From a7dfa3c5f7608f5c27661a365f122a1426238466 Mon Sep 17 00:00:00 2001 From: Gary Crye Date: Wed, 12 Jul 2023 13:00:32 -0600 Subject: [PATCH 01/14] Flatten TF module structure via `.tfvars`/`.tfbackend` --- .github/workflows/ci-iac.yml | 18 ++--- .github/workflows/deploy.yml | 20 +++--- .../{cpy => }/app/.terraform.lock.hcl | 0 terraform-iac/app/cpy.s3.tfbackend | 3 + terraform-iac/app/cpy.tfvars | 7 ++ terraform-iac/app/dev.s3.tfbackend | 3 + terraform-iac/app/dev.tfvars | 7 ++ terraform-iac/{modules => }/app/main.tf | 38 ++++++++++- terraform-iac/app/prd.s3.tfbackend | 3 + terraform-iac/app/prd.tfvars | 7 ++ terraform-iac/app/stg.s3.tfbackend | 3 + terraform-iac/app/stg.tfvars | 7 ++ terraform-iac/cpy/app/cpy-app.tf | 67 ------------------- terraform-iac/cpy/setup/cpy-setup.tf | 48 ------------- terraform-iac/dev/app/.terraform.lock.hcl | 45 ------------- terraform-iac/dev/app/dev-app.tf | 67 ------------------- terraform-iac/dev/setup/.terraform.lock.hcl | 45 ------------- terraform-iac/dev/setup/dev-setup.tf | 48 ------------- terraform-iac/prd/app/.terraform.lock.hcl | 45 ------------- terraform-iac/prd/app/prd-app.tf | 67 ------------------- terraform-iac/prd/setup/.terraform.lock.hcl | 45 ------------- terraform-iac/prd/setup/prd-setup.tf | 48 ------------- .../{cpy => }/setup/.terraform.lock.hcl | 0 terraform-iac/setup/cpy.s3.tfbackend | 3 + terraform-iac/setup/dev.s3.tfbackend | 3 + terraform-iac/setup/prd.s3.tfbackend | 3 + terraform-iac/{modules => }/setup/setup.tf | 39 ++++++++++- terraform-iac/setup/stg.s3.tfbackend | 3 + terraform-iac/stg/app/.terraform.lock.hcl | 45 ------------- terraform-iac/stg/app/stg-app.tf | 66 ------------------ terraform-iac/stg/setup/.terraform.lock.hcl | 45 ------------- terraform-iac/stg/setup/stg-setup.tf | 48 ------------- 32 files changed, 140 insertions(+), 756 deletions(-) rename terraform-iac/{cpy => }/app/.terraform.lock.hcl (100%) create mode 100644 terraform-iac/app/cpy.s3.tfbackend create mode 100644 terraform-iac/app/cpy.tfvars create mode 100644 terraform-iac/app/dev.s3.tfbackend create mode 100644 terraform-iac/app/dev.tfvars rename terraform-iac/{modules => }/app/main.tf (89%) create mode 100644 terraform-iac/app/prd.s3.tfbackend create mode 100644 terraform-iac/app/prd.tfvars create mode 100644 terraform-iac/app/stg.s3.tfbackend create mode 100644 terraform-iac/app/stg.tfvars delete mode 100644 terraform-iac/cpy/app/cpy-app.tf delete mode 100644 terraform-iac/cpy/setup/cpy-setup.tf delete mode 100644 terraform-iac/dev/app/.terraform.lock.hcl delete mode 100644 terraform-iac/dev/app/dev-app.tf delete mode 100644 terraform-iac/dev/setup/.terraform.lock.hcl delete mode 100644 terraform-iac/dev/setup/dev-setup.tf delete mode 100644 terraform-iac/prd/app/.terraform.lock.hcl delete mode 100644 terraform-iac/prd/app/prd-app.tf delete mode 100644 terraform-iac/prd/setup/.terraform.lock.hcl delete mode 100644 terraform-iac/prd/setup/prd-setup.tf rename terraform-iac/{cpy => }/setup/.terraform.lock.hcl (100%) create mode 100644 terraform-iac/setup/cpy.s3.tfbackend create mode 100644 terraform-iac/setup/dev.s3.tfbackend create mode 100644 terraform-iac/setup/prd.s3.tfbackend rename terraform-iac/{modules => }/setup/setup.tf (53%) create mode 100644 terraform-iac/setup/stg.s3.tfbackend delete mode 100644 terraform-iac/stg/app/.terraform.lock.hcl delete mode 100644 terraform-iac/stg/app/stg-app.tf delete mode 100644 terraform-iac/stg/setup/.terraform.lock.hcl delete mode 100644 terraform-iac/stg/setup/stg-setup.tf diff --git a/.github/workflows/ci-iac.yml b/.github/workflows/ci-iac.yml index ceac255c..500e864c 100644 --- a/.github/workflows/ci-iac.yml +++ b/.github/workflows/ci-iac.yml @@ -9,7 +9,7 @@ on: - '.github/workflows/ci-iac.yml' env: - tf_version: "1.7.0" # must match value in terraform-iac/*/app/main.tf + tf_version: "1.7.0" # must match value in terraform-iac/app/main.tf jobs: env: @@ -24,7 +24,6 @@ jobs: "env":[ { "environment_name":"dev", - "tf_working_dir":"./terraform-iac/dev/app", "aws_account":"977306314792", "aws_gha_role":"hw-fargate-api-dev-gha" } @@ -39,7 +38,6 @@ jobs: "env":[ { "environment_name":"stg", - "tf_working_dir":"./terraform-iac/stg/app", "aws_account":"977306314792", "aws_gha_role":"hw-fargate-api-stg-gha" } @@ -54,13 +52,11 @@ jobs: "env":[ { "environment_name":"prd", - "tf_working_dir":"./terraform-iac/prd/app", "aws_account":"539738229445", "aws_gha_role":"hw-fargate-api-prd-gha" }, { "environment_name":"cpy", - "tf_working_dir":"./terraform-iac/cpy/app", "aws_account":"539738229445", "aws_gha_role":"hw-fargate-api-cpy-gha" } @@ -116,18 +112,18 @@ jobs: terraform_version: ${{ env.tf_version }} - name: Terraform Init - working-directory: ${{ matrix.env.tf_working_dir }} - run: terraform init + working-directory: terraform-iac/app + run: terraform init -backend-config=${{ matrix.env.environment_name }}.s3.tfbackend - name: Terraform Plan - working-directory: ${{ matrix.env.tf_working_dir }} - run: terraform plan -var 'image_tag=ci_test' -input=false -out plan -lock=false + working-directory: terraform-iac/app + run: terraform plan -var-file=${{ matrix.env.environment_name }}.tfvars -var 'image_tag=ci_test' -input=false -out plan -lock=false - name: Comment Terraform Plan uses: byu-oit/github-action-tf-plan-comment@v1 with: github-token: ${{ secrets.GITHUB_TOKEN }} - working-directory: ${{ matrix.env.tf_working_dir }} + working-directory: terraform-iac/app terraform-plan-file: plan - name: Analyze Terraform Plan @@ -135,7 +131,7 @@ jobs: if: github.repository_owner == 'byu-oit' # If you're at BYU, but outside the byu-oit GitHub org, you may be able to obtain credentials by contacting cloudoffice@byu.edu with: - working-directory: ${{ matrix.env.tf_working_dir }} + working-directory: terraform-iac/app terraform-plan-file: plan divvycloud-username: ${{ secrets.DIVVYCLOUD_USERNAME }} divvycloud-password: ${{ secrets.DIVVYCLOUD_PASSWORD }} diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 69fa1b83..a324a1f9 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -10,7 +10,7 @@ on: - '.gitignore' env: node_version: "18.x" - tf_version: "1.7.0" # must match value in terraform-iac/*/app/main.tf + tf_version: "1.7.0" # must match value in terraform-iac/app/main.tf FORCE_COLOR: 3 concurrency: ${{ github.ref }} jobs: @@ -27,7 +27,6 @@ jobs: { "environment_name":"dev", "ecr_repo_name":"hw-fargate-api-dev", - "tf_working_dir":"./terraform-iac/dev/app", "aws_account":"977306314792", "aws_gha_role":"hw-fargate-api-dev-gha", "rfc_key_name":"standard_change_sandbox_client_key", @@ -46,7 +45,6 @@ jobs: { "environment_name":"stg", "ecr_repo_name":"hw-fargate-api-stg", - "tf_working_dir":"./terraform-iac/stg/app", "aws_account":"977306314792", "aws_gha_role":"hw-fargate-api-stg-gha", "rfc_key_name":"standard_change_sandbox_client_key", @@ -69,7 +67,6 @@ jobs: { "environment_name":"prd", "ecr_repo_name":"hw-fargate-api-prd", - "tf_working_dir":"./terraform-iac/prd/app", "aws_account":"539738229445", "aws_gha_role":"hw-fargate-api-prd-gha", "rfc_key_name":"standard_change_sandbox_client_key", @@ -79,7 +76,6 @@ jobs: { "environment_name":"cpy", "ecr_repo_name":"hw-fargate-api-cpy", - "tf_working_dir":"./terraform-iac/cpy/app", "aws_account":"539738229445", "aws_gha_role":"hw-fargate-api-cpy-gha", "rfc_key_name":"standard_change_sandbox_client_key", @@ -246,19 +242,19 @@ jobs: terraform_wrapper: false - name: Terraform Init - working-directory: ${{ matrix.env.tf_working_dir }} - run: terraform init + working-directory: terraform-iac/app + run: terraform init -backend-config=${{ matrix.env.environment_name }}.s3.tfbackend - name: Terraform Plan - working-directory: ${{ matrix.env.tf_working_dir }} - run: terraform plan -var 'image_tag=${{ steps.date.outputs.timestamp }}' -input=false -out=plan + working-directory: terraform-iac/app + run: terraform plan -var-file=${{ matrix.env.environment_name }}.tfvars -var 'image_tag=${{ steps.date.outputs.timestamp }}' -input=false -out=plan - name: Analyze Terraform Plan uses: byu-oit/github-action-tf-plan-analyzer@v2 if: github.repository_owner == 'byu-oit' # If you're at BYU, but outside the byu-oit GitHub org, you may be able to obtain credentials by contacting cloudoffice@byu.edu with: - working-directory: ${{ matrix.env.tf_working_dir }} + working-directory: terraform-iac/app terraform-plan-file: plan divvycloud-username: ${{ secrets.DIVVYCLOUD_USERNAME }} divvycloud-password: ${{ secrets.DIVVYCLOUD_PASSWORD }} @@ -272,12 +268,12 @@ jobs: template-id: ${{ matrix.env.rfc_template_id }} - name: Terraform Apply - working-directory: ${{ matrix.env.tf_working_dir }} + working-directory: terraform-iac/app run: terraform apply plan - name: Get Terraform Outputs id: terraform-outputs - working-directory: ${{ matrix.env.tf_working_dir }} + working-directory: terraform-iac/app run: | echo "codedeploy_app_name=$(terraform output -raw codedeploy_app_name)" >> $GITHUB_OUTPUT echo "codedeploy_deployment_group_name=$(terraform output -raw codedeploy_deployment_group_name)" >> $GITHUB_OUTPUT diff --git a/terraform-iac/cpy/app/.terraform.lock.hcl b/terraform-iac/app/.terraform.lock.hcl similarity index 100% rename from terraform-iac/cpy/app/.terraform.lock.hcl rename to terraform-iac/app/.terraform.lock.hcl diff --git a/terraform-iac/app/cpy.s3.tfbackend b/terraform-iac/app/cpy.s3.tfbackend new file mode 100644 index 00000000..866b9a42 --- /dev/null +++ b/terraform-iac/app/cpy.s3.tfbackend @@ -0,0 +1,3 @@ +bucket = "terraform-state-storage-539738229445" +dynamodb_table = "terraform-state-lock-539738229445" +key = "hw-fargate-api/cpy/app.tfstate" diff --git a/terraform-iac/app/cpy.tfvars b/terraform-iac/app/cpy.tfvars new file mode 100644 index 00000000..92fd9aef --- /dev/null +++ b/terraform-iac/app/cpy.tfvars @@ -0,0 +1,7 @@ +env = "cpy" + +# image_tag provided by pipeline (or user) +codedeploy_termination_wait_time = 0 +deploy_test_postman_collection = "../../.postman/hw-fargate-api.postman_collection.json" +deploy_test_postman_environment = "../../.postman/cpy-tst.postman_environment.json" +log_retention_days = 7 diff --git a/terraform-iac/app/dev.s3.tfbackend b/terraform-iac/app/dev.s3.tfbackend new file mode 100644 index 00000000..bd58b23c --- /dev/null +++ b/terraform-iac/app/dev.s3.tfbackend @@ -0,0 +1,3 @@ +bucket = "terraform-state-storage-977306314792" +dynamodb_table = "terraform-state-lock-977306314792" +key = "hw-fargate-api/dev/app.tfstate" diff --git a/terraform-iac/app/dev.tfvars b/terraform-iac/app/dev.tfvars new file mode 100644 index 00000000..af9c08ee --- /dev/null +++ b/terraform-iac/app/dev.tfvars @@ -0,0 +1,7 @@ +env = "dev" + +# image_tag provided by pipeline (or user) +codedeploy_termination_wait_time = 0 +deploy_test_postman_collection = "../../.postman/hw-fargate-api.postman_collection.json" +deploy_test_postman_environment = "../../.postman/dev-tst.postman_environment.json" +log_retention_days = 1 diff --git a/terraform-iac/modules/app/main.tf b/terraform-iac/app/main.tf similarity index 89% rename from terraform-iac/modules/app/main.tf rename to terraform-iac/app/main.tf index bfde79f0..ca6e8b0f 100644 --- a/terraform-iac/modules/app/main.tf +++ b/terraform-iac/app/main.tf @@ -1,3 +1,36 @@ +terraform { + required_version = "1.7.0" + backend "s3" { + # The rest of the backend config is passed in + # https://developer.hashicorp.com/terraform/language/settings/backends/configuration#partial-configuration + region = "us-west-2" + } + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4.65" + } + local = { + source = "hashicorp/local" + version = "~> 2.4" + } + } +} + +provider "aws" { + region = "us-west-2" + + default_tags { + tags = { + app = local.name + repo = "https://github.com/${local.gh_org}/${local.gh_repo}" + data-sensitivity = "public" + env = var.env + resource-creator-email = "GitHub-Actions" + } + } +} + variable "env" { type = string } @@ -23,8 +56,9 @@ variable "log_retention_days" { } locals { - name = "hw-fargate-api" - env = var.env + name = "hw-fargate-api" + gh_org = "byu-oit" + gh_repo = "hw-fargate-api" } data "aws_ecr_repository" "my_ecr_repo" { diff --git a/terraform-iac/app/prd.s3.tfbackend b/terraform-iac/app/prd.s3.tfbackend new file mode 100644 index 00000000..6afe3b6a --- /dev/null +++ b/terraform-iac/app/prd.s3.tfbackend @@ -0,0 +1,3 @@ +bucket = "terraform-state-storage-539738229445" +dynamodb_table = "terraform-state-lock-539738229445" +key = "hw-fargate-api/prd/app.tfstate" diff --git a/terraform-iac/app/prd.tfvars b/terraform-iac/app/prd.tfvars new file mode 100644 index 00000000..0c21686b --- /dev/null +++ b/terraform-iac/app/prd.tfvars @@ -0,0 +1,7 @@ +env = "prd" + +# image_tag provided by pipeline (or user) +codedeploy_termination_wait_time = 0 # You probably want to change this to 15 when your service is really prd +deploy_test_postman_collection = "../../.postman/hw-fargate-api.postman_collection.json" +deploy_test_postman_environment = "../../.postman/prd-tst.postman_environment.json" +log_retention_days = 7 diff --git a/terraform-iac/app/stg.s3.tfbackend b/terraform-iac/app/stg.s3.tfbackend new file mode 100644 index 00000000..7bd08010 --- /dev/null +++ b/terraform-iac/app/stg.s3.tfbackend @@ -0,0 +1,3 @@ +bucket = "terraform-state-storage-977306314792" +dynamodb_table = "terraform-state-lock-977306314792" +key = "hw-fargate-api/stg/app.tfstate" diff --git a/terraform-iac/app/stg.tfvars b/terraform-iac/app/stg.tfvars new file mode 100644 index 00000000..657a033c --- /dev/null +++ b/terraform-iac/app/stg.tfvars @@ -0,0 +1,7 @@ +env = "stg" + +# image_tag provided by pipeline (or user) +codedeploy_termination_wait_time = 0 +deploy_test_postman_collection = "../../.postman/hw-fargate-api.postman_collection.json" +deploy_test_postman_environment = "../../.postman/stg-tst.postman_environment.json" +log_retention_days = 1 diff --git a/terraform-iac/cpy/app/cpy-app.tf b/terraform-iac/cpy/app/cpy-app.tf deleted file mode 100644 index 22aaee1a..00000000 --- a/terraform-iac/cpy/app/cpy-app.tf +++ /dev/null @@ -1,67 +0,0 @@ -terraform { - required_version = "1.7.0" - backend "s3" { - bucket = "terraform-state-storage-539738229445" - dynamodb_table = "terraform-state-lock-539738229445" - key = "hw-fargate-api/cpy/app.tfstate" - region = "us-west-2" - } - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5.33" - } - local = { - source = "hashicorp/local" - version = "~> 2.4" - } - } -} - -locals { - env = "cpy" -} - -provider "aws" { - region = "us-west-2" - - default_tags { - tags = { - app = "hw-fargate-api" - repo = "https://github.com/byu-oit/hw-fargate-api" - data-sensitivity = "public" - env = local.env - resource-creator-email = "GitHub-Actions" - } - } -} - -variable "image_tag" { - type = string -} - -module "app" { - source = "../../modules/app/" - env = local.env - image_tag = var.image_tag - codedeploy_termination_wait_time = 0 # you probably want to change this to 15 when your service is really prd - deploy_test_postman_collection = "../../../.postman/hw-fargate-api.postman_collection.json" - deploy_test_postman_environment = "../../../.postman/cpy-tst.postman_environment.json" - log_retention_days = 7 -} - -output "url" { - value = module.app.url -} - -output "codedeploy_app_name" { - value = module.app.codedeploy_app_name -} - -output "codedeploy_deployment_group_name" { - value = module.app.codedeploy_deployment_group_name -} - -output "codedeploy_appspec_json_file" { - value = module.app.codedeploy_appspec_json_file -} diff --git a/terraform-iac/cpy/setup/cpy-setup.tf b/terraform-iac/cpy/setup/cpy-setup.tf deleted file mode 100644 index 571468d5..00000000 --- a/terraform-iac/cpy/setup/cpy-setup.tf +++ /dev/null @@ -1,48 +0,0 @@ -terraform { - required_version = "1.7.0" - backend "s3" { - bucket = "terraform-state-storage-539738229445" - dynamodb_table = "terraform-state-lock-539738229445" - key = "hw-fargate-api/cpy/setup.tfstate" - region = "us-west-2" - } - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5.33" - } - local = { - source = "hashicorp/local" - version = "~> 2.4" - } - } -} - -locals { - env = "cpy" -} - -provider "aws" { - region = "us-west-2" - - default_tags { - tags = { - app = "hw-fargate-api" - repo = "https://github.com/byu-oit/hw-fargate-api" - data-sensitivity = "public" - env = local.env - resource-creator-email = "GitHub-Actions" - } - } -} - -variable "some_secret" { - type = string - description = "Some secret string that will be stored in SSM and mounted into the Fargate Tasks as an environment variable" -} - -module "setup" { - source = "../../modules/setup/" - env = local.env - some_secret = var.some_secret -} diff --git a/terraform-iac/dev/app/.terraform.lock.hcl b/terraform-iac/dev/app/.terraform.lock.hcl deleted file mode 100644 index 2be7425a..00000000 --- a/terraform-iac/dev/app/.terraform.lock.hcl +++ /dev/null @@ -1,45 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "5.33.0" - constraints = ">= 3.69.0, >= 4.0.0, >= 4.2.0, ~> 5.33" - hashes = [ - "h1:kPm7PkwHh6tZ74pUj5C/QRPtauxdnzrEG2yhCJla/4o=", - "zh:10bb683f2a9306e881f51a971ad3b2bb654ac94b54945dd63769876a343b5b04", - "zh:3916406db958d5487ea0c2d2320012d1907c29e6d01bf693560fe05e38ee0601", - "zh:3cb54b76b2f9e30620f3281ab7fb20633b1e4584fc84cc4ecd5752546252e86f", - "zh:513bcfd6971482215c5d64725189f875cbcbd260c6d11f0da4d66321efd93a92", - "zh:545a34427ebe7a950056627e7c980c9ba16318bf086d300eb808ffc41c52b7a8", - "zh:5a44b90faf1c8e8269f389c04bfac25ad4766d26360e7f7ac371be12a442981c", - "zh:64e1ef83162f78538dccad8b035577738851395ba774d6919cb21eb465a21e3a", - "zh:7315c70cb6b7f975471ea6129474639a08c58c071afc95a36cfaa41a13ae7fb9", - "zh:9806faae58938d638b757f54414400be998dddb45edfd4a29c85e827111dc93d", - "zh:997fa2e2db242354d9f772fba7eb17bd6d18d28480291dd93f85a18ca0a67ac2", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:9f9e076b7e9752971f39eead6eda69df1c5e890c82ba2ca95f56974af7adfe79", - "zh:b1d6af047f96de7f97d38b685654f1aed4356d5060b0e696d87d0270f5d49f75", - "zh:bfb0654b6f34398aeffdf907b744af06733d168db610a2c5747263380f817ac7", - "zh:e25203ee8cedccf60bf450950d533d3c172509bda8af97dbc3bc817d2a503c57", - ] -} - -provider "registry.terraform.io/hashicorp/local" { - version = "2.5.1" - constraints = "~> 2.4" - hashes = [ - "h1:/GAVA/xheGQcbOZEq0qxANOg+KVLCA7Wv8qluxhTjhU=", - "zh:0af29ce2b7b5712319bf6424cb58d13b852bf9a777011a545fac99c7fdcdf561", - "zh:126063ea0d79dad1f68fa4e4d556793c0108ce278034f101d1dbbb2463924561", - "zh:196bfb49086f22fd4db46033e01655b0e5e036a5582d250412cc690fa7995de5", - "zh:37c92ec084d059d37d6cffdb683ccf68e3a5f8d2eb69dd73c8e43ad003ef8d24", - "zh:4269f01a98513651ad66763c16b268f4c2da76cc892ccfd54b401fff6cc11667", - "zh:51904350b9c728f963eef0c28f1d43e73d010333133eb7f30999a8fb6a0cc3d8", - "zh:73a66611359b83d0c3fcba2984610273f7954002febb8a57242bbb86d967b635", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7ae387993a92bcc379063229b3cce8af7eaf082dd9306598fcd42352994d2de0", - "zh:9e0f365f807b088646db6e4a8d4b188129d9ebdbcf2568c8ab33bddd1b82c867", - "zh:b5263acbd8ae51c9cbffa79743fbcadcb7908057c87eb22fd9048268056efbc4", - "zh:dfcd88ac5f13c0d04e24be00b686d069b4879cc4add1b7b1a8ae545783d97520", - ] -} diff --git a/terraform-iac/dev/app/dev-app.tf b/terraform-iac/dev/app/dev-app.tf deleted file mode 100644 index edf14204..00000000 --- a/terraform-iac/dev/app/dev-app.tf +++ /dev/null @@ -1,67 +0,0 @@ -terraform { - required_version = "1.7.0" - backend "s3" { - bucket = "terraform-state-storage-977306314792" - dynamodb_table = "terraform-state-lock-977306314792" - key = "hw-fargate-api/dev/app.tfstate" - region = "us-west-2" - } - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5.33" - } - local = { - source = "hashicorp/local" - version = "~> 2.4" - } - } -} - -locals { - env = "dev" -} - -provider "aws" { - region = "us-west-2" - - default_tags { - tags = { - app = "hw-fargate-api" - repo = "https://github.com/byu-oit/hw-fargate-api" - data-sensitivity = "public" - env = local.env - resource-creator-email = "GitHub-Actions" - } - } -} - -variable "image_tag" { - type = string -} - -module "app" { - source = "../../modules/app/" - env = local.env - image_tag = var.image_tag - codedeploy_termination_wait_time = 0 - deploy_test_postman_collection = "../../../.postman/hw-fargate-api.postman_collection.json" - deploy_test_postman_environment = "../../../.postman/dev-tst.postman_environment.json" - log_retention_days = 1 -} - -output "url" { - value = module.app.url -} - -output "codedeploy_app_name" { - value = module.app.codedeploy_app_name -} - -output "codedeploy_deployment_group_name" { - value = module.app.codedeploy_deployment_group_name -} - -output "codedeploy_appspec_json_file" { - value = module.app.codedeploy_appspec_json_file -} diff --git a/terraform-iac/dev/setup/.terraform.lock.hcl b/terraform-iac/dev/setup/.terraform.lock.hcl deleted file mode 100644 index 68abd042..00000000 --- a/terraform-iac/dev/setup/.terraform.lock.hcl +++ /dev/null @@ -1,45 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "5.55.0" - constraints = ">= 3.0.0, >= 4.0.0, >= 4.2.0, ~> 5.33" - hashes = [ - "h1:vChl08zNYLVzuSzfxz3wp3wNSx+vjwl/jPuyPbg59Ks=", - "zh:06fbb1cc4b61b9d6370d391bf7538aa6ef8b60b91c67d125a6be60a70b1d49f0", - "zh:1d52acd2184f379433a0fce2c29d5ed8fc7958d6a9d1b403310dcc36b2a3f626", - "zh:290bbce092f8836a1db530ac86d933cfea27d52b827639974a81bc48dfba8c34", - "zh:3531f2822c2de3ba837381c4ee4816c5b437fd204c07d659526a04d9154a65e8", - "zh:56d70db4c8c6c0ec1b665380b87726275f4ab3665b4b78ac86dc90e1010c0fe3", - "zh:8251d713c0b2c8c51b6858e51c70d083b484342ff9782a88c39e7eaa966c3da2", - "zh:9a7d1f7207e51382a7dd139dfd5786e7e905edf9bf89bbee4b59ad41365e87be", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:a529c78dfc60063289524690af78794e99a768835b88e27cdfec15bc85439f7c", - "zh:b6da1843355db05c5d412126406fd97db2a6ff9edc166b81c1cea2994535b4eb", - "zh:bfc08cd23b1556b3287d1b28ac7f12c7d459471d97a0592bf2579ea68d11bae7", - "zh:c382088faf05894191636b57861069a21de10a5ff4eb8f7cc122e764ccf7a4a8", - "zh:e27f99f389921314ee428b24990d3a829057ce532b2beb33c69387458722edd9", - "zh:ef11285eedb45ffc3fb2ecdfefa206e64eb2760a87fff15c44dee42de9703436", - "zh:fedc4ebee0d6fe196691127004db5d1ff8bd22e3b667a74026bb92c607589b6c", - ] -} - -provider "registry.terraform.io/hashicorp/local" { - version = "2.4.1" - constraints = "~> 2.4" - hashes = [ - "h1:gpp25uNkYJYzJVnkyRr7RIBVfwLs9GSq2HNnFpTRBg0=", - "zh:244b445bf34ddbd167731cc6c6b95bbed231dc4493f8cc34bd6850cfe1f78528", - "zh:3c330bdb626123228a0d1b1daa6c741b4d5d484ab1c7ae5d2f48d4c9885cc5e9", - "zh:5ff5f9b791ddd7557e815449173f2db38d338e674d2d91800ac6e6d808de1d1d", - "zh:70206147104f4bf26ae67d730c995772f85bf23e28c2c2e7612c74f4dae3c46f", - "zh:75029676993accd6bef933c196b2fad51a9ec8a69a847dbbe96ec8ebf7926cdc", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7d48d5999fe1fcdae9295a7c3448ac1541f5a24c474bd82df6d4fa3732483f2b", - "zh:b766b38b027f0f84028244d1c2f990431a37d4fc3ac645962924554016507e77", - "zh:bfc7ad301dada204cf51c59d8bd6a9a87de5fddb42190b4d6ba157d6e08a1f10", - "zh:c902b527702a8c5e2c25a6637d07bbb1690cb6c1e63917a5f6dc460efd18d43f", - "zh:d68ae0e1070cf429c46586bc87580c3ed113f76241da2b6e4f1a8348126b3c46", - "zh:f4903fd89f7c92a346ae9e666c2d0b6884c4474ae109e9b4bd15e7efaa4bfc29", - ] -} diff --git a/terraform-iac/dev/setup/dev-setup.tf b/terraform-iac/dev/setup/dev-setup.tf deleted file mode 100644 index 5f177d12..00000000 --- a/terraform-iac/dev/setup/dev-setup.tf +++ /dev/null @@ -1,48 +0,0 @@ -terraform { - required_version = "1.7.0" - backend "s3" { - bucket = "terraform-state-storage-977306314792" - dynamodb_table = "terraform-state-lock-977306314792" - key = "hw-fargate-api/dev/setup.tfstate" - region = "us-west-2" - } - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5.33" - } - local = { - source = "hashicorp/local" - version = "~> 2.4" - } - } -} - -locals { - env = "dev" -} - -provider "aws" { - region = "us-west-2" - - default_tags { - tags = { - app = "hw-fargate-api" - repo = "https://github.com/byu-oit/hw-fargate-api" - data-sensitivity = "public" - env = local.env - resource-creator-email = "GitHub-Actions" - } - } -} - -variable "some_secret" { - type = string - description = "Some secret string that will be stored in SSM and mounted into the Fargate Tasks as an environment variable" -} - -module "setup" { - source = "../../modules/setup/" - env = local.env - some_secret = var.some_secret -} diff --git a/terraform-iac/prd/app/.terraform.lock.hcl b/terraform-iac/prd/app/.terraform.lock.hcl deleted file mode 100644 index 5c6d0d4c..00000000 --- a/terraform-iac/prd/app/.terraform.lock.hcl +++ /dev/null @@ -1,45 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "5.33.0" - constraints = ">= 3.69.0, >= 4.0.0, >= 4.2.0, ~> 5.33" - hashes = [ - "h1:kPm7PkwHh6tZ74pUj5C/QRPtauxdnzrEG2yhCJla/4o=", - "zh:10bb683f2a9306e881f51a971ad3b2bb654ac94b54945dd63769876a343b5b04", - "zh:3916406db958d5487ea0c2d2320012d1907c29e6d01bf693560fe05e38ee0601", - "zh:3cb54b76b2f9e30620f3281ab7fb20633b1e4584fc84cc4ecd5752546252e86f", - "zh:513bcfd6971482215c5d64725189f875cbcbd260c6d11f0da4d66321efd93a92", - "zh:545a34427ebe7a950056627e7c980c9ba16318bf086d300eb808ffc41c52b7a8", - "zh:5a44b90faf1c8e8269f389c04bfac25ad4766d26360e7f7ac371be12a442981c", - "zh:64e1ef83162f78538dccad8b035577738851395ba774d6919cb21eb465a21e3a", - "zh:7315c70cb6b7f975471ea6129474639a08c58c071afc95a36cfaa41a13ae7fb9", - "zh:9806faae58938d638b757f54414400be998dddb45edfd4a29c85e827111dc93d", - "zh:997fa2e2db242354d9f772fba7eb17bd6d18d28480291dd93f85a18ca0a67ac2", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:9f9e076b7e9752971f39eead6eda69df1c5e890c82ba2ca95f56974af7adfe79", - "zh:b1d6af047f96de7f97d38b685654f1aed4356d5060b0e696d87d0270f5d49f75", - "zh:bfb0654b6f34398aeffdf907b744af06733d168db610a2c5747263380f817ac7", - "zh:e25203ee8cedccf60bf450950d533d3c172509bda8af97dbc3bc817d2a503c57", - ] -} - -provider "registry.terraform.io/hashicorp/local" { - version = "2.4.1" - constraints = "~> 2.4" - hashes = [ - "h1:gpp25uNkYJYzJVnkyRr7RIBVfwLs9GSq2HNnFpTRBg0=", - "zh:244b445bf34ddbd167731cc6c6b95bbed231dc4493f8cc34bd6850cfe1f78528", - "zh:3c330bdb626123228a0d1b1daa6c741b4d5d484ab1c7ae5d2f48d4c9885cc5e9", - "zh:5ff5f9b791ddd7557e815449173f2db38d338e674d2d91800ac6e6d808de1d1d", - "zh:70206147104f4bf26ae67d730c995772f85bf23e28c2c2e7612c74f4dae3c46f", - "zh:75029676993accd6bef933c196b2fad51a9ec8a69a847dbbe96ec8ebf7926cdc", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7d48d5999fe1fcdae9295a7c3448ac1541f5a24c474bd82df6d4fa3732483f2b", - "zh:b766b38b027f0f84028244d1c2f990431a37d4fc3ac645962924554016507e77", - "zh:bfc7ad301dada204cf51c59d8bd6a9a87de5fddb42190b4d6ba157d6e08a1f10", - "zh:c902b527702a8c5e2c25a6637d07bbb1690cb6c1e63917a5f6dc460efd18d43f", - "zh:d68ae0e1070cf429c46586bc87580c3ed113f76241da2b6e4f1a8348126b3c46", - "zh:f4903fd89f7c92a346ae9e666c2d0b6884c4474ae109e9b4bd15e7efaa4bfc29", - ] -} diff --git a/terraform-iac/prd/app/prd-app.tf b/terraform-iac/prd/app/prd-app.tf deleted file mode 100644 index d5926195..00000000 --- a/terraform-iac/prd/app/prd-app.tf +++ /dev/null @@ -1,67 +0,0 @@ -terraform { - required_version = "1.7.0" - backend "s3" { - bucket = "terraform-state-storage-539738229445" - dynamodb_table = "terraform-state-lock-539738229445" - key = "hw-fargate-api/prd/app.tfstate" - region = "us-west-2" - } - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5.33" - } - local = { - source = "hashicorp/local" - version = "~> 2.4" - } - } -} - -locals { - env = "prd" -} - -provider "aws" { - region = "us-west-2" - - default_tags { - tags = { - app = "hw-fargate-api" - repo = "https://github.com/byu-oit/hw-fargate-api" - data-sensitivity = "public" - env = local.env - resource-creator-email = "GitHub-Actions" - } - } -} - -variable "image_tag" { - type = string -} - -module "app" { - source = "../../modules/app/" - env = local.env - image_tag = var.image_tag - codedeploy_termination_wait_time = 0 # you probably want to change this to 15 when your service is really prd - deploy_test_postman_collection = "../../../.postman/hw-fargate-api.postman_collection.json" - deploy_test_postman_environment = "../../../.postman/prd-tst.postman_environment.json" - log_retention_days = 7 -} - -output "url" { - value = module.app.url -} - -output "codedeploy_app_name" { - value = module.app.codedeploy_app_name -} - -output "codedeploy_deployment_group_name" { - value = module.app.codedeploy_deployment_group_name -} - -output "codedeploy_appspec_json_file" { - value = module.app.codedeploy_appspec_json_file -} diff --git a/terraform-iac/prd/setup/.terraform.lock.hcl b/terraform-iac/prd/setup/.terraform.lock.hcl deleted file mode 100644 index 70fead6f..00000000 --- a/terraform-iac/prd/setup/.terraform.lock.hcl +++ /dev/null @@ -1,45 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "5.33.0" - constraints = ">= 3.0.0, >= 4.0.0, >= 4.2.0, ~> 5.33" - hashes = [ - "h1:kPm7PkwHh6tZ74pUj5C/QRPtauxdnzrEG2yhCJla/4o=", - "zh:10bb683f2a9306e881f51a971ad3b2bb654ac94b54945dd63769876a343b5b04", - "zh:3916406db958d5487ea0c2d2320012d1907c29e6d01bf693560fe05e38ee0601", - "zh:3cb54b76b2f9e30620f3281ab7fb20633b1e4584fc84cc4ecd5752546252e86f", - "zh:513bcfd6971482215c5d64725189f875cbcbd260c6d11f0da4d66321efd93a92", - "zh:545a34427ebe7a950056627e7c980c9ba16318bf086d300eb808ffc41c52b7a8", - "zh:5a44b90faf1c8e8269f389c04bfac25ad4766d26360e7f7ac371be12a442981c", - "zh:64e1ef83162f78538dccad8b035577738851395ba774d6919cb21eb465a21e3a", - "zh:7315c70cb6b7f975471ea6129474639a08c58c071afc95a36cfaa41a13ae7fb9", - "zh:9806faae58938d638b757f54414400be998dddb45edfd4a29c85e827111dc93d", - "zh:997fa2e2db242354d9f772fba7eb17bd6d18d28480291dd93f85a18ca0a67ac2", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:9f9e076b7e9752971f39eead6eda69df1c5e890c82ba2ca95f56974af7adfe79", - "zh:b1d6af047f96de7f97d38b685654f1aed4356d5060b0e696d87d0270f5d49f75", - "zh:bfb0654b6f34398aeffdf907b744af06733d168db610a2c5747263380f817ac7", - "zh:e25203ee8cedccf60bf450950d533d3c172509bda8af97dbc3bc817d2a503c57", - ] -} - -provider "registry.terraform.io/hashicorp/local" { - version = "2.4.1" - constraints = "~> 2.4" - hashes = [ - "h1:gpp25uNkYJYzJVnkyRr7RIBVfwLs9GSq2HNnFpTRBg0=", - "zh:244b445bf34ddbd167731cc6c6b95bbed231dc4493f8cc34bd6850cfe1f78528", - "zh:3c330bdb626123228a0d1b1daa6c741b4d5d484ab1c7ae5d2f48d4c9885cc5e9", - "zh:5ff5f9b791ddd7557e815449173f2db38d338e674d2d91800ac6e6d808de1d1d", - "zh:70206147104f4bf26ae67d730c995772f85bf23e28c2c2e7612c74f4dae3c46f", - "zh:75029676993accd6bef933c196b2fad51a9ec8a69a847dbbe96ec8ebf7926cdc", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7d48d5999fe1fcdae9295a7c3448ac1541f5a24c474bd82df6d4fa3732483f2b", - "zh:b766b38b027f0f84028244d1c2f990431a37d4fc3ac645962924554016507e77", - "zh:bfc7ad301dada204cf51c59d8bd6a9a87de5fddb42190b4d6ba157d6e08a1f10", - "zh:c902b527702a8c5e2c25a6637d07bbb1690cb6c1e63917a5f6dc460efd18d43f", - "zh:d68ae0e1070cf429c46586bc87580c3ed113f76241da2b6e4f1a8348126b3c46", - "zh:f4903fd89f7c92a346ae9e666c2d0b6884c4474ae109e9b4bd15e7efaa4bfc29", - ] -} diff --git a/terraform-iac/prd/setup/prd-setup.tf b/terraform-iac/prd/setup/prd-setup.tf deleted file mode 100644 index 3f518c39..00000000 --- a/terraform-iac/prd/setup/prd-setup.tf +++ /dev/null @@ -1,48 +0,0 @@ -terraform { - required_version = "1.7.0" - backend "s3" { - bucket = "terraform-state-storage-539738229445" - dynamodb_table = "terraform-state-lock-539738229445" - key = "hw-fargate-api/prd/setup.tfstate" - region = "us-west-2" - } - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5.33" - } - local = { - source = "hashicorp/local" - version = "~> 2.4" - } - } -} - -locals { - env = "prd" -} - -provider "aws" { - region = "us-west-2" - - default_tags { - tags = { - app = "hw-fargate-api" - repo = "https://github.com/byu-oit/hw-fargate-api" - data-sensitivity = "public" - env = local.env - resource-creator-email = "GitHub-Actions" - } - } -} - -variable "some_secret" { - type = string - description = "Some secret string that will be stored in SSM and mounted into the Fargate Tasks as an environment variable" -} - -module "setup" { - source = "../../modules/setup/" - env = local.env - some_secret = var.some_secret -} diff --git a/terraform-iac/cpy/setup/.terraform.lock.hcl b/terraform-iac/setup/.terraform.lock.hcl similarity index 100% rename from terraform-iac/cpy/setup/.terraform.lock.hcl rename to terraform-iac/setup/.terraform.lock.hcl diff --git a/terraform-iac/setup/cpy.s3.tfbackend b/terraform-iac/setup/cpy.s3.tfbackend new file mode 100644 index 00000000..5d308050 --- /dev/null +++ b/terraform-iac/setup/cpy.s3.tfbackend @@ -0,0 +1,3 @@ +bucket = "terraform-state-storage-539738229445" +dynamodb_table = "terraform-state-lock-539738229445" +key = "hw-fargate-api/cpy/setup.tfstate" \ No newline at end of file diff --git a/terraform-iac/setup/dev.s3.tfbackend b/terraform-iac/setup/dev.s3.tfbackend new file mode 100644 index 00000000..9715ad9d --- /dev/null +++ b/terraform-iac/setup/dev.s3.tfbackend @@ -0,0 +1,3 @@ +bucket = "terraform-state-storage-977306314792" +dynamodb_table = "terraform-state-lock-977306314792" +key = "hw-fargate-api/dev/setup.tfstate" diff --git a/terraform-iac/setup/prd.s3.tfbackend b/terraform-iac/setup/prd.s3.tfbackend new file mode 100644 index 00000000..1e5d70c3 --- /dev/null +++ b/terraform-iac/setup/prd.s3.tfbackend @@ -0,0 +1,3 @@ +bucket = "terraform-state-storage-539738229445" +dynamodb_table = "terraform-state-lock-539738229445" +key = "hw-fargate-api/prd/setup.tfstate" diff --git a/terraform-iac/modules/setup/setup.tf b/terraform-iac/setup/setup.tf similarity index 53% rename from terraform-iac/modules/setup/setup.tf rename to terraform-iac/setup/setup.tf index 42104f24..125b9136 100644 --- a/terraform-iac/modules/setup/setup.tf +++ b/terraform-iac/setup/setup.tf @@ -1,9 +1,44 @@ +terraform { + required_version = "1.7.0" + backend "s3" { + # The rest of the backend config is passed in + # https://developer.hashicorp.com/terraform/language/settings/backends/configuration#partial-configuration + region = "us-west-2" + } + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4.65" + } + local = { + source = "hashicorp/local" + version = "~> 2.4" + } + } +} + +provider "aws" { + region = "us-west-2" + + default_tags { + tags = { + app = local.name + repo = "https://github.com/${local.gh_org}/${local.gh_repo}" + data-sensitivity = "public" + env = var.env + resource-creator-email = "GitHub-Actions" + } + } +} + variable "env" { - type = string + type = string + description = "Environment: dev, stg, cpy, or prd" } variable "some_secret" { - type = string + type = string + description = "Some secret string that will be stored in SSM and mounted into the Fargate Tasks as an environment variable" } locals { diff --git a/terraform-iac/setup/stg.s3.tfbackend b/terraform-iac/setup/stg.s3.tfbackend new file mode 100644 index 00000000..fb9b5d6d --- /dev/null +++ b/terraform-iac/setup/stg.s3.tfbackend @@ -0,0 +1,3 @@ +bucket = "terraform-state-storage-977306314792" +dynamodb_table = "terraform-state-lock-977306314792" +key = "hw-fargate-api/stg/setup.tfstate" diff --git a/terraform-iac/stg/app/.terraform.lock.hcl b/terraform-iac/stg/app/.terraform.lock.hcl deleted file mode 100644 index 5c6d0d4c..00000000 --- a/terraform-iac/stg/app/.terraform.lock.hcl +++ /dev/null @@ -1,45 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "5.33.0" - constraints = ">= 3.69.0, >= 4.0.0, >= 4.2.0, ~> 5.33" - hashes = [ - "h1:kPm7PkwHh6tZ74pUj5C/QRPtauxdnzrEG2yhCJla/4o=", - "zh:10bb683f2a9306e881f51a971ad3b2bb654ac94b54945dd63769876a343b5b04", - "zh:3916406db958d5487ea0c2d2320012d1907c29e6d01bf693560fe05e38ee0601", - "zh:3cb54b76b2f9e30620f3281ab7fb20633b1e4584fc84cc4ecd5752546252e86f", - "zh:513bcfd6971482215c5d64725189f875cbcbd260c6d11f0da4d66321efd93a92", - "zh:545a34427ebe7a950056627e7c980c9ba16318bf086d300eb808ffc41c52b7a8", - "zh:5a44b90faf1c8e8269f389c04bfac25ad4766d26360e7f7ac371be12a442981c", - "zh:64e1ef83162f78538dccad8b035577738851395ba774d6919cb21eb465a21e3a", - "zh:7315c70cb6b7f975471ea6129474639a08c58c071afc95a36cfaa41a13ae7fb9", - "zh:9806faae58938d638b757f54414400be998dddb45edfd4a29c85e827111dc93d", - "zh:997fa2e2db242354d9f772fba7eb17bd6d18d28480291dd93f85a18ca0a67ac2", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:9f9e076b7e9752971f39eead6eda69df1c5e890c82ba2ca95f56974af7adfe79", - "zh:b1d6af047f96de7f97d38b685654f1aed4356d5060b0e696d87d0270f5d49f75", - "zh:bfb0654b6f34398aeffdf907b744af06733d168db610a2c5747263380f817ac7", - "zh:e25203ee8cedccf60bf450950d533d3c172509bda8af97dbc3bc817d2a503c57", - ] -} - -provider "registry.terraform.io/hashicorp/local" { - version = "2.4.1" - constraints = "~> 2.4" - hashes = [ - "h1:gpp25uNkYJYzJVnkyRr7RIBVfwLs9GSq2HNnFpTRBg0=", - "zh:244b445bf34ddbd167731cc6c6b95bbed231dc4493f8cc34bd6850cfe1f78528", - "zh:3c330bdb626123228a0d1b1daa6c741b4d5d484ab1c7ae5d2f48d4c9885cc5e9", - "zh:5ff5f9b791ddd7557e815449173f2db38d338e674d2d91800ac6e6d808de1d1d", - "zh:70206147104f4bf26ae67d730c995772f85bf23e28c2c2e7612c74f4dae3c46f", - "zh:75029676993accd6bef933c196b2fad51a9ec8a69a847dbbe96ec8ebf7926cdc", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7d48d5999fe1fcdae9295a7c3448ac1541f5a24c474bd82df6d4fa3732483f2b", - "zh:b766b38b027f0f84028244d1c2f990431a37d4fc3ac645962924554016507e77", - "zh:bfc7ad301dada204cf51c59d8bd6a9a87de5fddb42190b4d6ba157d6e08a1f10", - "zh:c902b527702a8c5e2c25a6637d07bbb1690cb6c1e63917a5f6dc460efd18d43f", - "zh:d68ae0e1070cf429c46586bc87580c3ed113f76241da2b6e4f1a8348126b3c46", - "zh:f4903fd89f7c92a346ae9e666c2d0b6884c4474ae109e9b4bd15e7efaa4bfc29", - ] -} diff --git a/terraform-iac/stg/app/stg-app.tf b/terraform-iac/stg/app/stg-app.tf deleted file mode 100644 index 7c4cc2ad..00000000 --- a/terraform-iac/stg/app/stg-app.tf +++ /dev/null @@ -1,66 +0,0 @@ -terraform { - required_version = "1.7.0" - backend "s3" { - bucket = "terraform-state-storage-977306314792" - dynamodb_table = "terraform-state-lock-977306314792" - key = "hw-fargate-api/stg/app.tfstate" - region = "us-west-2" - } - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5.33" - } - local = { - source = "hashicorp/local" - version = "~> 2.4" - } - } -} - -locals { - env = "stg" -} - -provider "aws" { - region = "us-west-2" - default_tags { - tags = { - app = "hw-fargate-api" - repo = "https://github.com/byu-oit/hw-fargate-api" - data-sensitivity = "public" - env = local.env - resource-creator-email = "GitHub-Actions" - } - } -} - -variable "image_tag" { - type = string -} - -module "app" { - source = "../../modules/app/" - env = local.env - image_tag = var.image_tag - codedeploy_termination_wait_time = 0 - deploy_test_postman_collection = "../../../.postman/hw-fargate-api.postman_collection.json" - deploy_test_postman_environment = "../../../.postman/stg-tst.postman_environment.json" - log_retention_days = 1 -} - -output "url" { - value = module.app.url -} - -output "codedeploy_app_name" { - value = module.app.codedeploy_app_name -} - -output "codedeploy_deployment_group_name" { - value = module.app.codedeploy_deployment_group_name -} - -output "codedeploy_appspec_json_file" { - value = module.app.codedeploy_appspec_json_file -} diff --git a/terraform-iac/stg/setup/.terraform.lock.hcl b/terraform-iac/stg/setup/.terraform.lock.hcl deleted file mode 100644 index 70fead6f..00000000 --- a/terraform-iac/stg/setup/.terraform.lock.hcl +++ /dev/null @@ -1,45 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "5.33.0" - constraints = ">= 3.0.0, >= 4.0.0, >= 4.2.0, ~> 5.33" - hashes = [ - "h1:kPm7PkwHh6tZ74pUj5C/QRPtauxdnzrEG2yhCJla/4o=", - "zh:10bb683f2a9306e881f51a971ad3b2bb654ac94b54945dd63769876a343b5b04", - "zh:3916406db958d5487ea0c2d2320012d1907c29e6d01bf693560fe05e38ee0601", - "zh:3cb54b76b2f9e30620f3281ab7fb20633b1e4584fc84cc4ecd5752546252e86f", - "zh:513bcfd6971482215c5d64725189f875cbcbd260c6d11f0da4d66321efd93a92", - "zh:545a34427ebe7a950056627e7c980c9ba16318bf086d300eb808ffc41c52b7a8", - "zh:5a44b90faf1c8e8269f389c04bfac25ad4766d26360e7f7ac371be12a442981c", - "zh:64e1ef83162f78538dccad8b035577738851395ba774d6919cb21eb465a21e3a", - "zh:7315c70cb6b7f975471ea6129474639a08c58c071afc95a36cfaa41a13ae7fb9", - "zh:9806faae58938d638b757f54414400be998dddb45edfd4a29c85e827111dc93d", - "zh:997fa2e2db242354d9f772fba7eb17bd6d18d28480291dd93f85a18ca0a67ac2", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:9f9e076b7e9752971f39eead6eda69df1c5e890c82ba2ca95f56974af7adfe79", - "zh:b1d6af047f96de7f97d38b685654f1aed4356d5060b0e696d87d0270f5d49f75", - "zh:bfb0654b6f34398aeffdf907b744af06733d168db610a2c5747263380f817ac7", - "zh:e25203ee8cedccf60bf450950d533d3c172509bda8af97dbc3bc817d2a503c57", - ] -} - -provider "registry.terraform.io/hashicorp/local" { - version = "2.4.1" - constraints = "~> 2.4" - hashes = [ - "h1:gpp25uNkYJYzJVnkyRr7RIBVfwLs9GSq2HNnFpTRBg0=", - "zh:244b445bf34ddbd167731cc6c6b95bbed231dc4493f8cc34bd6850cfe1f78528", - "zh:3c330bdb626123228a0d1b1daa6c741b4d5d484ab1c7ae5d2f48d4c9885cc5e9", - "zh:5ff5f9b791ddd7557e815449173f2db38d338e674d2d91800ac6e6d808de1d1d", - "zh:70206147104f4bf26ae67d730c995772f85bf23e28c2c2e7612c74f4dae3c46f", - "zh:75029676993accd6bef933c196b2fad51a9ec8a69a847dbbe96ec8ebf7926cdc", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7d48d5999fe1fcdae9295a7c3448ac1541f5a24c474bd82df6d4fa3732483f2b", - "zh:b766b38b027f0f84028244d1c2f990431a37d4fc3ac645962924554016507e77", - "zh:bfc7ad301dada204cf51c59d8bd6a9a87de5fddb42190b4d6ba157d6e08a1f10", - "zh:c902b527702a8c5e2c25a6637d07bbb1690cb6c1e63917a5f6dc460efd18d43f", - "zh:d68ae0e1070cf429c46586bc87580c3ed113f76241da2b6e4f1a8348126b3c46", - "zh:f4903fd89f7c92a346ae9e666c2d0b6884c4474ae109e9b4bd15e7efaa4bfc29", - ] -} diff --git a/terraform-iac/stg/setup/stg-setup.tf b/terraform-iac/stg/setup/stg-setup.tf deleted file mode 100644 index 81bd5a12..00000000 --- a/terraform-iac/stg/setup/stg-setup.tf +++ /dev/null @@ -1,48 +0,0 @@ -terraform { - required_version = "1.7.0" - backend "s3" { - bucket = "terraform-state-storage-977306314792" - dynamodb_table = "terraform-state-lock-977306314792" - key = "hw-fargate-api/stg/setup.tfstate" - region = "us-west-2" - } - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5.33" - } - local = { - source = "hashicorp/local" - version = "~> 2.4" - } - } -} - -locals { - env = "stg" -} - -provider "aws" { - region = "us-west-2" - - default_tags { - tags = { - app = "hw-fargate-api" - repo = "https://github.com/byu-oit/hw-fargate-api" - data-sensitivity = "public" - env = local.env - resource-creator-email = "GitHub-Actions" - } - } -} - -variable "some_secret" { - type = string - description = "Some secret string that will be stored in SSM and mounted into the Fargate Tasks as an environment variable" -} - -module "setup" { - source = "../../modules/setup/" - env = local.env - some_secret = var.some_secret -} From 356615a298f01c6faa4ff76af272eb0dd9b01114 Mon Sep 17 00:00:00 2001 From: Gary Crye Date: Wed, 19 Jul 2023 14:56:48 -0600 Subject: [PATCH 02/14] Make `terraform init` prompt for bucket name instead of defaulting to local backend This makes it harder to do the wrong thing. With this change, we avoid a potential footgun when developers use `terraform init` instead of `terraform init -backend-config=dev.s3.tfbackend`. This isn't a functional change because we were already using encryption on everything in our state buckets. --- terraform-iac/app/main.tf | 3 ++- terraform-iac/setup/setup.tf | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/terraform-iac/app/main.tf b/terraform-iac/app/main.tf index ca6e8b0f..6e65dfa9 100644 --- a/terraform-iac/app/main.tf +++ b/terraform-iac/app/main.tf @@ -3,7 +3,8 @@ terraform { backend "s3" { # The rest of the backend config is passed in # https://developer.hashicorp.com/terraform/language/settings/backends/configuration#partial-configuration - region = "us-west-2" + encrypt = true + region = "us-west-2" } required_providers { aws = { diff --git a/terraform-iac/setup/setup.tf b/terraform-iac/setup/setup.tf index 125b9136..75b18fd4 100644 --- a/terraform-iac/setup/setup.tf +++ b/terraform-iac/setup/setup.tf @@ -3,7 +3,8 @@ terraform { backend "s3" { # The rest of the backend config is passed in # https://developer.hashicorp.com/terraform/language/settings/backends/configuration#partial-configuration - region = "us-west-2" + encrypt = true + region = "us-west-2" } required_providers { aws = { From 98ef15b25241dd52795aab8862da744b78a1a820 Mon Sep 17 00:00:00 2001 From: Gary Crye Date: Thu, 27 Jul 2023 13:26:32 -0600 Subject: [PATCH 03/14] Fix Dependabot path to TF, also get TF provider updates --- .github/dependabot.yml | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 733d0b6c..72c48281 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -27,29 +27,17 @@ updates: target-branch: dev - package-ecosystem: terraform - directory: '/terraform-iac/dev/app' + directory: '/terraform-iac/app' schedule: interval: daily target-branch: dev - package-ecosystem: terraform - directory: '/terraform-iac/dev/setup' + directory: '/terraform-iac/setup' schedule: interval: daily target-branch: dev -# - package-ecosystem: terraform -# directory: '/terraform-iac/modules/app' -# schedule: -# interval: daily -# target-branch: dev -# -# - package-ecosystem: terraform -# directory: '/terraform-iac/modules/setup' -# schedule: -# interval: daily -# target-branch: dev - # For each of these, requesting reviews from your team makes Dependabot PRs easier to find (https://github.com/pulls/review-requested) # reviewers: # - byu-oit/your-github-team From 0bc6d661df101d8eb66ab6546f991ff4eea7ee70 Mon Sep 17 00:00:00 2001 From: Gary Crye Date: Wed, 16 Aug 2023 15:05:38 -0600 Subject: [PATCH 04/14] Update docs to reflect change, rename `terraform-iac/` to `terraform/` Docs needed to be updated either way. I know we've done some bikeshedding on the directory name before. I didn't previously care whether it was called terraform/, iac/, terraform-iac/ or anything else. Nowadays, I have a tiny reason to prefer the name terraform/: it plays nicely with automatic folder icons. The other options don't. --- .github/dependabot.yml | 4 ++-- .github/workflows/ci-iac.yml | 14 +++++++------- .github/workflows/deploy.yml | 14 +++++++------- README.md | 7 +++---- docker-compose.yml | 2 +- .../app/.terraform.lock.hcl | 0 {terraform-iac => terraform}/app/cpy.s3.tfbackend | 0 {terraform-iac => terraform}/app/cpy.tfvars | 0 {terraform-iac => terraform}/app/dev.s3.tfbackend | 0 {terraform-iac => terraform}/app/dev.tfvars | 0 {terraform-iac => terraform}/app/main.tf | 0 {terraform-iac => terraform}/app/prd.s3.tfbackend | 0 {terraform-iac => terraform}/app/prd.tfvars | 0 {terraform-iac => terraform}/app/stg.s3.tfbackend | 0 {terraform-iac => terraform}/app/stg.tfvars | 0 .../setup/.terraform.lock.hcl | 0 .../setup/cpy.s3.tfbackend | 0 .../setup/dev.s3.tfbackend | 0 .../setup/prd.s3.tfbackend | 0 {terraform-iac => terraform}/setup/setup.tf | 0 .../setup/stg.s3.tfbackend | 0 21 files changed, 20 insertions(+), 21 deletions(-) rename {terraform-iac => terraform}/app/.terraform.lock.hcl (100%) rename {terraform-iac => terraform}/app/cpy.s3.tfbackend (100%) rename {terraform-iac => terraform}/app/cpy.tfvars (100%) rename {terraform-iac => terraform}/app/dev.s3.tfbackend (100%) rename {terraform-iac => terraform}/app/dev.tfvars (100%) rename {terraform-iac => terraform}/app/main.tf (100%) rename {terraform-iac => terraform}/app/prd.s3.tfbackend (100%) rename {terraform-iac => terraform}/app/prd.tfvars (100%) rename {terraform-iac => terraform}/app/stg.s3.tfbackend (100%) rename {terraform-iac => terraform}/app/stg.tfvars (100%) rename {terraform-iac => terraform}/setup/.terraform.lock.hcl (100%) rename {terraform-iac => terraform}/setup/cpy.s3.tfbackend (100%) rename {terraform-iac => terraform}/setup/dev.s3.tfbackend (100%) rename {terraform-iac => terraform}/setup/prd.s3.tfbackend (100%) rename {terraform-iac => terraform}/setup/setup.tf (100%) rename {terraform-iac => terraform}/setup/stg.s3.tfbackend (100%) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 72c48281..6d84d25f 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -27,13 +27,13 @@ updates: target-branch: dev - package-ecosystem: terraform - directory: '/terraform-iac/app' + directory: '/terraform/app' schedule: interval: daily target-branch: dev - package-ecosystem: terraform - directory: '/terraform-iac/setup' + directory: '/terraform/setup' schedule: interval: daily target-branch: dev diff --git a/.github/workflows/ci-iac.yml b/.github/workflows/ci-iac.yml index 500e864c..4ef0d9be 100644 --- a/.github/workflows/ci-iac.yml +++ b/.github/workflows/ci-iac.yml @@ -5,11 +5,11 @@ on: branches: [dev, stg, prd] types: [opened, reopened, synchronize, edited] paths: - - 'terraform-iac/**' + - 'terraform/**' - '.github/workflows/ci-iac.yml' env: - tf_version: "1.7.0" # must match value in terraform-iac/app/main.tf + tf_version: "1.7.0" # must match value in terraform/app/main.tf jobs: env: @@ -80,7 +80,7 @@ jobs: terraform_version: ${{ env.tf_version }} - name: Terraform Format - working-directory: terraform-iac + working-directory: terraform run: terraform fmt -check -recursive plan: @@ -112,18 +112,18 @@ jobs: terraform_version: ${{ env.tf_version }} - name: Terraform Init - working-directory: terraform-iac/app + working-directory: terraform/app run: terraform init -backend-config=${{ matrix.env.environment_name }}.s3.tfbackend - name: Terraform Plan - working-directory: terraform-iac/app + working-directory: terraform/app run: terraform plan -var-file=${{ matrix.env.environment_name }}.tfvars -var 'image_tag=ci_test' -input=false -out plan -lock=false - name: Comment Terraform Plan uses: byu-oit/github-action-tf-plan-comment@v1 with: github-token: ${{ secrets.GITHUB_TOKEN }} - working-directory: terraform-iac/app + working-directory: terraform/app terraform-plan-file: plan - name: Analyze Terraform Plan @@ -131,7 +131,7 @@ jobs: if: github.repository_owner == 'byu-oit' # If you're at BYU, but outside the byu-oit GitHub org, you may be able to obtain credentials by contacting cloudoffice@byu.edu with: - working-directory: terraform-iac/app + working-directory: terraform/app terraform-plan-file: plan divvycloud-username: ${{ secrets.DIVVYCLOUD_USERNAME }} divvycloud-password: ${{ secrets.DIVVYCLOUD_PASSWORD }} diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index a324a1f9..e75b2b1d 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -10,7 +10,7 @@ on: - '.gitignore' env: node_version: "18.x" - tf_version: "1.7.0" # must match value in terraform-iac/app/main.tf + tf_version: "1.7.0" # must match value in terraform/app/main.tf FORCE_COLOR: 3 concurrency: ${{ github.ref }} jobs: @@ -183,7 +183,7 @@ jobs: terraform_version: ${{ env.tf_version }} - name: Terraform Format - working-directory: terraform-iac + working-directory: terraform run: terraform fmt -check -recursive build_and_deploy: @@ -242,11 +242,11 @@ jobs: terraform_wrapper: false - name: Terraform Init - working-directory: terraform-iac/app + working-directory: terraform/app run: terraform init -backend-config=${{ matrix.env.environment_name }}.s3.tfbackend - name: Terraform Plan - working-directory: terraform-iac/app + working-directory: terraform/app run: terraform plan -var-file=${{ matrix.env.environment_name }}.tfvars -var 'image_tag=${{ steps.date.outputs.timestamp }}' -input=false -out=plan - name: Analyze Terraform Plan @@ -254,7 +254,7 @@ jobs: if: github.repository_owner == 'byu-oit' # If you're at BYU, but outside the byu-oit GitHub org, you may be able to obtain credentials by contacting cloudoffice@byu.edu with: - working-directory: terraform-iac/app + working-directory: terraform/app terraform-plan-file: plan divvycloud-username: ${{ secrets.DIVVYCLOUD_USERNAME }} divvycloud-password: ${{ secrets.DIVVYCLOUD_PASSWORD }} @@ -268,12 +268,12 @@ jobs: template-id: ${{ matrix.env.rfc_template_id }} - name: Terraform Apply - working-directory: terraform-iac/app + working-directory: terraform/app run: terraform apply plan - name: Get Terraform Outputs id: terraform-outputs - working-directory: terraform-iac/app + working-directory: terraform/app run: | echo "codedeploy_app_name=$(terraform output -raw codedeploy_app_name)" >> $GITHUB_OUTPUT echo "codedeploy_deployment_group_name=$(terraform output -raw codedeploy_deployment_group_name)" >> $GITHUB_OUTPUT diff --git a/README.md b/README.md index 459be881..43caf715 100644 --- a/README.md +++ b/README.md @@ -44,9 +44,9 @@ git commit -am "Update template with repo specific details" ### Deploy the "one time setup" resources ```sh -cd terraform-iac/dev/setup/ -terraform init -terraform apply +cd terraform/setup/ +terraform init -backend-config=dev.s3.tfbackend +terraform apply -var-file=dev.tfvars ``` In the AWS Console, see if you can find the resources from `setup.tf` (ECR, SSM Param, IAM Role). @@ -72,7 +72,6 @@ If you look at [`.github/workflows/deploy.yml`](.github/workflows/deploy.yml), y Anytime after the `Terraform Apply` step succeeds: ```sh cd ../app/ -terraform init terraform output ``` diff --git a/docker-compose.yml b/docker-compose.yml index 837e571a..36209e37 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,7 +7,7 @@ services: volumes: - ~/.aws:/home/node/.aws # Use AWS credentials from host environment: - # Environment variables and secrets from primary_container_definition in terraform-iac/modules/app/main.tf + # Environment variables and secrets from primary_container_definition in terraform/app/main.tf DYNAMO_TABLE_NAME: hw-fargate-api-dev BUCKET_NAME: hw-fargate-api-dev SOME_SECRET: something diff --git a/terraform-iac/app/.terraform.lock.hcl b/terraform/app/.terraform.lock.hcl similarity index 100% rename from terraform-iac/app/.terraform.lock.hcl rename to terraform/app/.terraform.lock.hcl diff --git a/terraform-iac/app/cpy.s3.tfbackend b/terraform/app/cpy.s3.tfbackend similarity index 100% rename from terraform-iac/app/cpy.s3.tfbackend rename to terraform/app/cpy.s3.tfbackend diff --git a/terraform-iac/app/cpy.tfvars b/terraform/app/cpy.tfvars similarity index 100% rename from terraform-iac/app/cpy.tfvars rename to terraform/app/cpy.tfvars diff --git a/terraform-iac/app/dev.s3.tfbackend b/terraform/app/dev.s3.tfbackend similarity index 100% rename from terraform-iac/app/dev.s3.tfbackend rename to terraform/app/dev.s3.tfbackend diff --git a/terraform-iac/app/dev.tfvars b/terraform/app/dev.tfvars similarity index 100% rename from terraform-iac/app/dev.tfvars rename to terraform/app/dev.tfvars diff --git a/terraform-iac/app/main.tf b/terraform/app/main.tf similarity index 100% rename from terraform-iac/app/main.tf rename to terraform/app/main.tf diff --git a/terraform-iac/app/prd.s3.tfbackend b/terraform/app/prd.s3.tfbackend similarity index 100% rename from terraform-iac/app/prd.s3.tfbackend rename to terraform/app/prd.s3.tfbackend diff --git a/terraform-iac/app/prd.tfvars b/terraform/app/prd.tfvars similarity index 100% rename from terraform-iac/app/prd.tfvars rename to terraform/app/prd.tfvars diff --git a/terraform-iac/app/stg.s3.tfbackend b/terraform/app/stg.s3.tfbackend similarity index 100% rename from terraform-iac/app/stg.s3.tfbackend rename to terraform/app/stg.s3.tfbackend diff --git a/terraform-iac/app/stg.tfvars b/terraform/app/stg.tfvars similarity index 100% rename from terraform-iac/app/stg.tfvars rename to terraform/app/stg.tfvars diff --git a/terraform-iac/setup/.terraform.lock.hcl b/terraform/setup/.terraform.lock.hcl similarity index 100% rename from terraform-iac/setup/.terraform.lock.hcl rename to terraform/setup/.terraform.lock.hcl diff --git a/terraform-iac/setup/cpy.s3.tfbackend b/terraform/setup/cpy.s3.tfbackend similarity index 100% rename from terraform-iac/setup/cpy.s3.tfbackend rename to terraform/setup/cpy.s3.tfbackend diff --git a/terraform-iac/setup/dev.s3.tfbackend b/terraform/setup/dev.s3.tfbackend similarity index 100% rename from terraform-iac/setup/dev.s3.tfbackend rename to terraform/setup/dev.s3.tfbackend diff --git a/terraform-iac/setup/prd.s3.tfbackend b/terraform/setup/prd.s3.tfbackend similarity index 100% rename from terraform-iac/setup/prd.s3.tfbackend rename to terraform/setup/prd.s3.tfbackend diff --git a/terraform-iac/setup/setup.tf b/terraform/setup/setup.tf similarity index 100% rename from terraform-iac/setup/setup.tf rename to terraform/setup/setup.tf diff --git a/terraform-iac/setup/stg.s3.tfbackend b/terraform/setup/stg.s3.tfbackend similarity index 100% rename from terraform-iac/setup/stg.s3.tfbackend rename to terraform/setup/stg.s3.tfbackend From dfd572b1a132ae395c0444d2e98abf9687264d28 Mon Sep 17 00:00:00 2001 From: Gary Crye Date: Mon, 24 Jun 2024 16:05:01 -0600 Subject: [PATCH 05/14] Use Dependabot `directories` to DRY up config Refs: https://github.blog/changelog/2024-04-29-dependabot-multi-directory-configuration-public-beta-now-available/ --- .github/dependabot.yml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 6d84d25f..a2426bd9 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -27,13 +27,9 @@ updates: target-branch: dev - package-ecosystem: terraform - directory: '/terraform/app' - schedule: - interval: daily - target-branch: dev - - - package-ecosystem: terraform - directory: '/terraform/setup' + directories: + - '/terraform/app' + - '/terraform/setup' schedule: interval: daily target-branch: dev From 97e4bfede6b69fca9c777df8e9743c8c66ce6145 Mon Sep 17 00:00:00 2001 From: Gary Crye Date: Mon, 24 Jun 2024 21:39:29 -0600 Subject: [PATCH 06/14] Use OpenTofu v1.8.0-alpha1 Swap setup-terraform for setup-opentofu and start using the tofu binary instead of terraform, which should be a drop-in replacement. I didn't want to muck with all the directory names, etc., yet. --- .github/workflows/ci-iac.yml | 16 ++++++++-------- .github/workflows/deploy.yml | 34 +++++++++++++++++----------------- terraform/app/main.tf | 2 +- terraform/setup/setup.tf | 2 +- 4 files changed, 27 insertions(+), 27 deletions(-) diff --git a/.github/workflows/ci-iac.yml b/.github/workflows/ci-iac.yml index 4ef0d9be..a264cabc 100644 --- a/.github/workflows/ci-iac.yml +++ b/.github/workflows/ci-iac.yml @@ -9,7 +9,7 @@ on: - '.github/workflows/ci-iac.yml' env: - tf_version: "1.7.0" # must match value in terraform/app/main.tf + tf_version: "1.8.0-alpha1" # must match value in terraform/app/main.tf jobs: env: @@ -75,13 +75,13 @@ jobs: - uses: actions/checkout@v4 - name: Terraform Setup - uses: hashicorp/setup-terraform@v3 + uses: opentofu/setup-opentofu@v1 with: - terraform_version: ${{ env.tf_version }} + tofu_version: ${{ env.tf_version }} - name: Terraform Format working-directory: terraform - run: terraform fmt -check -recursive + run: tofu fmt -check -recursive plan: name: Terraform Plan / ${{ matrix.env.environment_name }} @@ -107,17 +107,17 @@ jobs: aws-region: us-west-2 - name: Terraform Setup - uses: hashicorp/setup-terraform@v3 + uses: opentofu/setup-opentofu@v1 with: - terraform_version: ${{ env.tf_version }} + tofu_version: ${{ env.tf_version }} - name: Terraform Init working-directory: terraform/app - run: terraform init -backend-config=${{ matrix.env.environment_name }}.s3.tfbackend + run: tofu init -backend-config=${{ matrix.env.environment_name }}.s3.tfbackend - name: Terraform Plan working-directory: terraform/app - run: terraform plan -var-file=${{ matrix.env.environment_name }}.tfvars -var 'image_tag=ci_test' -input=false -out plan -lock=false + run: tofu plan -var-file=${{ matrix.env.environment_name }}.tfvars -var 'image_tag=ci_test' -input=false -out plan -lock=false - name: Comment Terraform Plan uses: byu-oit/github-action-tf-plan-comment@v1 diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index e75b2b1d..0d42e6f4 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -10,7 +10,7 @@ on: - '.gitignore' env: node_version: "18.x" - tf_version: "1.7.0" # must match value in terraform/app/main.tf + tf_version: "1.8.0-alpha1" # must match value in terraform/app/main.tf FORCE_COLOR: 3 concurrency: ${{ github.ref }} jobs: @@ -171,20 +171,20 @@ jobs: dockerfile: src/Dockerfile format: - name: Terraform Format + name: Tofu Format timeout-minutes: 3 runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: