Skip to content

fsavoia/terraform_fargate_blue_green_aws

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

53 Commits

images

images

 
 

infra_backend

infra_backend

 
 

modules

modules

 
 

terraform_image

terraform_image

 
 

.DS_Store

.DS_Store

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

backend.tf

backend.tf

 
 

main.tf

main.tf

 
 

output.tf

output.tf

 
 

provider.tf

provider.tf

 
 

variables.tf

variables.tf

 
 

Repository files navigation

Fargate with Blue Green Deployment using Jenkins, AWS CodePipeline, AWS CodeBuid and AWS CodeDeploy

This example deploys a fully ECS Cluster with FARGATE mode. It creates all the necessary infrastructure, such as the VPC, Application Load Balancer and the necessary Roles in 3 availability zones.

It also creates all ECS setup, like cluster, service, tasks, auto scaling and the deploy mode (blue green).

Jenkins

This example creates a Jenkins server on EC2. You should connect to http://<PUBLIC_IP_JENKINS>:8080 and follow the instructions. To get the admin password, you can connect on EC2 via SSM Sessions Manager.

  • Create a Pipeline to get configuration via SCM (git). You can use Jenskinsfile on main branch from this Sample Repository
  • Replace your values on Jenkinsfile after deployment below.

CI/CD

All deployment steps is done through a Pipeline using Jenkins for CI, CodePipeline, CodeBuild and CodeDeploy. In this example, the Terraform flow it's executed via AWS Codebuild before application deployment.

hybrid_pipeline

tfsec

During the pipeline execution, we can check the security checks pased to our tfsec configuration

tfsec_output

This configuration is running inside of an AWS Codebuild Container ith the configuration stated at buildspec_tfsec. We highly recommend you to check the tfsec documentation to review the configuration and modify as you need.

Besides this output, AWS Codebuild also exports the result of tfsec report on the Codebuild reports section

tfsec_output_report

Our pipeline have several manual process:

  • Manual process to review the security checks passed via tfsec.
  • Manual process to review the Terraform plan output.

terraform_pipeline

to-do

  • Terraform: IAM policies more restrictive

How to Deploy

Prerequisites:

If you will use remote backend (recommended), please, you have to configure the file below (you have to create the resources before), otherwise, just simple remove this file for local backend

backend.tf

If you want an example about how to create your remote backend infrastructure, go to infra_backend directory and replace variables.tf file with your data and follow the steps below

export AWS_REGION=<ENTER YOUR REGION>   # Select your own region
terraform init
terraform plan
terraform apply

Ensure that you have installed the following tools in your Mac or Windows Laptop before start working with this module and run Terraform Plan and Apply

  1. AWS CLI
  2. Terraform

Deployment Steps

Step 1: Clone the repo using the command below

git clone '<this repository>'

Step 2: Run Terraform INIT

Initialize a working directory with configuration files

cd '<this repository directory>'
terraform init

Step 3: Run Terraform PLAN

Verify the resources created by this execution

export AWS_REGION=<ENTER YOUR REGION>   # Select your own region
terraform plan

Step 4: Terraform APPLY

to create resources

terraform apply

Enter yes to apply

How to Destroy

The following command destroys the resources created by terraform apply

cd '<this repository directory>'
terraform destroy --auto-approve

Requirements

Name Version
terraform >= 0.13
aws ~> 4.0

Providers

No providers.

Modules

Name Source Version
devops ./modules/devops n/a
ec2 ./modules/ec2 n/a
ecs ./modules/ecs n/a
network ./modules/network n/a

Resources

No resources.

Inputs

Name Description Type Default Required
availability_zones Define subnets AZs list(string) 
[
  "us-east-1a",
  "us-east-1b",
  "us-east-1c"
]
 no
instance_type Define EC2 instance type string "jenkins-lab" no
name Define EC2 TAG name string "t2.medium" no
object_lock_days The number of days that you want to specify for the default retention period number 365 no
object_lock_mode The default Object Lock retention mode you want to apply to new objects placed in the specified bucket string "GOVERNANCE" no
private_subnet_cidr_block Define private subnet CIDRs list(string) 
[
  "10.10.3.0/24",
  "10.10.4.0/24",
  "10.10.5.0/24"
]
 no
public_subnet_cidr_block Define public subnet CIDRs list(string) 
[
  "10.10.0.0/24",
  "10.10.1.0/24",
  "10.10.2.0/24"
]
 no
scale_max_capacity Define max containers capacity for ECS Service Autoscale number 2 no
scale_min_capacity Define min containers capacity for ECS Service Autoscale number 1 no
vpc_cidr_block Define VPC CIDR block string "10.10.0.0/16" no
vpc_name Define the name of the network string "poc-ecs" no

Outputs

Name Description
aws_public_security_group_id n/a
private_subnet_ids n/a
public_subnet_ids n/a
vpc_id n/a

About

Terraform blueprint to build a Fargate with Blue Green ad AWS services

Topics

jenkins aws ec2 terraform codebuild codedeploy bluegreen fargate codepipline

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages