initial commit for AWS compat

Author: Dobroslav Slavenskoj

.github/workflows/digger-plan.yml

@@ -0,0 +1,35 @@
+name: Digger Plan
+
+on:
+  pull_request:
+    branches: [ "main" ]
+    types: [ opened, synchronize ]
+  issue_comment:
+    types: [created]
+  workflow_dispatch:
+
+
+jobs:
+  plan:
+    runs-on: ubuntu-latest
+    permissions:    
+      contents: write      # required to merge PRs
+      id-token: write      # required for workload-identity-federation
+      pull-requests: write # required to post PR comments
+      statuses: write      # required to validate combined PR status
+
+    steps:
+      - uses: actions/checkout@v4
+      # Unlike GCP; the role assumption is handled inline 
+      - name: digger run
+        uses: diggerhq/digger@v0.2.0
+        with:
+          setup-aws: true
+          aws-role-to-assume: arn:aws:sts::${{ secrets.AccountID }}:assumed-role/${{secrets.RoleName}}/${{FunctionName}}
+          aws-region: us-east-1
+        env:
+          GITHUB_CONTEXT: ${{ toJson(github) }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          LOCK_PROVIDER: aws
+          AWS_STORAGE_BUCKET: 'digger-lock-prod'
+    

.gitignore

@@ -0,0 +1,28 @@
+gcp_key.json
+
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+.terraform.lock.hcl

backend/main.tf

@@ -0,0 +1,25 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "3.0.0"  # Use an appropriate version
+    }
+  }
+}
+
+provider "aws" {
+  region = "us-east-1"  # Replace with your desired AWS region
+}
+
+resource "random_string" "bucket_prefix" {
+  length  = 8
+  special = false
+}
+
+resource "aws_s3_bucket" "default" {
+  bucket = "${random_string.bucket_prefix.result}-bucket-tfstate"
+  acl    = "private"  # You can adjust the ACL as needed
+  versioning {
+    enabled = true
+  }
+}

digger.yml

@@ -0,0 +1,3 @@
+projects:
+- name: production
+  dir: prod

prod/main.tf

@@ -0,0 +1,56 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "3.0.0"  # Use an appropriate version
+    }
+  }
+    backend "s3" {
+    bucket = "8046b8f4c208f5bb-bucket-tfstate"
+    key    = "terraform/state"
+    region = "us-east-1"
+  }
+
+}
+
+provider "aws" {
+  region = "us-east-1"  # Replace with your desired AWS region
+}
+
+resource "aws_vpc" "vpc_network" {
+  cidr_block = "10.0.0.0/16"
+  tags = {
+    Name = "terraform-network"
+  }
+}
+
+resource "aws_subnet" "vpc_subnet" {
+  vpc_id                  = aws_vpc.vpc_network.id
+  cidr_block              = "10.0.1.0/24"
+  availability_zone       = "us-east-2a"  
+  map_public_ip_on_launch = true
+
+  tags = {
+    Name = "terraform-subnet"
+  }
+}
+
+resource "aws_security_group" "security_group" {
+  name_prefix = "terraform-"
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_instance" "vm_instance" {
+  ami             = "ami-0b17ac7207aae009f"  #Debian 11 (bullsey AMI provided by the Debian Project https://wiki.debian.org/Cloud/AmazonEC2Image/Bullseye)
+  instance_type   = "t2.micro"
+  subnet_id       = aws_subnet.vpc_subnet.id
+  security_groups = [aws_security_group.security_group.name]
+  tags = {
+    Name = "terraform-instance"
+  }
+}