3ware · chris3ware · Apr 7, 2025 · Apr 4, 2025 · Apr 4, 2025 · Apr 4, 2025
@@ -2,7 +2,7 @@ name: Delete old workflow runs
 on:
   schedule:
     - cron: 0 0 1 * *
-  workflow_call: {}
+  workflow_dispatch: {}
 
 # Disable permissions for all available scopes
 permissions: {}

@@ -3,28 +3,31 @@ name: Infracost
 on:
   pull_request:
     branches: [main]
-    types: [opened, synchronize]
+    types: [opened, reopened, synchronize]
     paths:
-      - "**/*.tf"
-      - "**/*.tfvars"
+      - iac/**/*.tf
+      - iac/**/*.tfvars
+      - iac/**/*.tftpl
+      - iac/**/*.hcl
 
 permissions: {}
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.repository }}
   cancel-in-progress: true
 
+defaults:
+  run:
+    shell: bash
+    working-directory: iac
+
 jobs:
   infracost:
     name: Infracost Pull Request Checks
-    runs-on: ubuntu-latest
-    defaults:
-      run:
-        shell: bash
-        working-directory: ./terraform
     permissions:
       contents: read
       pull-requests: write
+    runs-on: ubuntu-latest
     timeout-minutes: 10
     steps:
       - name: Setup Infracost
@@ -37,6 +40,7 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{ github.event.pull_request.base.ref }}
+          persist-credentials: false
 
       # Generate Infracost JSON file as the baseline.
       - name: Generate Infracost cost estimate baseline

@@ -5,9 +5,10 @@ on:
     types: [closed]
     branches: [main]
     paths:
-      - terraform/**/*.tf
-      - terraform/**/*.tfvars
-      - terraform/**/*.tftpl
+      - iac/**/*.tf
+      - iac/**/*.tfvars
+      - iac/**/*.tftpl
+      - iac/**/*.hcl
 
 # Disable permissions for all available scopes
 permissions: {}

@@ -4,14 +4,11 @@ plugin "terraform" {
   preset = "all"
 }
 
-Enable the AWS plugin if required
 plugin "aws" {
   enabled = true
   version = "0.33.0"
   source  = "github.com/terraform-linters/tflint-ruleset-aws"
 
   # Deep check can be enabled in CI/CD pipelines, where AWS credentials are set
-  # This configuration file should be references using the `--config` flag
-  # Example: https://github.com/3ware/aws-network-speciality/blob/79a2be0813e053f17ed4f802705f7b6f2c350f0d/.github/workflows/terraform-ci.yaml#L114
   deep_check = true
-}
+}
@@ -0,0 +1,43 @@
+terraform {
+  required_version = ">= 1.9, < 2.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.90"
+    }
+  }
+
+  cloud {
+    organization = "3ware"
+    hostname     = "app.terraform.io"
+
+    workspaces {
+      project = var.aws_project
+      name    = "${var.aws_service}-${var.aws_region}-${var.aws_environment}"
+
+    }
+  }
+}
+
+provider "aws" {
+  region = var.aws_region
+
+  default_tags {
+    tags = {
+      "3ware:project-id"           = var.aws_project
+      "3ware:environment"          = var.aws_environment
+      "3ware:service"              = var.aws_service
+      "3ware:managed-by-terraform" = true
+      "3ware:workspace"            = terraform.workspace
+    }
+  }
+}
+
+module "gitops_2024" {
+  source = "../../modules/gitops-2024"
+
+  aws_environment = var.aws_environment
+  instance_type   = "t2.micro"
+  vpc_cidr_block  = "10.0.0.0/16"
+}
@@ -0,0 +1,4 @@
+output "grafana_ip" {
+  description = "The public IP address of the Grafana instance"
+  value       = module.gitops_2024.grafana_ip
+}
@@ -0,0 +1,4 @@
+aws_environment = "development"
+aws_project     = "gitops-2024"
+aws_region      = "eu-west-2"
+aws_service     = "gitops-infra"
@@ -0,0 +1,19 @@
+variable "aws_environment" {
+  description = "(Required) The AWS environment to deploy resources to"
+  type        = string
+}
+
+variable "aws_project" {
+  description = "(Required) The AWS project to deploy resources to"
+  type        = string
+}
+
+variable "aws_region" {
+  description = "(Required) The AWS region to deploy resources to"
+  type        = string
+}
+
+variable "aws_service" {
+  description = "(Required) The AWS service being deployed"
+  type        = string
+}
@@ -4,7 +4,7 @@ resource "aws_vpc" "gitops_vpc" {
   enable_dns_hostnames = true
 
   tags = {
-    Name = "gitops-vpc-${local.environment}"
+    Name = "gitops-vpc-${var.aws_environment}"
   }
 }
 
