{"id":18800646,"url":"https://github.com/bitovi/github-actions-deploy-docker-to-ec2","last_synced_at":"2025-04-05T04:09:34.812Z","repository":{"id":63298373,"uuid":"564335450","full_name":"bitovi/github-actions-deploy-docker-to-ec2","owner":"bitovi","description":"GitHub Action to deploy any docker-composed app to an AWS EC2 VM.","archived":false,"fork":false,"pushed_at":"2025-01-23T20:35:53.000Z","size":337,"stargazers_count":90,"open_issues_count":9,"forks_count":15,"subscribers_count":11,"default_branch":"main","last_synced_at":"2025-03-29T03:05:27.947Z","etag":null,"topics":["aws","docker","docker-compose","ec2","github-actions"],"latest_commit_sha":null,"homepage":"https://www.bitovi.com/platform-engineering-consulting","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bitovi.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-11-10T13:54:01.000Z","updated_at":"2025-02-15T15:56:05.000Z","dependencies_parsed_at":"2023-12-21T14:32:32.235Z","dependency_job_id":"3657fc22-89be-486f-ba1f-aaaa2cee93ed","html_url":"https://github.com/bitovi/github-actions-deploy-docker-to-ec2","commit_stats":{"total_commits":82,"total_committers":6,"mean_commits":"13.666666666666666","dds":0.5365853658536586,"last_synced_commit":"33f24d695500f13fcaf5c9e9feee4651e2172d12"},"previous_names":[],"tags_count":27,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bitovi%2Fgithub-actions-deploy-docker-to-ec2","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bitovi%2Fgithub-actions-deploy-docker-to-ec2/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bitovi%2Fgithub-actions-deploy-docker-to-ec2/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bitovi%2Fgithub-actions-deploy-docker-to-ec2/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bitovi","download_url":"https://codeload.github.com/bitovi/github-actions-deploy-docker-to-ec2/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247284949,"owners_count":20913704,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","docker","docker-compose","ec2","github-actions"],"created_at":"2024-11-07T22:19:32.212Z","updated_at":"2025-04-05T04:09:34.781Z","avatar_url":"https://github.com/bitovi.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Deploy Docker to AWS VM (EC2)\n\n`bitovi/github-actions-deploy-docker-to-ec2` deploys any [Docker](https://www.bitovi.com/academy/learn-docker.html)-based app to an AWS VM (EC2) using Docker and Docker Compose.\n\nThe action will copy this repo to the VM and then run `docker compose up`.\n\n\u003e ⚠️ Migrating from v0.5.8 to v1.0.0 is not possible. Some resources keep the same ID and errors will appear.  \n\n## Action Summary\nThis action will create an EC2 instance and the resources defined, copy this repo to the VM, install docker (and other options if enabled) and then run `docker compose up`.\n\nIf you would like to deploy a backend app/service, check out our other actions:\n| Action | Purpose |\n| ------ | ------- |\n| [Deploy an AWS ECS Cluster](https://github.com/marketplace/actions/deploy-an-aws-ecs-cluster) | Deploys an ECS (Fargate or EC2) cluster, with tasks and service definitions (and more!)|\n| [Deploy Storybook to GitHub Pages](https://github.com/marketplace/actions/deploy-storybook-to-github-pages) | Builds and deploys a Storybook application to GitHub Pages. |\n| [Deploy static site to AWS (S3/CDN/R53)](https://github.com/marketplace/actions/deploy-static-site-to-aws-s3-cdn-r53) | Hosts a static site in AWS S3 with CloudFront |\n\u003cbr/\u003e\n\n**And more!**, check our [list of actions in the GitHub marketplace](https://github.com/marketplace?category=\u0026type=actions\u0026verification=\u0026query=bitovi)\n\n## Getting Started Intro Video\n[![Getting Started - Youtube](https://img.youtube.com/vi/oya5LuHUCXc/0.jpg)](https://www.youtube.com/watch?v=oya5LuHUCXc)\n\n## Need help or have questions?\nThis project is supported by [Bitovi, a DevOps Consultancy](https://www.bitovi.com/devops-consulting) and a proud supporter of Open Source software.\n\nYou can **get help or ask questions** on our [Discord channel](https://discord.gg/zAHn4JBVcX)! Come hang out with us!\n\nOr, you can hire us for training, consulting, or development. [Set up a free consultation](https://www.bitovi.com/devops-consulting).\n![alt](https://bitovi-gha-pixel-tracker-deployment-main.bitovi-sandbox.com/pixel/UGFZYKgLzZPPVMD9HHgEc)\n# WHAT'S NEW IN V1 - What changed? \n\nA lot! The whole code supporting this action migrated into a bigger repo, with more modules and functions. We concentrated our work there, hence any improvement done there benefits all of our actions.\n\nActions you said? Yes… go check our [list of actions in the GitHub marketplace](https://github.com/marketplace?category=\u0026type=actions\u0026verification=\u0026query=bitovi)\n\nNew stuff! To name a few, cloudwatch for docker, VPC handling, EC2/ELB/APP port list, user_data for pre-ansible run, RDS (as Aurora replacement) among others. Check the [v1-changes](https://github.com/bitovi/github-actions-deploy-docker-to-ec2/blob/commons/v1-changes.md) doc.