diff --git a/data.tf b/data.tf new file mode 100644 index 0000000..895f3b8 --- /dev/null +++ b/data.tf @@ -0,0 +1,15 @@ +data "aws_codecommit_repository" "ansible" { + repository_name = "image-pipeline-ansible-playbooks" +} + +data "aws_codecommit_repository" "goss" { + repository_name = "image-pipeline-goss-testing" +} + +data "aws_codecommit_repository" "windows" { + repository_name = "windows-image-pipeline" +} + +data "aws_codecommit_repository" "linux" { + repository_name = "linux-image-pipeline" +} \ No newline at end of file diff --git a/linux.tf b/linux.tf new file mode 100644 index 0000000..6cff4e7 --- /dev/null +++ b/linux.tf @@ -0,0 +1,42 @@ + +module "amazon_linux" { + source = "HappyPathway/image-pipeline/aws" + project_name = "linux-image-pipeline" + builder_image = "aws/codebuild/standard:7.0" + create_new_repo = false + create_new_role = true + create_vpc_endpoint = true + ssh_user = "ec2-user" + playbook = "hello-world.yaml" + terraform_version = "1.8.5" + build_permissions_iam_doc = data.aws_iam_policy_document.s3_access + build_environment_variables = [ + for proxy_var in keys(local.proxy_env_vars) : + { + name = proxy_var, + value = lookup(local.proxy_env_vars, proxy_var), + type = "PLAINTEXT" + } + ] + packer_repo = data.aws_codecommit_repository.linux + ansible_repo = data.aws_codecommit_repository.ansible + goss_repo = data.aws_codecommit_repository.goss + goss_profile = "base-test" + state = local.state_config + vpc_config = local.vpc_config + source_ami = "ami-03fadeeea589a106b" + instance_type = "t2.micro" +} + +output "linux_iam_arn" { + value = module.amazon_linux.iam_arn +} + +output "linux_codebuild_user" { + value = module.amazon_linux.build_user.name +} + +output "linux_parameters" { + value = keys(module.amazon_linux.parameters) + sensitive = true +} \ No newline at end of file diff --git a/locals.tf b/locals.tf new file mode 100644 index 0000000..6c28027 --- /dev/null +++ b/locals.tf @@ -0,0 +1,36 @@ +locals { + proxy_env_vars = { + HTTP_PROXY = "http://proxy.tco.census.gov:3128" + NO_PROXY = ".census.gov,169.254.169.254,148.129.*,10.*,172.18.*,172.22.*,172.23.*,172.24.*,172.25.*,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com,.gcr.io,.pkg.dev,${local._vpc_config.region}.compute.internal,.${local._vpc_config.region}.compute.internal" + HTTPS_PROXY = "http://proxy.tco.census.gov:3128" + } + source_repo = "linux-image-pipeline" + environment = "dev" + _vpc_config = { + vpc_id = "vpc-00576a396ec570b94" + region = "us-gov-west-1" + security_group_ids = [ + "sg-0d828d223df9834a6" + ] + subnets = [ + # "subnet-0b1992a84536c581b" + "subnet-062189d742937204e" + ] + } + vpc_config = merge( + local._vpc_config, + { + security_group_ids = concat( + local._vpc_config.security_group_ids, + [ + aws_security_group.allow_amznlinux_cdn.id + ]) + } + ) + state_config = { + bucket = aws_s3_bucket.state_bucket.bucket + key = "terraform.tfstate" + region = local.vpc_config.region + dynamodb_table = "tf_remote_state" + } +} \ No newline at end of file diff --git a/main.tf b/main.tf index cacf1f5..fac9b5d 100644 --- a/main.tf +++ b/main.tf @@ -1,41 +1,3 @@ -locals { - proxy_env_vars = { - HTTP_PROXY = "http://proxy.tco.census.gov:3128" - NO_PROXY = ".census.gov,169.254.169.254,148.129.*,10.*,172.18.*,172.22.*,172.23.*,172.24.*,172.25.*,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com,.gcr.io,.pkg.dev,${local._vpc_config.region}.compute.internal,.${local._vpc_config.region}.compute.internal" - HTTPS_PROXY = "http://proxy.tco.census.gov:3128" - } - source_repo = "linux-image-pipeline" - project_name = "linux-image-pipeline" - environment = "dev" - _vpc_config = { - vpc_id = "vpc-00576a396ec570b94" - region = "us-gov-west-1" - security_group_ids = [ - "sg-0d828d223df9834a6" - ] - subnets = [ - # "subnet-0b1992a84536c581b" - "subnet-062189d742937204e" - ] - } - vpc_config = merge( - local._vpc_config, - { - security_group_ids = concat( - local._vpc_config.security_group_ids, - [ - aws_security_group.allow_amznlinux_cdn.id - ]) - } - ) - state_config = { - bucket = aws_s3_bucket.state_bucket.bucket - key = "terraform.tfstate" - region = local.vpc_config.region - dynamodb_table = "tf_remote_state" - } -} - resource "random_uuid" "random" {} resource "aws_s3_bucket" "state_bucket" { @@ -76,138 +38,7 @@ resource "aws_vpc_security_group_egress_rule" "allow_all_traffic_ipv4" { } resource "aws_vpc_security_group_ingress_rule" "allow_all_between_self" { - security_group_id = aws_security_group.allow_amznlinux_cdn.id - ip_protocol = "-1" - referenced_security_group_id = aws_security_group.allow_amznlinux_cdn.id -} - -data "aws_codecommit_repository" "ansible" { - repository_name = "image-pipeline-ansible-playbooks" -} - -data "aws_codecommit_repository" "goss" { - repository_name = "image-pipeline-goss-testing" -} - -data "aws_codecommit_repository" "windows" { - repository_name = "windows-image-pipeline" -} - -data "aws_codecommit_repository" "linux" { - repository_name = "linux-image-pipeline" -} - -module "main" { - source = "HappyPathway/image-pipeline/aws" - project_name = local.project_name - builder_image = "aws/codebuild/standard:7.0" - create_new_repo = false - create_new_role = true - create_vpc_endpoint = true - ssh_user = "ec2-user" - playbook = "hello-world.yaml" - terraform_version = "1.8.5" - build_permissions_iam_doc = data.aws_iam_policy_document.s3_access - build_environment_variables = [ - for proxy_var in keys(local.proxy_env_vars) : - { - name=proxy_var, - value=lookup(local.proxy_env_vars, proxy_var), - type = "PLAINTEXT" - } - ] - packer_repo = data.aws_codecommit_repository.linux - ansible_repo = data.aws_codecommit_repository.ansible - goss_repo = data.aws_codecommit_repository.goss - goss_profile = "base-test" - state = local.state_config - vpc_config = local.vpc_config - source_ami = "ami-03fadeeea589a106b" - instance_type = "t2.micro" -} - -module "rhel" { - source = "HappyPathway/image-pipeline/aws" - project_name = "rhel-image-pipeline-demo" - builder_image = "aws/codebuild/standard:7.0" - create_new_repo = false - create_new_role = true - create_vpc_endpoint = false - ssh_user = "ec2-user" - playbook = "rhel-arm-baseline.yaml" - terraform_version = "1.8.5" - troubleshoot = true - build_permissions_iam_doc = data.aws_iam_policy_document.s3_access - build_environment_variables = [ - for proxy_var in keys(local.proxy_env_vars) : { - name = proxy_var - value = lookup(local.proxy_env_vars, proxy_var) - type = "PLAINTEXT" - } - ] - packer_repo = data.aws_codecommit_repository.linux - ansible_repo = data.aws_codecommit_repository.ansible - goss_repo = data.aws_codecommit_repository.goss - goss_profile = "rhel-base-test" - state = local.state_config - vpc_config = local.vpc_config - source_ami = "ami-03fadeeea589a106b" # x86_64 compatible AMI - instance_type = "t3.micro" # x86_64 compatible instance type -} - -resource "random_password" "winrm" { - length = 24 - override_special = "$*!" - special = true -} - -output "password" { - value = nonsensitive(random_password.winrm.result) -} - - -module "windows" { - source = "HappyPathway/image-pipeline/aws" - project_name = "windows-image-pipeline-demo" - builder_image = "aws/codebuild/standard:7.0" - create_new_repo = false - create_new_role = true - playbook = "windows-baseline.yaml" - terraform_version = "1.8.5" - build_permissions_iam_doc = data.aws_iam_policy_document.s3_access - winrm_credentials = { - username = "Administrator" - password = random_password.winrm.result - } - userdata = "userdata/winrm.ps1" - build_environment_variables = [ - for proxy_var in keys(local.proxy_env_vars) : { - name = proxy_var - value = lookup(local.proxy_env_vars, proxy_var) - type = "PLAINTEXT" - } - ] - packer_repo = data.aws_codecommit_repository.windows - ansible_repo = data.aws_codecommit_repository.ansible - goss_repo = data.aws_codecommit_repository.goss - goss_profile = "windows-base-test" - state = local.state_config - vpc_config = local.vpc_config - source_ami = "ami-012fffaddacaa52ff" # x86_64 compatible AMI - instance_type = "t2.xlarge" # x86_64 compatible instance type -} - - - -output iam_arn { - value = module.main.iam_arn -} - -output codebuild_user { - value = module.main.build_user.name -} - -output parameters { - value = keys(module.main.parameters) - sensitive = true + security_group_id = aws_security_group.allow_amznlinux_cdn.id + ip_protocol = "-1" + referenced_security_group_id = aws_security_group.allow_amznlinux_cdn.id } diff --git a/rhel.tf b/rhel.tf new file mode 100644 index 0000000..3aba4c1 --- /dev/null +++ b/rhel.tf @@ -0,0 +1,42 @@ + +module "rhel" { + source = "HappyPathway/image-pipeline/aws" + project_name = "rhel-image-pipeline-demo" + builder_image = "aws/codebuild/standard:7.0" + create_new_repo = false + create_new_role = true + create_vpc_endpoint = false + ssh_user = "ec2-user" + playbook = "rhel-arm-baseline.yaml" + terraform_version = "1.8.5" + troubleshoot = true + build_permissions_iam_doc = data.aws_iam_policy_document.s3_access + build_environment_variables = [ + for proxy_var in keys(local.proxy_env_vars) : { + name = proxy_var + value = lookup(local.proxy_env_vars, proxy_var) + type = "PLAINTEXT" + } + ] + packer_repo = data.aws_codecommit_repository.linux + ansible_repo = data.aws_codecommit_repository.ansible + goss_repo = data.aws_codecommit_repository.goss + goss_profile = "rhel-base-test" + state = local.state_config + vpc_config = local.vpc_config + source_ami = "ami-03fadeeea589a106b" # x86_64 compatible AMI + instance_type = "t3.micro" # x86_64 compatible instance type +} + +output "rhel_iam_arn" { + value = module.amazon_linux.iam_arn +} + +output "rhel_codebuild_user" { + value = module.amazon_linux.build_user.name +} + +output "rhel_parameters" { + value = keys(module.amazon_linux.parameters) + sensitive = true +} \ No newline at end of file diff --git a/windows.tf b/windows.tf new file mode 100644 index 0000000..c7834d3 --- /dev/null +++ b/windows.tf @@ -0,0 +1,53 @@ +resource "random_password" "winrm" { + length = 24 + override_special = "$*!" + special = true +} + +module "windows" { + source = "HappyPathway/image-pipeline/aws" + project_name = "windows-image-pipeline-demo" + builder_image = "aws/codebuild/standard:7.0" + create_new_repo = false + create_new_role = true + playbook = "windows-baseline.yaml" + terraform_version = "1.8.5" + build_permissions_iam_doc = data.aws_iam_policy_document.s3_access + winrm_credentials = { + username = "Administrator" + password = random_password.winrm.result + } + userdata = "userdata/winrm.ps1" + build_environment_variables = [ + for proxy_var in keys(local.proxy_env_vars) : { + name = proxy_var + value = lookup(local.proxy_env_vars, proxy_var) + type = "PLAINTEXT" + } + ] + packer_repo = data.aws_codecommit_repository.windows + ansible_repo = data.aws_codecommit_repository.ansible + goss_repo = data.aws_codecommit_repository.goss + goss_profile = "windows-base-test" + state = local.state_config + vpc_config = local.vpc_config + source_ami = "ami-012fffaddacaa52ff" # x86_64 compatible AMI + instance_type = "t2.xlarge" # x86_64 compatible instance type +} + +output "winrm_password" { + value = nonsensitive(random_password.winrm.result) +} + +output "windows_iam_arn" { + value = module.amazon_linux.iam_arn +} + +output "windows_codebuild_user" { + value = module.amazon_linux.build_user.name +} + +output "windows_parameters" { + value = keys(module.amazon_linux.parameters) + sensitive = true +} \ No newline at end of file