{"id":22727930,"url":"https://github.com/pagopa/template-aws-infrastructure","last_synced_at":"2025-04-13T21:43:57.538Z","repository":{"id":38373170,"uuid":"500710634","full_name":"pagopa/template-aws-infrastructure","owner":"pagopa","description":"Template useful to create a AWS terraform project","archived":false,"fork":false,"pushed_at":"2024-11-22T05:43:52.000Z","size":313,"stargazers_count":5,"open_issues_count":2,"forks_count":0,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-03-27T12:08:22.333Z","etag":null,"topics":["aws","infrastructure","template","terraform"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pagopa.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-06-07T06:06:08.000Z","updated_at":"2024-09-14T13:20:07.000Z","dependencies_parsed_at":"2023-01-23T22:02:16.086Z","dependency_job_id":null,"html_url":"https://github.com/pagopa/template-aws-infrastructure","commit_stats":null,"previous_names":[],"tags_count":3,"template":true,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pagopa%2Ftemplate-aws-infrastructure","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pagopa%2Ftemplate-aws-infrastructure/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pagopa%2Ftemplate-aws-infrastructure/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pagopa%2Ftemplate-aws-infrastructure/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pagopa","download_url":"https://codeload.github.com/pagopa/template-aws-infrastructure/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248788868,"owners_count":21161726,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","infrastructure","template","terraform"],"created_at":"2024-12-10T17:14:12.180Z","updated_at":"2025-04-13T21:43:57.515Z","avatar_url":"https://github.com/pagopa.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Project Name\nTemplate useful to create a AWS infrastructures with terraform\n\n\n## Howo to use this template\n\n1. Create your github repository starting form this template.\n2. Configure your **aws cli** and set the [credentials](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html). Also refer the confluence page to work with [AWS SSO](https://pagopa.atlassian.net/wiki/spaces/DEVOPS/pages/466846955/AWS+-+Users+groups+and+roles#SSO-with-GSuite).\n3. The __./src/init__ directory contains the terraform code to setup the S3 backend, the Dynamodb lock table, github openid connection and the iam role to use in the github actions\n4. The __./src/main__ directory cointains the terraform code to setup the core infrastructure.\n5. The __.github/workflows__ directory contains two yaml files to run a terraform plan and apply actions. They need a github environment secret to be created: IAM_ROLE (see below.)\n\n## Requirements\n\nThe following tools are required to setup the project locally. \n\n1. [aws cli](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) installed.\n2. [tfenv](https://github.com/tfutils/tfenv) to mange terraform versions.\n\n## Start building\n\nCreate:\n\n* The s3 bucket to store terraform state\n* The Dynamodb table to manage terraform locks\n* The Github OpenId connection\n\n```bash\n# init uat environment\ncd src/init\n\n./terraform.sh init uat\n\n./terraform.sh apply uat\n\n# create uat environment\n\ncd ../../\ncd src/main\n\n./terraform.sh init uat\n\n./terraform.sh apply uat\n```\n\n## Github actions\n\nIn the repository two github actions are already provided:\n\n* **terraform-plan**: it runs every time new code is pushed in every branch excluded main and master. It runs terraform plan through all the environments in parallel.\n\n* **terraform-apply**: it runs terraform apply in all the environments once a PR is merged with main.\n  * The apply in PROD should require an approval: it depends on the Environment protection rules.\n  * It can also be triggerd manually in all the environment expect main.\n\n\n![](./docs/gitaction-workflow.png)\n\n\n### Configurations\n\n* Create [github environment](https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment) for every environments:**dev**, **uat**, **prod**, and **prod_w**.\n* **prod_w** is like prod but it is meant to be used only in the apply action in production. \n\n![](docs/github-environments.png)\n\n* In each environment create a secret named **IAM_ROLE** and set its value with the **arn** of the role created at the very beginnig (init).\n* Within **prod_w** set two **Environment protection rules** as shown in the screenshot below:\n![](docs/protection-rules-and-secrets.png)\n\n## Releases\n\nNew releases are created every time PR are merged with main. A github action is responsible to create the release and it relires on the title of the PR as described in the [official repository](https://github.com/cycjimmy/semantic-release-action)\n\n\n## Referencees\n\n* [Confluence page](https://pagopa.atlassian.net/wiki/spaces/DEVOPS/pages/467894592/AWS+Setup+new+project)\n* [Terraform](https://terraform.io/)\n* [Github action](https://docs.github.com/en/actions)\n* [Configuring OpenID Connect in Amazon Web Services](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpagopa%2Ftemplate-aws-infrastructure","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpagopa%2Ftemplate-aws-infrastructure","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpagopa%2Ftemplate-aws-infrastructure/lists"}