax error

* [#3] Add secretsmanager

* [#3] Linter

* [#13] Fix syntax error

* [#8] Setup CloudWatch

* [#8] Setup CloudWatch with KMS

* [#8] Enable KMS

* [#8] Ensure CloudWatch log groups retains logs for at least 1 year

* [#7] Setup S3

* [#7] Add logging bucket

* [#7] Disable tfsec rules

* [#7] Disable checkov rules

* [#7] Use local variables

* [#8] Update description for KMS

* [#7] Update bucket name

---------

Co-authored-by: Long Nguyen <nguyenduclong@msn.com>

Author: sanG-github

.checkov.yml

@@ -0,0 +1,4 @@
+---
+evaluate-variables: true
+framework: terraform
+quiet: true

.github/workflows/lint_code.yml

@@ -46,4 +46,4 @@ jobs:
         id: checkov
         uses: bridgecrewio/checkov-action@master
         with:
-          args: --quiet --framework terraform
+          config_file: .checkov.yml

core/locals.tf

@@ -0,0 +1,10 @@
+locals {
+  # Application name
+  app_name = "nimble-devops-ic-web"
+
+  # The owner of the infrastructure, used to tag the resources, e.g. `acme-web`
+  owner = "sanghuynh20000"
+
+  # AWS region
+  region = "ap-southeast-1"
+}

core/main.tf

@@ -0,0 +1,31 @@
+terraform {
+  cloud {
+    organization = "devops-ic"
+
+    workspaces {
+      tags = ["aws-infrastructure"]
+    }
+  }
+}
+
+module "cloudwatch" {
+  source = "../modules/cloudwatch"
+
+  kms_key_id = module.secrets_manager.secret_cloudwatch_log_key_arn
+}
+
+module "secrets_manager" {
+  source = "../modules/secrets_manager"
+
+  secrets = {
+    secret_key_base = var.secret_key_base
+  }
+}
+
+module "vpc" {
+  source = "../modules/vpc"
+}
+
+module "s3" {
+  source = "../modules/s3"
+}

core/providers.tf

@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+  }
+}
+
+provider "aws" {
+  region = local.region
+
+  default_tags {
+    tags = {
+      Environment = var.environment
+      Owner       = local.owner
+    }
+  }
+}

core/variables.tf

@@ -0,0 +1,10 @@
+variable "environment" {
+  description = "The application environment, used to tag the resources, e.g. `acme-web-staging`"
+  type        = string
+  default     = "staging"
+}
+
+variable "secret_key_base" {
+  description = "The secret key base for the application"
+  type        = string
+}

modules/cloudwatch/locals.tf

@@ -0,0 +1,7 @@
+locals {
+  # The namespace for the CloudWatch log group
+  namespace = "devops-ic-cloudwatch"
+
+  # Log retention in days
+  retention_in_days = 400
+}

modules/cloudwatch/main.tf

@@ -0,0 +1,5 @@
+resource "aws_cloudwatch_log_group" "this" {
+  name              = local.namespace
+  retention_in_days = local.retention_in_days
+  kms_key_id        = var.kms_key_id
+}

modules/cloudwatch/outputs.tf

@@ -0,0 +1,4 @@
+output "aws_cloudwatch_log_group_name" {
+  description = "CloudWatch log group name"
+  value       = aws_cloudwatch_log_group.this.name
+}

modules/cloudwatch/variables.tf

@@ -0,0 +1,4 @@
+variable "kms_key_id" {
+  description = "The KMS key ID to use for encryption"
+  type        = string
+}