\n\n## ⚠️ Migrating from v0.5.8 to v1.0.0\nAdding new features and functionalities while keeping code consistent required a huge refactoring. Resources and objects got moved and renamed, making migration a really complicated path. \u003c/br\u003e\nFor that reason we recommend a clean start. \n\u003c/br\u003e\nVersion **v0.5.8** will be the last of the v0 series, and new features will be added to v1 from now on.\u003c/br\u003e\n\u003c/br\u003e\n\n## Requirements\n\n1. Files for Docker\n2. An AWS account\n\n### 1. Files for Docker\nYour app needs a `Dockerfile` and a `docker-compose.yaml` file. \n\n\u003e For more details on setting up Docker and Docker Compose, check out Bitovi's Academy Course: [Learn Docker](https://www.bitovi.com/academy/learn-docker.html)\n\u003e\n\n### 2. An AWS account\nYou'll need [Access Keys](https://docs.aws.amazon.com/powershell/latest/userguide/pstools-appendix-sign-up.html) from an [AWS account](https://aws.amazon.com/premiumsupport/knowledge-center/create-and-activate-aws-account/)\n\n## Environment variables\nWe accept multiple ways to add environment variables. All of them will be merged into a `.env` file in the EC2 instance in a `KEY=VALUE` format. \nFor secrects stored in AWS Secrets Manager we expect them to be in a JSON format, like `'{\"key\":\"value\"}'`.\nThe rest could be in a `KEY=VALUE` format. \n\n### You can provide:\n - `env_aws_secret` - Comma separated list of secret name(s) stored in AWS Secrets Manager\n - `env_repo` - A file in your repo that contains env vars. As a default, we'll try to read `repo_env`, but you can change that to any other filename. (Including path)`\n - `env_ghv` - An entry in [Github actions variables](https://docs.github.com/en/actions/learn-github-actions/variables)\n - `env_ghs` - An entry in [Github secrets](https://docs.github.com/es/actions/security-guides/encrypted-secrets)\n \n### To use them in your docker-compose file, you can do so by adding the following: \n```\nversion: '3.9'\nservices:\n  app:\n    env_file: .env\n```\n\nThese environment variables are merged to the .env file quoted in the following order:\n - Terraform passed env vars ( This is not optional nor customizable )\n - Repository checked-in env vars - repo_env file as default. (KEY=VALUE style)\n - Github Vars - Create a variable in your GH Repo - (KEY=VALUE style)\n - Github Secret - Create a secret in your GH Repo - (KEY=VALUE style)\n - AWS Secret - Comma separated list of JSON style like '{\"key\":\"value\"}' secrets.\n\n## Example usage\n\nCreate `.github/workflows/deploy.yaml` with the following to build on push.\n\n### Basic example\n```yaml\nname: Basic deploy\non:\n  push:\n    branches: [ main ]\n\njobs:\n  EC2-Deploy:\n    runs-on: ubuntu-latest\n    steps:\n      - id: deploy\n        uses: bitovi/github-actions-deploy-docker-to-ec2@v1.0.1\n        with:\n          aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}\n          aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}\n          aws_default_region: us-east-1\n\n          aws_elb_app_port: 8080 # This should match the docker exposed port. Defaults to 3000.\n```\n\n### Advanced example\n\n```yaml\nname: Advanced deploy\non:\n  push:\n    branches: [ main ]\n\npermissions:\n  contents: read\n\njobs:\n  EC2-Deploy:\n    runs-on: ubuntu-latest\n    environment:\n      name: \"EC2\"\n      url: ${{ steps.deploy.outputs.vm_url }}\n    steps:\n    - id: deploy\n      name: Deploy\n      uses: bitovi/github-actions-deploy-docker-to-ec2@v1.0.1\n      with:\n        aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}\n        aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}\n        aws_session_token: ${{ secrets.AWS_SESSION_TOKEN }}\n        aws_default_region: us-east-1\n        #aws_additional_tags: '{\\\"key\\\":\\\"value\\\",\\\"key2\\\":\\\"value2\\\"}'\n\n        aws_r53_enable: true\n        aws_r53_domain_name: bitovi.com\n        aws_r53_sub_domain_name: app\n        aws_r53_create_sub_cert: true\n\n        ansible_start_docker_timeout: 600\n\n        env_ghs: ${{ secrets.DOT_ENV }}\n        env_ghv: ${{ vars.VARS }}\n        env_aws_secret: some-secret,some-other\n        aws_elb_app_port: 3000,8080\n        aws_elb_listen_port: 443,8080\n        aws_elb_healthcheck: \"HTTP:8080\"\n        \n        docker_cloudwatch_enable: true\n        docker_cloudwatch_retention_days: 7\n\n        aws_rds_db_enable: true\n```\n\n## Customizing\n\n\u003e :sparkle: We use `aws_resource_identifier` as a unique ID throughout the code to name resources. \u003c/br\u003e\n\u003e Keep this in mind if **using any of our actions** in different steps of the same job!