Merge pull request #33 from enricogoerlitz/main

project finished
enricogoerlitz · Jun 15, 2024 · e950e1a · e950e1a
2 parents f0287a0 + bfae37b
commit e950e1a
Show file tree

Hide file tree

Showing 11 changed files with 85 additions and 99 deletions.
diff --git a/.github/workflows/cd-backend.yml b/.github/workflows/cd-backend.yml
@@ -15,7 +15,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     - name: Set up Python
       uses: actions/setup-python@v2

diff --git a/.github/workflows/ci-backend-dev.yml b/.github/workflows/ci-backend-dev.yml
@@ -10,7 +10,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     - name: Set up Python
       uses: actions/setup-python@v2

diff --git a/.github/workflows/ci-backend.yml b/.github/workflows/ci-backend.yml
@@ -12,7 +12,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     - name: Set up Python
       uses: actions/setup-python@v2

diff --git a/README.md b/README.md
@@ -1,63 +1,106 @@
-# Hosting Backend Application on EC2 Instances with Auto-Scaling and Load Balancer
+# Basic Project 2 - Hosting Backend Application on EC2 Instances with Auto-Scaling
 
 [![CI-Backend](https://github.com/enricogoerlitz/aws-bp-2-hosting-backend-on-ec2-asg-alb/actions/workflows/ci-backend.yml/badge.svg)](https://github.com/enricogoerlitz/aws-bp-2-hosting-backend-on-ec2-asg-alb/actions/workflows/ci-backend.yml)
 [![CD-Backend](https://github.com/enricogoerlitz/aws-bp-2-hosting-backend-on-ec2-asg-alb/actions/workflows/cd-backend.yml/badge.svg)](https://github.com/enricogoerlitz/aws-bp-2-hosting-backend-on-ec2-asg-alb/actions/workflows/cd-backend.yml)
 [![Deploy Infrastructure](https://github.com/enricogoerlitz/aws-bp-2-hosting-backend-on-ec2-asg-alb/actions/workflows/cd-terraform.yml/badge.svg)](https://github.com/enricogoerlitz/aws-bp-2-hosting-backend-on-ec2-asg-alb/actions/workflows/cd-terraform.yml)
 [![Destroy Infrastructure](https://github.com/enricogoerlitz/aws-bp-2-hosting-backend-on-ec2-asg-alb/actions/workflows/cd-terraform-destroy.yml/badge.svg)](https://github.com/enricogoerlitz/aws-bp-2-hosting-backend-on-ec2-asg-alb/actions/workflows/cd-terraform-destroy.yml)
 
-# Init Backend
+<br>
 
+# Architecture
+
+## Description
+
+This project involves hosting a backend application on Amazon EC2 instances with auto-scaling capabilities and accessibility with HTTPS. The setup includes using Docker to containerize the application, Terraform for infrastructure as code, and GitHub Actions for CI/CD pipelines. The architecture leverages the following AWS services:
+
+- **EC2 Instances:** Virtual servers to run the backend application.
+- **Auto Scaling Group (ASG):** Automatically adjusts the number of EC2 instances based on the application's load to ensure high availability and reliability.
+- **Application Load Balancer (ALB):** Distributes incoming traffic across multiple EC2 instances to balance the load and enhance fault tolerance.
+- **Route 53:** Manages domain name system (DNS) settings to route end-user requests to the appropriate resources.
+- **Certificate Manager:** Provides SSL/TLS certificates to enable secure HTTPS connections to the application.
+- **EC2 Launch Template:** Defines the configuration for EC2 instances, including a custom user script to start the Docker container using Docker Compose.
+- **S3:** Used for storing Terraform state files securely.
+- **IAM:** Manages access and permissions for AWS services and resources, including OpenID Connect (OIDC) for GitHub Actions.
+
+<br>
+
+![Architecture Diagram](architecture.png)
+
+<br>
+
+# Workingtasks
+
+## 1. Setup basic flask app
+
+**Commands**
 ```bash
-python -m venv venv
-python -m unittest ./tests/test_app.py
+$ python -m venv venv
+$ python -m unittest ./tests/test_app.py
 ```
 
+## 2. Setup docker
+
+**Commands**
 ```bash
-$ docker build -t enricogoerlitz/bp2-backend -f ./docker/Dockerfile .
-$ docker build --platform linux/amd64/v2 -t enricogoerlitz/bp2-backend-amd64v2 -f ./docker/Dockerfile .
+$ cd docker/dev
+$ docker-compose up -d
 
-$ docker push enricogoerlitz/bp2-backend:latest
+$ docker build --platform linux/amd64/v2 -t enricogoerlitz/bp2-backend-amd64v2 -f ./docker/Dockerfile .
 $ docker push enricogoerlitz/bp2-backend-amd64v2:latest
 ```
 
