Skip to content

Tf ec2 ssh elastic ip setup#15

Closed
ongeziwe17 wants to merge 94 commits into
mainfrom
tf-ec2-ssh-elastic-ip-setup
Closed

Tf ec2 ssh elastic ip setup#15
ongeziwe17 wants to merge 94 commits into
mainfrom
tf-ec2-ssh-elastic-ip-setup

Conversation

@ongeziwe17

@ongeziwe17 ongeziwe17 commented Dec 2, 2025

Copy link
Copy Markdown
Owner

No description provided.

@OngeziweM5
CI OIDC Test and README for the REPO
bb03c7e
@OngeziweM5
Merge pull request #1 from OngeziweM5/oidc-gh-aws-test
c30f22f 
CI OIDC Test and README for the REPO
@OngeziweM5
Bootstrap Terraform backend (S3 + DynamoDB lock)
1055245
@OngeziweM5
Merge pull request #2 from OngeziweM5/tf-bootstrap
4e0b03c 
Bootstrap Terraform backend (S3 + DynamoDB lock)
@OngeziweM5
feat(dev-setup): add Terraform setup for development environment with…
26fd090 
… remote backend
@OngeziweM5
Merge pull request #3 from OngeziweM5/tf-dev-initial-setup
9ca9241 
feat(dev-setup): add Terraform setup for development environment with remote backend
@OngeziweM5
feat(ci-setup) Terraform validation and plan preview workflow"
ca44b31
@OngeziweM5
style(terraform): format terraform files to pass ci fmt check
a9dd4b9
@OngeziweM5
Configure AWS credentials in Terraform workflow
061ebbf 
Added AWS credentials configuration step for Terraform validation.
@OngeziweM5
Update permissions in terraform-validate workflow
28c3e2a 
Add permissions for id-token and contents in workflow
@OngeziweM5
Add pull-requests permission(write) to workflow
08137d3
@OngeziweM5
Merge pull request #4 from OngeziweM5/tf-validation-ci
afc66d7 
feat(ci-setup) Terraform validation and plan preview workflow"
@OngeziweM5
Configure Terraform environment directory based on branch
a081b0e 
Added environment directory setup for Terraform based on branch name.
@OngeziweM5
Merge pull request #5 from OngeziweM5/tf-ci-environment-plan
b1fa61d 
Configure Terraform environment directory based on branch
@OngeziweM5
Updated the tf deploy workflow
fca54dd
@OngeziweM5
Merge pull request #6 from OngeziweM5/tf-ci-environment-plan
5716098 
Updated the tf deploy workflow
@OngeziweM5
feat(tf-networks-ec2-dev): update development environment configurati…
29e5ec7 
…on and add new modules
@OngeziweM5
terraform fmt on modules
aeb0393
@OngeziweM5
Enable DEBUG logging for Terraform Plan
51a6137 
Add TF_LOG environment variable for debugging in Terraform Plan step.
@OngeziweM5
updated the terraform-plan job and backend.hcl
b368fa3
@OngeziweM5
updated the terraform-setup version to use default (latest)
2be6207
@OngeziweM5
Added tf vars for tf plan
ae2d993
@OngeziweM5
Updated the ec2 module aws ami for cpt
056300d
@OngeziweM5
Add environment variables for Terraform Plan
700548a
@OngeziweM5
Refactor secret access to use format function
dfdaba0
@OngeziweM5
Refactor Terraform secrets handling for environments
7fe66f6
@OngeziweM5
Refactor Terraform workflow and add apply step
45c98e5 
Updated branch formatting and added Terraform apply step.
@OngeziweM5
Remove Terraform version specification in workflow
aa2f75a 
Removed specific Terraform version setup in workflow.
@OngeziweM5
Merge pull request #7 from OngeziweM5/tf-network-ec2-setup
558e219 
feat(tf-networks-ec2-dev): update development environment configuration and add new modules
@OngeziweM5
feat(tf-ec2-setup) Adding ssh to ec2 and Elastic IP
1e73cbf
@ongeziwe17
Update deploy infra workflow to use matching state from aws
40dd144
@ongeziwe17
Update deploy infra workflow env vars for s3 bucket name and path
57106b9
@ongeziwe17
Update deploy infra workflow env tf-vars for s3 bucket name and path
b748906
@ongeziwe17
Update deploy infra workflow env backend config vars for s3 bucket na…
f65dcf9 
…me and path
@ongeziwe17
Updated Import Pre-existing AWS Resources Step
b3e009b
@ongeziwe17
Updated Import Pre-existing AWS Resources Step v2
22af1bd
@ongeziwe17
Update script to install git
8c283db
@ongeziwe17
Deploy workflow condition to run import when needed
7f02730
@ongeziwe17
Add infrastructure for frontend
be62d01
@ongeziwe17
Fix Duplicate output definition for backend and frontend
c262dca
@ongeziwe17
Fix Duplicate output definition for backend and frontend
8e4119e
@ongeziwe17
Fix Invalid function argument in the compute-ec2 module pointing to u…
5219ed7 
…ser-data.sh script
@ongeziwe17
Reference ws_ssm_parameter resources as a list
fd5270f
@ongeziwe17
Commented out declared vars but unused
b64753c
@ongeziwe17
sa_password, redis_password, and admin_key not used for frontend
a1a250e
@ongeziwe17
backend provider random id and allowed_ssh_cidrs on network
dcd482d
@ongeziwe17
Add header for each dev backend and frontend for tf plan and work dir…
852adf2 
… in force unlock
@ongeziwe17
Update all env_dir and S3 key paths to use development
0d26df1
@ongeziwe17
Fix ssh key re-create same key issue for 2 envs, instead re-use
b7b9caa
@ongeziwe17
Each environment (development, staging, production) runs only when it…
90664d4 
…s matching branch is pushed
@ongeziwe17
Terraform fmt modules\compute-ec2\main.tf
2c2948f
@ongeziwe17
Use count directly on the EC2 resource
1f96af2
@ongeziwe17
Use count directly on the EC2 resource
6879ad9
@ongeziwe17
add 8081 to Terraform security group for cms
1f3e204
@ongeziwe17
add 8081 to Terraform security group for cms V2
e3574ec
@ongeziwe17
add 8081 to Terraform security group for cms V3
8111e52
@ongeziwe17
Updated the backend.hcl to include the lock file
ec02316
@ongeziwe17 ongeziwe17 closed this Dec 2, 2025
@github-actions

github-actions Bot commented Dec 2, 2025

Copy link
Copy Markdown

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
~ update in-place
-/+ destroy and then create replacement

Terraform will perform the following actions:

aws_eip.dev_app will be updated in-place

~ resource "aws_eip" "dev_app" {
id = "eipalloc-035b37623f8b4e34b"
~ instance = "i-062a7e74902482aa7" -> (known after apply)
tags = {
"Name" = "ff-dev-eip"
}
# (17 unchanged attributes hidden)
}

module.compute.aws_instance.app_server must be replaced

-/+ resource "aws_instance" "app_server" {
~ ami = "ami-0e6bc8e2e1bbfafb0" -> "ami-0579b26bfd446908d" # forces replacement
~ arn = "arn:aws:ec2:af-south-1:988963493215:instance/i-062a7e74902482aa7" -> (known after apply)
~ availability_zone = "af-south-1a" -> (known after apply)
~ cpu_core_count = 1 -> (known after apply)
~ cpu_threads_per_core = 2 -> (known after apply)
~ disable_api_stop = false -> (known after apply)
~ disable_api_termination = false -> (known after apply)
~ ebs_optimized = false -> (known after apply)
+ enable_primary_ipv6 = (known after apply)
- hibernation = false -> null
+ host_id = (known after apply)
+ host_resource_group_arn = (known after apply)
~ id = "i-062a7e74902482aa7" -> (known after apply)
~ instance_initiated_shutdown_behavior = "stop" -> (known after apply)
+ instance_lifecycle = (known after apply)
~ instance_state = "stopped" -> (known after apply)
~ ipv6_address_count = 0 -> (known after apply)
~ ipv6_addresses = [] -> (known after apply)
~ monitoring = false -> (known after apply)
+ outpost_arn = (known after apply)
+ password_data = (known after apply)
+ placement_group = (known after apply)
~ placement_partition_number = 0 -> (known after apply)
~ primary_network_interface_id = "eni-022a5dc64d4c885ca" -> (known after apply)
~ private_dns = "ip-10-10-1-59.af-south-1.compute.internal" -> (known after apply)
~ private_ip = "10.10.1.59" -> (known after apply)
~ public_dns = "ec2-15-240-23-115.af-south-1.compute.amazonaws.com" -> (known after apply)
~ public_ip = "15.240.23.115" -> (known after apply)
~ secondary_private_ips = [] -> (known after apply)
~ security_groups = [] -> (known after apply)
+ spot_instance_request_id = (known after apply)
tags = {
"Environment" = "development"
"ManagedBy" = "Terraform"
"Name" = "ff-dev-server"
}
~ tenancy = "default" -> (known after apply)
+ user_data_base64 = (known after apply)
# (11 unchanged attributes hidden)