\u003c/br\u003e\n\u003e This ID is defined with the following default value: `${GITHUB_ORG_NAME}-${GITHUB_REPO_NAME}-${GITHUB_BRANCH_NAME}`\n\n### Inputs\n1. [AWS Specific](#aws-specific)\n1. [GitHub Commons main inputs](#github-commons-main-inputs)\n1. [Secrets and Environment Variables](#secrets-and-environment-variables-inputs)\n1. [EC2](#ec2-inputs)\n1. [VPC](#vpc-inputs)\n1. [AWS Route53 Domains and Certificates](#aws-route53-domains-and-certificate-inputs)\n1. [Load Balancer](#load-balancer-inputs)\n1. [Docker](#docker-inputs)\n1. [EFS](#efs-inputs)\n1. [RDS](#rds-inputs)\n1. [DB Proxy](#db-proxy-inputs)\n1. [GitHub Deployment repo inputs](#github-deployment-repo-inputs)\n\n### Outputs\n1. [Action Outputs](#action-outputs)\n\nThe following inputs can be used as `step.with` keys\n\u003cbr/\u003e\n\u003cbr/\u003e\n\n#### **AWS Specific**\n| Name             | Type    | Description                        |\n|------------------|---------|------------------------------------|\n| `aws_access_key_id` | String | AWS access key ID |\n| `aws_secret_access_key` | String | AWS secret access key |\n| `aws_session_token` | String | AWS session token |\n| `aws_default_region` | String | AWS default region. Defaults to `us-east-1` |\n| `aws_resource_identifier` | String | Set to override the AWS resource identifier for the deployment. Defaults to `${GITHUB_ORG_NAME}-${GITHUB_REPO_NAME}-${GITHUB_BRANCH_NAME}`. |\n| `aws_additional_tags` | JSON | Add additional tags to the terraform [default tags](https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider), any tags put here will be added to all provisioned resources.|\n\u003chr/\u003e\n\u003cbr/\u003e\n\n#### **GitHub Commons main inputs**\n| Name             | Type    | Description                        |\n|------------------|---------|------------------------------------|\n| `checkout` | Boolean | Set to `false` if the code is already checked out. (Default is `true`). |\n| `bitops_code_only` | Boolean | If `true`, will run only the generation phase of BitOps, where the Terraform and Ansible code is built. |\n| `bitops_code_store` | Boolean | Store BitOps generated code as a GitHub artifact. |\n| `tf_stack_destroy` | Boolean  | Set to `true` to destroy the stack - Will delete the `elb logs bucket` after the destroy action runs. |\n| `tf_state_file_name` | String | Change this to be anything you want to. Carefull to be consistent here. A missing file could trigger recreation, or stepping over destruction of non-defined objects. Defaults to `tf-state-aws`. |\n| `tf_state_file_name_append` | String | Appends a string to the tf-state-file. Setting this to `unique` will generate `tf-state-aws-unique`. (Can co-exist with `tf_state_file_name`) |\n| `tf_state_bucket` | String | AWS S3 bucket name to use for Terraform state. See [note](#s3-buckets-naming) | \n| `tf_state_bucket_destroy` | Boolean | Force purge and deletion of S3 bucket defined. Only evaluated when `tf_stack_destroy` is also `true`, so it is safe to leave this enabled when standing up your stack. Defaults to `false`. |\n| `tf_targets` | List | A list of targets to create before the full stack creation. | \n| `ansible_skip` | Boolean | Skip Ansible execution after Terraform excecution. Default is `false`.|\n| `ansible_ssh_to_private_ip` | Boolean | Make Ansible connect to the private IP of the instance. Only usefull if using a hosted runner in the same network. Default is `false`. | \n| `ansible_start_docker_timeout` | String | Ammount of time in seconds it takes Ansible to mark as failed the startup of docker. Defaults to `300`.|\n\u003chr/\u003e\n\u003cbr/\u003e\n\n#### **Secrets and Environment Variables Inputs**\n| Name             | Type    | Description - Check note about [**environment variables**](#environment-variables). |\n|------------------|---------|------------------------------------|\n| `env_aws_secret` | String | Secret name to pull environment variables from AWS Secret Manager. Accepts comma separated list of secrets. |\n| `env_repo` | String | `.env` file containing environment variables to be used with the app. We'll try to read `repo_env` (default), but you can change that to any other filename. (Including path) |\n| `env_ghs` | String | GitHub Secret Name containing `.env` file style to be used with the app. See [Github secret](https://docs.github.com/es/actions/security-guides/encrypted-secrets). |\n| `env_ghv` | String | GitHub Variable Name containing `.env` file style to be used with the app. See [Github variables](https://docs.github.com/en/actions/learn-github-actions/variables). |\n\u003chr/\u003e\n\u003cbr/\u003e\n\n#### **EC2 Inputs**\n| Name             | Type    | Description                        |\n|------------------|---------|------------------------------------|\n| `aws_ec2_instance_create` | Boolean | Toggles the creation of an EC2 instance. (Default is `true`). |\n| `aws_ec2_ami_filter` | String | AWS AMI Filter string. Will be used to lookup for lates image based on the string. Defaults to `ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*`.' |\n| `aws_ec2_ami_owner` | String | Owner of AWS AMI image. This ensures the provider is the one we are looking for. Defaults to `099720109477`, Canonical (Ubuntu). |\n| `aws_ec2_ami_id` | String | AWS AMI ID. Will default to the latest Ubuntu 22.04 server image (HVM). Accepts `ami-###` values. |\n| `aws_ec2_ami_update` | Boolean | Set this to `true` if you want to recreate the EC2 instance if there is a newer version of the AMI. Defaults to `false`.|\n| `aws_ec2_instance_type` | String | The AWS IAM instance type to use. Default is `t2.small`. See [this list](https://aws.amazon.com/ec2/instance-types/) for reference. |\n| `aws_ec2_instance_root_vol_size` | Integer | Define the volume size (in GiB) for the root volume on the AWS Instance. Defaults to `8`. | \n| `aws_ec2_instance_root_vol_preserve` | Boolean | Set this to true to avoid deletion of root volume on termination. Defaults to `false`. | \n| `aws_ec2_security_group_name` | String | The name of the EC2 security group. Defaults to `SG for ${aws_resource_identifier} - EC2`. |\n| `aws_ec2_iam_instance_profile` | String | The AWS IAM instance profile to use for the EC2 instance. Will create one if none provided with the name `aws_resource_identifier`. |\n| `aws_ec2_create_keypair_sm` | Boolean | Generates and manages a secret manager entry that contains the public and private keys created for the ec2 instance. |\n| `aws_ec2_instance_public_ip` | Boolean | Add a public IP to the instance or not. (Not an Elastic IP). Defaults to `true`. |\n| `aws_ec2_port_list` | String | Comma separated list of ports to be enabled in the EC2 instance security group. (NOT THE ELB) In a `80,443` format. Port `22` is enabled as default to allow Ansible connection. |\n| `aws_ec2_user_data_file` | String | Relative path in the repo for a user provided script to be executed with Terraform EC2 Instance creation. See [this note](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html#user-data-shell-scripts). Make sure the add the executable flag to the file. |\n| `aws_ec2_user_data_replace_on_change`| Boolean | If `aws_ec2_user_data_file` file changes, instance will stop and start. Hence public IP will change. This will destroy and recreate the instance. Defaults to `true`. |\n| `aws_ec2_additional_tags` | JSON | Add additional tags to the terraform [default tags](https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider), any tags put here will be added to ec2 provisioned resources.|\n\u003chr/\u003e\n\u003cbr/\u003e\n\n#### **VPC Inputs**\n| Name             | Type    | Description                        |\n|------------------|---------|------------------------------------|\n| `aws_vpc_create` | Boolean | Define if a VPC should be created. Defaults to `false`. |\n| `aws_vpc_name` | String | Define a name for the VPC. Defaults to `VPC for ${aws_resource_identifier}`. |\n| `aws_vpc_cidr_block` | String | Define Base CIDR block which is divided into subnet CIDR blocks. Defaults to `10.0.0.0/16`. |\n| `aws_vpc_public_subnets` | String | Comma separated list of public subnets. Defaults to `10.10.110.0/24`|\n| `aws_vpc_private_subnets` | String | Comma separated list of private subnets. If no input, no private subnet will be created. Defaults to `\u003cnone\u003e`. |\n| `aws_vpc_availability_zones` | String | Comma separated list of availability zones. Defaults to `aws_default_region+\u003crandom\u003e` value. If a list is defined, the first zone will be the one used for the EC2 instance. |\n| `aws_vpc_id` | String | **Existing** AWS VPC ID to use. Accepts `vpc-###` values. |\n| `aws_vpc_subnet_id` | String | **Existing** AWS VPC Subnet ID. If none provided, will pick one. (Ideal when there's only one). |\n| `aws_vpc_enable_nat_gateway` | Boolean | Adds a NAT gateway for each public subnet. Defaults to `false`. |\n| `aws_vpc_single_nat_gateway` | Boolean | Toggles only one NAT gateway for all of the public subnets. Defaults to `false`. |\n| `aws_vpc_external_nat_ip_ids` | String | **Existing** comma separated list of IP IDs if reusing. (ElasticIPs). |\n| `aws_vpc_additional_tags` | JSON | Add additional tags to the terraform [default tags](https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider), any tags put here will be added to vpc provisioned resources.|\n\u003chr/\u003e\n\u003cbr/\u003e\n\n#### **AWS Route53 Domains and Certificate Inputss**\n| Name             | Type    | Description                        |\n|------------------|---------|------------------------------------|\n| `aws_r53_enable` | Boolean | Set this to true if you wish to use an existing AWS Route53 domain. **See note**. Default is `false`. |\n| `aws_r53_domain_name` | String | Define the root domain name for the application. e.g. bitovi.com'. |\n| `aws_r53_sub_domain_name` | String | Define the sub-domain part of the URL. Defaults to `aws_resource_identifier`. |\n| `aws_r53_root_domain_deploy` | Boolean | Deploy application to root domain. Will create root and www records. Default is `false`. |\n| `aws_r53_enable_cert` | Boolean | Set this to true if you wish to manage certificates through AWS Certificate Manager with Terraform. **See note**. Default is `false`. | \n| `aws_r53_cert_arn` | String | Define the certificate ARN to use for the application. **See note**. |\n| `aws_r53_create_root_cert` | Boolean | Generates and manage the root cert for the application. **See note**. Default is `false`. |\n| `aws_r53_create_sub_cert` | Boolean | Generates and manage the sub-domain certificate for the application. **See note**. Default is `false`. |\n| `aws_r53_additional_tags` | JSON | Add additional tags to the terraform [default tags](https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider), any tags put here will be added to R53 provisioned resources.