Skip to content

Commit

Permalink
update oidc branch based on a simplified ecs module
Browse files Browse the repository at this point in the history
  • Loading branch information
alismx committed Sep 4, 2024
1 parent 768cf52 commit ba1bc44
Show file tree
Hide file tree
Showing 9 changed files with 467 additions and 130 deletions.
2 changes: 1 addition & 1 deletion terraform/implementation/ecs/ecs.sh
Original file line number Diff line number Diff line change
Expand Up @@ -145,5 +145,5 @@ fi
if [ "$CI" = false ]; then
terraform apply -var-file="$ENVIRONMENT.tfvars"
else
terraform apply -auto-approve -var-file="$ENVIRONMENT.tfvars"
terraform destroy -auto-approve -var-file="$ENVIRONMENT.tfvars"
fi
126 changes: 0 additions & 126 deletions terraform/implementation/setup/iam.tf

This file was deleted.

20 changes: 18 additions & 2 deletions terraform/implementation/setup/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,22 @@ provider "aws" {
}
}

# GitHub OIDC for prod
module "oidc" {
source = "../../modules/oidc"

# The github repo that will be used for OIDC
oidc_github_repo = var.oidc_github_repo

# These variables must match the values that you'll be using for your ECS module call in the /ecs module
region = var.region
owner = var.owner
project = var.project

# This variable must match the name of the terraform workspace that you'll be using for your ECS module call in the /ecs module
workspace = "prod"
}

resource "random_string" "setup" {
length = 8
special = false
Expand Down Expand Up @@ -69,7 +85,7 @@ resource "local_file" "setup_env" {
BUCKET="${aws_s3_bucket.tfstate.bucket}"
DYNAMODB_TABLE="${aws_dynamodb_table.tfstate_lock.id}"
REGION="${var.region}"
TERRAFORM_ROLE="${aws_iam_role.github.arn}"
TERRAFORM_ROLE="${module.oidc.role.arn}"
EOT
filename = ".env"
}
Expand All @@ -79,7 +95,7 @@ resource "local_file" "ecs_env" {
BUCKET="${aws_s3_bucket.tfstate.bucket}"
DYNAMODB_TABLE="${aws_dynamodb_table.tfstate_lock.id}"
REGION="${var.region}"
TERRAFORM_ROLE="${aws_iam_role.github.arn}"
TERRAFORM_ROLE="${module.oidc.role.arn}"
EOT
filename = "../ecs/.env"
}
2 changes: 1 addition & 1 deletion terraform/implementation/setup/setup.sh
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ if ! grep -q "region" "$WORKSPACE.tfvars"; then
fi

if ! grep -q "oidc_github_repo" "$WORKSPACE.tfvars"; then
read -p "Are you using GitHub for your source control? (y/n): " github_choice
read -p "Do you want to setup a GitHub IODC role? (y/n): " github_choice
if [[ "$github_choice" =~ ^[Yy]$ ]]; then
read -p "What is the organization/repo value for assume role? ( default=\"\" ): " repo_choice
repo_choice=${repo_choice:-""}
Expand Down
Loading

0 comments on commit ba1bc44

Please sign in to comment.