README
ΒΆ
AWS Infrastructure Provisioner
A Go-based service that automates the provisioning of AWS resources (S3 buckets and IAM roles) for client organizations. This service provides a REST API to dynamically create and manage AWS infrastructure with proper access controls and permissions.
Features
- π Automated AWS resource provisioning
- π Secure authentication and authorization
- ποΈ Infrastructure as Code using Terraform
- π REST API endpoints for resource management
- π§ͺ Testing and verification scripts
- π§Ή Resource cleanup utilities
Prerequisites
Before you begin, ensure you have the following installed:
- Go (version 1.21 or later)
- Terraform (version 1.0.0 or later)
- AWS CLI configured with appropriate credentials
- Git
AWS Setup
- Create an AWS Account if you don't have one
- Create an IAM user with programmatic access:
- Go to AWS Console β IAM β Users β Add User
- Enable programmatic access
- Attach the following permissions policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "TerraformS3Access",
"Effect": "Allow",
"Action": [
"s3:CreateBucket",
"s3:ListBucket",
"s3:GetBucketPolicy",
"s3:PutBucketPolicy",
"s3:DeleteBucket"
],
"Resource": "arn:aws:s3:::*"
},
{
"Sid": "TerraformIAMAccess",
"Effect": "Allow",
"Action": [
"iam:CreateRole",
"iam:GetRole",
"iam:DeleteRole",
"iam:PutRolePolicy",
"iam:GetRolePolicy",
"iam:DeleteRolePolicy",
"iam:ListRoles",
"iam:ListRolePolicies",
"iam:TagRole",
"iam:ListAttachedRolePolicies",
"iam:ListInstanceProfilesForRole"
],
"Resource": [
"arn:aws:iam::*:role/go-infra-provisioner-*"
]
},
{
"Sid": "TerraformKMSAccess",
"Effect": "Allow",
"Action": [
"kms:CreateKey",
"kms:DescribeKey",
"kms:EnableKeyRotation",
"kms:ListKeys",
"kms:PutKeyPolicy",
"kms:GenerateDataKey",
"kms:TagResource",
"kms:GetKeyRotationStatus",
"kms:GetKeyPolicy",
"kms:ListResourceTags",
"kms:ScheduleKeyDeletion"
],
"Resource": "*"
}
]
}
- Save the Access Key ID and Secret Access Key
Installation
- Clone the repository:
git clone https://github.com/arkishshah/go-infra-provisioner.git
cd go-infra-provisioner
- Create environment files:
Create .env file in the root directory:
AWS_ACCESS_KEY_ID=your_access_key
AWS_SECRET_ACCESS_KEY=your_secret_key
AWS_REGION=us-east-1
AWS_ACCOUNT_ID=your_account_id
ENVIRONMENT=dev
Create configs/dev/app.env with the same contents:
mkdir -p configs/dev
cp .env configs/dev/app.env
- Install dependencies:
go mod download
Infrastructure Setup
- Navigate to the terraform environment directory:
cd terraform/environments/dev
- Create terraform.tfvars file:
# Copy example.tfvars to terraform.tfvars
cp example.tfvars terraform.tfvars
- Update terraform.tfvars with your values:
aws_region = "us-east-1" # Your AWS region
environment = "dev" # Environment name
project_name = "go-infra-provisioner" # Your project name
- Initialize Terraform:
terraform init
- Review and apply the configuration:
terraform plan
terraform apply
- After successful apply, you'll see outputs like:
Outputs:
service_role_arn = "arn:aws:iam::your_account_id:role/go-infra-provisioner-service-role"
kms_key_id = "12345678-abcd-efgh-ijkl-123456789012"
- Update your
.envandconfigs/dev/app.envwith these values.
Note: The
terraform.tfvarsfile contains sensitive configuration and is excluded from git via .gitignore. Theexample.tfvarsfile is provided as a template.
Running the Service
- Build and run the service:
go build -o main cmd/api/main.go
./main
Or use the provided Makefile:
make run
- The service will start on
http://localhost:8080
API Endpoints
- Health Check:
curl http://localhost:8080/health
- Provision Resources:
curl -X POST http://localhost:8080/api/v1/provision \
-H "Content-Type: application/json" \
-d '{
"client_id": "test-client-001",
"client_name": "Test Client"
}'
Testing
- Verify setup:
./scripts/verify-setup.sh
- Test API endpoints:
./scripts/test-api.sh
Or use the Makefile:
make test
Cleanup
To clean up resources:
# Clean up specific client resources
./scripts/cleanup-resources.sh test-client-001
# Clean up all terraform resources
make clean
Project Structure
.
βββ cmd/
β βββ api/ # Application entrypoint
βββ configs/
β βββ dev/ # Environment configurations
βββ internal/
β βββ api/ # API implementation
β βββ config/ # Configuration management
β βββ provisioner/ # AWS resource provisioning
βββ pkg/
β βββ awsclient/ # AWS SDK client
β βββ logger/ # Logging utility
βββ policies/ # IAM policy templates
βββ scripts/ # Utility scripts
βββ terraform/ # Infrastructure as Code
β βββ environments/ # Environment-specific configs
β βββ modules/ # Reusable terraform modules
βββ .env # Environment variables
βββ go.mod # Go dependencies
βββ Makefile # Build automation
Common Issues
-
AWS Region Error:
- Ensure AWS_REGION in .env matches your AWS CLI configuration
- For non us-east-1 regions, update the S3 bucket creation configuration
-
Permission Issues:
- Verify IAM user has necessary permissions
- Check if role/policy names conflict with existing resources
-
Resource Limits:
- Be aware of AWS service limits
- Clean up test resources after use
Contributing
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
License
This project is licensed under the MIT License - see the LICENSE file for details
Support
For support, please open an issue in the GitHub repository or contact the maintainers.
Directories
Click to show internal directories.
Click to hide internal directories.