diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 733d0b6c..a2426bd9 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -27,29 +27,13 @@ updates: target-branch: dev - package-ecosystem: terraform - directory: '/terraform-iac/dev/app' + directories: + - '/terraform/app' + - '/terraform/setup' schedule: interval: daily target-branch: dev - - package-ecosystem: terraform - directory: '/terraform-iac/dev/setup' - schedule: - interval: daily - target-branch: dev - -# - package-ecosystem: terraform -# directory: '/terraform-iac/modules/app' -# schedule: -# interval: daily -# target-branch: dev -# -# - package-ecosystem: terraform -# directory: '/terraform-iac/modules/setup' -# schedule: -# interval: daily -# target-branch: dev - # For each of these, requesting reviews from your team makes Dependabot PRs easier to find (https://github.com/pulls/review-requested) # reviewers: # - byu-oit/your-github-team diff --git a/.github/workflows/ci-iac.yml b/.github/workflows/ci-iac.yml index ceac255c..b659f79d 100644 --- a/.github/workflows/ci-iac.yml +++ b/.github/workflows/ci-iac.yml @@ -5,11 +5,11 @@ on: branches: [dev, stg, prd] types: [opened, reopened, synchronize, edited] paths: - - 'terraform-iac/**' + - 'terraform/**' - '.github/workflows/ci-iac.yml' env: - tf_version: "1.7.0" # must match value in terraform-iac/*/app/main.tf + tf_version: "1.8.0" # must match value in terraform/app/main.tf jobs: env: @@ -24,7 +24,6 @@ jobs: "env":[ { "environment_name":"dev", - "tf_working_dir":"./terraform-iac/dev/app", "aws_account":"977306314792", "aws_gha_role":"hw-fargate-api-dev-gha" } @@ -39,7 +38,6 @@ jobs: "env":[ { "environment_name":"stg", - "tf_working_dir":"./terraform-iac/stg/app", "aws_account":"977306314792", "aws_gha_role":"hw-fargate-api-stg-gha" } @@ -54,13 +52,11 @@ jobs: "env":[ { "environment_name":"prd", - "tf_working_dir":"./terraform-iac/prd/app", "aws_account":"539738229445", "aws_gha_role":"hw-fargate-api-prd-gha" }, { "environment_name":"cpy", - "tf_working_dir":"./terraform-iac/cpy/app", "aws_account":"539738229445", "aws_gha_role":"hw-fargate-api-cpy-gha" } @@ -79,13 +75,13 @@ jobs: - uses: actions/checkout@v4 - name: Terraform Setup - uses: hashicorp/setup-terraform@v3 + uses: opentofu/setup-opentofu@v1 with: - terraform_version: ${{ env.tf_version }} + tofu_version: ${{ env.tf_version }} - name: Terraform Format - working-directory: terraform-iac - run: terraform fmt -check -recursive + working-directory: terraform + run: tofu fmt -check -recursive plan: name: Terraform Plan / ${{ matrix.env.environment_name }} @@ -111,23 +107,23 @@ jobs: aws-region: us-west-2 - name: Terraform Setup - uses: hashicorp/setup-terraform@v3 + uses: opentofu/setup-opentofu@v1 with: - terraform_version: ${{ env.tf_version }} + tofu_version: ${{ env.tf_version }} - name: Terraform Init - working-directory: ${{ matrix.env.tf_working_dir }} - run: terraform init + working-directory: terraform/app + run: tofu init -var-file=${{ matrix.env.environment_name }}.tfvars - name: Terraform Plan - working-directory: ${{ matrix.env.tf_working_dir }} - run: terraform plan -var 'image_tag=ci_test' -input=false -out plan -lock=false + working-directory: terraform/app + run: tofu plan -var-file=${{ matrix.env.environment_name }}.tfvars -var 'image_tag=ci_test' -input=false -out plan -lock=false - name: Comment Terraform Plan uses: byu-oit/github-action-tf-plan-comment@v1 with: github-token: ${{ secrets.GITHUB_TOKEN }} - working-directory: ${{ matrix.env.tf_working_dir }} + working-directory: terraform/app terraform-plan-file: plan - name: Analyze Terraform Plan @@ -135,7 +131,7 @@ jobs: if: github.repository_owner == 'byu-oit' # If you're at BYU, but outside the byu-oit GitHub org, you may be able to obtain credentials by contacting cloudoffice@byu.edu with: - working-directory: ${{ matrix.env.tf_working_dir }} + working-directory: terraform/app terraform-plan-file: plan divvycloud-username: ${{ secrets.DIVVYCLOUD_USERNAME }} divvycloud-password: ${{ secrets.DIVVYCLOUD_PASSWORD }} diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index b85ec7ee..0dedad41 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -10,7 +10,7 @@ on: - '.gitignore' env: node_version: "18.x" - tf_version: "1.7.0" # must match value in terraform-iac/*/app/main.tf + tf_version: "1.8.0" # must match value in terraform/app/main.tf FORCE_COLOR: 3 concurrency: ${{ github.ref }} jobs: @@ -27,7 +27,6 @@ jobs: { "environment_name":"dev", "ecr_repo_name":"hw-fargate-api-dev", - "tf_working_dir":"./terraform-iac/dev/app", "aws_account":"977306314792", "aws_gha_role":"hw-fargate-api-dev-gha", "rfc_key_name":"standard_change_sandbox_client_key", @@ -46,7 +45,6 @@ jobs: { "environment_name":"stg", "ecr_repo_name":"hw-fargate-api-stg", - "tf_working_dir":"./terraform-iac/stg/app", "aws_account":"977306314792", "aws_gha_role":"hw-fargate-api-stg-gha", "rfc_key_name":"standard_change_sandbox_client_key", @@ -69,7 +67,6 @@ jobs: { "environment_name":"prd", "ecr_repo_name":"hw-fargate-api-prd", - "tf_working_dir":"./terraform-iac/prd/app", "aws_account":"539738229445", "aws_gha_role":"hw-fargate-api-prd-gha", "rfc_key_name":"standard_change_sandbox_client_key", @@ -79,7 +76,6 @@ jobs: { "environment_name":"cpy", "ecr_repo_name":"hw-fargate-api-cpy", - "tf_working_dir":"./terraform-iac/cpy/app", "aws_account":"539738229445", "aws_gha_role":"hw-fargate-api-cpy-gha", "rfc_key_name":"standard_change_sandbox_client_key", @@ -175,20 +171,20 @@ jobs: dockerfile: src/Dockerfile format: - name: Terraform Format + name: Tofu Format timeout-minutes: 3 runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: Terraform Setup - uses: hashicorp/setup-terraform@v3 + - name: Tofu Setup + uses: opentofu/setup-opentofu@v1 with: - terraform_version: ${{ env.tf_version }} + tofu_version: ${{ env.tf_version }} - - name: Terraform Format - working-directory: terraform-iac - run: terraform fmt -check -recursive + - name: Tofu Format + working-directory: terraform + run: tofu fmt -check -recursive build_and_deploy: name: Build and Deploy / ${{ matrix.env.environment_name }} @@ -240,25 +236,25 @@ jobs: cache-to: type=gha,mode=max - name: Terraform Setup - uses: hashicorp/setup-terraform@v3 + uses: opentofu/setup-opentofu@v1 with: - terraform_version: ${{ env.tf_version }} - terraform_wrapper: false + tofu_version: ${{ env.tf_version }} + tofu_wrapper: false - name: Terraform Init - working-directory: ${{ matrix.env.tf_working_dir }} - run: terraform init + working-directory: terraform/app + run: tofu init -var-file=${{ matrix.env.environment_name }}.tfvars - name: Terraform Plan - working-directory: ${{ matrix.env.tf_working_dir }} - run: terraform plan -var 'image_tag=${{ steps.date.outputs.timestamp }}' -input=false -out=plan + working-directory: terraform/app + run: tofu plan -var-file=${{ matrix.env.environment_name }}.tfvars -var 'image_tag=${{ steps.date.outputs.timestamp }}' -input=false -out=plan - name: Analyze Terraform Plan uses: byu-oit/github-action-tf-plan-analyzer@v2 if: github.repository_owner == 'byu-oit' # If you're at BYU, but outside the byu-oit GitHub org, you may be able to obtain credentials by contacting cloudoffice@byu.edu with: - working-directory: ${{ matrix.env.tf_working_dir }} + working-directory: terraform/app terraform-plan-file: plan divvycloud-username: ${{ secrets.DIVVYCLOUD_USERNAME }} divvycloud-password: ${{ secrets.DIVVYCLOUD_PASSWORD }} @@ -272,17 +268,17 @@ jobs: template-id: ${{ matrix.env.rfc_template_id }} - name: Terraform Apply - working-directory: ${{ matrix.env.tf_working_dir }} - run: terraform apply plan + working-directory: terraform/app + run: tofu apply plan - name: Get Terraform Outputs id: terraform-outputs - working-directory: ${{ matrix.env.tf_working_dir }} + working-directory: terraform/app run: | - echo "codedeploy_app_name=$(terraform output -raw codedeploy_app_name)" >> $GITHUB_OUTPUT - echo "codedeploy_deployment_group_name=$(terraform output -raw codedeploy_deployment_group_name)" >> $GITHUB_OUTPUT - echo "codedeploy_appspec_json_file=$(terraform output -raw codedeploy_appspec_json_file)" >> $GITHUB_OUTPUT - echo "url=$(terraform output -raw url)" >> $GITHUB_OUTPUT + echo "codedeploy_app_name=$(tofu output -raw codedeploy_app_name)" >> $GITHUB_OUTPUT + echo "codedeploy_deployment_group_name=$(tofu output -raw codedeploy_deployment_group_name)" >> $GITHUB_OUTPUT + echo "codedeploy_appspec_json_file=$(tofu output -raw codedeploy_appspec_json_file)" >> $GITHUB_OUTPUT + echo "url=$(tofu output -raw url)" >> $GITHUB_OUTPUT - name: CodeDeploy id: deploy diff --git a/README.md b/README.md index 459be881..43caf715 100644 --- a/README.md +++ b/README.md @@ -44,9 +44,9 @@ git commit -am "Update template with repo specific details" ### Deploy the "one time setup" resources ```sh -cd terraform-iac/dev/setup/ -terraform init -terraform apply +cd terraform/setup/ +terraform init -backend-config=dev.s3.tfbackend +terraform apply -var-file=dev.tfvars ``` In the AWS Console, see if you can find the resources from `setup.tf` (ECR, SSM Param, IAM Role). @@ -72,7 +72,6 @@ If you look at [`.github/workflows/deploy.yml`](.github/workflows/deploy.yml), y Anytime after the `Terraform Apply` step succeeds: ```sh cd ../app/ -terraform init terraform output ``` diff --git a/docker-compose.yml b/docker-compose.yml index 837e571a..36209e37 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,7 +7,7 @@ services: volumes: - ~/.aws:/home/node/.aws # Use AWS credentials from host environment: - # Environment variables and secrets from primary_container_definition in terraform-iac/modules/app/main.tf + # Environment variables and secrets from primary_container_definition in terraform/app/main.tf DYNAMO_TABLE_NAME: hw-fargate-api-dev BUCKET_NAME: hw-fargate-api-dev SOME_SECRET: something diff --git a/terraform-iac/cpy/app/.terraform.lock.hcl b/terraform-iac/cpy/app/.terraform.lock.hcl deleted file mode 100644 index 5c6d0d4c..00000000 --- a/terraform-iac/cpy/app/.terraform.lock.hcl +++ /dev/null @@ -1,45 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "5.33.0" - constraints = ">= 3.69.0, >= 4.0.0, >= 4.2.0, ~> 5.33" - hashes = [ - "h1:kPm7PkwHh6tZ74pUj5C/QRPtauxdnzrEG2yhCJla/4o=", - "zh:10bb683f2a9306e881f51a971ad3b2bb654ac94b54945dd63769876a343b5b04", - "zh:3916406db958d5487ea0c2d2320012d1907c29e6d01bf693560fe05e38ee0601", - "zh:3cb54b76b2f9e30620f3281ab7fb20633b1e4584fc84cc4ecd5752546252e86f", - "zh:513bcfd6971482215c5d64725189f875cbcbd260c6d11f0da4d66321efd93a92", - "zh:545a34427ebe7a950056627e7c980c9ba16318bf086d300eb808ffc41c52b7a8", - "zh:5a44b90faf1c8e8269f389c04bfac25ad4766d26360e7f7ac371be12a442981c", - "zh:64e1ef83162f78538dccad8b035577738851395ba774d6919cb21eb465a21e3a", - "zh:7315c70cb6b7f975471ea6129474639a08c58c071afc95a36cfaa41a13ae7fb9", - "zh:9806faae58938d638b757f54414400be998dddb45edfd4a29c85e827111dc93d", - "zh:997fa2e2db242354d9f772fba7eb17bd6d18d28480291dd93f85a18ca0a67ac2", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:9f9e076b7e9752971f39eead6eda69df1c5e890c82ba2ca95f56974af7adfe79", - "zh:b1d6af047f96de7f97d38b685654f1aed4356d5060b0e696d87d0270f5d49f75", - "zh:bfb0654b6f34398aeffdf907b744af06733d168db610a2c5747263380f817ac7", - "zh:e25203ee8cedccf60bf450950d533d3c172509bda8af97dbc3bc817d2a503c57", - ] -} - -provider "registry.terraform.io/hashicorp/local" { - version = "2.4.1" - constraints = "~> 2.4" - hashes = [ - "h1:gpp25uNkYJYzJVnkyRr7RIBVfwLs9GSq2HNnFpTRBg0=", - "zh:244b445bf34ddbd167731cc6c6b95bbed231dc4493f8cc34bd6850cfe1f78528", - "zh:3c330bdb626123228a0d1b1daa6c741b4d5d484ab1c7ae5d2f48d4c9885cc5e9", - "zh:5ff5f9b791ddd7557e815449173f2db38d338e674d2d91800ac6e6d808de1d1d", - "zh:70206147104f4bf26ae67d730c995772f85bf23e28c2c2e7612c74f4dae3c46f", - "zh:75029676993accd6bef933c196b2fad51a9ec8a69a847dbbe96ec8ebf7926cdc", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7d48d5999fe1fcdae9295a7c3448ac1541f5a24c474bd82df6d4fa3732483f2b", - "zh:b766b38b027f0f84028244d1c2f990431a37d4fc3ac645962924554016507e77", - "zh:bfc7ad301dada204cf51c59d8bd6a9a87de5fddb42190b4d6ba157d6e08a1f10", - "zh:c902b527702a8c5e2c25a6637d07bbb1690cb6c1e63917a5f6dc460efd18d43f", - "zh:d68ae0e1070cf429c46586bc87580c3ed113f76241da2b6e4f1a8348126b3c46", - "zh:f4903fd89f7c92a346ae9e666c2d0b6884c4474ae109e9b4bd15e7efaa4bfc29", - ] -} diff --git a/terraform-iac/cpy/app/cpy-app.tf b/terraform-iac/cpy/app/cpy-app.tf deleted file mode 100644 index 22aaee1a..00000000 --- a/terraform-iac/cpy/app/cpy-app.tf +++ /dev/null @@ -1,67 +0,0 @@ -terraform { - required_version = "1.7.0" - backend "s3" { - bucket = "terraform-state-storage-539738229445" - dynamodb_table = "terraform-state-lock-539738229445" - key = "hw-fargate-api/cpy/app.tfstate" - region = "us-west-2" - } - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5.33" - } - local = { - source = "hashicorp/local" - version = "~> 2.4" - } - } -} - -locals { - env = "cpy" -} - -provider "aws" { - region = "us-west-2" - - default_tags { - tags = { - app = "hw-fargate-api" - repo = "https://github.com/byu-oit/hw-fargate-api" - data-sensitivity = "public" - env = local.env - resource-creator-email = "GitHub-Actions" - } - } -} - -variable "image_tag" { - type = string -} - -module "app" { - source = "../../modules/app/" - env = local.env - image_tag = var.image_tag - codedeploy_termination_wait_time = 0 # you probably want to change this to 15 when your service is really prd - deploy_test_postman_collection = "../../../.postman/hw-fargate-api.postman_collection.json" - deploy_test_postman_environment = "../../../.postman/cpy-tst.postman_environment.json" - log_retention_days = 7 -} - -output "url" { - value = module.app.url -} - -output "codedeploy_app_name" { - value = module.app.codedeploy_app_name -} - -output "codedeploy_deployment_group_name" { - value = module.app.codedeploy_deployment_group_name -} - -output "codedeploy_appspec_json_file" { - value = module.app.codedeploy_appspec_json_file -} diff --git a/terraform-iac/cpy/setup/.terraform.lock.hcl b/terraform-iac/cpy/setup/.terraform.lock.hcl deleted file mode 100644 index 70fead6f..00000000 --- a/terraform-iac/cpy/setup/.terraform.lock.hcl +++ /dev/null @@ -1,45 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "5.33.0" - constraints = ">= 3.0.0, >= 4.0.0, >= 4.2.0, ~> 5.33" - hashes = [ - "h1:kPm7PkwHh6tZ74pUj5C/QRPtauxdnzrEG2yhCJla/4o=", - "zh:10bb683f2a9306e881f51a971ad3b2bb654ac94b54945dd63769876a343b5b04", - "zh:3916406db958d5487ea0c2d2320012d1907c29e6d01bf693560fe05e38ee0601", - "zh:3cb54b76b2f9e30620f3281ab7fb20633b1e4584fc84cc4ecd5752546252e86f", - "zh:513bcfd6971482215c5d64725189f875cbcbd260c6d11f0da4d66321efd93a92", - "zh:545a34427ebe7a950056627e7c980c9ba16318bf086d300eb808ffc41c52b7a8", - "zh:5a44b90faf1c8e8269f389c04bfac25ad4766d26360e7f7ac371be12a442981c", - "zh:64e1ef83162f78538dccad8b035577738851395ba774d6919cb21eb465a21e3a", - "zh:7315c70cb6b7f975471ea6129474639a08c58c071afc95a36cfaa41a13ae7fb9", - "zh:9806faae58938d638b757f54414400be998dddb45edfd4a29c85e827111dc93d", - "zh:997fa2e2db242354d9f772fba7eb17bd6d18d28480291dd93f85a18ca0a67ac2", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:9f9e076b7e9752971f39eead6eda69df1c5e890c82ba2ca95f56974af7adfe79", - "zh:b1d6af047f96de7f97d38b685654f1aed4356d5060b0e696d87d0270f5d49f75", - "zh:bfb0654b6f34398aeffdf907b744af06733d168db610a2c5747263380f817ac7", - "zh:e25203ee8cedccf60bf450950d533d3c172509bda8af97dbc3bc817d2a503c57", - ] -} - -provider "registry.terraform.io/hashicorp/local" { - version = "2.4.1" - constraints = "~> 2.4" - hashes = [ - "h1:gpp25uNkYJYzJVnkyRr7RIBVfwLs9GSq2HNnFpTRBg0=", - "zh:244b445bf34ddbd167731cc6c6b95bbed231dc4493f8cc34bd6850cfe1f78528", - "zh:3c330bdb626123228a0d1b1daa6c741b4d5d484ab1c7ae5d2f48d4c9885cc5e9", - "zh:5ff5f9b791ddd7557e815449173f2db38d338e674d2d91800ac6e6d808de1d1d", - "zh:70206147104f4bf26ae67d730c995772f85bf23e28c2c2e7612c74f4dae3c46f", - "zh:75029676993accd6bef933c196b2fad51a9ec8a69a847dbbe96ec8ebf7926cdc", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7d48d5999fe1fcdae9295a7c3448ac1541f5a24c474bd82df6d4fa3732483f2b", - "zh:b766b38b027f0f84028244d1c2f990431a37d4fc3ac645962924554016507e77", - "zh:bfc7ad301dada204cf51c59d8bd6a9a87de5fddb42190b4d6ba157d6e08a1f10", - "zh:c902b527702a8c5e2c25a6637d07bbb1690cb6c1e63917a5f6dc460efd18d43f", - "zh:d68ae0e1070cf429c46586bc87580c3ed113f76241da2b6e4f1a8348126b3c46", - "zh:f4903fd89f7c92a346ae9e666c2d0b6884c4474ae109e9b4bd15e7efaa4bfc29", - ] -} diff --git a/terraform-iac/cpy/setup/cpy-setup.tf b/terraform-iac/cpy/setup/cpy-setup.tf deleted file mode 100644 index 571468d5..00000000 --- a/terraform-iac/cpy/setup/cpy-setup.tf +++ /dev/null @@ -1,48 +0,0 @@ -terraform { - required_version = "1.7.0" - backend "s3" { - bucket = "terraform-state-storage-539738229445" - dynamodb_table = "terraform-state-lock-539738229445" - key = "hw-fargate-api/cpy/setup.tfstate" - region = "us-west-2" - } - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5.33" - } - local = { - source = "hashicorp/local" - version = "~> 2.4" - } - } -} - -locals { - env = "cpy" -} - -provider "aws" { - region = "us-west-2" - - default_tags { - tags = { - app = "hw-fargate-api" - repo = "https://github.com/byu-oit/hw-fargate-api" - data-sensitivity = "public" - env = local.env - resource-creator-email = "GitHub-Actions" - } - } -} - -variable "some_secret" { - type = string - description = "Some secret string that will be stored in SSM and mounted into the Fargate Tasks as an environment variable" -} - -module "setup" { - source = "../../modules/setup/" - env = local.env - some_secret = var.some_secret -} diff --git a/terraform-iac/dev/app/.terraform.lock.hcl b/terraform-iac/dev/app/.terraform.lock.hcl deleted file mode 100644 index 2be7425a..00000000 --- a/terraform-iac/dev/app/.terraform.lock.hcl +++ /dev/null @@ -1,45 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "5.33.0" - constraints = ">= 3.69.0, >= 4.0.0, >= 4.2.0, ~> 5.33" - hashes = [ - "h1:kPm7PkwHh6tZ74pUj5C/QRPtauxdnzrEG2yhCJla/4o=", - "zh:10bb683f2a9306e881f51a971ad3b2bb654ac94b54945dd63769876a343b5b04", - "zh:3916406db958d5487ea0c2d2320012d1907c29e6d01bf693560fe05e38ee0601", - "zh:3cb54b76b2f9e30620f3281ab7fb20633b1e4584fc84cc4ecd5752546252e86f", - "zh:513bcfd6971482215c5d64725189f875cbcbd260c6d11f0da4d66321efd93a92", - "zh:545a34427ebe7a950056627e7c980c9ba16318bf086d300eb808ffc41c52b7a8", - "zh:5a44b90faf1c8e8269f389c04bfac25ad4766d26360e7f7ac371be12a442981c", - "zh:64e1ef83162f78538dccad8b035577738851395ba774d6919cb21eb465a21e3a", - "zh:7315c70cb6b7f975471ea6129474639a08c58c071afc95a36cfaa41a13ae7fb9", - "zh:9806faae58938d638b757f54414400be998dddb45edfd4a29c85e827111dc93d", - "zh:997fa2e2db242354d9f772fba7eb17bd6d18d28480291dd93f85a18ca0a67ac2", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:9f9e076b7e9752971f39eead6eda69df1c5e890c82ba2ca95f56974af7adfe79", - "zh:b1d6af047f96de7f97d38b685654f1aed4356d5060b0e696d87d0270f5d49f75", - "zh:bfb0654b6f34398aeffdf907b744af06733d168db610a2c5747263380f817ac7", - "zh:e25203ee8cedccf60bf450950d533d3c172509bda8af97dbc3bc817d2a503c57", - ] -} - -provider "registry.terraform.io/hashicorp/local" { - version = "2.5.1" - constraints = "~> 2.4" - hashes = [ - "h1:/GAVA/xheGQcbOZEq0qxANOg+KVLCA7Wv8qluxhTjhU=", - "zh:0af29ce2b7b5712319bf6424cb58d13b852bf9a777011a545fac99c7fdcdf561", - "zh:126063ea0d79dad1f68fa4e4d556793c0108ce278034f101d1dbbb2463924561", - "zh:196bfb49086f22fd4db46033e01655b0e5e036a5582d250412cc690fa7995de5", - "zh:37c92ec084d059d37d6cffdb683ccf68e3a5f8d2eb69dd73c8e43ad003ef8d24", - "zh:4269f01a98513651ad66763c16b268f4c2da76cc892ccfd54b401fff6cc11667", - "zh:51904350b9c728f963eef0c28f1d43e73d010333133eb7f30999a8fb6a0cc3d8", - "zh:73a66611359b83d0c3fcba2984610273f7954002febb8a57242bbb86d967b635", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7ae387993a92bcc379063229b3cce8af7eaf082dd9306598fcd42352994d2de0", - "zh:9e0f365f807b088646db6e4a8d4b188129d9ebdbcf2568c8ab33bddd1b82c867", - "zh:b5263acbd8ae51c9cbffa79743fbcadcb7908057c87eb22fd9048268056efbc4", - "zh:dfcd88ac5f13c0d04e24be00b686d069b4879cc4add1b7b1a8ae545783d97520", - ] -} diff --git a/terraform-iac/dev/app/dev-app.tf b/terraform-iac/dev/app/dev-app.tf deleted file mode 100644 index edf14204..00000000 --- a/terraform-iac/dev/app/dev-app.tf +++ /dev/null @@ -1,67 +0,0 @@ -terraform { - required_version = "1.7.0" - backend "s3" { - bucket = "terraform-state-storage-977306314792" - dynamodb_table = "terraform-state-lock-977306314792" - key = "hw-fargate-api/dev/app.tfstate" - region = "us-west-2" - } - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5.33" - } - local = { - source = "hashicorp/local" - version = "~> 2.4" - } - } -} - -locals { - env = "dev" -} - -provider "aws" { - region = "us-west-2" - - default_tags { - tags = { - app = "hw-fargate-api" - repo = "https://github.com/byu-oit/hw-fargate-api" - data-sensitivity = "public" - env = local.env - resource-creator-email = "GitHub-Actions" - } - } -} - -variable "image_tag" { - type = string -} - -module "app" { - source = "../../modules/app/" - env = local.env - image_tag = var.image_tag - codedeploy_termination_wait_time = 0 - deploy_test_postman_collection = "../../../.postman/hw-fargate-api.postman_collection.json" - deploy_test_postman_environment = "../../../.postman/dev-tst.postman_environment.json" - log_retention_days = 1 -} - -output "url" { - value = module.app.url -} - -output "codedeploy_app_name" { - value = module.app.codedeploy_app_name -} - -output "codedeploy_deployment_group_name" { - value = module.app.codedeploy_deployment_group_name -} - -output "codedeploy_appspec_json_file" { - value = module.app.codedeploy_appspec_json_file -} diff --git a/terraform-iac/dev/setup/.terraform.lock.hcl b/terraform-iac/dev/setup/.terraform.lock.hcl deleted file mode 100644 index dd655bba..00000000 --- a/terraform-iac/dev/setup/.terraform.lock.hcl +++ /dev/null @@ -1,45 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "5.56.0" - constraints = ">= 3.0.0, >= 4.0.0, >= 4.2.0, ~> 5.33" - hashes = [ - "h1:mn5tmUuTCiGsgdkCO6y/UFrLRQgt55AqLUqoHC/5qZ0=", - "zh:626ada4e076bd852fb7fc3d0722f17a0eddd87356d94cfce8b3595a520e8d91d", - "zh:6b31e0c5b60d830a623ae9cc7d8cf2db74f75735d83097c659607c8a6276adaf", - "zh:774d02a1c5ddcc9b5efbfe86bc967f4af8a52b8cb5880b2f5d1b255e5b0868ba", - "zh:8d0b9407f7fa868718a3cb4489ee79c17da129647994be2aa2de91c87ccbf365", - "zh:91908ac346a21fc993b16a7734b668d8457afa73970600f1caa7a1feae6d0432", - "zh:947b11319d9fba740940d46b3b3b3ca6d7ba53b105f7284c4e474a4e8b8bd1a6", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:a18be89b54a333c2fb9e2da78b2e658ba3231f877520c7c21bf08e322e3516a4", - "zh:ae902f46864009d7284af22b473d4b73e3c87550f37dd028db4bd8551195af84", - "zh:c9ae5ec852a19cdd8f75754eaed2d7b3f833de3845ebe3aa2d0d30f622b68004", - "zh:d1c3ab7377789f6d2f97dc79d6195c31cfa7c66f530aead7ce8ad7efff0f487d", - "zh:f0233dc4a6db447e16349f486d817f76637fe5e9b1de9ad58ab4c3f09651a1ac", - "zh:f25840d0ff9bd6e55605019cacbcf4d4f96759d687770679cb4bc6210cb6a25c", - "zh:f2e5d0229db8fd114ac1740622c0fc6d8504d8c3d2f5c19b08e73e0469320e87", - "zh:f578bdab2e9dd8c76e6b19246c5b5631eba3ce99329a2b58fb85ebd9501dd450", - ] -} - -provider "registry.terraform.io/hashicorp/local" { - version = "2.5.1" - constraints = "~> 2.4" - hashes = [ - "h1:/GAVA/xheGQcbOZEq0qxANOg+KVLCA7Wv8qluxhTjhU=", - "zh:0af29ce2b7b5712319bf6424cb58d13b852bf9a777011a545fac99c7fdcdf561", - "zh:126063ea0d79dad1f68fa4e4d556793c0108ce278034f101d1dbbb2463924561", - "zh:196bfb49086f22fd4db46033e01655b0e5e036a5582d250412cc690fa7995de5", - "zh:37c92ec084d059d37d6cffdb683ccf68e3a5f8d2eb69dd73c8e43ad003ef8d24", - "zh:4269f01a98513651ad66763c16b268f4c2da76cc892ccfd54b401fff6cc11667", - "zh:51904350b9c728f963eef0c28f1d43e73d010333133eb7f30999a8fb6a0cc3d8", - "zh:73a66611359b83d0c3fcba2984610273f7954002febb8a57242bbb86d967b635", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7ae387993a92bcc379063229b3cce8af7eaf082dd9306598fcd42352994d2de0", - "zh:9e0f365f807b088646db6e4a8d4b188129d9ebdbcf2568c8ab33bddd1b82c867", - "zh:b5263acbd8ae51c9cbffa79743fbcadcb7908057c87eb22fd9048268056efbc4", - "zh:dfcd88ac5f13c0d04e24be00b686d069b4879cc4add1b7b1a8ae545783d97520", - ] -} diff --git a/terraform-iac/dev/setup/dev-setup.tf b/terraform-iac/dev/setup/dev-setup.tf deleted file mode 100644 index 5f177d12..00000000 --- a/terraform-iac/dev/setup/dev-setup.tf +++ /dev/null @@ -1,48 +0,0 @@ -terraform { - required_version = "1.7.0" - backend "s3" { - bucket = "terraform-state-storage-977306314792" - dynamodb_table = "terraform-state-lock-977306314792" - key = "hw-fargate-api/dev/setup.tfstate" - region = "us-west-2" - } - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5.33" - } - local = { - source = "hashicorp/local" - version = "~> 2.4" - } - } -} - -locals { - env = "dev" -} - -provider "aws" { - region = "us-west-2" - - default_tags { - tags = { - app = "hw-fargate-api" - repo = "https://github.com/byu-oit/hw-fargate-api" - data-sensitivity = "public" - env = local.env - resource-creator-email = "GitHub-Actions" - } - } -} - -variable "some_secret" { - type = string - description = "Some secret string that will be stored in SSM and mounted into the Fargate Tasks as an environment variable" -} - -module "setup" { - source = "../../modules/setup/" - env = local.env - some_secret = var.some_secret -} diff --git a/terraform-iac/modules/setup/setup.tf b/terraform-iac/modules/setup/setup.tf deleted file mode 100644 index 4c475c8b..00000000 --- a/terraform-iac/modules/setup/setup.tf +++ /dev/null @@ -1,41 +0,0 @@ -variable "env" { - type = string -} - -variable "some_secret" { - type = string -} - -locals { - name = "hw-fargate-api" - gh_org = "byu-oit" - gh_repo = "hw-fargate-api" -} - -module "acs" { - source = "github.com/byu-oit/terraform-aws-acs-info?ref=v4.0.0" -} - -resource "aws_ssm_parameter" "some_secret" { - name = "/${local.name}/${var.env}/some-secret" - type = "SecureString" - value = var.some_secret -} - -module "my_ecr" { - source = "github.com/byu-oit/terraform-aws-ecr?ref=v2.0.1" - name = "${local.name}-${var.env}" -} - -module "gha_role" { - source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc" - version = "5.44.0" - create_role = true - role_name = "${local.name}-${var.env}-gha" - provider_url = module.acs.github_oidc_provider.url - role_permissions_boundary_arn = module.acs.role_permissions_boundary.arn - role_policy_arns = module.acs.power_builder_policies[*].arn - oidc_fully_qualified_audiences = ["sts.amazonaws.com"] - oidc_subjects_with_wildcards = ["repo:${local.gh_org}/${local.gh_repo}:*"] -} - diff --git a/terraform-iac/prd/app/.terraform.lock.hcl b/terraform-iac/prd/app/.terraform.lock.hcl deleted file mode 100644 index 5c6d0d4c..00000000 --- a/terraform-iac/prd/app/.terraform.lock.hcl +++ /dev/null @@ -1,45 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "5.33.0" - constraints = ">= 3.69.0, >= 4.0.0, >= 4.2.0, ~> 5.33" - hashes = [ - "h1:kPm7PkwHh6tZ74pUj5C/QRPtauxdnzrEG2yhCJla/4o=", - "zh:10bb683f2a9306e881f51a971ad3b2bb654ac94b54945dd63769876a343b5b04", - "zh:3916406db958d5487ea0c2d2320012d1907c29e6d01bf693560fe05e38ee0601", - "zh:3cb54b76b2f9e30620f3281ab7fb20633b1e4584fc84cc4ecd5752546252e86f", - "zh:513bcfd6971482215c5d64725189f875cbcbd260c6d11f0da4d66321efd93a92", - "zh:545a34427ebe7a950056627e7c980c9ba16318bf086d300eb808ffc41c52b7a8", - "zh:5a44b90faf1c8e8269f389c04bfac25ad4766d26360e7f7ac371be12a442981c", - "zh:64e1ef83162f78538dccad8b035577738851395ba774d6919cb21eb465a21e3a", - "zh:7315c70cb6b7f975471ea6129474639a08c58c071afc95a36cfaa41a13ae7fb9", - "zh:9806faae58938d638b757f54414400be998dddb45edfd4a29c85e827111dc93d", - "zh:997fa2e2db242354d9f772fba7eb17bd6d18d28480291dd93f85a18ca0a67ac2", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:9f9e076b7e9752971f39eead6eda69df1c5e890c82ba2ca95f56974af7adfe79", - "zh:b1d6af047f96de7f97d38b685654f1aed4356d5060b0e696d87d0270f5d49f75", - "zh:bfb0654b6f34398aeffdf907b744af06733d168db610a2c5747263380f817ac7", - "zh:e25203ee8cedccf60bf450950d533d3c172509bda8af97dbc3bc817d2a503c57", - ] -} - -provider "registry.terraform.io/hashicorp/local" { - version = "2.4.1" - constraints = "~> 2.4" - hashes = [ - "h1:gpp25uNkYJYzJVnkyRr7RIBVfwLs9GSq2HNnFpTRBg0=", - "zh:244b445bf34ddbd167731cc6c6b95bbed231dc4493f8cc34bd6850cfe1f78528", - "zh:3c330bdb626123228a0d1b1daa6c741b4d5d484ab1c7ae5d2f48d4c9885cc5e9", - "zh:5ff5f9b791ddd7557e815449173f2db38d338e674d2d91800ac6e6d808de1d1d", - "zh:70206147104f4bf26ae67d730c995772f85bf23e28c2c2e7612c74f4dae3c46f", - "zh:75029676993accd6bef933c196b2fad51a9ec8a69a847dbbe96ec8ebf7926cdc", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7d48d5999fe1fcdae9295a7c3448ac1541f5a24c474bd82df6d4fa3732483f2b", - "zh:b766b38b027f0f84028244d1c2f990431a37d4fc3ac645962924554016507e77", - "zh:bfc7ad301dada204cf51c59d8bd6a9a87de5fddb42190b4d6ba157d6e08a1f10", - "zh:c902b527702a8c5e2c25a6637d07bbb1690cb6c1e63917a5f6dc460efd18d43f", - "zh:d68ae0e1070cf429c46586bc87580c3ed113f76241da2b6e4f1a8348126b3c46", - "zh:f4903fd89f7c92a346ae9e666c2d0b6884c4474ae109e9b4bd15e7efaa4bfc29", - ] -} diff --git a/terraform-iac/prd/app/prd-app.tf b/terraform-iac/prd/app/prd-app.tf deleted file mode 100644 index d5926195..00000000 --- a/terraform-iac/prd/app/prd-app.tf +++ /dev/null @@ -1,67 +0,0 @@ -terraform { - required_version = "1.7.0" - backend "s3" { - bucket = "terraform-state-storage-539738229445" - dynamodb_table = "terraform-state-lock-539738229445" - key = "hw-fargate-api/prd/app.tfstate" - region = "us-west-2" - } - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5.33" - } - local = { - source = "hashicorp/local" - version = "~> 2.4" - } - } -} - -locals { - env = "prd" -} - -provider "aws" { - region = "us-west-2" - - default_tags { - tags = { - app = "hw-fargate-api" - repo = "https://github.com/byu-oit/hw-fargate-api" - data-sensitivity = "public" - env = local.env - resource-creator-email = "GitHub-Actions" - } - } -} - -variable "image_tag" { - type = string -} - -module "app" { - source = "../../modules/app/" - env = local.env - image_tag = var.image_tag - codedeploy_termination_wait_time = 0 # you probably want to change this to 15 when your service is really prd - deploy_test_postman_collection = "../../../.postman/hw-fargate-api.postman_collection.json" - deploy_test_postman_environment = "../../../.postman/prd-tst.postman_environment.json" - log_retention_days = 7 -} - -output "url" { - value = module.app.url -} - -output "codedeploy_app_name" { - value = module.app.codedeploy_app_name -} - -output "codedeploy_deployment_group_name" { - value = module.app.codedeploy_deployment_group_name -} - -output "codedeploy_appspec_json_file" { - value = module.app.codedeploy_appspec_json_file -} diff --git a/terraform-iac/prd/setup/.terraform.lock.hcl b/terraform-iac/prd/setup/.terraform.lock.hcl deleted file mode 100644 index 70fead6f..00000000 --- a/terraform-iac/prd/setup/.terraform.lock.hcl +++ /dev/null @@ -1,45 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "5.33.0" - constraints = ">= 3.0.0, >= 4.0.0, >= 4.2.0, ~> 5.33" - hashes = [ - "h1:kPm7PkwHh6tZ74pUj5C/QRPtauxdnzrEG2yhCJla/4o=", - "zh:10bb683f2a9306e881f51a971ad3b2bb654ac94b54945dd63769876a343b5b04", - "zh:3916406db958d5487ea0c2d2320012d1907c29e6d01bf693560fe05e38ee0601", - "zh:3cb54b76b2f9e30620f3281ab7fb20633b1e4584fc84cc4ecd5752546252e86f", - "zh:513bcfd6971482215c5d64725189f875cbcbd260c6d11f0da4d66321efd93a92", - "zh:545a34427ebe7a950056627e7c980c9ba16318bf086d300eb808ffc41c52b7a8", - "zh:5a44b90faf1c8e8269f389c04bfac25ad4766d26360e7f7ac371be12a442981c", - "zh:64e1ef83162f78538dccad8b035577738851395ba774d6919cb21eb465a21e3a", - "zh:7315c70cb6b7f975471ea6129474639a08c58c071afc95a36cfaa41a13ae7fb9", - "zh:9806faae58938d638b757f54414400be998dddb45edfd4a29c85e827111dc93d", - "zh:997fa2e2db242354d9f772fba7eb17bd6d18d28480291dd93f85a18ca0a67ac2", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:9f9e076b7e9752971f39eead6eda69df1c5e890c82ba2ca95f56974af7adfe79", - "zh:b1d6af047f96de7f97d38b685654f1aed4356d5060b0e696d87d0270f5d49f75", - "zh:bfb0654b6f34398aeffdf907b744af06733d168db610a2c5747263380f817ac7", - "zh:e25203ee8cedccf60bf450950d533d3c172509bda8af97dbc3bc817d2a503c57", - ] -} - -provider "registry.terraform.io/hashicorp/local" { - version = "2.4.1" - constraints = "~> 2.4" - hashes = [ - "h1:gpp25uNkYJYzJVnkyRr7RIBVfwLs9GSq2HNnFpTRBg0=", - "zh:244b445bf34ddbd167731cc6c6b95bbed231dc4493f8cc34bd6850cfe1f78528", - "zh:3c330bdb626123228a0d1b1daa6c741b4d5d484ab1c7ae5d2f48d4c9885cc5e9", - "zh:5ff5f9b791ddd7557e815449173f2db38d338e674d2d91800ac6e6d808de1d1d", - "zh:70206147104f4bf26ae67d730c995772f85bf23e28c2c2e7612c74f4dae3c46f", - "zh:75029676993accd6bef933c196b2fad51a9ec8a69a847dbbe96ec8ebf7926cdc", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7d48d5999fe1fcdae9295a7c3448ac1541f5a24c474bd82df6d4fa3732483f2b", - "zh:b766b38b027f0f84028244d1c2f990431a37d4fc3ac645962924554016507e77", - "zh:bfc7ad301dada204cf51c59d8bd6a9a87de5fddb42190b4d6ba157d6e08a1f10", - "zh:c902b527702a8c5e2c25a6637d07bbb1690cb6c1e63917a5f6dc460efd18d43f", - "zh:d68ae0e1070cf429c46586bc87580c3ed113f76241da2b6e4f1a8348126b3c46", - "zh:f4903fd89f7c92a346ae9e666c2d0b6884c4474ae109e9b4bd15e7efaa4bfc29", - ] -} diff --git a/terraform-iac/prd/setup/prd-setup.tf b/terraform-iac/prd/setup/prd-setup.tf