Deployment Process
This page will examine the process of getting the required infrastructure setup in AWS in order to deploy the codebase
We use Terraform Cloud for deploying our infrastructure. The Terraform Cloud keeps track of our TFState file and also provides a way to destroy infrastructure. See this page for the official documentation on perfroming this setup or just follow the project specific settings below
- Navigate to the Terraform Cloud New Account page to setup an account with your student number
- When you login to Terraform Cloud - select Start from Scratch
- Create an organization called SmallWindow21 - its important that the organization name is this as it is preconfigured in the terraform files
- For Choose Workflow, select API-driven Workflow
- For Workspace name, enter SmallWindow21-Workspace - its important that the workspace name is this as it is preconfigured in the terraform files
- In the workspace, select the dropdown option for Variables
- Under Environment Variables, add 2 environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. For the value, make sure these reference the values you obtained from the AWS console when setting up your account. Also prior to saving the variable, select the sensitive option
- In order to call Terraform Cloud from GitHub, we need an API Token. Select the user icon in the top right hand corner of the screen and User Settings
- Select tokens and then Create an API Token. Provide a descriptive name and then hit Create. Save this token as it will be needed in GitHub
- In GitHub, we need to setup some environment variables. Navigate to the repository Settings and then Secrets
- Add secrets named AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY, again ensure these are the same values you retrieved when setting up your account
- Also add a secret named TF_API_TOKEN - this should be the value you retrieved from Terraform Cloud for the API Token
- We also need to setup a Personal Access Token. We use this github action to trigger different workflow files based on events. In order to use this, we need to create a Personal Access Token. Navigate to your profile (top right hand corner of the screen) --> Settings --> Developer Settings --> Personal Access Tokens --> Generate New Token --> Provide any name you wish --> Select all checkboxes under repo and admin:repo_hook and hit the button to generate the token. Copy this token as this is the only time this token will be visible to you
- Now we need to add this token as a repository secret. Navigate to the repository Settings and then Secrets. Add a secret named REPO_ACCESS_TOKEN and copy in the Personal Access Token that you just created
In order to ensure that infrastructure is not deployed to your account when you merge into your fork, we use a new feature called GitHub Environments. This ensures that prior to creating the terraform infrastructure and destroying it - we must manually approve the steps
- In GitHub, Navigate to Settings and then Environments
- Click New Environment and call it SmallWindow21, click Configure Environment - It is important the name is SmallWindow21 as this is referenced in the GitHub actions files
- Select the checkbox for Required Reviewers and search based on your username / L number. This will setup the manual approval step
We you open a Pull Request, the github actions will validate the terraform infrastructure as well as leave a comment in the PR with the plan details. When you merge into the main branch, the infrastructure will be deployed to your AWS account if you select to do so by providing manual approval To destroy the infrastructure, there is another GitHub actions job that will show up called Terraform Destroy. This will run based on a merge to the main branch. Again, you must manually approve this job to run. A valid use case would be as follows
- Check code into main
- Deploy Infrastructure with GitHub actions
- Deploy Code with GitHub actions
- Test code in AWS
- Destroy infrastructure with GitHub actions