|\n\u003chr/\u003e\n\u003cbr/\u003e\n\n#### **Load Balancer Inputs**\n| Name             | Type    | Description                        |\n|------------------|---------|------------------------------------|\n| `aws_elb_create` | Boolean | Toggles the creation of a load balancer and map ports to the EC2 instance. Defaults to `true`.|\n| `aws_elb_security_group_name` | String | The name of the ELB security group. Defaults to `SG for ${aws_resource_identifier} - ELB`. |\n| `aws_elb_app_port` | String | Port in the EC2 instance to be redirected to. Default is `3000`. Accepts comma separated values like `3000,3001`. | \n| `aws_elb_app_protocol` | String | Protocol to enable. Could be HTTP, HTTPS, TCP or SSL. Defaults to `TCP`. If length doesn't match, will use `TCP` for all.|\n| `aws_elb_listen_port` | String | Load balancer listening port. Default is `80` if NO FQDN provided, `443` if FQDN provided. Accepts comma separated values. |\n| `aws_elb_listen_protocol` | String | Protocol to enable. Could be HTTP, HTTPS, TCP or SSL. Defaults to `TCP` if NO FQDN provided, `SSL` if FQDN provided. |\n| `aws_elb_healthcheck` | String | Load balancer health check string. Default is `TCP:22`. |\n| `aws_elb_access_log_bucket_name` | String | S3 bucket name to store the ELB access logs. Defaults to `${aws_resource_identifier}-logs` (or `-lg `depending of length). **Bucket will be deleted if stack is destroyed.** | \n| `aws_elb_access_log_expire` | String | Delete the access logs after this amount of days. Defaults to `90`. Set to `0` in order to disable this policy. | \n| `aws_elb_additional_tags` | JSON | Add additional tags to the terraform [default tags](https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider), any tags put here will be added to elb provisioned resources.|\n\u003chr/\u003e\n\u003cbr/\u003e\n\n\n#### **Docker Inputs**\n| Name             | Type    | Description                        |\n|------------------|---------|------------------------------------|\n| `docker_install` | Boolean | Toggle docker installation through Ansible. `docker-compose up` will be excecuted after. Defaults to `true`. |\n| `docker_remove_orphans` | Boolean | Set to `true` to turn the `--remove-orphans` flag. Defaults to `false`. |\n| `docker_full_cleanup` | Boolean | Set to `true` to run `docker-compose down` and `docker system prune --all --force --volumes` after. Runs before `docker_install`. WARNING: docker volumes will be destroyed. |\n| `docker_repo_app_directory` | String | Relative path for the directory of the app. (i.e. where the `docker-compose.yaml` file is located). This is the directory that is copied into the EC2 instance. Default is `/`, the root of the repository. Add a `.gha-ignore` file with a list of files to be exluded. (Using glob patterns). |\n| `docker_repo_app_directory_cleanup` | Boolean | Will generate a timestamped compressed file (in the home directory of the instance) and delete the app repo directory. Runs before `docker_install` and after `docker_full_cleanup`. |\n| `docker_efs_mount_target` | String | Directory path within docker env to mount directory to. Default is `/data`|\n| `docker_cloudwatch_enable` | Boolean | Toggle cloudwatch creation for Docker. Create a file named `docker-daemon.json` in your repo root dir if you need to customize it. Defaults to `false`. Check [docker docs](https://docs.docker.com/config/containers/logging/awslogs/).|\n| `docker_cloudwatch_lg_name` | String| Log group name. Will default to `${aws_resource_identifier}-docker-logs` if none. |\n| `docker_cloudwatch_skip_destroy` | Boolean | Toggle deletion or not when destroying the stack. Defaults to `false`. |\n| `docker_cloudwatch_retention_days` | String | Number of days to retain logs. 0 to never expire. Defaults to `14`. See [note](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group#retention_in_days). |\n\u003chr/\u003e\n\u003cbr/\u003e\n\n#### **EFS Inputs**\n| Name             | Type    | Description                        |\n|------------------|---------|------------------------------------|\n| `aws_efs_create` | Boolean | Toggle to indicate whether to create an EFS volume and mount it to the EC2 instance as a part of the provisioning. Note: The stack will manage the EFS and will be destroyed along with the stack. |\n| `aws_efs_fs_id` | String | ID of existing EFS volume if you wish to use an existing one. |\n| `aws_efs_create_mount_target` | String | Toggle to indicate whether we should create a mount target for the EFS volume or not. Defaults to `true`.|\n| `aws_efs_create_ha` | Boolean | Toggle to indicate whether the EFS resource should be highly available (mount points in all available zones within region). |\n| `aws_efs_vol_encrypted` | String | Toggle encryption of the EFS volume. Defaults to `true`.