Terraform Setup - uses: hashicorp/setup-terraform@v3 + - name: Tofu Setup + uses: opentofu/setup-opentofu@v1 with: - terraform_version: ${{ env.tf_version }} + tofu_version: ${{ env.tf_version }} - - name: Terraform Format + - name: Tofu Format working-directory: terraform - run: terraform fmt -check -recursive + run: tofu fmt -check -recursive build_and_deploy: name: Build and Deploy / ${{ matrix.env.environment_name }} @@ -236,18 +236,18 @@ jobs: cache-to: type=gha,mode=max - name: Terraform Setup - uses: hashicorp/setup-terraform@v3 + uses: opentofu/setup-opentofu@v1 with: - terraform_version: ${{ env.tf_version }} - terraform_wrapper: false + tofu_version: ${{ env.tf_version }} + tofu_wrapper: false - name: Terraform Init working-directory: terraform/app - run: terraform init -backend-config=${{ matrix.env.environment_name }}.s3.tfbackend + run: tofu init -var-file=${{ matrix.env.environment_name }}.tfvars - name: Terraform Plan working-directory: terraform/app - run: terraform plan -var-file=${{ matrix.env.environment_name }}.tfvars -var 'image_tag=${{ steps.date.outputs.timestamp }}' -input=false -out=plan + run: tofu plan -var-file=${{ matrix.env.environment_name }}.tfvars -var 'image_tag=${{ steps.date.outputs.timestamp }}' -input=false -out=plan - name: Analyze Terraform Plan uses: byu-oit/github-action-tf-plan-analyzer@v2 @@ -269,16 +269,16 @@ jobs: - name: Terraform Apply working-directory: terraform/app - run: terraform apply plan + run: tofu apply plan - name: Get Terraform Outputs id: terraform-outputs working-directory: terraform/app run: | - echo "codedeploy_app_name=$(terraform output -raw codedeploy_app_name)" >> $GITHUB_OUTPUT - echo "codedeploy_deployment_group_name=$(terraform output -raw codedeploy_deployment_group_name)" >> $GITHUB_OUTPUT - echo "codedeploy_appspec_json_file=$(terraform output -raw codedeploy_appspec_json_file)" >> $GITHUB_OUTPUT - echo "url=$(terraform output -raw url)" >> $GITHUB_OUTPUT + echo "codedeploy_app_name=$(tofu output -raw codedeploy_app_name)" >> $GITHUB_OUTPUT + echo "codedeploy_deployment_group_name=$(tofu output -raw codedeploy_deployment_group_name)" >> $GITHUB_OUTPUT + echo "codedeploy_appspec_json_file=$(tofu output -raw codedeploy_appspec_json_file)" >> $GITHUB_OUTPUT + echo "url=$(tofu output -raw url)" >> $GITHUB_OUTPUT - name: CodeDeploy id: deploy diff --git a/terraform/app/main.tf b/terraform/app/main.tf index 6e65dfa9..628a269e 100644 --- a/terraform/app/main.tf +++ b/terraform/app/main.tf @@ -1,5 +1,5 @@ terraform { - required_version = "1.7.0" + required_version = "~> 1.8" backend "s3" { # The rest of the backend config is passed in # https://developer.hashicorp.com/terraform/language/settings/backends/configuration#partial-configuration diff --git a/terraform/setup/setup.tf b/terraform/setup/setup.tf index 75b18fd4..9939e4c6 100644 --- a/terraform/setup/setup.tf +++ b/terraform/setup/setup.tf @@ -1,5 +1,5 @@ terraform { - required_version = "1.7.0" + required_version = "~> 1.8" backend "s3" { # The rest of the backend config is passed in # https://developer.hashicorp.com/terraform/language/settings/backends/configuration#partial-configuration From 80425243a52a4f4e3e130a3c4625c2343b6d7c55 Mon Sep 17 00:00:00 2001 From: Gary Crye Date: Mon, 24 Jun 2024 21:52:21 -0600 Subject: [PATCH 07/14] Consolidate `.tfbackend` files into existing `.tfvars` files This is possible in the newest OpenTofu version, v1.8.0-alpha1, and in fact it's the motivation for migrating. While I was at it, I updated some provider versions that I apparently downgraded by accident while rebasing this branch back onto `dev`. Refs: https://opentofu.org/blog/help-us-test-opentofu-1-8-0-alpha1/#early-variablelocals-evaluation --- terraform/app/.terraform.lock.hcl | 65 +++++++++++++---------------- terraform/app/cpy.s3.tfbackend | 3 -- terraform/app/cpy.tfvars | 3 +- terraform/app/dev.s3.tfbackend | 3 -- terraform/app/dev.tfvars | 3 +- terraform/app/main.tf | 21 ++++++---- terraform/app/prd.s3.tfbackend | 3 -- terraform/app/prd.tfvars | 3 +- terraform/app/stg.s3.tfbackend | 3 -- terraform/app/stg.tfvars | 3 +- terraform/setup/.terraform.lock.hcl | 65 +++++++++++++---------------- terraform/setup/cpy.s3.tfbackend | 3 -- terraform/setup/cpy.tfvars | 2 + terraform/setup/dev.s3.tfbackend | 3 -- terraform/setup/dev.tfvars | 2 + terraform/setup/prd.s3.tfbackend | 3 -- terraform/setup/prd.tfvars | 2 + terraform/setup/setup.tf | 18 +++++--- terraform/setup/stg.s3.tfbackend | 3 -- terraform/setup/stg.tfvars | 2 + 20 files changed, 100 insertions(+), 113 deletions(-) delete mode 100644 terraform/app/cpy.s3.tfbackend delete mode 100644 terraform/app/dev.s3.tfbackend delete mode 100644 terraform/app/prd.s3.tfbackend delete mode 100644 terraform/app/stg.s3.tfbackend delete mode 100644 terraform/setup/cpy.s3.tfbackend create mode 100644 terraform/setup/cpy.tfvars delete mode 100644 terraform/setup/dev.s3.tfbackend create mode 100644 terraform/setup/dev.tfvars delete mode 100644 terraform/setup/prd.s3.tfbackend create mode 100644 terraform/setup/prd.tfvars delete mode 100644 terraform/setup/stg.s3.tfbackend create mode 100644 terraform/setup/stg.tfvars diff --git a/terraform/app/.terraform.lock.hcl b/terraform/app/.terraform.lock.hcl index 5c6d0d4c..5e8eca0f 100644 --- a/terraform/app/.terraform.lock.hcl +++ b/terraform/app/.terraform.lock.hcl @@ -1,45 +1,38 @@ -# This file is maintained automatically by "terraform init". +# This file is maintained automatically by "tofu init". # Manual edits may be lost in future updates. -provider "registry.terraform.io/hashicorp/aws" { - version = "5.33.0" - constraints = ">= 3.69.0, >= 4.0.0, >= 4.2.0, ~> 5.33" +provider "registry.opentofu.org/hashicorp/aws" { + version = "5.55.0" + constraints = ">= 4.0.0, >= 4.2.0, ~> 5.55" hashes = [ - "h1:kPm7PkwHh6tZ74pUj5C/QRPtauxdnzrEG2yhCJla/4o=", - "zh:10bb683f2a9306e881f51a971ad3b2bb654ac94b54945dd63769876a343b5b04", - "zh:3916406db958d5487ea0c2d2320012d1907c29e6d01bf693560fe05e38ee0601", - "zh:3cb54b76b2f9e30620f3281ab7fb20633b1e4584fc84cc4ecd5752546252e86f", - "zh:513bcfd6971482215c5d64725189f875cbcbd260c6d11f0da4d66321efd93a92", - "zh:545a34427ebe7a950056627e7c980c9ba16318bf086d300eb808ffc41c52b7a8", - "zh:5a44b90faf1c8e8269f389c04bfac25ad4766d26360e7f7ac371be12a442981c", - "zh:64e1ef83162f78538dccad8b035577738851395ba774d6919cb21eb465a21e3a", - "zh:7315c70cb6b7f975471ea6129474639a08c58c071afc95a36cfaa41a13ae7fb9", - "zh:9806faae58938d638b757f54414400be998dddb45edfd4a29c85e827111dc93d", - "zh:997fa2e2db242354d9f772fba7eb17bd6d18d28480291dd93f85a18ca0a67ac2", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:9f9e076b7e9752971f39eead6eda69df1c5e890c82ba2ca95f56974af7adfe79", - "zh:b1d6af047f96de7f97d38b685654f1aed4356d5060b0e696d87d0270f5d49f75", - "zh:bfb0654b6f34398aeffdf907b744af06733d168db610a2c5747263380f817ac7", - "zh:e25203ee8cedccf60bf450950d533d3c172509bda8af97dbc3bc817d2a503c57", + "h1:Ke5JQfn+3DhBsXJomeYXX4DECk6H14jtlFDdZ75fiSM=", + "zh:5f3b59c7c66ee0cd2de72e3cece150bc6c15d4b5cef7f477b5edc8e2cf4a1a4d", + "zh:83c4869bd79df190290462531912c71ac44378bce006c0e0642b7bf7a0515d25", + "zh:87bcf0a21810867c0d30e526b9f9e78bc4ac503f3eb699de1d31c3d59d01006e", + "zh:c6a941a9c3fd3a91e2cb6a0987838659ed002cf0a0bbcb4b9471415cdf5c3540", + "zh:c6abf77975feb99a2fc5ff86477d7d173a10d07daa4cebbcb46944aa76ce2754", + "zh:c7d215071cd6afcb6d11befd95214cda9013402ed739707fcdbc55928b0a1d5d", + "zh:d21cf10a39552e6e2df4f55c6d7426befdc8a94d1d471b9eccf567ccfbd42497", + "zh:decd64542e1183fc32227dd1faaca79926035ca8d332b085d9ca8874432ad4f3", + "zh:e5677331ebeee0ae8cbca33323c6aff401875f41e4ce1d7a2afefae5752d27d0", + "zh:fb932872eab2e6d96332ef306c6562ca721ca78164fad109945de48f50465d25", ] } -provider "registry.terraform.io/hashicorp/local" { - version = "2.4.1" - constraints = "~> 2.4" +provider "registry.opentofu.org/hashicorp/local" { + version = "2.5.1" + constraints = "~> 2.5" hashes = [ - "h1:gpp25uNkYJYzJVnkyRr7RIBVfwLs9GSq2HNnFpTRBg0=", - "zh:244b445bf34ddbd167731cc6c6b95bbed231dc4493f8cc34bd6850cfe1f78528", - "zh:3c330bdb626123228a0d1b1daa6c741b4d5d484ab1c7ae5d2f48d4c9885cc5e9", - "zh:5ff5f9b791ddd7557e815449173f2db38d338e674d2d91800ac6e6d808de1d1d", - "zh:70206147104f4bf26ae67d730c995772f85bf23e28c2c2e7612c74f4dae3c46f", - "zh:75029676993accd6bef933c196b2fad51a9ec8a69a847dbbe96ec8ebf7926cdc", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7d48d5999fe1fcdae9295a7c3448ac1541f5a24c474bd82df6d4fa3732483f2b", - "zh:b766b38b027f0f84028244d1c2f990431a37d4fc3ac645962924554016507e77", - "zh:bfc7ad301dada204cf51c59d8bd6a9a87de5fddb42190b4d6ba157d6e08a1f10", - "zh:c902b527702a8c5e2c25a6637d07bbb1690cb6c1e63917a5f6dc460efd18d43f", - "zh:d68ae0e1070cf429c46586bc87580c3ed113f76241da2b6e4f1a8348126b3c46", - "zh:f4903fd89f7c92a346ae9e666c2d0b6884c4474ae109e9b4bd15e7efaa4bfc29", + "h1:IAqLUucFw7Q7R4r+buIJ1AjsDtIX5i3xGYItI4+t07E=", + "zh:031c2c2070672b7e78e0aa15560839278dc57fe7cf1e58a617ac13c67b31d5fb", + "zh:1ef64ea4f8382cd538a76f3d319f405d18130dc3280f1c16d6aaa52a188ecaa4", + "zh:422ce45691b2f384dbd4596fdc8209d95cb43d85a82aaa0173089d38976d6e96", + "zh:7415fbd8da72d9363ba55dd8115837714f9534f5a9a518ec42268c2da1b9ed2f", + "zh:92aa22d071339c8ef595f18a9f9245c287266c80689f5746b26e10eaed04d542", + "zh:9cd0d99f5d3be835d6336c19c4057af6274e193e677ecf6370e5b0de12b4aafe", + "zh:a8c1525b389be5809a97f02aa7126e491ba518f97f57ed3095a3992f2134bb8f", + "zh:b336fa75f72643154b07c09b3968e417a41293358a54fe03efc0db715c5451e6", + "zh:c66529133599a419123ad2e42874afbd9aba82bd1de2b15cc68d2a1e665d4c8e", + "zh:c7568f75ba6cb7c3660b69eaab8b0e4278533bd9a7a4c33ee6590cc7e69743ea", ] } diff --git a/terraform/app/cpy.s3.tfbackend b/terraform/app/cpy.s3.tfbackend deleted file mode 100644 index 866b9a42..00000000 --- a/terraform/app/cpy.s3.tfbackend +++ /dev/null @@ -1,3 +0,0 @@ -bucket = "terraform-state-storage-539738229445" -dynamodb_table = "terraform-state-lock-539738229445" -key = "hw-fargate-api/cpy/app.tfstate" diff --git a/terraform/app/cpy.tfvars b/terraform/app/cpy.tfvars index 92fd9aef..12e4599d 100644 --- a/terraform/app/cpy.tfvars +++ b/terraform/app/cpy.tfvars @@ -1,4 +1,5 @@ -env = "cpy" +env = "cpy" +aws_account_id = "539738229445" # image_tag provided by pipeline (or user) codedeploy_termination_wait_time = 0 diff --git a/terraform/app/dev.s3.tfbackend b/terraform/app/dev.s3.tfbackend deleted file mode 100644 index bd58b23c..00000000 --- a/terraform/app/dev.s3.tfbackend +++ /dev/null @@ -1,3 +0,0 @@ -bucket = "terraform-state-storage-977306314792" -dynamodb_table = "terraform-state-lock-977306314792" -key = "hw-fargate-api/dev/app.tfstate" diff --git a/terraform/app/dev.tfvars b/terraform/app/dev.tfvars index af9c08ee..fdaa50a0 100644 --- a/terraform/app/dev.tfvars +++ b/terraform/app/dev.tfvars @@ -1,4 +1,5 @@ -env = "dev" +env = "dev" +aws_account_id = "977306314792" # image_tag provided by pipeline (or user) codedeploy_termination_wait_time = 0 diff --git a/terraform/app/main.tf b/terraform/app/main.tf index 628a269e..ad5bed74 100644 --- a/terraform/app/main.tf +++ b/terraform/app/main.tf @@ -1,19 +1,20 @@ terraform { required_version = "~> 1.8" backend "s3" { - # The rest of the backend config is passed in - # https://developer.hashicorp.com/terraform/language/settings/backends/configuration#partial-configuration - encrypt = true - region = "us-west-2" + bucket = "terraform-state-storage-${var.aws_account_id}" + dynamodb_table = "terraform-state-lock-${var.aws_account_id}" + key = "${local.name}/${var.env}/app.tfstate" + encrypt = true + region = "us-west-2" } required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.65" + version = "~> 5.55" } local = { source = "hashicorp/local" - version = "~> 2.4" + version = "~> 2.5" } } } @@ -33,7 +34,13 @@ provider "aws" { } variable "env" { - type = string + type = string + description = "Environment: dev, stg, cpy, or prd" +} + +variable "aws_account_id" { + type = string + description = "The 12-digit number that uniquely identifies an AWS account." } variable "image_tag" { diff --git a/terraform/app/prd.s3.tfbackend