Skip to content

Infra Cornerstone Work #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
kylelisk wants to merge 16 commits into
base: main
Choose a base branch
from
Open

Infra Cornerstone Work #2

kylelisk wants to merge 16 commits into from

Conversation

@kylelisk
Copy link

@kylelisk kylelisk commented Oct 8, 2025

All changes related to creating all of the terraform for the infrastructure as well as pipelines.

Kyle Lisk added 16 commits October 7, 2025 15:44
Initial VPC and networking commit. Also included some github actions …
dc1a464 
…stuff because I like it :)
Initial VPC and networking commit. Also included some github actions …
5993135 
…stuff because I like it :)
Added ECS and ECR related stuff as well as updated the github actions…
965efde 
… pipelines.
Added an ALB so I can actually get to the webpage in the ECS cluster
f2ab691
Added certificate logic and also least-priviledge role for the ECS ta…
a9ff75a 
…sks as well as HTTPS
Fix terraform formatting issues
4465234
Checkov fixes ;)
8ad27fb
Checkov fixes again. Also encrypted thee cloudwatch logs
4b1e655
Checkov fixes round 3
1640e4b
Added a network firewall and dedicated subnets.
768d329 
Traffic now gets routed to the firewall subnets first and if it passes the checks it is then forwarded into the ALB subnets.
Fixed checkov failures again.. might be worth disabling, yet I enjoy …
549d4c3 
…the security scanning
A couple main items in this commit, network firewall and kms updates:
073a5e5 
- Added the network firewall logic and wired it all up with the routing
- Network firewall logs to cloudwatch logs
- Which then leads to the final piece of allowing cloudwatch logging for the network firewall; reused the ecs kms key for that
Improved security on the security groups to only certain ports within…
756b6ba 
… specific CIDR ranges. Also cleaned up the README
Fixed two oopsies:
51d2826 
1. Circular dependencies of security group rules between ALB and ECS
2. Network security group rules have a peculiar issue with AWS and needed a 'settings' variable
Because I'm a completionist at times, I fixed the checkov failures ri…
ec5dda5 
…ght quick.
Fixed terraform fmt issue
ff79f1e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kylelisk