Adding files required to run terraform and action (#1)

Adding initial structure and files to run terraform for the backend

Author: marcelovbcfilho

.github/workflows/main.yml

@@ -0,0 +1,15 @@
+name: Terraform Apply
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  terraform_apply:
+    name: Terraform Apply
+    uses: soat-tech-challenge/github-workflows/.github/workflows/terraform-apply.yml@main
+    secrets: inherit
+    with:
+      cloud_workspace: database-staging

.github/workflows/pull-request.yml

@@ -0,0 +1,30 @@
+name: Pull Request
+
+on:
+  pull_request:
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  tflint:
+    name: TFLint
+    uses: soat-tech-challenge/github-workflows/.github/workflows/tflint.yml@main
+
+  tfsec:
+    uses: soat-tech-challenge/github-workflows/.github/workflows/tfsec.yml@main
+
+    permissions:
+      contents: read
+      pull-requests: write
+
+  terraform-plan:
+    name: Terraform Plan
+    uses: soat-tech-challenge/github-workflows/.github/workflows/terraform-plan.yml@main
+    secrets: inherit
+    with:
+      cloud_workspace: computing-staging
+
+    permissions:
+      contents: read
+      pull-requests: write

.github/workflows/terraform-destroy.yml

@@ -0,0 +1,9 @@
+name: Terraform Destroy
+
+on:
+  workflow_dispatch:
+
+jobs:
+  terraform_destroy:
+    uses: soat-tech-challenge/github-workflows/.github/workflows/terraform-destroy.yml@main
+    secrets: inherit

.gitignore

@@ -32,3 +32,80 @@ override.tf.json
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
+# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
+
+# User-specific stuff
+.idea/**/workspace.xml
+.idea/**/tasks.xml
+.idea/**/usage.statistics.xml
+.idea/**/dictionaries
+.idea/**/shelf
+
+# AWS User-specific
+.idea/**/aws.xml
+
+# Generated files
+.idea/**/contentModel.xml
+
+# Sensitive or high-churn files
+.idea/**/dataSources/
+.idea/**/dataSources.ids
+.idea/**/dataSources.local.xml
+.idea/**/sqlDataSources.xml
+.idea/**/dynamic.xml
+.idea/**/uiDesigner.xml
+.idea/**/dbnavigator.xml
+
+# Gradle
+.idea/**/gradle.xml
+.idea/**/libraries
+
+# Gradle and Maven with auto-import
+# When using Gradle or Maven with auto-import, you should exclude module files,
+# since they will be recreated, and may cause churn.  Uncomment if using
+# auto-import.
+# .idea/artifacts
+# .idea/compiler.xml
+# .idea/jarRepositories.xml
+# .idea/modules.xml
+# .idea/*.iml
+# .idea/modules
+# *.iml
+# *.ipr
+
+# CMake
+cmake-build-*/
+
+# Mongo Explorer plugin
+.idea/**/mongoSettings.xml
+
+# File-based project format
+*.iws
+
+# IntelliJ
+out/
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Cursive Clojure plugin
+.idea/replstate.xml
+
+# SonarLint plugin
+.idea/sonarlint/
+
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+
+# Editor-based Rest Client
+.idea/httpRequests
+
+# Android studio 3.1+ serialized cache file
+.idea/caches/build_file_checksums.ser

.idea/.gitignore

@@ -0,0 +1,18 @@
+data "aws_subnets" "private_subnets" {
+  filter {
+    name   = "tag:Name"
+    values = ["soat-tech-challenge-subnet-public*"]
+  }
+}
+
+data "aws_security_group" "sg_default" {
+  name = "default"
+}
+
+data "aws_alb_target_group" "tg_alb" {
+  name = "soat-alb-target-group"
+}
+
+data "aws_db_instance" "db_instance" {
+  db_instance_identifier = "soat-tc-rds-db"
+}