|\n| `aws_efs_kms_key_id` | String | The ARN for the KMS encryption key. Will use default if none defined. |\n| `aws_efs_performance_mode` | String | Toggle perfomance mode. Options are: `generalPurpose` or `maxIO`.|  \n| `aws_efs_throughput_mode` | String | Throughput mode for the file system. Defaults to `bursting`. Valid values: `bursting`, `provisioned`, or `elastic`. When using provisioned, also set `aws_efs_throughput_speed`. |\n| `aws_efs_throughput_speed` | String | The throughput, measured in MiB/s, that you want to provision for the file system. Only applicable with throughput_mode set to provisioned. |\n| `aws_efs_security_group_name` | String | The name of the EFS security group. Defaults to `SG for ${aws_resource_identifier} - EFS`. |\n| `aws_efs_allowed_security_groups` | String | Extra names of the security grou-ps to access the EFS volume. Accepts comma separated list of. |\n| `aws_efs_ingress_allow_all` | Boolean | Allow access from 0.0.0.0/0 in the same VPC. Defaults to `true`. |\n| `aws_efs_create_replica` | Boolean | Toggle whether a read-only replica should be created for the EFS primary file system. |\n| `aws_efs_replication_destination` | String | AWS Region to target for replication. |\n| `aws_efs_enable_backup_policy` | Boolean | Toggle whether the EFS should have a backup policy. |\n| `aws_efs_transition_to_inactive` | String | Indicates how long it takes to transition files to the IA storage class. Defaults to `AFTER_30_DAYS`. |\n| `aws_efs_mount_target` | String | Directory path in efs to mount directory to. Default is `/`. |\n| `aws_efs_ec2_mount_point` | String | The `aws_efs_ec2_mount_point` input represents the folder path within the EC2 instance to the data directory. Default is `/user/ubuntu/\u003capplication_repo\u003e/data`. Additionally, this value is loaded into the docker-compose `.env` file as `HOST_DIR`. |\n| `aws_efs_additional_tags` | JSON | Add additional tags to the terraform [default tags](https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider), any tags put here will be added to efs provisioned resources.|\n\u003chr/\u003e\n\u003cbr/\u003e\n\n#### **RDS Inputs**\n| Name             | Type    | Description                        |\n|------------------|---------|------------------------------------|\n| `aws_rds_db_enable`| Boolean | Toggles the creation of a RDS DB. Defaults to  `false`. |\n| `aws_rds_db_proxy`| Boolean | Set to `true` to add a RDS DB Proxy. |\n| `aws_rds_db_identifier`| String | Database identifier that will appear in the AWS Console. Defaults to `aws_resource_identifier` if none set. |\n| `aws_rds_db_name`| String | The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. |\n| `aws_rds_db_user`| String | Username for the database. Defaults to `dbuser`. |\n| `aws_rds_db_engine`| String | Which Database engine to use. Defaults to `postgres`. |\n| `aws_rds_db_engine_version`| String | Which Database engine version to use. Will use latest if none defined. |\n| `aws_rds_db_ca_cert_identifier`| String | Defines the certificate to use with the instance. Defaults to `rds-ca-ecc384-g1`.|\n| `aws_rds_db_security_group_name`| String | The name of the database security group. Defaults to `SG for ${aws_resource_identifier} - RDS`. |\n| `aws_rds_db_allowed_security_groups` | String | Comma separated list of security groups to add to the DB Security Group. (Allowing incoming traffic.) | \n| `aws_rds_db_ingress_allow_all` | Boolean | Allow incoming traffic from 0.0.0.0/0. Defaults to `true`. |\n| `aws_rds_db_publicly_accessible` | Boolean | Allow the database to be publicly accessible from the internet. Defaults to `false`. |\n| `aws_rds_db_port`| String | Port where the DB listens to. |\n| `aws_rds_db_subnets`| String | Specify which subnets to use as a list of strings.  Example: `i-1234,i-5678,i-9101`. |\n| `aws_rds_db_allocated_storage`| String | Storage size. Defaults to `10`. |\n| `aws_rds_db_max_allocated_storage`| String | Max storage size. Defaults to `0` to disable auto-scaling. |\n| `aws_rds_db_storage_encrypted` | Boolean | Toogle storage encryption. Defatuls to false. |\n| `aws_rds_db_storage_type` | String | Storage type. Like gp2 / gp3. Defaults to gp2. |\n| `aws_rds_db_kms_key_id` | String | The ARN for the KMS encryption key. |\n| `aws_rds_db_instance_class`| String | DB instance server type. Defaults to `db.t3.micro`. See [this list](https://aws.amazon.com/rds/instance-types/). |\n| `aws_rds_db_final_snapshot` | String | If final snapshot is wanted, add a snapshot name. Leave emtpy if not. |\n| `aws_rds_db_restore_snapshot_identifier` | String | Name of the snapshot to restore the databse from. |\n| `aws_rds_db_cloudwatch_logs_exports`| String | Set of log types to enable for exporting to CloudWatch logs. Defaults to `postgresql`. Options are MySQL and MariaDB: `audit,error,general,slowquery`. PostgreSQL: `postgresql,upgrade`. MSSQL: `agent,error`. Oracle: `alert,audit,listener,trace`. |\n| `aws_rds_db_multi_az` | Boolean| Specifies if the RDS instance is multi-AZ. Defaults to `false`. |\n| `aws_rds_db_maintenance_window` | String | The window to perform maintenance in. Eg: `Mon:00:00-Mon:03:00` |\n| `aws_rds_db_apply_immediately` | Boolean | Specifies whether any database modifications are applied immediately, or during the next maintenance window. Defaults to `false`.