Modules

.github/workflows/tf_cloud_aws.yml

@@ -13,6 +13,7 @@ on:
     branches: [ "main" ]
   pull_request:
     branches: [ "main" ]
+  workflow_dispatch:
 
 env:
   tfcode_path: tfcloud_samples/amazon_ec2
@@ -35,7 +36,7 @@ jobs:
 
     # Add the AWS Creds as ENV variable in TF Cloud workspace, since the tf run happens in TF Cloud environment
 
-    # Call rest of the Terraform commands
+    # Invoke the Terraform commands
     - name: Terraform init and validate
       run: |
         echo `pwd`
@@ -45,18 +46,45 @@ jobs:
         echo "** Running Terraform Validate**"
         terraform validate
       working-directory: ${{ env.tfcode_path }}
-    - name: Terraform plan and apply
+
+    - name: Terraform Plan
       run: |
-        echo `pwd`   
         echo "** Running Terraform Plan**"
+        # terraform plan -out=tfplan
         terraform plan
-
-        echo "** Running Terraform Apply**"
-        terraform apply -auto-approve
       working-directory: ${{ env.tfcode_path }}
+
+    - name: Upload Terraform Plan
+      uses: actions/upload-artifact@v2
+      with:
+        name: terraform-plan
+        path: ${{ env.tfcode_path }}/tfplan
+
+  # Once the user verifies the Terraform Plan, the user can run the Terraform Apply and Destroy commands
+  apply_terraform_plan:
+      needs: aws_tfc_job
+      if: github.event_name == 'workflow_dispatch'
+      runs-on: ubuntu-latest
+      steps:
+      - name: Checkout
+        uses: actions/[email protected]
+      - name: Setup Terraform CLI
+        uses: hashicorp/[email protected]
+        with:
+          cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
+      - name: Download Terraform Plan
+        uses: actions/download-artifact@v2
+        with:
+          name: terraform-plan
+          path: ${{ env.tfcode_path }}
+      - name: Terraform Apply
+        run: |
+          echo "** Running Terraform Apply**"
+          terraform apply -auto-approve tfplan
+        working-directory: ${{ env.tfcode_path }}
 
-    - name: Terraform Destroy
-      run: |
-        echo "** Running Terraform Destroy**"
-        terraform destroy -auto-approve
-      working-directory: ${{ env.tfcode_path }}
+      - name: Terraform Destroy
+        run: |
+          echo "** Running Terraform Destroy**"
+          terraform destroy -auto-approve
+        working-directory: ${{ env.tfcode_path }}

tfcloud_samples/amazon_ec2/TF_README.md

@@ -1,20 +1,30 @@
+## Terraform Cloud Sample
+
+### How this works
+- Terraform cloud runs the `terraform apply` run in Terraform Cloud workspace, since we have declared the terraform cloud as a remote backend in the code.
+- We need to configure Terraform source code path in the `Settings > General` page for the given workspace in Terraform Cloud
+- Change the Terraform Working Directory setting to specify the path of the config, relative to the relevant root directory - in this case: `tfcloud_samples/amazon_ec2`
+- In case of variable override, add the variables into `variables` section in Teraform cloud workspace. Otherwise declare `*.auto.tfvars` file.
+
 <!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14.9 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 3.27 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 3.75.1 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 3.76.1 |
 
 ## Modules
 
-No modules.
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_ec2_instances"></a> [ec2\_instances](#module\_ec2\_instances) | ../modules/aws_two_tier | n/a |
 
 ## Resources
 
@@ -26,11 +36,12 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_instance_count"></a> [instance\_count](#input\_instance\_count) | n/a | `number` | `2` | no |
-| <a name="input_instance_count_needed"></a> [instance\_count\_needed](#input\_instance\_count\_needed) | n/a | `string` | `"true"` | no |
-| <a name="input_region"></a> [region](#input\_region) | n/a | `string` | `"us-west-2"` | no |
+| <a name="input_region"></a> [region](#input\_region) | Variables Block Common values used across the terraform code can be added as variables We can override the values using .tfvars files while running terraform plan/apply | `string` | `"us-west-2"` | no |
 
 ## Outputs
 
-No outputs.
+| Name | Description |
+|------|-------------|
+| <a name="output_instance_id"></a> [instance\_id](#output\_instance\_id) | ID of the EC2 instance(s) |
+| <a name="output_instance_state"></a> [instance\_state](#output\_instance\_state) | State of the EC2 instance(s) |
 <!-- END_TF_DOCS -->

tfcloud_samples/amazon_ec2/main.tf

@@ -53,8 +53,8 @@ resource "aws_instance" "app_server" {
 }
 
 module "ec2_instances" {
-  source = "[email protected]:chefgs/terraform_repo.git"
-  # source = "../../aws_samples/aws_web_tier"
+  # source = "[email protected]:chefgs/terraform_repo.git"
+  source = "../modules/aws_two_tier"
 
   # region = "us-west-2"
 }

tfcloud_samples/modules/aws_two_tier/.gitignore

@@ -0,0 +1,18 @@
+# Local .terraform directories
+**/.terraform/*
+*.terraform*
+*.lock*
+
+# .tfstate files
+#terrafor.tfstate
+*.tfstate*
+
+# Crash log files
+crash.log
+
+# Exclude all .tfvars files, which are likely to contain sentitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+#
+#*.tfvars