deleted file mode 100644 index 3f518c39..00000000 --- a/terraform-iac/prd/setup/prd-setup.tf +++ /dev/null @@ -1,48 +0,0 @@ -terraform { - required_version = "1.7.0" - backend "s3" { - bucket = "terraform-state-storage-539738229445" - dynamodb_table = "terraform-state-lock-539738229445" - key = "hw-fargate-api/prd/setup.tfstate" - region = "us-west-2" - } - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5.33" - } - local = { - source = "hashicorp/local" - version = "~> 2.4" - } - } -} - -locals { - env = "prd" -} - -provider "aws" { - region = "us-west-2" - - default_tags { - tags = { - app = "hw-fargate-api" - repo = "https://github.com/byu-oit/hw-fargate-api" - data-sensitivity = "public" - env = local.env - resource-creator-email = "GitHub-Actions" - } - } -} - -variable "some_secret" { - type = string - description = "Some secret string that will be stored in SSM and mounted into the Fargate Tasks as an environment variable" -} - -module "setup" { - source = "../../modules/setup/" - env = local.env - some_secret = var.some_secret -} diff --git a/terraform-iac/stg/app/.terraform.lock.hcl b/terraform-iac/stg/app/.terraform.lock.hcl deleted file mode 100644 index 5c6d0d4c..00000000 --- a/terraform-iac/stg/app/.terraform.lock.hcl +++ /dev/null @@ -1,45 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "5.33.0" - constraints = ">= 3.69.0, >= 4.0.0, >= 4.2.0, ~> 5.33" - hashes = [ - "h1:kPm7PkwHh6tZ74pUj5C/QRPtauxdnzrEG2yhCJla/4o=", - "zh:10bb683f2a9306e881f51a971ad3b2bb654ac94b54945dd63769876a343b5b04", - "zh:3916406db958d5487ea0c2d2320012d1907c29e6d01bf693560fe05e38ee0601", - "zh:3cb54b76b2f9e30620f3281ab7fb20633b1e4584fc84cc4ecd5752546252e86f", - "zh:513bcfd6971482215c5d64725189f875cbcbd260c6d11f0da4d66321efd93a92", - "zh:545a34427ebe7a950056627e7c980c9ba16318bf086d300eb808ffc41c52b7a8", - "zh:5a44b90faf1c8e8269f389c04bfac25ad4766d26360e7f7ac371be12a442981c", - "zh:64e1ef83162f78538dccad8b035577738851395ba774d6919cb21eb465a21e3a", - "zh:7315c70cb6b7f975471ea6129474639a08c58c071afc95a36cfaa41a13ae7fb9", - "zh:9806faae58938d638b757f54414400be998dddb45edfd4a29c85e827111dc93d", - "zh:997fa2e2db242354d9f772fba7eb17bd6d18d28480291dd93f85a18ca0a67ac2", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:9f9e076b7e9752971f39eead6eda69df1c5e890c82ba2ca95f56974af7adfe79", - "zh:b1d6af047f96de7f97d38b685654f1aed4356d5060b0e696d87d0270f5d49f75", - "zh:bfb0654b6f34398aeffdf907b744af06733d168db610a2c5747263380f817ac7", - "zh:e25203ee8cedccf60bf450950d533d3c172509bda8af97dbc3bc817d2a503c57", - ] -} - -provider "registry.terraform.io/hashicorp/local" { - version = "2.4.1" - constraints = "~> 2.4" - hashes = [ - "h1:gpp25uNkYJYzJVnkyRr7RIBVfwLs9GSq2HNnFpTRBg0=", - "zh:244b445bf34ddbd167731cc6c6b95bbed231dc4493f8cc34bd6850cfe1f78528", - "zh:3c330bdb626123228a0d1b1daa6c741b4d5d484ab1c7ae5d2f48d4c9885cc5e9", - "zh:5ff5f9b791ddd7557e815449173f2db38d338e674d2d91800ac6e6d808de1d1d", - "zh:70206147104f4bf26ae67d730c995772f85bf23e28c2c2e7612c74f4dae3c46f", - "zh:75029676993accd6bef933c196b2fad51a9ec8a69a847dbbe96ec8ebf7926cdc", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7d48d5999fe1fcdae9295a7c3448ac1541f5a24c474bd82df6d4fa3732483f2b", - "zh:b766b38b027f0f84028244d1c2f990431a37d4fc3ac645962924554016507e77", - "zh:bfc7ad301dada204cf51c59d8bd6a9a87de5fddb42190b4d6ba157d6e08a1f10", - "zh:c902b527702a8c5e2c25a6637d07bbb1690cb6c1e63917a5f6dc460efd18d43f", - "zh:d68ae0e1070cf429c46586bc87580c3ed113f76241da2b6e4f1a8348126b3c46", - "zh:f4903fd89f7c92a346ae9e666c2d0b6884c4474ae109e9b4bd15e7efaa4bfc29", - ] -} diff --git a/terraform-iac/stg/app/stg-app.tf b/terraform-iac/stg/app/stg-app.tf deleted file mode 100644 index 7c4cc2ad..00000000 --- a/terraform-iac/stg/app/stg-app.tf +++ /dev/null @@ -1,66 +0,0 @@ -terraform { - required_version = "1.7.0" - backend "s3" { - bucket = "terraform-state-storage-977306314792" - dynamodb_table = "terraform-state-lock-977306314792" - key = "hw-fargate-api/stg/app.tfstate" - region = "us-west-2" - } - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5.33" - } - local = { - source = "hashicorp/local" - version = "~> 2.4" - } - } -} - -locals { - env = "stg" -} - -provider "aws" { - region = "us-west-2" - default_tags { - tags = { - app = "hw-fargate-api" - repo = "https://github.com/byu-oit/hw-fargate-api" - data-sensitivity = "public" - env = local.env - resource-creator-email = "GitHub-Actions" - } - } -} - -variable "image_tag" { - type = string -} - -module "app" { - source = "../../modules/app/" - env = local.env - image_tag = var.image_tag - codedeploy_termination_wait_time = 0 - deploy_test_postman_collection = "../../../.postman/hw-fargate-api.postman_collection.json" - deploy_test_postman_environment = "../../../.postman/stg-tst.postman_environment.json" - log_retention_days = 1 -} - -output "url" { - value = module.app.url -} - -output "codedeploy_app_name" { - value = module.app.codedeploy_app_name -} - -output "codedeploy_deployment_group_name" { - value = module.app.codedeploy_deployment_group_name -} - -output "codedeploy_appspec_json_file" { - value = module.app.codedeploy_appspec_json_file -} diff --git a/terraform-iac/stg/setup/.terraform.lock.hcl b/terraform-iac/stg/setup/.terraform.lock.hcl deleted file mode 100644 index 70fead6f..00000000 --- a/terraform-iac/stg/setup/.terraform.lock.hcl +++ /dev/null @@ -1,45 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "5.33.0" - constraints = ">= 3.0.0, >= 4.0.0, >= 4.2.0, ~> 5.33" - hashes = [ - "h1:kPm7PkwHh6tZ74pUj5C/QRPtauxdnzrEG2yhCJla/4o=", - "zh:10bb683f2a9306e881f51a971ad3b2bb654ac94b54945dd63769876a343b5b04", - "zh:3916406db958d5487ea0c2d2320012d1907c29e6d01bf693560fe05e38ee0601", - "zh:3cb54b76b2f9e30620f3281ab7fb20633b1e4584fc84cc4ecd5752546252e86f", - "zh:513bcfd6971482215c5d64725189f875cbcbd260c6d11f0da4d66321efd93a92", - "zh:545a34427ebe7a950056627e7c980c9ba16318bf086d300eb808ffc41c52b7a8", - "zh:5a44b90faf1c8e8269f389c04bfac25ad4766d26360e7f7ac371be12a442981c", - "zh:64e1ef83162f78538dccad8b035577738851395ba774d6919cb21eb465a21e3a", - "zh:7315c70cb6b7f975471ea6129474639a08c58c071afc95a36cfaa41a13ae7fb9", - "zh:9806faae58938d638b757f54414400be998dddb45edfd4a29c85e827111dc93d", - "zh:997fa2e2db242354d9f772fba7eb17bd6d18d28480291dd93f85a18ca0a67ac2", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:9f9e076b7e9752971f39eead6eda69df1c5e890c82ba2ca95f56974af7adfe79", - "zh:b1d6af047f96de7f97d38b685654f1aed4356d5060b0e696d87d0270f5d49f75", - "zh:bfb0654b6f34398aeffdf907b744af06733d168db610a2c5747263380f817ac7", - "zh:e25203ee8cedccf60bf450950d533d3c172509bda8af97dbc3bc817d2a503c57", - ] -} - -provider "registry.terraform.io/hashicorp/local" { - version = "2.4.1" - constraints = "~> 2.4" - hashes = [ - "h1:gpp25uNkYJYzJVnkyRr7RIBVfwLs9GSq2HNnFpTRBg0=", - "zh:244b445bf34ddbd167731cc6c6b95bbed231dc4493f8cc34bd6850cfe1f78528", - "zh:3c330bdb626123228a0d1b1daa6c741b4d5d484ab1c7ae5d2f48d4c9885cc5e9", - "zh:5ff5f9b791ddd7557e815449173f2db38d338e674d2d91800ac6e6d808de1d1d", - "zh:70206147104f4bf26ae67d730c995772f85bf23e28c2c2e7612c74f4dae3c46f", - "zh:75029676993accd6bef933c196b2fad51a9ec8a69a847dbbe96ec8ebf7926cdc", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7d48d5999fe1fcdae9295a7c3448ac1541f5a24c474bd82df6d4fa3732483f2b", - "zh:b766b38b027f0f84028244d1c2f990431a37d4fc3ac645962924554016507e77", - "zh:bfc7ad301dada204cf51c59d8bd6a9a87de5fddb42190b4d6ba157d6e08a1f10", - "zh:c902b527702a8c5e2c25a6637d07bbb1690cb6c1e63917a5f6dc460efd18d43f", - "zh:d68ae0e1070cf429c46586bc87580c3ed113f76241da2b6e4f1a8348126b3c46", - "zh:f4903fd89f7c92a346ae9e666c2d0b6884c4474ae109e9b4bd15e7efaa4bfc29", - ] -} diff --git a/terraform-iac/stg/setup/stg-setup.tf b/terraform-iac/stg/setup/stg-setup.tf deleted file mode 100644 index 81bd5a12..00000000 --- a/terraform-iac/stg/setup/stg-setup.tf +++ /dev/null @@ -1,48 +0,0 @@ -terraform { - required_version = "1.7.0" - backend "s3" { - bucket = "terraform-state-storage-977306314792" - dynamodb_table = "terraform-state-lock-977306314792" - key = "hw-fargate-api/stg/setup.tfstate" - region = "us-west-2" - } - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5.33" - } - local = { - source = "hashicorp/local" - version = "~> 2.4" - } - } -} - -locals { - env = "stg" -} - -provider "aws" { - region = "us-west-2" - - default_tags { - tags = { - app = "hw-fargate-api" - repo = "https://github.com/byu-oit/hw-fargate-api" - data-sensitivity = "public" - env = local.env - resource-creator-email = "GitHub-Actions" - } - } -} - -variable "some_secret" { - type = string - description = "Some secret string that will be stored in SSM and mounted into the Fargate Tasks as an environment variable" -} - -module "setup" { - source = "../../modules/setup/" - env = local.env - some_secret = var.some_secret -} diff --git a/terraform/app/.terraform.lock.hcl b/terraform/app/.terraform.lock.hcl new file mode 100644 index 00000000..68d3c8c8 --- /dev/null +++ b/terraform/app/.terraform.lock.hcl @@ -0,0 +1,38 @@ +# This file is maintained automatically by "tofu init". +# Manual edits may be lost in future updates. + +provider "registry.opentofu.org/hashicorp/aws" { + version = "5.70.0" + constraints = ">= 4.0.0, >= 4.2.0, ~> 5.70" + hashes = [ + "h1:BK3oUZ53otmfH2H018+RwBUr49+Iy3TATa1Bk++O9u4=", + "zh:13e157acaa5717e9c1fef052abc84cdf9d5ba96ca0a4b79150b09b2770f3c1e8", + "zh:157ec2424b34ba3a2208ce39763528131d5600daffd72e8f47b08cbd7feebbd4", + "zh:2ab7fc0ad9b5acebd43214f2decd2c1ce3ffb620f48e57ff32dd424bdbd27c75", + "zh:470934c4f5b4c311b06c365bc6894748b1ea4b3e1e38ffe7a8038a29c3264b03", + "zh:47eba28f2c35d71d73dd2d0c2a09c89bdcc99136a5484904b59cc9c299f1a5aa", + "zh:59894534729ed071176f794d25d1cb7aecdcffd6825fbb6100e815ba6e12ec10", + "zh:72f9efbb883adaaef777c49d4768e08a922e9c75130665fa029f9eb1f350f839", + "zh:89464abba42f916af58cd204915db81a9f329d5df584813eac7bf3cf610bfcac", + "zh:c101a307d4cc21d2def1040aef5c07e1b3677eafc182cf3ba23ec506b1137b5e", + "zh:cad9a818e27739e0dcfb78c9170ce5e1b4619d48be7ec529618198633ec5bb63", + ] +} + +provider "registry.opentofu.org/hashicorp/local" { + version = "2.5.2" + constraints = "~> 2.5" + hashes = [ + "h1:BUewjbhAQWuGHH36SozCTuESFJhbiHMaCFLnVVNZ1Es=", + "zh:25b95b76ceaa62b5c95f6de2fa6e6242edbf51e7fc6c057b7f7101aa4081f64f", + "zh:3c974fdf6b42ca6f93309cf50951f345bfc5726ec6013b8832bcd3be0eb3429e", + "zh:5de843bf6d903f5cca97ce1061e2e06b6441985c68d013eabd738a9e4b828278", + "zh:86beead37c7b4f149a54d2ae633c99ff92159c748acea93ff0f3603d6b4c9f4f", + "zh:8e52e81d3dc50c3f79305d257da7fde7af634fed65e6ab5b8e214166784a720e", + "zh:9882f444c087c69559873b2d72eec406a40ede21acb5ac334d6563bf3a2387df", + "zh:a4484193d110da4a06c7bffc44cc6b61d3b5e881cd51df2a83fdda1a36ea25d2", + "zh:a53342426d173e29d8ee3106cb68abecdf4be301a3f6589e4e8d42015befa7da", + "zh:d25ef2aef6a9004363fc6db80305d30673fc1f7dd0b980d41d863b12dacd382a", + "zh:fa2d522fb323e2121f65b79709fd596514b293d816a1d969af8f72d108888e4c", + ] +} diff --git a/terraform/app/cpy.tfvars b/terraform/app/cpy.tfvars new file mode 100644 index 00000000..12e4599d --- /dev/null +++ b/terraform/app/cpy.tfvars @@ -0,0 +1,8 @@ +env = "cpy" +aws_account_id = "539738229445" + +# image_tag provided by pipeline (or user) +codedeploy_termination_wait_time = 0 +deploy_test_postman_collection = "../../.postman/hw-fargate-api.postman_collection.json" +deploy_test_postman_environment = "../../.postman/cpy-tst.postman_environment.json" +log_retention_days = 7 diff --git a/terraform/app/dev.tfvars b/terraform/app/dev.tfvars new file mode 100644 index 00000000..fdaa50a0 --- /dev/null +++ b/terraform/app/dev.tfvars @@ -0,0 +1,8 @@ +env = "dev" +aws_account_id = "977306314792" + +# image_tag provided by pipeline (or user) +codedeploy_termination_wait_time = 0 +deploy_test_postman_collection = "../../.postman/hw-fargate-api.postman_collection.json" +deploy_test_postman_environment = "../../.postman/dev-tst.postman_environment.json" +log_retention_days = 1 diff --git a/terraform-iac/modules/app/main.tf b/terraform/app/main.tf similarity index 85% rename from terraform-iac/modules/app/main.tf rename to terraform/app/main.tf index bfde79f0..8d9bf7ab 100644 --- a/terraform-iac/modules/app/main.tf +++ b/terraform/app/main.tf @@ -1,5 +1,48 @@ +terraform { + required_version = "~> 1.8" + backend "s3" { + bucket = "terraform-state-storage-${var.aws_account_id}" + dynamodb_table = "terraform-state-lock-${var.aws_account_id}" + key = "${local.name}/${var.env}/app.tfstate" + encrypt = true + region = "us-west-2" + } + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.70" + } + local = { + source = "hashicorp/local" + version = "~> 2.5" + } + } +} + +provider "aws" { + region = "us-west-2" + + allowed_account_ids = [var.aws_account_id] + + default_tags { + tags = { + app = local.name + repo = "https://github.com/${local.gh_org}/${local.gh_repo}" + data-sensitivity = "public" + env = var.env + resource-creator-email = "GitHub-Actions" + } + } +} + variable "env" { - type = string + type = string + description = "Environment: dev, stg, cpy, or prd" +} + +variable "aws_account_id" { + type = string + description = "The 12-digit number that uniquely identifies an AWS account." } variable "image_tag" { @@ -23,8 +66,9 @@ variable "log_retention_days" { } locals { - name = "hw-fargate-api" - env = var.env + name = "hw-fargate-api" + gh_org = "byu-oit" + gh_repo = "hw-fargate-api" } data "aws_ecr_repository" "my_ecr_repo" { @@ -32,7 +76,7 @@ data "aws_ecr_repository" "my_ecr_repo" { } module "acs" { - source = "github.com/byu-oit/terraform-aws-acs-info?ref=v4.0.0" + source = "github.com/byu-oit/terraform-aws-acs-info?ref=v4.1.0" } module "my_fargate_api" { diff --git a/terraform/app/prd.tfvars b/terraform/app/prd.tfvars new file mode 100644 index 00000000..03bdcd50 --- /dev/null +++ b/terraform/app/prd.tfvars @@ -0,0 +1,8 @@ +env = "prd" +aws_account_id = "539738229445" + +# image_tag provided by pipeline (or user) +codedeploy_termination_wait_time = 0 # You probably want to change this to 15 when your service is really prd +deploy_test_postman_collection = "../../.postman/hw-fargate-api.postman_collection.json" +deploy_test_postman_environment = "../../.postman/prd-tst.postman_environment.json" +log_retention_days = 7 diff --git a/terraform/app/stg.tfvars b/terraform/app/stg.tfvars new file mode 100644 index 00000000..ec4fc212 --- /dev/null +++ b/terraform/app/stg.tfvars @@ -0,0 +1,8 @@ +env = "stg" +aws_account_id = "977306314792" + +# image_tag provided by pipeline (or user) +codedeploy_termination_wait_time = 0 +deploy_test_postman_collection = "../../.postman/hw-fargate-api.postman_collection.json" +deploy_test_postman_environment = "../../.postman/stg-tst.postman_environment.json" +log_retention_days = 1 diff --git a/terraform/setup/.terraform.lock.hcl b/terraform/setup/.terraform.lock.hcl new file mode 100644 index 00000000..80e8a854 --- /dev/null +++ b/terraform/setup/.terraform.lock.hcl @@ -0,0 +1,38 @@ +# This file is maintained automatically by "tofu init". +# Manual edits may be lost in future updates. + +provider "registry.opentofu.org/hashicorp/aws" { + version = "5.70.0" + constraints = ">= 3.0.0, >= 4.0.0, >= 4.2.0, ~> 5.70" + hashes = [ + "h1:BK3oUZ53otmfH2H018+RwBUr49+Iy3TATa1Bk++O9u4=", + "zh:13e157acaa5717e9c1fef052abc84cdf9d5ba96ca0a4b79150b09b2770f3c1e8", + "zh:157ec2424b34ba3a2208ce39763528131d5600daffd72e8f47b08cbd7feebbd4", + "zh:2ab7fc0ad9b5acebd43214f2decd2c1ce3ffb620f48e57ff32dd424bdbd27c75", + "zh:470934c4f5b4c311b06c365bc6894748b1ea4b3e1e38ffe7a8038a29c3264b03", + "zh:47eba28f2c35d71d73dd2d0c2a09c89bdcc99136a5484904b59cc9c299f1a5aa", + "zh:59894534729ed071176f794d25d1cb7aecdcffd6825fbb6100e815ba6e12ec10", + "zh:72f9efbb883adaaef777c49d4768e08a922e9c75130665fa029f9eb1f350f839", + "zh:89464abba42f916af58cd204915db81a9f329d5df584813eac7bf3cf610bfcac", + "zh:c101a307d4cc21d2def1040aef5c07e1b3677eafc182cf3ba23ec506b1137b5e", + "zh:cad9a818e27739e0dcfb78c9170ce5e1b4619d48be7ec529618198633ec5bb63", + ] +} + +provider "registry.opentofu.org/hashicorp/local" { + version = "2.5.2" + constraints = "~> 2.5" + hashes = [ + "h1:BUewjbhAQWuGHH36SozCTuESFJhbiHMaCFLnVVNZ1Es=", + "zh:25b95b76ceaa62b5c95f6de2fa6e6242edbf51e7fc6c057b7f7101aa4081f64f", + "zh:3c974fdf6b42ca6f93309cf50951f345bfc5726ec6013b8832bcd3be0eb3429e", + "zh:5de843bf6d903f5cca97ce1061e2e06b6441985c68d013eabd738a9e4b828278", + "zh:86beead37c7b4f149a54d2ae633c99ff92159c748acea93ff0f3603d6b4c9f4f", + "zh:8e52e81d3dc50c3f79305d257da7fde7af634fed65e6ab5b8e214166784a720e", + "zh:9882f444c087c69559873b2d72eec406a40ede21acb5ac334d6563bf3a2387df", + "zh:a4484193d110da4a06c7bffc44cc6b61d3b5e881cd51df2a83fdda1a36ea25d2", + "zh:a53342426d173e29d8ee3106cb68abecdf4be301a3f6589e4e8d42015befa7da", + "zh:d25ef2aef6a9004363fc6db80305d30673fc1f7dd0b980d41d863b12dacd382a", + "zh:fa2d522fb323e2121f65b79709fd596514b293d816a1d969af8f72d108888e4c", + ] +} diff --git a/terraform/setup/cpy.tfvars b/terraform/setup/cpy.tfvars new file mode 100644 index 00000000..1b35a614 --- /dev/null +++ b/terraform/setup/cpy.tfvars @@ -0,0 +1,2 @@ +env = "cpy" +aws_account_id = "539738229445" diff --git a/terraform/setup/dev.tfvars b/terraform/setup/dev.tfvars new file mode 100644 index 00000000..f00c1e62 --- /dev/null +++ b/terraform/setup/dev.tfvars @@ -0,0 +1,2 @@ +env = "dev" +aws_account_id = "977306314792" diff --git a/terraform/setup/prd.tfvars b/terraform/setup/prd.tfvars new file mode 100644 index 00000000..c1e37564 --- /dev/null +++ b/terraform/setup/prd.tfvars @@ -0,0 +1,2 @@ +env = "prd" +aws_account_id = "539738229445" diff --git a/terraform/setup/setup.tf b/terraform/setup/setup.tf new file mode 100644 index 00000000..0479ca8b --- /dev/null +++ b/terraform/setup/setup.tf @@ -0,0 +1,85 @@ +terraform { + required_version = "~> 1.8" + backend "s3" { + bucket = "terraform-state-storage-${var.aws_account_id}" + dynamodb_table = "terraform-state-lock-${var.aws_account_id}" + key = "${local.name}/${var.env}/setup.tfstate" + encrypt = true + region = "us-west-2" + } + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.70" + } + local = { + source = "hashicorp/local" + version = "~> 2.5" + } + } +} + +provider "aws" { + region = "us-west-2" + + allowed_account_ids = [var.aws_account_id] + + default_tags { + tags = { + app = local.name + repo = "https://github.com/${local.gh_org}/${local.gh_repo}" + data-sensitivity = "public" + env = var.env + resource-creator-email = "GitHub-Actions" + } + } +} + +variable "env" { + type = string + description = "Environment: dev, stg, cpy, or prd" +} + +variable "aws_account_id" { + type = string + description = "The 12-digit number that uniquely identifies an AWS account." +} + +variable "some_secret" { + type = string + description = "Some secret string that will be stored in SSM and mounted into the Fargate Tasks as an environment variable" +} + +locals { + name = "hw-fargate-api" + gh_org = "byu-oit" + gh_repo = "hw-fargate-api" +} + +module "acs" { + source = "github.com/byu-oit/terraform-aws-acs-info?ref=v4.1.0" +} + +resource "aws_ssm_parameter" "some_secret" { + name = "/${local.name}/${var.env}/some-secret" + type = "SecureString" + value = var.some_secret +} + +module "my_ecr" { + source = "github.com/byu-oit/terraform-aws-ecr?ref=v2.0.1" + name = "${local.name}-${var.env}" +} + +module "gha_role" { + source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc" + version = "5.46.0" + create_role = true + role_name = "${local.name}-${var.env}-gha" + provider_url = module.acs.github_oidc_provider.url + role_permissions_boundary_arn = module.acs.role_permissions_boundary.arn + role_policy_arns = module.acs.power_builder_policies[*].arn + oidc_fully_qualified_audiences = ["sts.amazonaws.com"] + oidc_subjects_with_wildcards = ["repo:${local.gh_org}/${local.gh_repo}:*"] +} + diff --git a/terraform/setup/stg.tfvars b/terraform/setup/stg.tfvars new file mode 100644 index 00000000..a53ccc4d --- /dev/null +++ b/terraform/setup/stg.tfvars @@ -0,0 +1,2 @@ +env = "stg" +aws_account_id = "977306314792"