b/terraform/app/prd.s3.tfbackend deleted file mode 100644 index 6afe3b6a..00000000 --- a/terraform/app/prd.s3.tfbackend +++ /dev/null @@ -1,3 +0,0 @@ -bucket = "terraform-state-storage-539738229445" -dynamodb_table = "terraform-state-lock-539738229445" -key = "hw-fargate-api/prd/app.tfstate" diff --git a/terraform/app/prd.tfvars b/terraform/app/prd.tfvars index 0c21686b..03bdcd50 100644 --- a/terraform/app/prd.tfvars +++ b/terraform/app/prd.tfvars @@ -1,4 +1,5 @@ -env = "prd" +env = "prd" +aws_account_id = "539738229445" # image_tag provided by pipeline (or user) codedeploy_termination_wait_time = 0 # You probably want to change this to 15 when your service is really prd diff --git a/terraform/app/stg.s3.tfbackend b/terraform/app/stg.s3.tfbackend deleted file mode 100644 index 7bd08010..00000000 --- a/terraform/app/stg.s3.tfbackend +++ /dev/null @@ -1,3 +0,0 @@ -bucket = "terraform-state-storage-977306314792" -dynamodb_table = "terraform-state-lock-977306314792" -key = "hw-fargate-api/stg/app.tfstate" diff --git a/terraform/app/stg.tfvars b/terraform/app/stg.tfvars index 657a033c..ec4fc212 100644 --- a/terraform/app/stg.tfvars +++ b/terraform/app/stg.tfvars @@ -1,4 +1,5 @@ -env = "stg" +env = "stg" +aws_account_id = "977306314792" # image_tag provided by pipeline (or user) codedeploy_termination_wait_time = 0 diff --git a/terraform/setup/.terraform.lock.hcl b/terraform/setup/.terraform.lock.hcl index 70fead6f..83d5cd28 100644 --- a/terraform/setup/.terraform.lock.hcl +++ b/terraform/setup/.terraform.lock.hcl @@ -1,45 +1,38 @@ -# This file is maintained automatically by "terraform init". +# This file is maintained automatically by "tofu init". # Manual edits may be lost in future updates. -provider "registry.terraform.io/hashicorp/aws" { - version = "5.33.0" - constraints = ">= 3.0.0, >= 4.0.0, >= 4.2.0, ~> 5.33" +provider "registry.opentofu.org/hashicorp/aws" { + version = "5.55.0" + constraints = ">= 3.0.0, >= 4.0.0, >= 4.2.0, ~> 5.55" hashes = [ - "h1:kPm7PkwHh6tZ74pUj5C/QRPtauxdnzrEG2yhCJla/4o=", - "zh:10bb683f2a9306e881f51a971ad3b2bb654ac94b54945dd63769876a343b5b04", - "zh:3916406db958d5487ea0c2d2320012d1907c29e6d01bf693560fe05e38ee0601", - "zh:3cb54b76b2f9e30620f3281ab7fb20633b1e4584fc84cc4ecd5752546252e86f", - "zh:513bcfd6971482215c5d64725189f875cbcbd260c6d11f0da4d66321efd93a92", - "zh:545a34427ebe7a950056627e7c980c9ba16318bf086d300eb808ffc41c52b7a8", - "zh:5a44b90faf1c8e8269f389c04bfac25ad4766d26360e7f7ac371be12a442981c", - "zh:64e1ef83162f78538dccad8b035577738851395ba774d6919cb21eb465a21e3a", - "zh:7315c70cb6b7f975471ea6129474639a08c58c071afc95a36cfaa41a13ae7fb9", - "zh:9806faae58938d638b757f54414400be998dddb45edfd4a29c85e827111dc93d", - "zh:997fa2e2db242354d9f772fba7eb17bd6d18d28480291dd93f85a18ca0a67ac2", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:9f9e076b7e9752971f39eead6eda69df1c5e890c82ba2ca95f56974af7adfe79", - "zh:b1d6af047f96de7f97d38b685654f1aed4356d5060b0e696d87d0270f5d49f75", - "zh:bfb0654b6f34398aeffdf907b744af06733d168db610a2c5747263380f817ac7", - "zh:e25203ee8cedccf60bf450950d533d3c172509bda8af97dbc3bc817d2a503c57", + "h1:Ke5JQfn+3DhBsXJomeYXX4DECk6H14jtlFDdZ75fiSM=", + "zh:5f3b59c7c66ee0cd2de72e3cece150bc6c15d4b5cef7f477b5edc8e2cf4a1a4d", + "zh:83c4869bd79df190290462531912c71ac44378bce006c0e0642b7bf7a0515d25", + "zh:87bcf0a21810867c0d30e526b9f9e78bc4ac503f3eb699de1d31c3d59d01006e", + "zh:c6a941a9c3fd3a91e2cb6a0987838659ed002cf0a0bbcb4b9471415cdf5c3540", + "zh:c6abf77975feb99a2fc5ff86477d7d173a10d07daa4cebbcb46944aa76ce2754", + "zh:c7d215071cd6afcb6d11befd95214cda9013402ed739707fcdbc55928b0a1d5d", + "zh:d21cf10a39552e6e2df4f55c6d7426befdc8a94d1d471b9eccf567ccfbd42497", + "zh:decd64542e1183fc32227dd1faaca79926035ca8d332b085d9ca8874432ad4f3", + "zh:e5677331ebeee0ae8cbca33323c6aff401875f41e4ce1d7a2afefae5752d27d0", + "zh:fb932872eab2e6d96332ef306c6562ca721ca78164fad109945de48f50465d25", ] } -provider "registry.terraform.io/hashicorp/local" { - version = "2.4.1" - constraints = "~> 2.4" +provider "registry.opentofu.org/hashicorp/local" { + version = "2.5.1" + constraints = "~> 2.5" hashes = [ - "h1:gpp25uNkYJYzJVnkyRr7RIBVfwLs9GSq2HNnFpTRBg0=", - "zh:244b445bf34ddbd167731cc6c6b95bbed231dc4493f8cc34bd6850cfe1f78528", - "zh:3c330bdb626123228a0d1b1daa6c741b4d5d484ab1c7ae5d2f48d4c9885cc5e9", - "zh:5ff5f9b791ddd7557e815449173f2db38d338e674d2d91800ac6e6d808de1d1d", - "zh:70206147104f4bf26ae67d730c995772f85bf23e28c2c2e7612c74f4dae3c46f", - "zh:75029676993accd6bef933c196b2fad51a9ec8a69a847dbbe96ec8ebf7926cdc", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7d48d5999fe1fcdae9295a7c3448ac1541f5a24c474bd82df6d4fa3732483f2b", - "zh:b766b38b027f0f84028244d1c2f990431a37d4fc3ac645962924554016507e77", - "zh:bfc7ad301dada204cf51c59d8bd6a9a87de5fddb42190b4d6ba157d6e08a1f10", - "zh:c902b527702a8c5e2c25a6637d07bbb1690cb6c1e63917a5f6dc460efd18d43f", - "zh:d68ae0e1070cf429c46586bc87580c3ed113f76241da2b6e4f1a8348126b3c46", - "zh:f4903fd89f7c92a346ae9e666c2d0b6884c4474ae109e9b4bd15e7efaa4bfc29", + "h1:IAqLUucFw7Q7R4r+buIJ1AjsDtIX5i3xGYItI4+t07E=", + "zh:031c2c2070672b7e78e0aa15560839278dc57fe7cf1e58a617ac13c67b31d5fb", + "zh:1ef64ea4f8382cd538a76f3d319f405d18130dc3280f1c16d6aaa52a188ecaa4", + "zh:422ce45691b2f384dbd4596fdc8209d95cb43d85a82aaa0173089d38976d6e96", + "zh:7415fbd8da72d9363ba55dd8115837714f9534f5a9a518ec42268c2da1b9ed2f", + "zh:92aa22d071339c8ef595f18a9f9245c287266c80689f5746b26e10eaed04d542", + "zh:9cd0d99f5d3be835d6336c19c4057af6274e193e677ecf6370e5b0de12b4aafe", + "zh:a8c1525b389be5809a97f02aa7126e491ba518f97f57ed3095a3992f2134bb8f", + "zh:b336fa75f72643154b07c09b3968e417a41293358a54fe03efc0db715c5451e6", + "zh:c66529133599a419123ad2e42874afbd9aba82bd1de2b15cc68d2a1e665d4c8e", + "zh:c7568f75ba6cb7c3660b69eaab8b0e4278533bd9a7a4c33ee6590cc7e69743ea", ] } diff --git a/terraform/setup/cpy.s3.tfbackend b/terraform/setup/cpy.s3.tfbackend deleted file mode 100644 index 5d308050..00000000 --- a/terraform/setup/cpy.s3.tfbackend +++ /dev/null @@ -1,3 +0,0 @@ -bucket = "terraform-state-storage-539738229445" -dynamodb_table = "terraform-state-lock-539738229445" -key = "hw-fargate-api/cpy/setup.tfstate" \ No newline at end of file diff --git a/terraform/setup/cpy.tfvars b/terraform/setup/cpy.tfvars new file mode 100644 index 00000000..1b35a614 --- /dev/null +++ b/terraform/setup/cpy.tfvars @@ -0,0 +1,2 @@ +env = "cpy" +aws_account_id = "539738229445" diff --git a/terraform/setup/dev.s3.tfbackend b/terraform/setup/dev.s3.tfbackend deleted file mode 100644 index 9715ad9d..00000000 --- a/terraform/setup/dev.s3.tfbackend +++ /dev/null @@ -1,3 +0,0 @@ -bucket = "terraform-state-storage-977306314792" -dynamodb_table = "terraform-state-lock-977306314792" -key = "hw-fargate-api/dev/setup.tfstate" diff --git a/terraform/setup/dev.tfvars b/terraform/setup/dev.tfvars new file mode 100644 index 00000000..f00c1e62 --- /dev/null +++ b/terraform/setup/dev.tfvars @@ -0,0 +1,2 @@ +env = "dev" +aws_account_id = "977306314792" diff --git a/terraform/setup/prd.s3.tfbackend b/terraform/setup/prd.s3.tfbackend deleted file mode 100644 index 1e5d70c3..00000000 --- a/terraform/setup/prd.s3.tfbackend +++ /dev/null @@ -1,3 +0,0 @@ -bucket = "terraform-state-storage-539738229445" -dynamodb_table = "terraform-state-lock-539738229445" -key = "hw-fargate-api/prd/setup.tfstate" diff --git a/terraform/setup/prd.tfvars b/terraform/setup/prd.tfvars new file mode 100644 index 00000000..c1e37564 --- /dev/null +++ b/terraform/setup/prd.tfvars @@ -0,0 +1,2 @@ +env = "prd" +aws_account_id = "539738229445" diff --git a/terraform/setup/setup.tf b/terraform/setup/setup.tf index 9939e4c6..1e43711b 100644 --- a/terraform/setup/setup.tf +++ b/terraform/setup/setup.tf @@ -1,19 +1,20 @@ terraform { required_version = "~> 1.8" backend "s3" { - # The rest of the backend config is passed in - # https://developer.hashicorp.com/terraform/language/settings/backends/configuration#partial-configuration - encrypt = true - region = "us-west-2" + bucket = "terraform-state-storage-${var.aws_account_id}" + dynamodb_table = "terraform-state-lock-${var.aws_account_id}" + key = "${local.name}/${var.env}/setup.tfstate" + encrypt = true + region = "us-west-2" } required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.65" + version = "~> 5.55" } local = { source = "hashicorp/local" - version = "~> 2.4" + version = "~> 2.5" } } } @@ -37,6 +38,11 @@ variable "env" { description = "Environment: dev, stg, cpy, or prd" } +variable "aws_account_id" { + type = string + description = "The 12-digit number that uniquely identifies an AWS account." +} + variable "some_secret" { type = string description = "Some secret string that will be stored in SSM and mounted into the Fargate Tasks as an environment variable" diff --git a/terraform/setup/stg.s3.tfbackend b/terraform/setup/stg.s3.tfbackend deleted file mode 100644 index fb9b5d6d..00000000 --- a/terraform/setup/stg.s3.tfbackend +++ /dev/null @@ -1,3 +0,0 @@ -bucket = "terraform-state-storage-977306314792" -dynamodb_table = "terraform-state-lock-977306314792" -key = "hw-fargate-api/stg/setup.tfstate" diff --git a/terraform/setup/stg.tfvars b/terraform/setup/stg.tfvars new file mode 100644 index 00000000..a53ccc4d --- /dev/null +++ b/terraform/setup/stg.tfvars @@ -0,0 +1,2 @@ +env = "stg" +aws_account_id = "977306314792" From b1494e569b84e84e18b2adaa046f772df07a6f78 Mon Sep 17 00:00:00 2001 From: Gary Crye Date: Tue, 25 Jun 2024 09:17:35 -0600 Subject: [PATCH 08/14] Make it slightly harder to deploy to incorrect AWS accounts --- terraform/app/main.tf | 2 ++ terraform/setup/setup.tf | 2 ++ 2 files changed, 4 insertions(+) diff --git a/terraform/app/main.tf b/terraform/app/main.tf index ad5bed74..bb11e5a0 100644 --- a/terraform/app/main.tf +++ b/terraform/app/main.tf @@ -22,6 +22,8 @@ terraform { provider "aws" { region = "us-west-2" + allowed_account_ids = [var.aws_account_id] + default_tags { tags = { app = local.name diff --git a/terraform/setup/setup.tf b/terraform/setup/setup.tf index 1e43711b..ee9e1cd8 100644 --- a/terraform/setup/setup.tf +++ b/terraform/setup/setup.tf @@ -22,6 +22,8 @@ terraform { provider "aws" { region = "us-west-2" + allowed_account_ids = [var.aws_account_id] + default_tags { tags = { app = local.name From 6ed12dab16fa19a312dfe12f6c8d9c8612b803b5 Mon Sep 17 00:00:00 2001 From: Gary Crye Date: Tue, 25 Jun 2024 10:06:44 -0600 Subject: [PATCH 09/14] Fix to use `-var-file` on `tofu init` --- .github/workflows/ci-iac.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-iac.yml b/.github/workflows/ci-iac.yml index a264cabc..1d0f7616 100644 --- a/.github/workflows/ci-iac.yml +++ b/.github/workflows/ci-iac.yml @@ -113,7 +113,7 @@ jobs: - name: Terraform Init working-directory: terraform/app - run: tofu init -backend-config=${{ matrix.env.environment_name }}.s3.tfbackend + run: tofu init -var-file=${{ matrix.env.environment_name }}.tfvars - name: Terraform Plan working-directory: terraform/app From ec5744f207ae8ce33977e41a4f236c85346998e1 Mon Sep 17 00:00:00 2001 From: Gary Crye Date: Tue, 25 Jun 2024 11:35:03 -0600 Subject: [PATCH 10/14] Test CI using `byu-oit/github-action-tf-plan-comment@support-tofu` --- .github/workflows/ci-iac.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-iac.yml b/.github/workflows/ci-iac.yml index 1d0f7616..f2003d71 100644 --- a/.github/workflows/ci-iac.yml +++ b/.github/workflows/ci-iac.yml @@ -120,7 +120,7 @@ jobs: run: tofu plan -var-file=${{ matrix.env.environment_name }}.tfvars -var 'image_tag=ci_test' -input=false -out plan -lock=false - name: Comment Terraform Plan - uses: byu-oit/github-action-tf-plan-comment@v1 + uses: byu-oit/github-action-tf-plan-comment@support-tofu with: github-token: ${{ secrets.GITHUB_TOKEN }} working-directory: terraform/app From c321e27e4a36f7da143058cbe9d4ca45ab62a7f1 Mon Sep 17 00:00:00 2001 From: Gary Crye Date: Tue, 25 Jun 2024 13:45:22 -0600 Subject: [PATCH 11/14] Use byu-oit/github-action-tf-plan-comment@v1 now that it supports Tofu --- .github/workflows/ci-iac.