{"id":19421722,"url":"https://github.com/braheezy/home-inventory-py-env","last_synced_at":"2026-03-01T02:32:00.768Z","repository":{"id":112495610,"uuid":"437408542","full_name":"braheezy/home-inventory-py-env","owner":"braheezy","description":"Terraform files to deploy Home Inventory","archived":false,"fork":false,"pushed_at":"2022-03-05T17:33:47.000Z","size":10,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-02-25T04:23:25.617Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/braheezy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-12-11T23:12:45.000Z","updated_at":"2023-05-28T18:59:11.000Z","dependencies_parsed_at":"2023-05-15T09:00:16.677Z","dependency_job_id":null,"html_url":"https://github.com/braheezy/home-inventory-py-env","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/braheezy/home-inventory-py-env","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/braheezy%2Fhome-inventory-py-env","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/braheezy%2Fhome-inventory-py-env/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/braheezy%2Fhome-inventory-py-env/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/braheezy%2Fhome-inventory-py-env/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/braheezy","download_url":"https://codeload.github.com/braheezy/home-inventory-py-env/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/braheezy%2Fhome-inventory-py-env/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29959051,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-01T01:47:18.291Z","status":"online","status_checked_at":"2026-03-01T02:00:07.437Z","response_time":124,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-10T13:29:39.259Z","updated_at":"2026-03-01T02:32:00.736Z","avatar_url":"https://github.com/braheezy.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Purpose\nAt the press of a \"button\", the AWS resources to host `HomeInventoryPy` are created. \n\nSource projects:\n- [Backend](https://github.com/mbraha/home-inventory-py-backend)\n- [Frontend](https://github.com/mbraha/home-inventory-py-frontend)\n\n# Setup\nAll of the following variables are required. Set them in `terraform.tfvars`. Defaults can be found there.\n\n| Variable                                  | Description |\n| ----------------------------------------- | ----------------------------------------- |\n| `mongo_cluster_name`                      | The desired name of the created MongoDB Atlas cluster. |\n| `mongo_project_name`                      | The desired name of the created MongoDB Atlas project. |\n| `mongo_cluster_region`                    | The region to deploy the MongoDB Atlas resource. See this important [note](#id-1). |\n| `aws_region`                              | The AWS region to deploy resources to. See this important [note](#id-2). |\n| `aws_iam_role_name`                       | The name of the IAM role that will be created to manage access to all resources. |\n| `aws_s3_bucket_name`                      | The name of S3 bucket to store build artifacts. |\n| `aws_codebuild_project_name`              | The name of the CodeBuild project. |\n| `aws_elastic_beanstalk_application_name`  | The name of the Elastic Beanstalk application. |\n| `aws_codestarconnections_connection_name` | The name of the CodeStar Connection. |\n| `aws_codepipeline_name`                   | The name of the CodePipeline project. |\n| `aws_codepipeline_source_repo`            | The name of the repository that should be used for the CodePipeline project. |\n| `aws_amplify_app_name`                    | The name of the AWS Amplify application. |\n| `aws_amplify_repo_url`                    | The URL to the GitHub repository that should be used for the AWS Amplify project. |\n\nThe following are sensitive variables. Copy `secrets-template.sh` to `secrets.sh` and set the values.\n\n| Variable                              | Description |\n| ------------------------------------- | ------------------------------------- |\n| `AWS_ACCESS_KEY_ID`                   | The Access Key for an AWS account with Admin privileges. |\n| `AWS_SECRET_ACCESS_KEY`               | The Secret Key for an AWS account with Admin privileges. |\n| `MONGODB_ATLAS_PUBLIC_KEY`            | The MongoDB Atlas public key for API access. |\n| `MONGODB_ATLAS_PRIVATE_KEY`           | The MongoDB Atlas private key for API access. |\n| `TF_VAR_mongo_organization_id`        | The ID of the MongoDB Atlas organization. |\n| `TF_VAR_mongo_db_username`            | The desired name of the user that will be created to interact with the MongoDB Atlas database. |\n| `TF_VAR_github_personal_access_token` | Lorem_ipsum |\n| `TF_VAR_jwt_secret_key`               | Lorem_ipsum |\n| `TF_VAR_mongo_db_password`            | The desired password of the user that will be created to interact with the MongoDB Atlas database. |\n\n## MongoDB Atlas\nThe application requires a MongoDB connection to work. To keep things extra cloudy, here's a guide to using the free\noffering from [MongoDB Atlas](https://www.mongodb.com/atlas/database).