|\n| `aws_rds_db_additional_tags` | JSON | Add additional tags to the terraform [default tags](https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider), any tags put here will be added to RDS provisioned resources.|\n\u003chr/\u003e\n\u003cbr/\u003e\n\n#### **DB Proxy Inputs**\n| Name             | Type    | Description                        |\n|------------------|---------|------------------------------------|\n| `aws_db_proxy_name` | String | Name of the database proxy.  Defaults to `aws_resource_identifier` |\n| `aws_db_proxy_client_password_auth_type` | String | Overrides auth type. Using `MYSQL_NATIVE_PASSWORD`, `POSTGRES_SCRAM_SHA_256`, and `SQL_SERVER_AUTHENTICATION` depending on the database family. |\n| `aws_db_proxy_tls` | Boolean | Make TLS a requirement for connections. Defaults to `true`.|\n| `aws_db_proxy_security_group_name` | String | Name for the proxy security group. Defaults to `aws_resource_identifier`. |\n| `aws_db_proxy_database_security_group_allow` | Boolean | If true, will add an incoming rule from every security group associated with the DB. |\n| `aws_db_proxy_allowed_security_group` | String | Comma separated list for extra allowed security groups.|\n| `aws_db_proxy_allow_all_incoming` | Boolean | Allow all incoming traffic to the DB Proxy (0.0.0.0/0 rule). Keep in mind that the proxy is only available from the internal network except manually exposed. | \n| `aws_db_proxy_cloudwatch_enable` | Boolean | Toggle Cloudwatch logs. Will be stored in `/aws/rds/proxy/rds_proxy.name`. |\n| `aws_db_proxy_cloudwatch_retention_days` | String | Number of days to retain cloudwatch logs. Defaults to `14`. |\n| `aws_db_proxy_additional_tags` | JSON | Add additional tags to the ter added to aurora provisioned resources.|\n\u003cbr/\u003e\n\u003cbr/\u003e\n\n#### **GitHub Deployment repo inputs**\n| Name             | Type    | Description                        |\n|------------------|---------|------------------------------------|\n| `gh_deployment_input_terraform` | String | Folder to store Terraform files to be included during Terraform execution.|\n| `gh_deployment_input_ansible` | String | Folder where a whole Ansible structure is expected. If missing bitops.config.yaml a default will be generated.|\n| `gh_deployment_input_ansible_playbook` | String | Main playbook to be looked for. Defaults to `playbook.yml`.|\n| `gh_deployment_input_ansible_extra_vars_file` | String | Relative path to Ansible extra-vars file. |\n| `gh_deployment_action_input_ansible_extra_vars_file` | String | Relative path to Ansible extra-vars file from deployment to be set up into the action Ansible code. |\n\u003chr/\u003e\n\u003cbr/\u003e\n\n#### **Action Outputs**\n| Name             | Description                        |\n|------------------|------------------------------------|\n| **VPC** |\n| `aws_vpc_id` | The selected VPC ID used. |\n| **EC2** |\n| `vm_url` | The URL of the generated app. |\n| `instance_endpoint` | The URL of the generated ec2 instance. |\n| `ec2_sg_id` | SG ID for the EC2 instance. |\n| **EFS** |\n| `aws_efs_fs_id` | AWS EFS FS ID of the volume. |\n| `aws_efs_replica_fs_id` | AWS EFS FS ID of the replica volume. |\n| `aws_efs_sg_id` | SG ID for the EFS Volume. |\n| **RDS** |\n| `db_endpoint` | RDS Endpoint. |\n| `db_secret_details_name` | AWS Secret name containing db credentials. |\n| `db_sg_id` | SG ID for the RDS instance. |\n| `db_proxy_rds_endpoint` | Database proxy endpoint. |\n| `db_proxy_secret_name_rds` | AWS Secret name containing proxy credentials. |\n| `db_proxy_sg_id_rds` | SG ID for the RDS Proxy instance. |\n\u003chr/\u003e\n\u003cbr/\u003e\n\n## Note about resource identifiers\n\nMost resources will contain the tag `${GITHUB_ORG_NAME}-${GITHUB_REPO_NAME}-${GITHUB_BRANCH_NAME}`, some of them, even the resource name after. \nWe limit this to a 60 characters string because some AWS resources have a length limit and short it if needed.\n\nWe use the kubernetes style for this. For example, kubernetes -\u003e k(# of characters)s -\u003e k8s. And so you might see some compressions are made.\n\nFor some specific resources, we have a 32 characters limit. If the identifier length exceeds this number after compression, we remove the middle part and replace it for a hash made up from the string itself. \n\n### S3 buckets naming\n\nBuckets names can be made of up to 63 characters. If the length allows us to add -tf-state, we will do so. If not, a simple -tf will be added.\n\n## CERTIFICATES - Only for AWS Managed domains with Route53\n\nAs a default, the application will be deployed and the ELB public URL will be displayed.\n\nIf `aws_r53_enable` and `aws_r53_enable_cert` are true, we will look up for a certificate with the name of the domain defined in `aws_r53_domain_name`. (eg. `example.com`). We expect that certificate to contain both `example.com` and `*.example.com` in the defined region.