diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index 1ccf9ff..dad4962 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -2,25 +2,25 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "5.58.0" + version = "5.61.0" constraints = ">= 4.20.1" hashes = [ - "h1:6vsFc7SmmlElqg3k0X6azrO0yarM7UPCUF4XsAYryjA=", - "zh:15e9be54a8febe8e560362b10967cb60b680ca3f78fe207d7209b76e076f59d3", - "zh:240f6899a2cec259aa2729ce031f6af2b453f90a8b59118bb2571c54acc65db8", - "zh:2b6e8e2ab1a3dce1001503dba6086a128bb2a71652b0d0b3b107db665b7d6881", - "zh:579b0ed95247a0bd8bfb3fac7fb767547dde76026c578f4f184b5743af5e32cc", - "zh:6adcd10fd12be0be9eb78a89e745a5b77ae0d8b3522cd782456a71178aad8ccb", - "zh:7f829cef82f0a02faa97d0fbe1417a40b73fc5142e883b12eebc5b71015efac9", - "zh:81977f001998c9096f7b59710996e159774a9313c1bc03db3beb81c3e016ebef", + "h1:VE5N7OZPW6/SRMTWX5JZ9XDMcwvs9GhUtSzhVG7DLIg=", + "zh:1a0a150b6adaeacc8f56763182e76c6219ac67de1217b269d24b770067b7bab0", + "zh:1d9c3a8ac3934a147569254d6e2e6ea5293974d0595c02c9e1aa31499a8f0042", + "zh:1f4d1d5e2e02fd5cccafa28dade8735a3059ed1ca3284fb40116cdb67d0e7ee4", + "zh:26be6f759bded469de477f54c7eb7a9ca9f137a3b52f9fd26cbd864f16973912", + "zh:276e308ae7aa281fe24f7275673aa05f00cb830b83c2b9797f9aa55f10769c52", + "zh:45c09beeadb4269d518de0bd341cbe9f061157ab54c543d39168ecefff40bbe2", + "zh:58fb5ef076dc63e284ce28b47b7cc35a17d2596f11e2373fe568c6140277e9d8", + "zh:64d51cc1ad412379f64b75883a881a5d682a8e9737ad14479f6a2d62e77f7dbe", + "zh:71e2e332317cf095288d65a801e95b65fd696204997b2db5250862d6c5669518", + "zh:9864014aa4716b5bfb3b27d009f158dd6a67c215fd0dfbe3a5d1a7cee72c5677", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:a5d98ac6fab6e6c85164ca7dd38f94a1e44bd70c0e8354c61f7fbabf698957cd", - "zh:c27fa4fed50f6f83ca911bef04f05d635a7b7a01a89dc8fc5d66a277588f08df", - "zh:d4042bdf86ca6dc10e0cca91c4fcc592b12572d26185b3d37bbbb9e2026ac68b", - "zh:d536482cf4ace0d49a2a86c931150921649beae59337d0c02a785879fe943cf3", - "zh:e205f8243274a621fb9ef2b5e2c71e84c1670be1d23697739439f5a831fa620f", - "zh:eb76ce0c77fd76c47f57122c91c4fcf0f72c01423538ed7833eaa7eeaae2edf6", - "zh:ffe04e494af6cc7348ceb8d85f4c1d5a847a44510827b4496513c810a4d9196d", + "zh:d8bf9ba43bd938faab37d8fb515c32a905d6dace60f5ff2663b06ffdc89a62e9", + "zh:e654be9d3980e7cc70f9825fe0d0205e254edd87832f18b2d7f9c72b09b776cd", + "zh:ee5ce6fbe75be3e90cabba3fad76fcfde50ab795e523b4ee917cfe8ba8ad42fe", + "zh:ef12098e7b3ddf9ab286bb209de87dfa8e52106049ced0841e3e6487dbff3659", ] } diff --git a/data.tf b/data.tf new file mode 100644 index 0000000..895f3b8 --- /dev/null +++ b/data.tf @@ -0,0 +1,15 @@ +data "aws_codecommit_repository" "ansible" { + repository_name = "image-pipeline-ansible-playbooks" +} + +data "aws_codecommit_repository" "goss" { + repository_name = "image-pipeline-goss-testing" +} + +data "aws_codecommit_repository" "windows" { + repository_name = "windows-image-pipeline" +} + +data "aws_codecommit_repository" "linux" { + repository_name = "linux-image-pipeline" +} \ No newline at end of file diff --git a/linux.tf b/linux.tf new file mode 100644 index 0000000..6cff4e7 --- /dev/null +++ b/linux.tf @@ -0,0 +1,42 @@ + +module "amazon_linux" { + source = "HappyPathway/image-pipeline/aws" + project_name = "linux-image-pipeline" + builder_image = "aws/codebuild/standard:7.0" + create_new_repo = false + create_new_role = true + create_vpc_endpoint = true + ssh_user = "ec2-user" + playbook = "hello-world.yaml" + terraform_version = "1.8.5" + build_permissions_iam_doc = data.aws_iam_policy_document.s3_access + build_environment_variables = [ + for proxy_var in keys(local.proxy_env_vars) : + { + name = proxy_var, + value = lookup(local.proxy_env_vars, proxy_var), + type = "PLAINTEXT" + } + ] + packer_repo = data.aws_codecommit_repository.linux + ansible_repo = data.aws_codecommit_repository.ansible + goss_repo = data.aws_codecommit_repository.goss + goss_profile = "base-test" + state = local.state_config + vpc_config = local.vpc_config + source_ami = "ami-03fadeeea589a106b" + instance_type = "t2.micro" +} + +output "linux_iam_arn" { + value = module.amazon_linux.iam_arn +} + +output "linux_codebuild_user" { + value = module.amazon_linux.build_user.name +} + +output "linux_parameters" { + value = keys(module.amazon_linux.parameters) + sensitive = true +} \ No newline at end of file diff --git a/locals.tf b/locals.tf new file mode 100644 index 0000000..6c28027 --- /dev/null +++ b/locals.tf @@ -0,0 +1,36 @@ +locals { + proxy_env_vars = { + HTTP_PROXY = "http://proxy.tco.census.gov:3128" + NO_PROXY = ".census.gov,169.254.169.254,148.129.*,10.*,172.18.*,172.22.*,172.23.*,172.24.*,172.25.*,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com,.gcr.io,.pkg.dev,${local._vpc_config.region}.compute.internal,.${local._vpc_config.region}.compute.internal" + HTTPS_PROXY = "http://proxy.tco.census.gov:3128" + } + source_repo = "linux-image-pipeline" + environment = "dev" + _vpc_config = { + vpc_id = "vpc-00576a396ec570b94" + region = "us-gov-west-1" + security_group_ids = [ + "sg-0d828d223df9834a6" + ] + subnets = [ + # "subnet-0b1992a84536c581b" + "subnet-062189d742937204e" + ] + } + vpc_config = merge( + local._vpc_config, + { + security_group_ids = concat( + local._vpc_config.security_group_ids, + [ + aws_security_group.allow_amznlinux_cdn.id + ]) + } + ) + state_config = { + bucket = aws_s3_bucket.state_bucket.bucket + key = "terraform.tfstate" + region = local.vpc_config.region + dynamodb_table = "tf_remote_state" + } +} \ No newline at end of file diff --git a/main.tf b/main.tf index 0fceefc..fac9b5d 100644 --- a/main.tf +++ b/main.tf @@ -1,41 +1,3 @@ -locals { - proxy_env_vars = { - HTTP_PROXY = "http://proxy.tco.census.gov:3128" - NO_PROXY = ".census.gov,169.254.169.254,148.129.*,10.*,172.18.*,172.22.*,172.23.*,172.24.*,172.25.*,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com,.gcr.io,.pkg.dev,${local._vpc_config.region}.compute.internal,.${local._vpc_config.region}.compute.internal" - HTTPS_PROXY = "http://proxy.tco.census.gov:3128" - } - source_repo = "linux-image-pipeline" - project_name = "linux-image-pipeline" - environment = "dev" - _vpc_config = { - vpc_id = "vpc-00576a396ec570b94" - region = "us-gov-west-1" - security_group_ids = [ - "sg-0d828d223df9834a6" - ] - subnets = [ - # "subnet-0b1992a84536c581b" - "subnet-062189d742937204e" - ] - } - vpc_config = merge( - local._vpc_config, - { - security_group_ids = concat( - local._vpc_config.security_group_ids, - [ - aws_security_group.allow_amznlinux_cdn.id - ]) - } - ) - state_config = { - bucket = aws_s3_bucket.state_bucket.bucket - key = "terraform.tfstate" - region = local.vpc_config.region - dynamodb_table = "tf_remote_state" - } -} - resource "random_uuid" "random" {} resource "aws_s3_bucket" "state_bucket" { @@ -76,134 +38,7 @@ resource "aws_vpc_security_group_egress_rule" "allow_all_traffic_ipv4" { } resource "aws_vpc_security_group_ingress_rule" "allow_all_between_self" { - security_group_id = aws_security_group.allow_amznlinux_cdn.id - ip_protocol = "-1" - referenced_security_group_id = aws_security_group.allow_amznlinux_cdn.id -} - -data "aws_codecommit_repository" "ansible" { - repository_name = "image-pipeline-ansible-playbooks" -} - -data "aws_codecommit_repository" "goss" { - repository_name = "image-pipeline-goss-testing" -} - - -module "main" { - source = "HappyPathway/image-pipeline/aws" - project_name = local.project_name - source_repo_name = local.source_repo - source_repo_branch = "main" - builder_image = "aws/codebuild/standard:7.0" - create_new_repo = false - create_new_role = true - create_vpc_endpoint = true - ssh_user = "ec2-user" - playbook = "hello-world.yaml" - terraform_version = "1.8.5" - build_permissions_iam_doc = data.aws_iam_policy_document.s3_access - build_environment_variables = [ - for proxy_var in keys(local.proxy_env_vars) : - { - name=proxy_var, - value=lookup(local.proxy_env_vars, proxy_var), - type = "PLAINTEXT" - } - ] - ansible_repo = data.aws_codecommit_repository.ansible - goss_repo = data.aws_codecommit_repository.goss - goss_profile = "base-test" - state = local.state_config - vpc_config = local.vpc_config - source_ami = "ami-03fadeeea589a106b" - instance_type = "t2.micro" -} - -module "rhel" { - source = "HappyPathway/image-pipeline/aws" - project_name = "rhel-image-pipeline-demo" - source_repo_name = local.source_repo - source_repo_branch = "main" - builder_image = "aws/codebuild/standard:7.0" - create_new_repo = false - create_new_role = true - create_vpc_endpoint = false - ssh_user = "ec2-user" - playbook = "rhel-arm-baseline.yaml" - terraform_version = "1.8.5" - troubleshoot = true - build_permissions_iam_doc = data.aws_iam_policy_document.s3_access - build_environment_variables = [ - for proxy_var in keys(local.proxy_env_vars) : { - name = proxy_var - value = lookup(local.proxy_env_vars, proxy_var) - type = "PLAINTEXT" - } - ] - ansible_repo = data.aws_codecommit_repository.ansible - goss_repo = data.aws_codecommit_repository.goss - goss_profile = "rhel-base-test" - state = local.state_config - vpc_config = local.vpc_config - source_ami = "ami-03fadeeea589a106b" # x86_64 compatible AMI - instance_type = "t3.micro" # x86_64 compatible instance type -} - -resource "random_password" "winrm" { - length = 24 - override_special = "$*!" - special = true -} - -output "password" { - value = nonsensitive(random_password.winrm.result) -} - - -module "windows" { - source = "HappyPathway/image-pipeline/aws" - project_name = "windows-image-pipeline-demo" - source_repo_name = "windows-image-pipeline" - source_repo_branch = "main" - builder_image = "aws/codebuild/standard:7.0" - create_new_repo = false - create_new_role = true - playbook = "windows-baseline.yaml" - terraform_version = "1.8.5" - build_permissions_iam_doc = data.aws_iam_policy_document.s3_access - winrm_credentials = { - username = "Administrator" - password = random_password.winrm.result - } - userdata = "userdata/winrm.ps1" - build_environment_variables = [ - for proxy_var in keys(local.proxy_env_vars) : { - name = proxy_var - value = lookup(local.proxy_env_vars, proxy_var) - type = "PLAINTEXT" - } - ] - ansible_repo = data.aws_codecommit_repository.ansible - goss_repo = data.aws_codecommit_repository.goss - goss_profile = "windows-base-test" - state = local.state_config - vpc_config = local.vpc_config - source_ami = "ami-012fffaddacaa52ff" # x86_64 compatible AMI - instance_type = "t2.xlarge" # x86_64 compatible instance type -} - - - -output iam_arn { - value = module.main.iam_arn -} - -output codebuild_user { - value = module.main.build_user.name -} - -output parameters { - value = keys(module.main.parameters) - sensitive = true + security_group_id = aws_security_group.allow_amznlinux_cdn.id + ip_protocol = "-1" + referenced_security_group_id = aws_security_group.allow_amznlinux_cdn.id } diff --git a/rhel.tf b/rhel.tf new file mode 100644 index 0000000..3aba4c1 --- /dev/null +++ b/rhel.tf @@ -0,0 +1,42 @@ + +module "rhel" { + source = "HappyPathway/image-pipeline/aws" + project_name = "rhel-image-pipeline-demo" + builder_image = "aws/codebuild/standard:7.0" + create_new_repo = false + create_new_role = true + create_vpc_endpoint = false + ssh_user = "ec2-user" + playbook = "rhel-arm-baseline.yaml" + terraform_version = "1.8.5" + troubleshoot = true + build_permissions_iam_doc = data.aws_iam_policy_document.s3_access + build_environment_variables = [ + for proxy_var in keys(local.proxy_env_vars) : { + name = proxy_var + value = lookup(local.proxy_env_vars, proxy_var) + type = "PLAINTEXT" + } + ] + packer_repo = data.aws_codecommit_repository.linux + ansible_repo = data.aws_codecommit_repository.ansible + goss_repo = data.aws_codecommit_repository.goss + goss_profile = "rhel-base-test" + state = local.state_config + vpc_config = local.vpc_config + source_ami = "ami-03fadeeea589a106b" # x86_64 compatible AMI + instance_type = "t3.micro" # x86_64 compatible instance type +} + +output "rhel_iam_arn" { + value = module.amazon_linux.iam_arn +} + +output "rhel_codebuild_user" { + value = module.amazon_linux.build_user.name +} + +output "rhel_parameters" { + value = keys(module.amazon_linux.parameters) + sensitive = true +} \ No newline at end of file diff --git a/windows.tf b/windows.tf new file mode 100644 index 0000000..c7834d3 --- /dev/null +++ b/windows.tf @@ -0,0 +1,53 @@ +resource "random_password" "winrm" { + length = 24 + override_special = "$*!" + special = true +} + +module "windows" { + source = "HappyPathway/image-pipeline/aws" + project_name = "windows-image-pipeline-demo" + builder_image = "aws/codebuild/standard:7.0" + create_new_repo = false + create_new_role = true + playbook = "windows-baseline.yaml" + terraform_version = "1.8.5" + build_permissions_iam_doc = data.aws_iam_policy_document.s3_access + winrm_credentials = { + username = "Administrator" + password = random_password.winrm.result + } + userdata = "userdata/winrm.ps1" + build_environment_variables = [ + for proxy_var in keys(local.proxy_env_vars) : { + name = proxy_var + value = lookup(local.proxy_env_vars, proxy_var) + type = "PLAINTEXT" + } + ] + packer_repo = data.aws_codecommit_repository.windows + ansible_repo = data.aws_codecommit_repository.ansible + goss_repo = data.aws_codecommit_repository.goss + goss_profile = "windows-base-test" + state = local.state_config + vpc_config = local.vpc_config + source_ami = "ami-012fffaddacaa52ff" # x86_64 compatible AMI + instance_type = "t2.xlarge" # x86_64 compatible instance type +} + +output "winrm_password" { + value = nonsensitive(random_password.winrm.result) +} + +output "windows_iam_arn" { + value = module.amazon_linux.iam_arn +} + +output "windows_codebuild_user" { + value = module.amazon_linux.build_user.name +} + +output "windows_parameters" { + value = keys(module.amazon_linux.parameters) + sensitive = true +} \ No newline at end of file