  ~ capacity_reservation_specification (known after apply)
  - capacity_reservation_specification {
      - capacity_reservation_preference = "open" -> null
    }

  ~ cpu_options (known after apply)
  - cpu_options {
      - core_count       = 1 -> null
      - threads_per_core = 2 -> null
        # (1 unchanged attribute hidden)
    }

  - credit_specification {
      - cpu_credits = "unlimited" -> null
    }

  ~ ebs_block_device (known after apply)

  ~ enclave_options (known after apply)
  - enclave_options {
      - enabled = false -> null
    }

  ~ ephemeral_block_device (known after apply)

  ~ instance_market_options (known after apply)

  ~ maintenance_options (known after apply)
  - maintenance_options {
      - auto_recovery = "default" -> null
    }

  ~ metadata_options (known after apply)
  - metadata_options {
      - http_endpoint               = "enabled" -> null
      - http_protocol_ipv6          = "disabled" -> null
      - http_put_response_hop_limit = 2 -> null
      - http_tokens                 = "required" -> null
      - instance_metadata_tags      = "disabled" -> null
    }

  ~ network_interface (known after apply)

  ~ private_dns_name_options (known after apply)
  - private_dns_name_options {
      - enable_resource_name_dns_a_record    = false -> null
      - enable_resource_name_dns_aaaa_record = false -> null
      - hostname_type                        = "ip-name" -> null
    }

  ~ root_block_device (known after apply)
  - root_block_device {
      - delete_on_termination = true -> null
      - device_name           = "/dev/xvda" -> null
      - encrypted             = false -> null
      - iops                  = 3000 -> null
      - tags                  = {} -> null
      - tags_all              = {} -> null
      - throughput            = 125 -> null
      - volume_id             = "vol-0eaac7e3d7b8c2bdd" -> null
      - volume_size           = 30 -> null
      - volume_type           = "gp3" -> null
        # (1 unchanged attribute hidden)
    }
}

Plan: 1 to add, 1 to change, 1 to destroy.

Changes to Outputs:
~ dev_backend_instance_public_ip = "15.240.23.115" -> (known after apply)

@github-actions

github-actions Bot commented Dec 2, 2025

Copy link
Copy Markdown

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
~ update in-place
-/+ destroy and then create replacement

Terraform will perform the following actions:

aws_eip.dev_app will be updated in-place

~ resource "aws_eip" "dev_app" {
id = "eipalloc-0c0cff49f034e7fa6"
~ instance = "i-02808cb1d0f8ea8d2" -> (known after apply)
tags = {
"Name" = "ff-dev-frontend-eip"
}
# (17 unchanged attributes hidden)
}

