aws tf

.github/workflows/tf-lint.yml

@@ -0,0 +1,39 @@
+name: terraform-lint
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+
+jobs:
+  tflint:
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+
+    steps:
+    - uses: actions/checkout@v4
+      name: Checkout source code
+
+    - uses: actions/cache@v4
+      name: Cache plugin dir
+      with:
+        path: ~/.tflint.d/plugins
+        key: ${{ matrix.os }}-tflint-${{ hashFiles('.tflint.hcl') }}
+
+    - uses: terraform-linters/setup-tflint@v4
+      name: Setup TFLint
+      with:
+        tflint_version: latest
+
+    - name: Show version
+      run: tflint --version
+
+    - name: Init TFLint
+      run: tflint --init
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
+
+    - name: Run TFLint
+      run: tflint -f compact

.gitignore

@@ -17,5 +17,38 @@ tmp/
 
 main
 
-function.zip
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+#
+# example.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+*.lock.hcl
+
 bootstrap
+*.zip
+
+lambda_source_code.tf

README.md

@@ -1,37 +1,56 @@
 # Portfolio Website
 
-This static website is built with Go and Templ.
+This static website is built with Go and Templ and deployed on AWS Lambda with Terraform.
 
 Complete website in singe binary.
 
-## Docker image Workflow
-Variables are defined in config.yml and can be updated upon commit for new image tag:
+## Deployment
+
+First, build the binary for the Lambda function, which will later be zipped and uploaded with Terraform:
 
 ```bash
-docker:
-  DOCKER_HUB_USERNAME: ujstor 
-  DOCKER_REPO_NAME: portfolio-web-go
-  VERSION_PART: Patch # Patch, Minor, major
-  PUSH_TO_DOCKER: true
+make build
 ```
-If the image does not exist, the default image tag is 0.0.1 for Patch, 0.1.0 for Minor, 1.0.0 for Major. Semantic versioning is employed upon commit, automatically incrementing the version.
 
-Workflow also requires DockerHub login credentials, username and password configuration in the Action secret:
+cd into aws-infra and run terraform apply:
 
 ```bash
-username: ${{ secrets.DOCKERHUB_USERNAME }}
-password: ${{ secrets.DOCKERHUB_TOKEN }}
+cd aws-infra
+terraform init
+terraform apply
 ```
 
-## Deployment
-Deployment can be achieved through self-hosting service provided by [Collify](https://coolify.io/docs/installation). 
+output will provide the URL to the website:
+
+```bash
+Outputs:
+
+api_gateway_url = {
+  "value" = "https://dx90b08zwj.execute-api.us-east-1.amazonaws.com"
+}
+lambda_arn = {
+  "invoke_arn" = "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:795062932265:function:portfolio-web/invocations"
+  "lambda_arn" = "arn:aws:lambda:us-east-1:795062932265:function:portfolio-web"
+  "lambda_name" = "portfolio-web"
+}
+```
+
+Two main resources are created:
+
+Lambda function and API Gateway
 
-![](https://i.imgur.com/pi1WaHy.png)
+![lambda](public/lambda.png)
+
+Destroy infrastructure:
+
+```bash
+terraform destroy
+```
 
 ## MakeFile
 
 ```bash
-all: build docker-build docker-run
+all: build
 
 build:
 	@echo "Building..."
@@ -47,41 +66,13 @@ build:
 			exit 1; \
 		fi; \
 	fi
-	@go build -o main cmd/api/main.go
-
-docker-build:
-	@docker build -t ujstor/portfolio-web-go --target prod .
-
-# Run the application
-run:
-	@go run cmd/api/main.go
-
-docker-run:
-	@docker run -p 5000:5000 ujstor/portfolio-web-go
+	@GOOS=linux GOARCH=amd64 go build -o bootstrap cmd/api/main.go
 
-# Push app to DockerHub
-push:
-	@docker push ujstor/portfolio-web-go
-
-# Clean the binary
 clean:
 	@echo "Cleaning..."
-	@rm -f main
+	@rm -f bootstrap
 
-watch:
-	@if command -v air > /dev/null; then \
-	    air; \
-	    echo "Watching...";\
-	else \
-	    read -p "Go's 'air' is not installed on your machine. Do you want to install it? [Y/n] " choice; \
-	    if [ "$$choice" != "n" ] && [ "$$choice" != "N" ]; then \
-	        go install github.com/air-verse/air@latest; \
-	        air; \
-	        echo "Watching...";\
-	    else \
-	        echo "You chose not to install air. Exiting..."; \
-	        exit 1; \
-	    fi; \
-	fi
-.PHONY: all build docker-build run docker-run push clean watch
+.PHONY: all build clean
 ```
+
+![web](public/web.png)

aws-infra/main.tf

@@ -0,0 +1,40 @@
+module "lambda" {
+  source = "./modules/lambda"
+
+  lambda_config = {
+    work_dir          = "../"
+    bin_name          = "bootstrap"
+    archive_bin_name  = "function.zip"
+    function_name     = "portfolio-web"
+    handler           = "main"
+    runtime           = "provided.al2023"
+    ephemeral_storage = "512"
+    archive_type      = "zip"
+  }
+}
+
+module "api_gateway" {
+  source = "./modules/API-gateway"
+
+  api_gw_conf = {
+    name          = "portfolio-web"
+    protocol_type = "HTTP"
+  }
+
+  lambda_integration_route_premission = {
+    lambda_invoke_arn                 = module.lambda.lambda_arn.invoke_arn
+    lambda_func_name                  = module.lambda.lambda_arn.lambda_name
+    integration_type                  = "AWS_PROXY"
+    integration_method                = "POST"
+    connection_type                   = "INTERNET"
+    route_key                         = "GET /{proxy+}"
+    statement_id                      = "AllowExecutionFromAPIGateway"
+    action                            = "lambda:InvokeFunction"
+    principal                         = "apigateway.amazonaws.com"
+    authorizer_type                   = "REQUEST"
+    authorizer_uri                    = module.lambda.lambda_arn.invoke_arn
+    indentity_sources                 = ["$request.header.Authorization"]
+    authorizer_name                   = "example-authorizer"
+    authorizer_payload_format_version = "1.0"
+  }
+}