@@ -16,7 +16,7 @@ resource "aws_internet_gateway" "gitops_igw" {
   vpc_id = aws_vpc.gitops_vpc.id
 
   tags = {
-    Name = "gitops-igw-${local.environment}"
+    Name = "gitops-igw-${var.aws_environment}"
   }
 }
 
@@ -29,17 +29,17 @@ resource "aws_route_table" "gitops_rt" {
   }
 
   tags = {
-    Name = "gitops-rt-${local.environment}"
+    Name = "gitops-rt-${var.aws_environment}"
   }
 }
 
 resource "aws_subnet" "gitops_subnet" {
   vpc_id                  = aws_vpc.gitops_vpc.id
-  cidr_block              = var.subnet_cidr_block
+  cidr_block              = cidrsubnet(var.vpc_cidr_block, 8, 1)
   map_public_ip_on_launch = true
 
   tags = {
-    Name = "gitops-subnet-${local.environment}"
+    Name = "gitops-subnet-${var.aws_environment}"
   }
 }
 
@@ -63,7 +63,7 @@ resource "aws_vpc_security_group_ingress_rule" "grafana_ingress" {
   to_port           = 3000
 
   tags = {
-    Name = "grafana-ingress-sg-rule-${local.environment}"
+    Name = "grafana-ingress-sg-rule-${var.aws_environment}"
   }
 
   lifecycle {
@@ -78,7 +78,7 @@ resource "aws_vpc_security_group_egress_rule" "grafana_egress" {
   ip_protocol       = "-1"
 
   tags = {
-    Name = "grafana-egress-sg-rule-${local.environment}"
+    Name = "grafana-egress-sg-rule-${var.aws_environment}"
   }
 
   lifecycle {
@@ -107,10 +107,10 @@ resource "aws_instance" "grafana_server" {
   instance_type          = var.instance_type
   subnet_id              = aws_subnet.gitops_subnet.id
   vpc_security_group_ids = [aws_security_group.grafana_sg.id]
-  user_data              = file("userdata.tftpl")
+  user_data              = file("${path.module}/userdata.tftpl")
 
   tags = {
-    Name = "grafana-server-${local.environment}"
+    Name = "grafana-server-${var.aws_environment}"
   }
 }
 

@@ -0,0 +1,46 @@
+variable "aws_environment" {
+  description = <<EOT
+    (Required) The AWS environment to deploy resources to.
+    Valid values are: development, testing, staging, production.
+    EOT
+  type        = string
+  nullable    = false
+  validation {
+    condition = contains(["development", "testing", "staging", "production"], var.aws_environment)
+    error_message = format(
+      "Invalid environment provided. Received: '%s', Require: '%v'.\n%s",
+      var.aws_environment,
+      join(", ", ["development", "testing", "staging", "production"]),
+      "Change the environment variable value to one that is permitted."
+    )
+  }
+}
+
+variable "instance_type" {
+  description = "(Required) Instance type to use. Should be within the free tier"
+  type        = string
+
+  validation {
+    condition = contains(["t2.micro"], var.instance_type)
+    error_message = format(
+      "Invalid instance type provided. Received: '%s', Require: '%v'.\n%s",
+      var.instance_type,
+      join(", ", ["t2.micro"]),
+      "Change the instance type variable to one that is permitted."
+    )
+  }
+}
+
+variable "vpc_cidr_block" {
+  description = "(Required) A valid CIDR block to assign to the VPC"
+  type        = string
+
+  validation {
+    condition = can(cidrhost(var.vpc_cidr_block, 0))
+    error_message = format(
+      "Invalid CIDR block provided. Received: '%s'\n%s",
+      var.vpc_cidr_block,
+      "Check the syntax of the CIDR block is valid."
+    )
+  }
+}
@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">=1.9, <2.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.69, < 6.0"
+    }
+  }
+}