Provisioning DERN stack application infrastructure with Terraform > Terraform Live Repository > Security Module

Security Module

The security module that you are going to implement has the following folder structure:

security/
│
├── main.tf
│   
├── outputs.tf
│   
├── providers.tf
│   
├── state.tf
│   
├── terraform.tfvars
│   
├── variables.tf
│   
└── versions.tf

You then start building the configuration files required for the security module and triggering the first Terraform Cloud run for the module manually.

1. Do the following instructions to create Terraform configurations for the module.

Fill the following lines of code to security/versions.tf:

terraform {
  required_version = ">= 1.0.0, < 2.0.0"

  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 4.5"
    }
  }
}

Fill the following lines of code to security/state.tf:

terraform {
  cloud {
    organization = "aws-first-cloud-journey"

    workspaces {
      project = "workshop-1"
      name    = "dev-security"
    }
  }
}

Fill the following lines of code to security/variables.tf:

variable "region" {
  description = "The AWS region of the project"
  type        = string
}

variable "environment" {
  description = "The environment to which the project delploys"
  type        = string
  default     = "dev"
}

variable "project_name" {
  description = "The name of the project"
  type        = string
}

Fill the following lines of code to security/terraform.tfvars:

region = "us-east-1"
environment = "dev"
project_name = "workshop-1"

Fill the following lines of code to security/providers.tf:

provider "aws" {
  region = var.region
}

Fill the following lines of code to security/main.tf. Remember to replace <your-github-username> with your GitHub username:

module "security" {
  source = "git::https://github.com/<your-github-username>/workshop-1-tf-modules.git//modules/security?ref=v1.0.0"

  environment  = var.environment
  project_name = var.project_name
}

Fill the following lines of code to security/outputs.tf:

output "gh_oidc_provider_arn" {
  description = "The arn of GitHub openid connect provider"
  value       = module.security.gh_oidc_provider_arn
}

2. Commit and push the module to the GitHub repository.

git add . && \
git commit -m "add security module" && \
git push

3. Navigate to your dev-security Terraform Cloud workspace interface. Click Settings.

0001

4. Scroll down to Remote state sharing section. Select Share with specific workspaces. Click the Select workspaces to share with dropdown, choose dev-app and dev-web. Click Save settings.

0002

5. Back to dev-security Terraform Cloud workspace interface. Click New run.

0003

6. Click Start.

0004

7. Wait until the plan is finished. After that, review the plan.

0005

8. If everything is fine, scroll down to the bottom and click Confirm & apply.

0006

9. Optionally, add a comment Look good to me!. Click Confirm plan, Terraform will run apply and provision AWS resources for you.

0007

10. After Terraform has done the applying process, you may access your AWS account to view the Terraform-provided AWS resources.

0008

11. Go to AWS IAM console.

12. In the left sidebar, click Identity providers to check out your newly created identity provider.

0009