AWS Sandbox Infrastructure Deployment

Welcome to the AWS Sandbox Infrastructure Deployment phase. Here you will be tasked to use Github Actions and Terraform to provision a set of assets needed for the deployment. The approximate time expected to complete this deployment is 20 minutes.

All assets created should have the NFCC-POC : true tag applied. The tags will make it easier to locate resources and to manage billing as tags can be used by AWS Cost Explorer and Cost and Usage Report.

Deployment Prerequisites

In order to continue with this deployment, you will need to create two (2) AWS access keys (values), along with having the following variables readily available:

  • AWS_ACCESS_KEY_ID: Created below.

  • AWS_SECRET_ACCESS_KEY: Created below.

  • AWS_DEFAULT_REGION: Will be identified below.

  • CUSTOMER_NAME: Provided in your task system ticket.


Before Deployment - Creating AWS Access and Secret Keys

Before you can begin the Sandbox Infrastructure Deployment task, you will need an AWS Access Key ID and Secret Access Key. Instructions for creating these access keys are provided below. More information can be found on AWS website:

If you are the root user, feel free to proceed and with the following instructions. If you are an IAM user, please be sure to have the “AdministratorAccess” role, before proceeding with the following instructions.

Creating AWS Access and Secret Keys:

  1. Login to the AWS console at:

    • Important note: The variable needed for AWS_DEFAULT_REGION, is located in the browser address bar (“us-east-2”) in this example but yours may be different. Save this information for the next steps.

  2. In the upper right-hand corner, click on your profile name. (“Training” in this image example)

  3. Then select My Security Credentials.

  1. Expand the Access keys section.

  1. Click on Create New Access Key.

  1. Click on Show Access Key.

  2. Store/save this Access Key ID. This will be the variable for AWS_ACCESS_KEY_ID

  3. Store/save this Secret Access Key. This will be the variable for AWS_SECRET_ACCESS_KEY

Access and Secrets Keys Video Instructions:

1. Fork the AWS Deployment Github Repository

  1. Visit the Neverfail AWS Deployment Github repository and accept the invitation.

  1. Click "Fork" on the upper-right corner, to fork the repository in your own Github account.

2. Add Secrets (5) to the Forked Github Repository

  1. In your forked aws-deployment repository view, click on Settings tab.

  1. Click on Secrets on the left-hand menu.

  1. Click on New secret to start adding each secret, per steps 4 - 8 below.

    • Important note: For every Secret name and Secret value below, make sure there are no spaces or quotes before or after the text.

  1. Click on New secret, then enter Name as “AWS_ACCESS_KEY_ID”, then add the value for AWS_ACCESS_KEY_ID

  2. Click on New secret, then enter Name as “AWS_SECRET_ACCESS_KEY”, then input the value for AWS_SECRET_ACCESS_KEY

  3. Click on New secret, then enter the Name as “AWS_DEFAULT_REGION”, then input the value for AWS_DEFAULT_REGION
    (for example: us-east-2)

  4. Click on New secret, then enter Name as “CUSTOMER_NAME” and set value of CUSTOMER_NAME
  5. (This value is provided in your WIQ task ticket)

  6. Click on New secret, then enter Name as “INCREMENT_NUMBER”, then input the value for INCREMENT_NUMBER
    (This value is “1”)

3. Trigger the Github Actions Workflow

  1. First, Github Actions must be enabled on the repository:

    1. Go to the Actions tab on the forked repository.

    2. Click on I understand my workflows, go ahead and enable them.

  1. To start the deployment process using GitHub Actions, you need to create a file inside the terraform folder:
    1. Click on the < > Code tab.

    2. Navigate to and select the terraform file.

    3. On the right-hand side, click Add file, then Create new file.

    1. Input "apply" into the file field.

    1. Scroll down and select “Commit new file”.

  1. To view the Terraform install status, feel free to visit the Actions tab in your Github repository to view the deployment tasks.

AWS Terraform Job Troubleshooting

If during the AWS infrastructure Terraform deployment steps in Github Action you see a failure on step: “Created backend tf file and upload it to S3 bucket,” this is likely due to an issue with your AWS account. Please be sure you have a credit card on file and have confirmed your AWS account via their email verification. You can further confirm this issue is resolved by successfully creating a test S3 bucket via manual operation of the AWS S3 service panel.

Terraform Job General Troubleshooting

We have tried to capture and handle all possible scenarios during the infrastructure deployment, but due to the complexity of the operation, it is possible that something can go wrong. If you receive an error during the Terraform job, first, let the job complete, then afterwards, try re-running the job by clicking the Re-run jobs button on the top-right. If you still have problems, feel free to reach out to your engagement lead for assistance.

Terraform will run for the next 2-3 minutes, take a moment to reflect on what's happening here.

Terraform is building out the following assets in your AWS infrastructure:
  • AWS Backup plan with rules
  • EC2 instances
  • ESB volumes
  • Evidence repository storage bucket
  • Production object storage bucket
  • RDS Oracle database
  • Secrets vault via Secrets Manager
  • Vault Access Policy
  • 4. Verification of Asset Creation

    To review and verify the above provisioned assets, you will need to create a new AWS Resource Group with grouping criteria tags. For reporting purposes, every asset deployed will be tagged with key:value
    NFCC-POC: True.

    1. Visit the AWS Resource Groups section in the AWS portal.

    2. Select the Tags based Group type option.

    3. Tags key will be set to NFCC-POC and tag value set to true.

    4. Click Preview group resources.

    1. Under Group details, enter “NFCC_POC” for the Group name.

    2. Click Create group to save the group.

    Stick a pin in this one, your AWS Infrastructure deployment is DONE!

    UP NEXT: Your next deployment task ticket (Bots) is waiting for you in JIRA.