From 9ce2339b349e110d507a28b6808fe6904eb8e6c6 Mon Sep 17 00:00:00 2001 From: aditya dubey Date: Sun, 11 Jan 2026 12:11:06 +0530 Subject: [PATCH 1/4] Fix: Create ECR repositories before pushing (new AWS account) --- .github/workflows/cd.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index b755be3e3..d8b1b49e9 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -31,6 +31,11 @@ jobs: id: login-ecr uses: aws-actions/amazon-ecr-login@v2 + - name: Create ECR repositories if missing + run: | + aws ecr describe-repositories --repository-names devops-backend || aws ecr create-repository --repository-name devops-backend + aws ecr describe-repositories --repository-names devops-frontend || aws ecr create-repository --repository-name devops-frontend + - name: Build and push Backend to ECR if: steps.login-ecr.outcome == 'success' uses: docker/build-push-action@v5 From af7b51f8a925884f629ce3432d6a8cc08e650ca3 Mon Sep 17 00:00:00 2001 From: aditya dubey Date: Sun, 11 Jan 2026 12:18:09 +0530 Subject: [PATCH 2/4] Fix: Add S3 backend for AWS Terraform state persistence --- .github/workflows/cd.yml | 4 ++++ terraform/aws/main.tf | 6 ++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index d8b1b49e9..b39d1b006 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -139,6 +139,10 @@ jobs: aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: ${{ env.AWS_REGION }} + - name: Create AWS State Bucket + run: | + aws s3api create-bucket --bucket devops-assignment-tf-state-aws --region us-east-2 --create-bucket-configuration LocationConstraint=us-east-2 2>/dev/null || echo "Bucket already exists" + - name: Terraform Init AWS run: | cd terraform/aws diff --git a/terraform/aws/main.tf b/terraform/aws/main.tf index 469f80377..0d3077a83 100644 --- a/terraform/aws/main.tf +++ b/terraform/aws/main.tf @@ -5,8 +5,10 @@ terraform { version = "~> 5.0" } } - backend "local" { - path = "terraform.tfstate" + backend "s3" { + bucket = "devops-assignment-tf-state-aws" + key = "terraform/state/aws.tfstate" + region = "us-east-2" } } From 128060acb1293d0f043a1666c1047b06dd9f58fa Mon Sep 17 00:00:00 2001 From: aditya dubey Date: Sun, 11 Jan 2026 12:28:58 +0530 Subject: [PATCH 3/4] Fix: Import existing AWS resources into Terraform state --- .github/workflows/cd.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index b39d1b006..b19e68a32 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -147,6 +147,24 @@ jobs: run: | cd terraform/aws terraform init + + - name: Import Existing AWS Resources + continue-on-error: true + run: | + cd terraform/aws + # Import existing resources (will error if already in state or doesn't exist, hence continue-on-error) + terraform import aws_lb.main devops-alb 2>/dev/null || true + terraform import 'aws_lb_target_group.backend' $(aws elbv2 describe-target-groups --names devops-backend-tg --query 'TargetGroups[0].TargetGroupArn' --output text 2>/dev/null) 2>/dev/null || true + terraform import 'aws_lb_target_group.frontend' $(aws elbv2 describe-target-groups --names devops-frontend-tg --query 'TargetGroups[0].TargetGroupArn' --output text 2>/dev/null) 2>/dev/null || true + terraform import aws_iam_role.ecs_execution_role devops-ecs-execution-role-ohio 2>/dev/null || true + terraform import aws_iam_role.ecs_task_role devops-ecs-task-role-ohio 2>/dev/null || true + terraform import aws_cloudwatch_log_group.backend /ecs/devops-backend 2>/dev/null || true + terraform import aws_cloudwatch_log_group.frontend /ecs/devops-frontend 2>/dev/null || true + terraform import aws_secretsmanager_secret.app_secret devops-app-secret 2>/dev/null || true + env: + TF_VAR_aws_region: ${{ env.AWS_REGION }} + TF_VAR_ecr_repository_url: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com + TF_VAR_db_password: ${{ secrets.DB_PASSWORD }} - name: Terraform Apply AWS run: | @@ -158,3 +176,4 @@ jobs: TF_VAR_db_password: ${{ secrets.DB_PASSWORD }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + From be4ce6656b63e56127f378bea87c60762f160a3b Mon Sep 17 00:00:00 2001 From: aditya dubey Date: Sun, 11 Jan 2026 12:35:50 +0530 Subject: [PATCH 4/4] Fix: Use v2 names for all AWS resources to bypass conflicts --- .github/workflows/cd.yml | 20 ++------------------ terraform/aws/alb.tf | 6 +++--- terraform/aws/ecs.tf | 8 ++++---- terraform/aws/iam.tf | 4 ++-- terraform/aws/secrets.tf | 4 ++-- 5 files changed, 13 insertions(+), 29 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index b19e68a32..fa9b34e74 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -143,28 +143,12 @@ jobs: run: | aws s3api create-bucket --bucket devops-assignment-tf-state-aws --region