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-iac.yml b/.github/workflows/ci-iac.yml index f2003d71..1d0f7616 100644 --- a/.github/workflows/ci-iac.yml +++ b/.github/workflows/ci-iac.yml @@ -120,7 +120,7 @@ jobs: run: tofu plan -var-file=${{ matrix.env.environment_name }}.tfvars -var 'image_tag=ci_test' -input=false -out plan -lock=false - name: Comment Terraform Plan - uses: byu-oit/github-action-tf-plan-comment@support-tofu + uses: byu-oit/github-action-tf-plan-comment@v1 with: github-token: ${{ secrets.GITHUB_TOKEN }} working-directory: terraform/app From 24129e05c00445a416f7c2da101a83b9d63aefe9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 23:23:40 +0000 Subject: [PATCH 12/14] Bump terraform-aws-modules/iam/aws in /terraform-iac/dev/setup Bumps [terraform-aws-modules/iam/aws](https://github.com/terraform-aws-modules/terraform-aws-iam) from 5.41.0 to 5.42.0. - [Release notes](https://github.com/terraform-aws-modules/terraform-aws-iam/releases) - [Changelog](https://github.com/terraform-aws-modules/terraform-aws-iam/blob/master/CHANGELOG.md) - [Commits](https://github.com/terraform-aws-modules/terraform-aws-iam/compare/v5.41.0...v5.42.0) --- updated-dependencies: - dependency-name: terraform-aws-modules/iam/aws dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- terraform-iac/modules/setup/setup.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform-iac/modules/setup/setup.tf b/terraform-iac/modules/setup/setup.tf index 5ab88ab4..aaf7f788 100644 --- a/terraform-iac/modules/setup/setup.tf +++ b/terraform-iac/modules/setup/setup.tf @@ -29,7 +29,7 @@ module "my_ecr" { module "gha_role" { source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc" - version = "5.41.0" + version = "5.42.0" create_role = true role_name = "${local.name}-${var.env}-gha" provider_url = module.acs.github_oidc_provider.url From 60d2152ea0d82ffbcf5ed2992403e02e0e1d78e3 Mon Sep 17 00:00:00 2001 From: Gary Crye Date: Tue, 30 Jul 2024 13:31:06 -0600 Subject: [PATCH 13/14] Use OpenTofu v1.8.0 (non-alpha release) --- .github/workflows/ci-iac.yml | 2 +- .github/workflows/deploy.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci-iac.yml b/.github/workflows/ci-iac.yml index 1d0f7616..b659f79d 100644 --- a/.github/workflows/ci-iac.yml +++ b/.github/workflows/ci-iac.yml @@ -9,7 +9,7 @@ on: - '.github/workflows/ci-iac.yml' env: - tf_version: "1.8.0-alpha1" # must match value in terraform/app/main.tf + tf_version: "1.8.0" # must match value in terraform/app/main.tf jobs: env: diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 0d42e6f4..17fe1e93 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -10,7 +10,7 @@ on: - '.gitignore' env: node_version: "18.x" - tf_version: "1.8.0-alpha1" # must match value in terraform/app/main.tf + tf_version: "1.8.0" # must match value in terraform/app/main.tf FORCE_COLOR: 3 concurrency: ${{ github.ref }} jobs: From 25f73f669459b7396d6e929117a5a3660df38ced Mon Sep 17 00:00:00 2001 From: Gary Crye Date: Thu, 10 Oct 2024 11:26:40 -0600 Subject: [PATCH 14/14] Bump TF providers --- terraform/app/.terraform.lock.hcl | 50 ++++++++++++++--------------- terraform/app/main.tf | 4 +-- terraform/setup/.terraform.lock.hcl | 50 ++++++++++++++--------------- terraform/setup/setup.tf | 6 ++-- 4 files changed, 55 insertions(+), 55 deletions(-) diff --git a/terraform/app/.terraform.lock.hcl b/terraform/app/.terraform.lock.hcl index 5e8eca0f..68d3c8c8 100644 --- a/terraform/app/.terraform.lock.hcl +++ b/terraform/app/.terraform.lock.hcl @@ -2,37 +2,37 @@ # Manual edits may be lost in future updates. provider "registry.opentofu.org/hashicorp/aws" { - version = "5.55.0" - constraints = ">= 4.0.0, >= 4.2.0, ~> 5.55" + version = "5.70.0" + constraints = ">= 4.0.0, >= 4.2.0, ~> 5.70" hashes = [ - "h1:Ke5JQfn+3DhBsXJomeYXX4DECk6H14jtlFDdZ75fiSM=", - "zh:5f3b59c7c66ee0cd2de72e3cece150bc6c15d4b5cef7f477b5edc8e2cf4a1a4d", - "zh:83c4869bd79df190290462531912c71ac44378bce006c0e0642b7bf7a0515d25", - "zh:87bcf0a21810867c0d30e526b9f9e78bc4ac503f3eb699de1d31c3d59d01006e", - "zh:c6a941a9c3fd3a91e2cb6a0987838659ed002cf0a0bbcb4b9471415cdf5c3540", - "zh:c6abf77975feb99a2fc5ff86477d7d173a10d07daa4cebbcb46944aa76ce2754", - "zh:c7d215071cd6afcb6d11befd95214cda9013402ed739707fcdbc55928b0a1d5d", - "zh:d21cf10a39552e6e2df4f55c6d7426befdc8a94d1d471b9eccf567ccfbd42497", - "zh:decd64542e1183fc32227dd1faaca79926035ca8d332b085d9ca8874432ad4f3", - "zh:e5677331ebeee0ae8cbca33323c6aff401875f41e4ce1d7a2afefae5752d27d0", - "zh:fb932872eab2e6d96332ef306c6562ca721ca78164fad109945de48f50465d25", + "h1:BK3oUZ53otmfH2H018+RwBUr49+Iy3TATa1Bk++O9u4=", + "zh:13e157acaa5717e9c1fef052abc84cdf9d5ba96ca0a4b79150b09b2770f3c1e8", + "zh:157ec2424b34ba3a2208ce39763528131d5600daffd72e8f47b08cbd7feebbd4", + "zh:2ab7fc0ad9b5acebd43214f2decd2c1ce3ffb620f48e57ff32dd424bdbd27c75", + "zh:470934c4f5b4c311b06c365bc6894748b1ea4b3e1e38ffe7a8038a29c3264b03", + "zh:47eba28f2c35d71d73dd2d0c2a09c89bdcc99136a5484904b59cc9c299f1a5aa", + "zh:59894534729ed071176f794d25d1cb7aecdcffd6825fbb6100e815ba6e12ec10", + "zh:72f9efbb883adaaef777c49d4768e08a922e9c75130665fa029f9eb1f350f839", + "zh:89464abba42f916af58cd204915db81a9f329d5df584813eac7bf3cf610bfcac", + "zh:c101a307d4cc21d2def1040aef5c07e1b3677eafc182cf3ba23ec506b1137b5e", + "zh:cad9a818e27739e0dcfb78c9170ce5e1b4619d48be7ec529618198633ec5bb63", ] } provider "registry.opentofu.org/hashicorp/local" { - version = "2.5.1" + version = "2.5.2" constraints = "~> 2.5" hashes = [ - "h1:IAqLUucFw7Q7R4r+buIJ1AjsDtIX5i3xGYItI4+t07E=", - "zh:031c2c2070672b7e78e0aa15560839278dc57fe7cf1e58a617ac13c67b31d5fb", - "zh:1ef64ea4f8382cd538a76f3d319f405d18130dc3280f1c16d6aaa52a188ecaa4", - "zh:422ce45691b2f384dbd4596fdc8209d95cb43d85a82aaa0173089d38976d6e96", - "zh:7415fbd8da72d9363ba55dd8115837714f9534f5a9a518ec42268c2da1b9ed2f", - "zh:92aa22d071339c8ef595f18a9f9245c287266c80689f5746b26e10eaed04d542", - "zh:9cd0d99f5d3be835d6336c19c4057af6274e193e677ecf6370e5b0de12b4aafe", - "zh:a8c1525b389be5809a97f02aa7126e491ba518f97f57ed3095a3992f2134bb8f", - "zh:b336fa75f72643154b07c09b3968e417a41293358a54fe03efc0db715c5451e6", - "zh:c66529133599a419123ad2e42874afbd9aba82bd1de2b15cc68d2a1e665d4c8e", - "zh:c7568f75ba6cb7c3660b69eaab8b0e4278533bd9a7a4c33ee6590cc7e69743ea", + "h1:BUewjbhAQWuGHH36SozCTuESFJhbiHMaCFLnVVNZ1Es=", + "zh:25b95b76ceaa62b5c95f6de2fa6e6242edbf51e7fc6c057b7f7101aa4081f64f", + "zh:3c974fdf6b42ca6f93309cf50951f345bfc5726ec6013b8832bcd3be0eb3429e", + "zh:5de843bf6d903f5cca97ce1061e2e06b6441985c68d013eabd738a9e4b828278", + "zh:86beead37c7b4f149a54d2ae633c99ff92159c748acea93ff0f3603d6b4c9f4f", + "zh:8e52e81d3dc50c3f79305d257da7fde7af634fed65e6ab5b8e214166784a720e", + "zh:9882f444c087c69559873b2d72eec406a40ede21acb5ac334d6563bf3a2387df", + "zh:a4484193d110da4a06c7bffc44cc6b61d3b5e881cd51df2a83fdda1a36ea25d2", + "zh:a53342426d173e29d8ee3106cb68abecdf4be301a3f6589e4e8d42015befa7da", + "zh:d25ef2aef6a9004363fc6db80305d30673fc1f7dd0b980d41d863b12dacd382a", + "zh:fa2d522fb323e2121f65b79709fd596514b293d816a1d969af8f72d108888e4c", ] } diff --git a/terraform/app/main.tf b/terraform/app/main.tf index bb11e5a0..8d9bf7ab 100644 --- a/terraform/app/main.tf +++ b/terraform/app/main.tf @@ -10,7 +10,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 5.55" + version = "~> 5.70" } local = { source = "hashicorp/local" @@ -76,7 +76,7 @@ data "aws_ecr_repository" "my_ecr_repo" { } module "acs" { - source = "github.com/byu-oit/terraform-aws-acs-info?ref=v4.0.0" + source = "github.com/byu-oit/terraform-aws-acs-info?ref=v4.1.0" } module "my_fargate_api" { diff --git a/terraform/setup/.terraform.lock.hcl b/terraform/setup/.terraform.lock.hcl index 83d5cd28..80e8a854 100644 --- a/terraform/setup/.terraform.lock.hcl +++ b/terraform/setup/.terraform.lock.hcl @@ -2,37 +2,37 @@ # Manual edits may be lost in future updates. provider "registry.opentofu.org/hashicorp/aws" { - version = "5.55.0" - constraints = ">= 3.0.0, >= 4.0.0, >= 4.2.0, ~> 5.55" + version = "5.70.0" + constraints = ">= 3.0.0, >= 4.0.0, >= 4.2.0, ~> 5.70" hashes = [ - "h1:Ke5JQfn+3DhBsXJomeYXX4DECk6H14jtlFDdZ75fiSM=", - "zh:5f3b59c7c66ee0cd2de72e3cece150bc6c15d4b5cef7f477b5edc8e2cf4a1a4d", - "zh:83c4869bd79df190290462531912c71ac44378bce006c0e0642b7bf7a0515d25", - "zh:87bcf0a21810867c0d30e526b9f9e78bc4ac503f3eb699de1d31c3d59d01006e", - "zh:c6a941a9c3fd3a91e2cb6a0987838659ed002cf0a0bbcb4b9471415cdf5c3540", - "zh:c6abf77975feb99a2fc5ff86477d7d173a10d07daa4cebbcb46944aa76ce2754", - "zh:c7d215071cd6afcb6d11befd95214cda9013402ed739707fcdbc55928b0a1d5d", - "zh:d21cf10a39552e6e2df4f55c6d7426befdc8a94d1d471b9eccf567ccfbd42497", - "zh:decd64542e1183fc32227dd1faaca79926035ca8d332b085d9ca8874432ad4f3", - "zh:e5677331ebeee0ae8cbca33323c6aff401875f41e4ce1d7a2afefae5752d27d0", - "zh:fb932872eab2e6d96332ef306c6562ca721ca78164fad109945de48f50465d25", + "h1:BK3oUZ53otmfH2H018+RwBUr49+Iy3TATa1Bk++O9u4=", + "zh:13e157acaa5717e9c1fef052abc84cdf9d5ba96ca0a4b79150b09b2770f3c1e8", + "zh:157ec2424b34ba3a2208ce39763528131d5600daffd72e8f47b08cbd7feebbd4", + "zh:2ab7fc0ad9b5acebd43214f2decd2c1ce3ffb620f48e57ff32dd424bdbd27c75", + "zh:470934c4f5b4c311b06c365bc6894748b1ea4b3e1e38ffe7a8038a29c3264b03", + "zh:47eba28f2c35d71d73dd2d0c2a09c89bdcc99136a5484904b59cc9c299f1a5aa", + "zh:59894534729ed071176f794d25d1cb7aecdcffd6825fbb6100e815ba6e12ec10", + "zh:72f9efbb883adaaef777c49d4768e08a922e9c75130665fa029f9eb1f350f839", + "zh:89464abba42f916af58cd204915db81a9f329d5df584813eac7bf3cf610bfcac", + "zh:c101a307d4cc21d2def1040aef5c07e1b3677eafc182cf3ba23ec506b1137b5e", + "zh:cad9a818e27739e0dcfb78c9170ce5e1b4619d48be7ec529618198633ec5bb63", ] } provider "registry.opentofu.org/hashicorp/local" { - version = "2.5.1" + version = "2.5.2" constraints = "~> 2.5" hashes = [ - "h1:IAqLUucFw7Q7R4r+buIJ1AjsDtIX5i3xGYItI4+t07E=", - "zh:031c2c2070672b7e78e0aa15560839278dc57fe7cf1e58a617ac13c67b31d5fb", - "zh:1ef64ea4f8382cd538a76f3d319f405d18130dc3280f1c16d6aaa52a188ecaa4", - "zh:422ce45691b2f384dbd4596fdc8209d95cb43d85a82aaa0173089d38976d6e96", - "zh:7415fbd8da72d9363ba55dd8115837714f9534f5a9a518ec42268c2da1b9ed2f", - "zh:92aa22d071339c8ef595f18a9f9245c287266c80689f5746b26e10eaed04d542", - "zh:9cd0d99f5d3be835d6336c19c4057af6274e193e677ecf6370e5b0de12b4aafe", - "zh:a8c1525b389be5809a97f02aa7126e491ba518f97f57ed3095a3992f2134bb8f", - "zh:b336fa75f72643154b07c09b3968e417a41293358a54fe03efc0db715c5451e6", - "zh:c66529133599a419123ad2e42874afbd9aba82bd1de2b15cc68d2a1e665d4c8e", - "zh:c7568f75ba6cb7c3660b69eaab8b0e4278533bd9a7a4c33ee6590cc7e69743ea", + "h1:BUewjbhAQWuGHH36SozCTuESFJhbiHMaCFLnVVNZ1Es=", + "zh:25b95b76ceaa62b5c95f6de2fa6e6242edbf51e7fc6c057b7f7101aa4081f64f", + "zh:3c974fdf6b42ca6f93309cf50951f345bfc5726ec6013b8832bcd3be0eb3429e", + "zh:5de843bf6d903f5cca97ce1061e2e06b6441985c68d013eabd738a9e4b828278", + "zh:86beead37c7b4f149a54d2ae633c99ff92159c748acea93ff0f3603d6b4c9f4f", + "zh:8e52e81d3dc50c3f79305d257da7fde7af634fed65e6ab5b8e214166784a720e", + "zh:9882f444c087c69559873b2d72eec406a40ede21acb5ac334d6563bf3a2387df", + "zh:a4484193d110da4a06c7bffc44cc6b61d3b5e881cd51df2a83fdda1a36ea25d2", + "zh:a53342426d173e29d8ee3106cb68abecdf4be301a3f6589e4e8d42015befa7da", + "zh:d25ef2aef6a9004363fc6db80305d30673fc1f7dd0b980d41d863b12dacd382a", + "zh:fa2d522fb323e2121f65b79709fd596514b293d816a1d969af8f72d108888e4c", ] } diff --git a/terraform/setup/setup.tf b/terraform/setup/setup.tf index e3e82440..0479ca8b 100644 --- a/terraform/setup/setup.tf +++ b/terraform/setup/setup.tf @@ -10,7 +10,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 5.55" + version = "~> 5.70" } local = { source = "hashicorp/local" @@ -57,7 +57,7 @@ locals { } module "acs" { - source = "github.com/byu-oit/terraform-aws-acs-info?ref=v4.0.0" + source = "github.com/byu-oit/terraform-aws-acs-info?ref=v4.1.0" } resource "aws_ssm_parameter" "some_secret" { @@ -73,7 +73,7 @@ module "my_ecr" { module "gha_role" { source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc" - version = "5.42.0" + version = "5.46.0" create_role = true role_name = "${local.name}-${var.env}-gha" provider_url = module.acs.github_oidc_provider.url