-https://www.youtube.com/watch?v=GowFk_5Rx_I&ab_channel=CloudScalr
+## 3. Configure Project in Console
+
+## 4. Setup Code CI/CD
+
+### Pipeline
+
+**push on dev:**
 
-deploy terraform on S3 and manage this in S3
+- run unittests
 
-## Doku OpenIDConnect
+<br>
 
-aws > IAM > Identity Provider > new Identity Provider
+**pull request on main**
+
+- run unittests
+- if unittests green -> build and deploy docker image on hub.docker.com
+
+## 5. Create IaC Scripts
+
+## 6. Setup IaC Deployment Pipeline with Terraform and S3
+
+[Reference Link](https://www.youtube.com/watch?v=GowFk_5Rx_I&ab_channel=CloudScalr)
+
+### Pipeline
+
+**pull request on main**
+
+- deploy infrastructure with terraform
+
+<br>
+
+**pull request on destroy-infra**
+
+- destroy infrastructure with terraform
+
+<br>
+
+### AWS Auth Configuration (OpenID Connect)
+
+1. aws > IAM > Identity Provider > new Identity Provider
     - url=https://token.actions.githubusercontent.com
     - audience=sts.amazonaws.com
 
-enricogoerlitz/aws-bp-2-hosting-backend-on-ec2-asg-alb
 
-aws > s3 > create bucket
+2. aws > s3 > create bucket
     - name
     - enable enrcyption
 
-aws > IAM > roles > create role > custom trusted policy
-policy:
-{
-    "Version": "2008-10-17",
-    "Statement": [
-        {
-            "Effect": "Allow",
-            "Principal": {
-                "Federated": "arn:aws:iam::YOUR_ACCOUNT_NUMBER:oidc-provider/token.actions.githubusercontent.com"
-            },
-            "Action": "sts:AssumeRoleWithWebIdentity",
-            "Condition": {
-                "StringLike": {
-                    "token.actions.githubusercontent.com:sub": "repo:YOUR_GITHUB_USERNAME/YOUR_REPO_NAME:*"
-                }
-            }
-        }
-    ]
-}
-
-GitHub Secrets:
-- AWS_BUCKET_NAME=bp2-terraform-deployment-state
-- AWS_BUCKET_KEY_NAME=infra.tfstate
-- AWS_REGION=eu-central-1
-- AWS_ROLE=arn:aws:iam::533267024986:role/github-oicd-bp2-terraform-deployment-role
+3. aws > IAM > roles > create role > custom trusted policy
+
+4. GitHub Secrets:
+    - AWS_BUCKET_NAME=bp2-terraform-deployment-state
+    - AWS_BUCKET_KEY_NAME=infra.tfstate
+    - AWS_REGION=eu-central-1
+    - AWS_ROLE=arn:aws:iam::533267024986:role/github-oicd-bp2-terraform-deployment-role
diff --git a/app/__init__.py b/app/__init__.py
diff --git a/app/__pycache__/__init__.cpython-311.pyc b/app/__pycache__/__init__.cpython-311.pyc
diff --git a/app/__pycache__/app.cpython-311.pyc b/app/__pycache__/app.cpython-311.pyc
diff --git a/architecture.png b/architecture.png
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -4,7 +4,6 @@ WORKDIR /app
 
 COPY /app/requirements.txt /app/requirements.txt
 COPY /app/app.py /app/app.py
-COPY /docker /docker
 
 RUN pip install --no-cache-dir -r requirements.txt
 

diff --git a/terraform/config/iam-role-trusted-entity.json b/terraform/config/iam-role-trusted-entity.json
@@ -9,7 +9,7 @@
             "Action": "sts:AssumeRoleWithWebIdentity",
             "Condition": {
                 "StringLike": {
-                    "token.actions.githubusercontent.com:sub": "repo:enricogoerlitz/aws-bp-2-hosting-backend-on-ec2-asg-alb:ref:refs/heads/main"
+                    "token.actions.githubusercontent.com:sub": "repo:enricogoerlitz/aws-bp-2-hosting-backend-on-ec2-asg-alb:*"
                 }
             }
         }

diff --git a/terraform/config/main.desc.txt b/terraform/config/main.desc.txt