us-east-2 --create-bucket-configuration LocationConstraint=us-east-2 2>/dev/null || echo "Bucket already exists" + - name: Terraform Init AWS run: | cd terraform/aws terraform init - - - name: Import Existing AWS Resources - continue-on-error: true - run: | - cd terraform/aws - # Import existing resources (will error if already in state or doesn't exist, hence continue-on-error) - terraform import aws_lb.main devops-alb 2>/dev/null || true - terraform import 'aws_lb_target_group.backend' $(aws elbv2 describe-target-groups --names devops-backend-tg --query 'TargetGroups[0].TargetGroupArn' --output text 2>/dev/null) 2>/dev/null || true - terraform import 'aws_lb_target_group.frontend' $(aws elbv2 describe-target-groups --names devops-frontend-tg --query 'TargetGroups[0].TargetGroupArn' --output text 2>/dev/null) 2>/dev/null || true - terraform import aws_iam_role.ecs_execution_role devops-ecs-execution-role-ohio 2>/dev/null || true - terraform import aws_iam_role.ecs_task_role devops-ecs-task-role-ohio 2>/dev/null || true - terraform import aws_cloudwatch_log_group.backend /ecs/devops-backend 2>/dev/null || true - terraform import aws_cloudwatch_log_group.frontend /ecs/devops-frontend 2>/dev/null || true - terraform import aws_secretsmanager_secret.app_secret devops-app-secret 2>/dev/null || true - env: - TF_VAR_aws_region: ${{ env.AWS_REGION }} - TF_VAR_ecr_repository_url: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com - TF_VAR_db_password: ${{ secrets.DB_PASSWORD }} + - name: Terraform Apply AWS run: | diff --git a/terraform/aws/alb.tf b/terraform/aws/alb.tf index 85f5341bb..3364cda12 100644 --- a/terraform/aws/alb.tf +++ b/terraform/aws/alb.tf @@ -1,5 +1,5 @@ resource "aws_lb" "main" { - name = "devops-alb" + name = "devops-alb-v2" internal = false load_balancer_type = "application" security_groups = [aws_security_group.alb_sg.id] @@ -7,7 +7,7 @@ resource "aws_lb" "main" { } resource "aws_lb_target_group" "backend" { - name = "devops-backend-tg" + name = "devops-backend-tg-v2" port = 8000 protocol = "HTTP" vpc_id = aws_vpc.main.id @@ -19,7 +19,7 @@ resource "aws_lb_target_group" "backend" { } resource "aws_lb_target_group" "frontend" { - name = "devops-frontend-tg" + name = "devops-frontend-tg-v2" port = 3000 protocol = "HTTP" vpc_id = aws_vpc.main.id diff --git a/terraform/aws/ecs.tf b/terraform/aws/ecs.tf index d0246c413..ad78208a1 100644 --- a/terraform/aws/ecs.tf +++ b/terraform/aws/ecs.tf @@ -24,7 +24,7 @@ resource "aws_ecs_task_definition" "backend" { logConfiguration = { logDriver = "awslogs" options = { - "awslogs-group" = "/ecs/devops-backend" + "awslogs-group" = "/ecs/devops-backend-v2" "awslogs-region" = var.aws_region "awslogs-stream-prefix" = "ecs" } @@ -83,7 +83,7 @@ resource "aws_ecs_task_definition" "frontend" { logConfiguration = { logDriver = "awslogs" options = { - "awslogs-group" = "/ecs/devops-frontend" + "awslogs-group" = "/ecs/devops-frontend-v2" "awslogs-region" = var.aws_region "awslogs-stream-prefix" = "ecs" } @@ -115,11 +115,11 @@ resource "aws_ecs_service" "frontend" { } resource "aws_cloudwatch_log_group" "backend" { - name = "/ecs/devops-backend" + name = "/ecs/devops-backend-v2" retention_in_days = 7 } resource "aws_cloudwatch_log_group" "frontend" { - name = "/ecs/devops-frontend" + name = "/ecs/devops-frontend-v2" retention_in_days = 7 } diff --git a/terraform/aws/iam.tf b/terraform/aws/iam.tf index b3a7a9ea9..22365fbe5 100644 --- a/terraform/aws/iam.tf +++ b/terraform/aws/iam.tf @@ -1,5 +1,5 @@ resource "aws_iam_role" "ecs_execution_role" { - name = "devops-ecs-execution-role-ohio" + name = "devops-ecs-execution-role-v2" assume_role_policy = jsonencode({ Version = "2012-10-17" @@ -21,7 +21,7 @@ resource "aws_iam_role_policy_attachment" "ecs_execution_role_policy" { } resource "aws_iam_role" "ecs_task_role" { - name = "devops-ecs-task-role-ohio" + name = "devops-ecs-task-role-v2" assume_role_policy = jsonencode({ Version = "2012-10-17" diff --git a/terraform/aws/secrets.tf b/terraform/aws/secrets.tf index cd9cc688c..8d0d2932b 100644 --- a/terraform/aws/secrets.tf +++ b/terraform/aws/secrets.tf @@ -1,5 +1,5 @@ resource "aws_secretsmanager_secret" "app_secret" { - name = "devops-app-secret" + name = "devops-app-secret-v2" description = "Application configuration secrets" } @@ -10,7 +10,7 @@ resource "aws_secretsmanager_secret_version" "app_secret_val" { # Grant ECS execution role access to secrets resource "aws_iam_role_policy" "ecs_secrets_access" { - name = "devops-ecs-secrets-access" + name = "devops-ecs-secrets-access-v2" role = aws_iam_role.ecs_execution_role.id policy = jsonencode({