In my previous posts, we learned how to create an RDS Cluster and how to configure the cluster using Ansible and run it using an AWS stack of Lambda and ECS tasks.
Since automation is in my blood, now we go for the last part of this adventure: Automating the Ansible pipeline through GitHub Actions.
We shall only allow the pipeline to be started when triggered by a Code Owner to prevent unwanted changes to being deployed and corrupting our cluster.
As you remember, to run the pipeline, we should invoke a lambda function. And for that, I created a GitHub Workflow that uses the workflow_dispatch
trigger.
There’s no mystery here, we just invoke the function, and we are done1:
However, since we are using the manual trigger for GitHub Actions we can use one workflow for multiple environments given the options configuration between the lines 10 to 12 of the above snippet. Here is how it looks like on the GitHub Actions menu:
Anyone with access to the repository can trigger it, but the job won’t start until a code owner approves it.
And that’s it. Now we have automated all the steps needed to manage an RDS Cluster with Terraform, Ansible, and GitHub Actions.
Final thoughts
While working on this project, I caught myself thinking how much of all of this could be acknowledged overengineering. It’s a ton of code for an automation that will be run a couple of times at the most (depending on the kind of project that you will configure in the RDS).
This took me two weeks of work to plan/study, build, deploy and test it. It is something that on the infrastructure side I can put in a Terraform Module and just reuse it whenever I need it. What will change will be the specific configuration required for the project in the Ansible Playbook.
Using this architecture, we have the assurance that all of our infrastructure is backed by code. All. Of. It. And it’s a giant win for governance and maintenance.
I would like to hear from you, after reading all this 3 posts:
Leave your thoughts in the comments. And share these series with your peers.
See you next time! That’s all folks!
PS! If you are going to AWS re:invent, you may find me there in the Dev Lounge: