From 4c93f6cd6665354b934bb040117e444e00da9b17 Mon Sep 17 00:00:00 2001 From: Dave Arnold Date: Thu, 16 May 2024 12:04:41 -0400 Subject: [PATCH] creating network for image-pipeline --- main.tf | 176 +++++++++++++++++++++++++++++--------------------------- 1 file changed, 92 insertions(+), 84 deletions(-) diff --git a/main.tf b/main.tf index 4465497..97a13b1 100644 --- a/main.tf +++ b/main.tf @@ -1,84 +1,92 @@ -locals { - proxy_env_vars = { - HTTP_PROXY = "http://proxy.tco.census.gov:3128" - NO_PROXY = ".census.gov,169.254.169.254,148.129.*,10.*,172.18.*,172.22.*,172.23.*,172.24.*,172.25.*,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com,.gcr.io,.pkg.dev,.amazonlinux.com" - HTTPS_PROXY = "http://proxy.tco.census.gov:3128" - } -} - -data "aws_iam_policy_document" "s3_access" { - statement { - effect = "Allow" - actions = ["s3:*"] - resources = ["*"] - } -} - - -locals { - example_build_variables = [ - { - name = "TF_VAR_greeting", - value = "Dave", - type = "PLAINTEXT" - } - ] -} - -locals { - vpc_id = "vpc-00576a396ec570b94" -} - -resource "aws_codecommit_repository" "ansible" { - repository_name = "image-pipeline-ansible-roles" - description = "This is the Sample App Repository" -} - -data "aws_region" "current" {} - - -module "main" { - source = "HappyPathway/image-pipeline/aws" - project_name = "HelloAMI" - environment = "dev" - source_repo_name = "image-pipeline-hello-world" - source_repo_branch = "main" - create_new_repo = true - create_new_role = true - build_permissions_iam_doc = data.aws_iam_policy_document.s3_access - build_environment_variables = [ - for proxy_var in keys(local.proxy_env_vars) : - { - name=proxy_var, - value=lookup(local.proxy_env_vars, proxy_var), - type = "PLAINTEXT" - } - ] - ansible_repo = aws_codecommit_repository.ansible - vpc_config = { - vpc_id = local.vpc_id - security_group_ids = [] - subnets = [ - "subnet-062189d742937204e" - ] - } -} - - -resource "aws_iam_service_specific_credential" "codecommit" { - service_name = "codecommit.amazonaws.com" - user_name = module.main.build_user.name -} - -output codecommit_credentials_username { - value = aws_iam_service_specific_credential.codecommit.service_user_name -} - -output codecommit_credentials_password { - value =nonsensitive(aws_iam_service_specific_credential.codecommit.service_password) -} - - -output iam_arn { - value = module.main.iam_arn -} +module "network" { + source = "HappyPathway/network/aws" + network_name = "csvd-infra-automation" + region = "us-gov-west-1" + key_name = "csvd-dev-ew-public-network" + private_subnet_cidrs = [ + "10.0.5.0/24", + "10.0.6.0/24" + ] + public_subnet_cidrs = [ + "10.0.7.0/24", + "10.0.8.0/24" + ] + availability_zones = [ + "us-gov-west-1a", + "us-gov-west-1b", + "us-gov-west-1c" + ] +} + +#locals { +# proxy_env_vars = { +# HTTP_PROXY = "http://proxy.tco.census.gov:3128" +# NO_PROXY = ".census.gov,169.254.169.254,148.129.*,10.*,172.18.*,172.22.*,172.23.*,172.24.*,172.25.*,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com,.gcr.io,.pkg.dev" +# HTTPS_PROXY = "http://proxy.tco.census.gov:3128" +# } +#} + +data "aws_iam_policy_document" "s3_access" { + statement { + effect = "Allow" + actions = ["s3:*"] + resources = ["*"] + } +} + + +locals { + vpc_id = module.network.vpc_id +} + +resource "aws_codecommit_repository" "ansible" { + repository_name = "image-pipeline-ansible-roles" + description = "This is the Sample App Repository" +} + +data "aws_region" "current" {} + + +module "main" { + source = "HappyPathway/image-pipeline/aws" + project_name = "HelloAMI" + environment = "dev" + source_repo_name = "image-pipeline-hello-world" + source_repo_branch = "main" + create_new_repo = true + create_new_role = true + build_permissions_iam_doc = data.aws_iam_policy_document.s3_access + #build_environment_variables = [ + # for proxy_var in keys(local.proxy_env_vars) : + # { + # name=proxy_var, + # value=lookup(local.proxy_env_vars, proxy_var), + # type = "PLAINTEXT" + # } + #] + ansible_repo = aws_codecommit_repository.ansible + vpc_config = { + vpc_id = local.vpc_id + security_group_ids = [] + subnets = module.network.private_subnets + } +} + + +resource "aws_iam_service_specific_credential" "codecommit" { + service_name = "codecommit.amazonaws.com" + user_name = module.main.build_user.name +} + +output codecommit_credentials_username { + value = aws_iam_service_specific_credential.codecommit.service_user_name +} + +output codecommit_credentials_password { + value =nonsensitive(aws_iam_service_specific_credential.codecommit.service_password) +} + + +output iam_arn { + value = module.main.iam_arn +}