updating

image-pipeline.tf

@@ -25,22 +25,19 @@ module "image_pipeline_repos" {
   force_name             = true
   create_codeowners      = false
   enforce_prs            = true
-  collaborators          = merge(local.collaborators, { garri325 = "admin" })
+  collaborators          = local.collaborators
   pull_request_bypassers = local.pull_request_bypassers
-  vars = [
-    {
-      name  = "AWS_ACCESS_KEY_ID",
-      value = module.aws_session_configuration.iam_credentials.iam_access_key_id
-    },
+  secrets = [
+    for secret in [for secret in local.secrets : secret if secret != "AWS_ACCESS_KEY_ID"] :
     {
-      name  = "AWS_DEFAULT_REGION",
-      value = data.aws_region.current.name
+      name  = replace(secret, "GITHUB", "GH")
+      value = lookup(module.env_var, secret).value
     }
   ]
-  secrets = [
+  vars = [
     {
-      name  = "AWS_SECRET_ACCESS_KEY"
-      value = module.aws_session_configuration.iam_credentials.iam_secret_access_key
+      name  = "AWS_ACCESS_KEY_ID"
+      value = lookup(module.env_var, "AWS_ACCESS_KEY_ID").value
     }
   ]
   managed_extra_files = [
@@ -90,24 +87,17 @@ module "aws_image_pipeline" {
   enforce_prs            = true
   collaborators          = local.collaborators
   pull_request_bypassers = local.pull_request_bypassers
-  vars = [
-    {
-      name  = "terraform_version"
-      value = "1.9.1"
-    },
-    {
-      name  = "AWS_ACCESS_KEY_ID",
-      value = module.aws_session_configuration.iam_credentials.iam_access_key_id
-    },
+  secrets = [
+    for secret in [for secret in local.secrets : secret if secret != "AWS_ACCESS_KEY_ID"] :
     {
-      name  = "AWS_DEFAULT_REGION",
-      value = data.aws_region.current.name
+      name  = replace(secret, "GITHUB", "GH")
+      value = lookup(module.env_var, secret).value
     }
   ]
-  secrets = [
+  vars = [
     {
-      name  = "AWS_SECRET_ACCESS_KEY"
-      value = module.aws_session_configuration.iam_credentials.iam_secret_access_key
+      name  = "AWS_ACCESS_KEY_ID"
+      value = lookup(module.env_var, "AWS_ACCESS_KEY_ID").value
     }
   ]
   managed_extra_files = [
@@ -157,6 +147,18 @@ module "terraform_aws_image_pipeline" {
     {
       name  = "terraform_version"
       value = "1.9.1"
+    },
+    {
+      name  = "AWS_ACCESS_KEY_ID"
+      value = lookup(module.env_var, "AWS_ACCESS_KEY_ID").value
+    }
+
+  ]
+  secrets = [
+    for secret in [for secret in local.secrets : secret if secret != "AWS_ACCESS_KEY_ID"] :
+    {
+      name  = replace(secret, "GITHUB", "GH")
+      value = lookup(module.env_var, secret).value
     }
   ]
   managed_extra_files = [

main.tf

@@ -47,7 +47,7 @@ module "automation-repos" {
   collaborators          = local.collaborators
   pull_request_bypassers = local.pull_request_bypassers
 }
-  
+
 # centralized-actions
 module "centralized-actions" {
   source = "HappyPathway/repo/github"
@@ -65,7 +65,7 @@ module "centralized-actions" {
   pull_request_bypassers = local.pull_request_bypassers
   github_is_private      = false
 }
-  
+
 # terraform-github-repo
 module "terraform-github-repo" {
   source = "git@github.e.it.census.gov:CSVD/terraform-github-repo"

sandbox.tf

@@ -18,7 +18,7 @@ module "sandbox" {
   github_is_private = false
   create_codeowners = false
   enforce_prs       = false
-  collaborators     = {"arnol377": "admin"}
+  collaborators     = { "arnol377" : "admin" }
   managed_extra_files = [
     {
       path = ".github/workflows/terraform-plan.yaml"

variables.tf

@@ -1,3 +1,3 @@
-variable image_pipeline_workflows {
+variable "image_pipeline_workflows" {
   type = map(string)
 }

workflows/goss-testing.yaml

@@ -16,7 +16,7 @@ jobs:
     env:
       AWS_SECRET_ACCESS_KEY: "$${{ secrets.AWS_SECRET_ACCESS_KEY }}"
       AWS_ACCESS_KEY_ID: "$${{ vars.AWS_ACCESS_KEY_ID }}"
-      AWS_DEFAULT_REGION: "$${{ vars.AWS_DEFAULT_REGION }}"
+      AWS_SESSION_TOKEN: "$${{ secrets.AWS_SESSION_TOKEN }}"
 
 
     # Steps represent a sequence of tasks that will be executed as part of the job

workflows/s3_upload.yaml.tpl

@@ -16,7 +16,7 @@ jobs:
     env:
       AWS_SECRET_ACCESS_KEY: "$${{ secrets.AWS_SECRET_ACCESS_KEY }}"
       AWS_ACCESS_KEY_ID: "$${{ vars.AWS_ACCESS_KEY_ID }}"
-      AWS_DEFAULT_REGION: "$${{ vars.AWS_DEFAULT_REGION }}"
+      AWS_SESSION_TOKEN: "$${{ secrets.AWS_SESSION_TOKEN }}"
 
 
     # Steps represent a sequence of tasks that will be executed as part of the job

workflows/terraform-apply.yaml.tpl

@@ -18,7 +18,7 @@ jobs:
     env:
       AWS_SECRET_ACCESS_KEY: "$${{ secrets.AWS_SECRET_ACCESS_KEY }}"
       AWS_ACCESS_KEY_ID: "$${{ vars.AWS_ACCESS_KEY_ID }}"
-      AWS_DEFAULT_REGION: "$${{ vars.AWS_DEFAULT_REGION
+      AWS_SESSION_TOKEN: "$${{ secrets.AWS_SESSION_TOKEN }}"
 
 
     # Steps represent a sequence of tasks that will be executed as part of the job

workflows/terraform-plan.yaml.tpl

@@ -17,7 +17,7 @@ jobs:
     env:
       AWS_SECRET_ACCESS_KEY: "$${{ secrets.AWS_SECRET_ACCESS_KEY }}"
       AWS_ACCESS_KEY_ID: "$${{ vars.AWS_ACCESS_KEY_ID }}"
-      AWS_DEFAULT_REGION: "$${{ vars.AWS_DEFAULT_REGION }}"
+      AWS_SESSION_TOKEN: "$${{ secrets.AWS_SESSION_TOKEN }}"
 
 
     # Steps represent a sequence of tasks that will be executed as part of the job