add base iac configuration

.dockerignore

@@ -31,6 +31,9 @@ tmp/
 *.pid
 *.env
 
+# terraform
+infrastructure/*
+
 # others
 .kube/
 .git

.gitignore

@@ -52,3 +52,40 @@ yarn-debug.log*
 !test-defaults.env
 
 logfile
+
+
+# Local .terraform directories
+**/.terraform/*
+.terraform*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc

infrastructure/tasks

@@ -0,0 +1,71 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+terraform_version=1.5
+
+user_id="$(id -u)" 
+group_id="$(id -g)"
+
+remote_state_aws_profile="${REMOTE_STATE_AWS_PROFILE:-default}"
+remote_state_bucket_region="${REMOTE_STATE_BUCKET_REGION:-eu-west-2}"
+remote_state_bucket="${REMOTE_STATE_BUCKET:-cpcwood-terraform-remote-state}"
+remote_state_lock_table="${REMOTE_STATE_LOCK_TABLE:-cpcwood-terraform-remote-state-lock-table}"
+remote_state_key="${REMOTE_STATE_KEY:-home-server/production/terraform.tfstate}"
+
+function tf {
+  docker run -it --rm \
+    --workdir /opt \
+    -v ./terraform/:/opt \
+    -v ~/.aws:/.aws \
+    -e AWS_CONFIG_FILE=/.aws/config \
+    -e AWS_SHARED_CREDENTIALS_FILE=/.aws/credentials \
+    --user "$user_id:$group_id" \
+    "hashicorp/terraform:$terraform_version" "$@"
+}
+
+function init {
+  tf init \
+    -backend-config "region=$remote_state_bucket_region" \
+    -backend-config "bucket=$remote_state_bucket" \
+    -backend-config "dynamodb_table=$remote_state_lock_table" \
+    -backend-config "profile=$remote_state_aws_profile" \
+    -backend-config "key=$remote_state_key" \
+    "$@"
+}
+
+function plan {
+  tf plan "$@"
+}
+
+function apply {
+  tf apply "$@"
+}
+
+function plan-ci {
+  tf plan -out=.terraform.plan.cache
+  tf show -json .terraform.plan.cache > plan.json
+}
+
+function apply-ci {
+  tf apply -input=false .terraform.plan.cache
+}
+
+function sh {
+  docker run -it --rm \
+    --workdir /opt \
+    -v ./terraform/:/opt \
+    -v ~/.aws:/.aws \
+    -e AWS_CONFIG_FILE=/.aws/config \
+    -e AWS_SHARED_CREDENTIALS_FILE=/.aws/credentials \
+    --user "$user_id:$group_id" \
+    --entrypoint=/bin/sh \
+    "hashicorp/terraform:$terraform_version"
+}
+
+if [[ ! $(type -t "$1") == function ]]; then
+  echo "Invalid command entered"
+  exit 1
+fi
+
+TIMEFORMAT="Task completed in %3lR"
+time "${@:-default}"

infrastructure/terraform/application_storage_s3.tf

@@ -0,0 +1,7 @@
+resource "random_id" "application_storage_s3" {
+  byte_length = 6
+}
+
+resource "aws_s3_bucket" "application_storage_s3" {
+  bucket = "${var.application_storage_s3_bucket_name}-${var.environment}-${random_id.application_storage_s3.hex}"
+}

infrastructure/terraform/main.tf

@@ -0,0 +1,19 @@
+terraform {
+  required_version = "~> 1.5"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.5"
+    }
+  }
+
+  backend "s3" {
+    encrypt = true
+  }
+}
+
+provider "aws" {
+  region  = var.aws_region
+  profile = var.aws_profile
+}

infrastructure/terraform/outputs.tf

@@ -0,0 +1,3 @@
+output "application_storage_s3_bucket_id" {
+  value = aws_s3_bucket.application_storage_s3.id
+}

infrastructure/terraform/variables.tf

@@ -0,0 +1,17 @@
+variable "environment" {
+  default = "production"
+}
+
+variable "aws_profile" {
+  description = "AWS profile to access AWS API"
+  default     = "default"
+}
+
+variable "aws_region" {
+  description = "AWS region to deploy to"
+  default     = "eu-west-2"
+}
+
+variable "application_storage_s3_bucket_name" {
+  default = "home-server-application-storage"
+}