\n\nSetting `aws_r53_create_root_cert` to `true` will create this certificate with both `example.com` and `*.example.com` for you, and validate them. (DNS validation).\n\nSetting `aws_r53_create_sub_cert` to `true` will create a certificate **just for the subdomain**, and validate it.\n\n\u003e :warning: Be very careful here! **Created certificates are fully managed by Terraform**. Therefor **they will be destroyed upon stack destruction**.\n\nTo change a certificate (root_cert, sub_cert, ARN or pre-existing root cert), you must first toogle  `aws_r53_enable_cert` to false, run the action, and then set the `aws_r53_enable_cert` flag to true, add the desired settings and excecute the action again. (**This will destroy the first certificate.**)\n\nThis is necessary due to a limitation that prevents certificates from being changed while in use by certain resources.\n\n## Adding external datastore (AWS EFS)\nUsers looking to add non-ephemeral storage to their created EC2 instance have the following options; create a new efs as a part of the ec2 deployment stack, or mounting an existing EFS. \n\n### 1. Create EFS\n\nOption 1, you have access to the `aws_efs_create` attribute which will create a EFS resource and mount it to the EC2 instance in the application directory at the path: \"app_root/data\".\n\n\u003e :warning: Be very careful here! The **EFS is fully managed by Terraform**. Therefor **it will be destroyed upon stack destruction**.\n\n### 2. Mount EFS\nOption 2, you have access to the `aws_efs_fs_id` attributes, which will mount an existing EFS Volume. If the volume have mount targets already created, set `aws_efs_create_mount_target` to false. \n\nIf you set `aws_efs_create_mount_target` and `aws_efs_create_ha`, mount targets will be created for all of the availability zones of the region. \n\n## Adding external RDS Database\n\nIf `aws_rds_db_enable` is set to `true`, this action will deploy a Postgres RDS database. \nConnection details will be present in the docker .env file. and a secret in AWS Secrets manager will be created.\u003c/br\u003e\n\u003e :warning: Database will be created and destroyed with the action. If you wish to use it in a separated repo, you can use our specific [RDS action](https://github.com/marketplace/actions/deploy-amazon-rds-db-instance) and add the secret as input here. \n\n### Environment variables\nThe following environment variables are added to the `.env` file in your app's `docker-compose.yaml` file.\n\nTo take advantage of these environment variables, be sure your docker-compose file is referencing the `.env` file like this:\n```\nversion: '3.9'\nservices:\n  app:\n    # ...\n    env_file: .env\n    # ...\n```\n\nThe available environment variables are:\n| Variable | Description |\n|----------|-------------|\n| DB_ENGINE | DB Engine name |\n| DB_ENGINE_VERSION | DB Engine version |\n| DB_USER | DB Username |\n| DB_PASSWORD | DB Password |\n| DB_NAME | DB Name (if any created) |\n| DB_PORT | DB Port |\n| DB_HOST | DB Hostname |\n\n### AWS Root Certs\nThe AWS root certificate is downloaded and accessible via the `rds-combined-ca-bundle.pem` file in root of your app repo/directory.\n\n### App example\nExample JavaScript to make a request to the Postgres cluster:\n\n```js\nconst { Client } = require('pg')\n\n// set up client\nconst client = new Client({\n  host: process.env.DB_HOST,\n  port: process.env.DB_PORT,\n  user: process.env.DB_USER,\n  password: process.env.DB_PASSWORD,\n  database: process.env.DB_NAME,\n  ssl: {\n    ca: fs.readFileSync('rds-combined-ca-bundle.pem').toString()\n  }\n});\n\n// connect and query\nclient.connect()\nconst result = await client.query('SELECT NOW()');\nawait client.end();\n\nconsole.log(`Hello SQL timestamp: ${result.rows[0].now}`);\n```\n\n## Made with BitOps\n[BitOps](https://bitops.sh) allows you to define Infrastructure-as-Code for multiple tools in a central place.  This action uses a BitOps [Operations Repository](https://bitops.sh/operations-repo-structure/) to set up the necessary Terraform and Ansible to create infrastructure and deploy to it.\n\n## Contributing\nWe would love for you to contribute to [bitovi/github-actions-deploy-docker-to-ec2](https://github.com/bitovi/github-actions-deploy-docker-to-ec2).\nWould you like to see additional features?  [Create an issue](https://github.com/bitovi/github-actions-deploy-docker-to-ec2/issues/new) or a [Pull Requests](https://github.com/bitovi/github-actions-deploy-docker-to-ec2/pulls). We love discussing solutions!\n\n## License\nThe scripts and documentation in this project are released under the [MIT License](https://github.com/bitovi/github-actions-deploy-docker-to-ec2/blob/main/LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbitovi%2Fgithub-actions-deploy-docker-to-ec2","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbitovi%2Fgithub-actions-deploy-docker-to-ec2","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbitovi%2Fgithub-actions-deploy-docker-to-ec2/lists"}