.idea/vcs.xml

@@ -0,0 +1,87 @@
+resource "aws_ecs_cluster" "this" {
+  name = "soat-tech-challenge-ecs-cluster"
+}
+
+resource "aws_ecs_task_definition" "this" {
+  family                   = "soat-ecs-cluster-task"
+  network_mode             = "awsvpc"
+  task_role_arn            = "arn:aws:iam::381717072124:role/ecsTaskExecutionRole"
+  execution_role_arn       = "arn:aws:iam::381717072124:role/ecsTaskExecutionRole"
+  cpu                      = 256
+  memory                   = 512
+  requires_compatibilities = ["FARGATE"]
+  container_definitions    = jsonencode(
+    [
+      {
+        name : "soat-ecs-cluster-task",
+        image : "registry.hub.docker.com/g0tn/soat-tech-challenge-backend",
+        cpu : 256,
+        memory : 512,
+        essential : true,
+        portMappings : [
+          {
+            containerPort : 8080,
+            hostPort : 8080
+          }
+        ],
+        environment : [
+          {
+            name : "DB_USERNAME",
+            value : var.ecs_container_db_username
+          },
+          {
+            name : "DB_PASSWORD",
+            value : var.ecs_container_db_password
+          },
+          {
+            name : "DB_NAME",
+            value : var.ecs_container_db_name
+          },
+          {
+            name : "DB_HOST",
+            value : data.aws_db_instance.db_instance.endpoint
+          },
+          {
+            name : "JWT_PUBLIC_KEY",
+            value : var.ecs_container_jwt_public_key
+          }
+        ]
+        logConfiguration : {
+          logDriver : "awslogs",
+          options : {
+            awslogs-create-group : "true",
+            awslogs-group : "awslogs-backend",
+            awslogs-region : "us-east-2",
+            awslogs-stream-prefix : "awslogs-backend"
+          }
+        },
+      }
+    ])
+
+  runtime_platform {
+    cpu_architecture        = "X86_64"
+    operating_system_family = "LINUX"
+  }
+}
+
+resource "aws_ecs_service" "this" {
+  name                 = "soat-ecs-service"
+  cluster              = aws_ecs_cluster.this.id
+  task_definition      = aws_ecs_task_definition.this.arn
+  desired_count        = 1
+  launch_type          = "FARGATE"
+  scheduling_strategy  = "REPLICA"
+  force_new_deployment = true
+
+  network_configuration {
+    assign_public_ip = true
+    subnets          = data.aws_subnets.private_subnets.ids
+    security_groups  = [data.aws_security_group.sg_default.id]
+  }
+
+  load_balancer {
+    container_name   = "soat-ecs-cluster-task"
+    container_port   = var.port
+    target_group_arn = data.aws_alb_target_group.tg_alb.arn
+  }
+}

.terraform.lock.hcl

@@ -0,0 +1,11 @@
+output "ecs_cluster_name" {
+  value = aws_ecs_cluster.this.name
+}
+
+output "ecs_service_name" {
+  value = aws_ecs_service.this.name
+}
+
+output "ecs_task_definition_arn" {
+  value = aws_ecs_task_definition.this.arn
+}

datasources.tf

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="WEB_MODULE" version="4">
+  <component name="NewModuleRootManager" inherit-compiler-output="true">
+    <exclude-output />
+    <content url="file://$MODULE_DIR$" />
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>

main.tf

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="WEB_MODULE" version="4">
+  <component name="NewModuleRootManager" inherit-compiler-output="true">
+    <exclude-output />
+    <content url="file://$MODULE_DIR$" />
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>

outputs.tf

@@ -0,0 +1,8 @@
+aws_access_key = ""
+aws_secret_key = ""
+
+subnet_a_id = ""
+subnet_b_id = ""
+
+vpc_id = ""
+port = 0

soat-tech-challenge-infra-ecs.iml

@@ -0,0 +1,40 @@
+variable "aws_region" {
+  description = "Região AWS onde criar a instância RDS"
+  type        = string
+  default     = "us-east-2"
+}
+
+variable "port" {
+  description = "Port"
+  type        = string
+}
+
+variable "ecs_container_db_username" {
+  default = "postgres"
+  type    = string
+}
+
+variable "ecs_container_db_password" {
+  default = "postgres"
+  type    = string
+}
+
+variable "ecs_container_db_name" {
+  default = "backend"
+  type    = string
+}
+
+variable "ecs_container_jwt_public_key" {
+  default = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqStd8n4SGNM0eZhV/hzU+urHA5/IMZPoP9YQ9ZcLKWiX33nI6bSuZMCrLZcJExf63xS+uxDpGxM8Mnk2zOdl+lPwANXLzP1us5P1PyA3YPycW9J7C5YTQW0GiEL3M93ZX7vMJiVoBYblP3JPlYnoYlBORuc0JPk33KtfEZP+78qXpPHM8imYrJLe8ceiDLLFDU/nh5KC2dWAy3ci1ahoJ1Q9ELhp3IZLvOTX57H/T2VKOYOya5+ST41h+JjzI+qGTVnLcKaW+k25YLlVnkSspvdx98+yQDi7kbOTS6yRZHUPD6wPk/nUozpD0nZKccoH4W+zMwmQVtsAA6JCA9gfGwIDAQAB"
+  type    = string
+}
+
+variable "aws_access_key" {
+  description = "AWS Access Key"
+  type        = string
+}
+
+variable "aws_secret_key" {
+  description = "AWS Secret Key"
+  type        = string
+}

terraform-aws-ecs.iml

@@ -0,0 +1,24 @@
+terraform {
+  required_version = ">= 0.12.26"
+  cloud {
+    organization = "soat-tech-challenge"
+
+    workspaces {
+      name = "computing-staging"
+    }
+  }
+
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "4.67.0"
+    }
+  }
+}
+
+provider "aws" {
+  region     = var.aws_region
+  access_key = var.aws_access_key
+  secret_key = var.aws_secret_key
+}