diff --git a/docker.tf b/docker.tf index 64ca39a..4cf3145 100644 --- a/docker.tf +++ b/docker.tf @@ -29,15 +29,12 @@ module "ecr-clone" { } module "docker" { - source = "HappyPathway/image-pipeline/aws" - project_name = "pipeline-test" - builder_image = "aws/codebuild/standard:7.0" - create_new_repo = false - create_new_role = true - create_vpc_endpoint = false - ssh_user = "ec2-user" - terraform_version = "1.8.5" - build_permissions_iam_doc = data.aws_iam_policy_document.s3_access + source = "HappyPathway/image-pipeline/aws" + project_name = "pipeline-test" + builder_image = "aws/codebuild/standard:7.0" + create_new_role = true + ssh_user = "ec2-user" + terraform_version = "1.8.5" build_environment_variables = [ for proxy_var in keys(local.proxy_env_vars) : { diff --git a/linux.tf b/linux.tf index 85ee8a5..a95f0f3 100644 --- a/linux.tf +++ b/linux.tf @@ -4,16 +4,12 @@ moved { } module "amazon_linux" { - source = "HappyPathway/image-pipeline/aws" - project_name = "linux-image-pipeline" - builder_image = "aws/codebuild/standard:7.0" - create_new_repo = false - create_new_role = true - create_vpc_endpoint = true - ssh_user = "ec2-user" - terraform_version = "1.8.5" - build_permissions_iam_doc = data.aws_iam_policy_document.s3_access - build_user_iam_policy = data.aws_iam_policy_document.build_user_policy_document.json + source = "HappyPathway/image-pipeline/aws" + project_name = "linux-image-pipeline" + builder_image = "aws/codebuild/standard:7.0" + create_new_role = true + ssh_user = "ec2-user" + terraform_version = "1.8.5" build_environment_variables = [ for proxy_var in keys(local.proxy_env_vars) : { diff --git a/rhel.tf b/rhel.tf index 86a043b..e100673 100644 --- a/rhel.tf +++ b/rhel.tf @@ -1,16 +1,13 @@ module "rhel" { - source = "HappyPathway/image-pipeline/aws" - project_name = "rhel-image-pipeline-demo" - builder_image = "aws/codebuild/standard:7.0" - create_new_repo = false - create_new_role = true - create_vpc_endpoint = false - ssh_user = "ec2-user" - playbook = "rhel-arm-baseline.yaml" - terraform_version = "1.8.5" - troubleshoot = false - build_permissions_iam_doc = data.aws_iam_policy_document.s3_access + source = "HappyPathway/image-pipeline/aws" + project_name = "rhel-image-pipeline-demo" + builder_image = "aws/codebuild/standard:7.0" + create_new_role = true + ssh_user = "ec2-user" + playbook = "rhel-arm-baseline.yaml" + terraform_version = "1.8.5" + troubleshoot = false build_environment_variables = [ for proxy_var in keys(local.proxy_env_vars) : { name = proxy_var diff --git a/vpc_endpoint.tf b/vpc_endpoint.tf new file mode 100644 index 0000000..52dd3ed --- /dev/null +++ b/vpc_endpoint.tf @@ -0,0 +1,22 @@ +locals { + endpoints = toset([ + "codecommit", + "ecr.api", + "ecr.dkr", + "git-codecommit", + "s3" + ]) +} + +resource "aws_vpc_endpoint" "endpoint" { + for_each = local.endpoints + vpc_id = local.vpc_config.vpc_id + service_name = "com.amazonaws.${local.vpc_config.region}.${each.value}" + vpc_endpoint_type = "Interface" + + security_group_ids = concat( + local.vpc_config.security_group_ids, + ["sg-0ba8072164c29e11f"] + ) + subnet_ids = local.vpc_config.subnets +} diff --git a/windows.tf b/windows.tf index 573cc8d..209af90 100644 --- a/windows.tf +++ b/windows.tf @@ -5,14 +5,12 @@ resource "random_password" "winrm" { } module "windows" { - source = "HappyPathway/image-pipeline/aws" - project_name = "windows-image-pipeline-demo" - builder_image = "aws/codebuild/standard:7.0" - create_new_repo = false - create_new_role = true - playbook = "windows-baseline.yaml" - terraform_version = "1.8.5" - build_permissions_iam_doc = data.aws_iam_policy_document.s3_access + source = "HappyPathway/image-pipeline/aws" + project_name = "windows-image-pipeline-demo" + builder_image = "aws/codebuild/standard:7.0" + create_new_role = true + playbook = "windows-baseline.yaml" + terraform_version = "1.8.5" winrm_credentials = { username = "Administrator" password = random_password.winrm.result