\n1. Create a new account.\n2. Obtain Organization ID from Organization Settings.\n    - Set `mongo_organization_id` to this value.\n3. Generate API Key:\n    - Set `MONGODB_ATLAS_PUBLIC_KEY` to public key.\n    - Set `MONGODB_ATLAS_PRIVATE_KEY` to private key.\n4. Define a database user to manage the resources. Set `TF_VAR_mongo_db_password` and `TF_VAR_mongo_db_password` to whatever you want.\n\n### Picking a region {#id-1}\nIf you want everything to be free, use the M0 shared cluster as covered here:\n\nhttps://docs.atlas.mongodb.com/reference/amazon-aws/\n\n## AWS\nFirst, you'll want to create a new IAM account with proper permissions and get the Access Key and Secert Key they present you on user creation. For example, I made a `terraform` user with full Admin privilges just for this. Set `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` accordingly.\n\n### Picking a region {#id-2}\nSet `aws_region` to your desired region. It needs to support all the resources we're going to deploy.\n\nMost importantly, the self-signed SSL certificate we generate is tied to region. Update the Common Name (CN) in `ssl/ssl.conf` appropriately if you change the region from `us-west-1`.\n\n## GitHub\nThis project assumes source code resides in public GitHub repos. Follow their [guide](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token_ ) to create yourself a personal access token. Set `TF_VAR_github_personal_access_token` to this value.\n\n## JWT\nThe Flask backend for `HomeInventoryPy` uses `flask-jwt-extended` for secure authentication and requires a key for encryption. Set `TF_VAR_jwt_secret_key` per the recommendations given by [flask-jwt-extended docs](https://flask-jwt-extended.readthedocs.io/). \n\n\n# Usage\nGenerate the SSL files:\n\n    pushd ssl\n    ./generate_cert.sh\n    popd\n\nPut your secrets in your shell environment:\n\n    . secrets.sh\n\nTest you did everything correctly. Fix any errors until you're happy with the report:\n\n    terraform plan\n\nDo it and wait the :\n\n    terraform apply\n\nGo to the created `CodePipeline` project in AWS and confirm the CodeStarConnection in the CodePipeline service. Under Source, keep editing until you get to Update Pending Connection. Follow the prompts.\n\nGo to the created `AWS Amplify` application and navigate to the HomeInventoryPy webpage. Open the browser's console (Right Click, Inspect, Console tab). Follow the instructions of the first note about accepting security risk. See [note](id-3) below for why.\n\nWhen done:\n\n    terraform destroy\n\n# Architecture\n`home-inventory-py-backend` is a Flask application hosting a REST API requiring a MongoDB database to persist data. Thus, `MongoDB Atlas` free database is created and connected to the backend.\nA `CodeBuild` project is used to connect the GitHub repo for `home-inventory-py-backend` to AWS. It runs the simple \"build\" process for the backend: creating a zip of the project. That's because where it's deployed, `Elastic Beanstalk`, likes to take in zip files as input.\nTo connect the `CodeBuild` build process to the final `Elastic Beanstalk` deployment, a `CodePipeline` project is created and ties these together.\n`home-inventory-py-frontend`, the React frontend that was written to interact with the backend, lives in another GitHub repo. `AWS Amplify` is used to handle everything about bringing that code to AWS and deploying it.\n\n## CodeStar Connection\nBy AWS design, this connection is created in the Pending state and must be manually accepted. Oh well...\n\n## SSL {#id-3}\nThe `ssl` folder contains stuff to generate a self-signed SSL certificate. This is BAD practice in almost every scenarion, except the prototype proof-of-concept that this project is. But I refuse to pay money for a real certificate.\n\n`AWS Amplify` only deploys to HTTPS websites, so there were cert errors trying to connect to the HTTP-hosted backed. `Elastic Beanstalk` can do both HTTP and HTTPS, so I set up HTTPS to terminate at the [load balancer](https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https.html).\n\nHowever, the cert used is self-signed. Browsers will warn users and not let them in unless they manually accept the risk. That's okay for a prototype project, but it's the backend that needs the acceptance which the user never sees normally. So I updated my frontend project to print the backend URL in the console. User clicks, accepts the risks, reloads the Amplify webpage, and everything works forever!!","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbraheezy%2Fhome-inventory-py-env","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbraheezy%2Fhome-inventory-py-env","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbraheezy%2Fhome-inventory-py-env/lists"}