module.compute.aws_instance.app_server must be replaced

-/+ resource "aws_instance" "app_server" {
~ ami = "ami-0e6bc8e2e1bbfafb0" -> "ami-0579b26bfd446908d" # forces replacement
~ arn = "arn:aws:ec2:af-south-1:988963493215:instance/i-02808cb1d0f8ea8d2" -> (known after apply)
~ availability_zone = "af-south-1a" -> (known after apply)
~ cpu_core_count = 1 -> (known after apply)
~ cpu_threads_per_core = 2 -> (known after apply)
~ disable_api_stop = false -> (known after apply)
~ disable_api_termination = false -> (known after apply)
~ ebs_optimized = false -> (known after apply)
+ enable_primary_ipv6 = (known after apply)
- hibernation = false -> null
+ host_id = (known after apply)
+ host_resource_group_arn = (known after apply)
~ id = "i-02808cb1d0f8ea8d2" -> (known after apply)
~ instance_initiated_shutdown_behavior = "stop" -> (known after apply)
+ instance_lifecycle = (known after apply)
~ instance_state = "stopped" -> (known after apply)
~ ipv6_address_count = 0 -> (known after apply)
~ ipv6_addresses = [] -> (known after apply)
~ monitoring = false -> (known after apply)
+ outpost_arn = (known after apply)
+ password_data = (known after apply)
+ placement_group = (known after apply)
~ placement_partition_number = 0 -> (known after apply)
~ primary_network_interface_id = "eni-06def491667c428e7" -> (known after apply)
~ private_dns = "ip-10-10-1-184.af-south-1.compute.internal" -> (known after apply)
~ private_ip = "10.10.1.184" -> (known after apply)
~ public_dns = "ec2-16-28-122-47.af-south-1.compute.amazonaws.com" -> (known after apply)
~ public_ip = "16.28.122.47" -> (known after apply)
~ secondary_private_ips = [] -> (known after apply)
~ security_groups = [] -> (known after apply)
+ spot_instance_request_id = (known after apply)
tags = {
"Environment" = "development"
"ManagedBy" = "Terraform"
"Name" = "ff-dev-frontend-server"
}
~ tenancy = "default" -> (known after apply)
+ user_data_base64 = (known after apply)
# (11 unchanged attributes hidden)

  ~ capacity_reservation_specification (known after apply)
  - capacity_reservation_specification {
      - capacity_reservation_preference = "open" -> null
    }

  ~ cpu_options (known after apply)
  - cpu_options {
      - core_count       = 1 -> null
      - threads_per_core = 2 -> null
        # (1 unchanged attribute hidden)
    }

  - credit_specification {
      - cpu_credits = "unlimited" -> null
    }

  ~ ebs_block_device (known after apply)

  ~ enclave_options (known after apply)
  - enclave_options {
      - enabled = false -> null
    }

  ~ ephemeral_block_device (known after apply)

  ~ instance_market_options (known after apply)

  ~ maintenance_options (known after apply)
  - maintenance_options {
      - auto_recovery = "default" -> null
    }

  ~ metadata_options (known after apply)
  - metadata_options {
      - http_endpoint               = "enabled" -> null
      - http_protocol_ipv6          = "disabled" -> null
      - http_put_response_hop_limit = 2 -> null
      - http_tokens                 = "required" -> null
      - instance_metadata_tags      = "disabled" -> null
    }

  ~ network_interface (known after apply)

  ~ private_dns_name_options (known after apply)
  - private_dns_name_options {
      - enable_resource_name_dns_a_record    = false -> null
      - enable_resource_name_dns_aaaa_record = false -> null
      - hostname_type                        = "ip-name" -> null
    }

  ~ root_block_device (known after apply)
  - root_block_device {
      - delete_on_termination = true -> null
      - device_name           = "/dev/xvda" -> null
      - encrypted             = false -> null
      - iops                  = 3000 -> null
      - tags                  = {} -> null
      - tags_all              = {} -> null
      - throughput            = 125 -> null
      - volume_id             = "vol-0c57bd3769bc59d46" -> null
      - volume_size           = 30 -> null
      - volume_type           = "gp3" -> null
        # (1 unchanged attribute hidden)
    }
}

Plan: 1 to add, 1 to change, 1 to destroy.

Changes to Outputs:
~ dev_frontend_instance_public_ip = "16.28.122.47" -> (known after apply)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ongeziwe17 @OngeziweM5