adding proxy config

.gitignore

@@ -1,34 +1,34 @@
-# Local .terraform directories
-**/.terraform/*
-
-# .tfstate files
-*.tfstate
-*.tfstate.*
-
-# Crash log files
-crash.log
-crash.*.log
-
-# Exclude all .tfvars files, which are likely to contain sensitive data, such as
-# password, private keys, and other secrets. These should not be part of version 
-# control as they are data points which are potentially sensitive and subject 
-# to change depending on the environment.
-*.tfvars
-*.tfvars.json
-
-# Ignore override files as they are usually used to override resources locally and so
-# are not checked in
-override.tf
-override.tf.json
-*_override.tf
-*_override.tf.json
-
-# Include override files you do wish to add to version control using negated pattern
-# !example_override.tf
-
-# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
-# example: *tfplan*
-
-# Ignore CLI configuration files
-.terraformrc
-terraform.rc
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc

README.md

@@ -1,2 +1,2 @@
-# aws-image-pipeline
-Terraform Workspace for creating and managing AWS Image Pipelines
+# aws-image-pipeline
+Terraform Workspace for creating and managing AWS Image Pipelines

main.tf

@@ -1,77 +1,84 @@
-locals {
-  proxy_env_vars = {
-    HTTP_PROXY = "http://proxy.tco.census.gov:3128"
-    NO_PROXY = ".census.gov,169.254.169.254,148.129.*,10.*,172.18.*,172.22.*,172.23.*,172.24.*,172.25.*,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com,.gcr.io,.pkg.dev"
-    HTTPS_PROXY = "http://proxy.tco.census.gov:3128"
-  }
-}
-
-data "aws_iam_policy_document" "s3_access" {
-  statement {
-    effect = "Allow"
-    actions   = ["s3:*"]
-    resources = ["*"]
-  }
-}
-
-
-locals {
-  example_build_variables = [
-    {
-      name = "TF_VAR_greeting",
-      value = "Dave",
-      type = "PLAINTEXT"
-    }
-  ]
-}
-
-locals {
-  vpc_id = "vpc-00576a396ec570b94"
-}
-
-resource "aws_codecommit_repository" "ansible" {
-  repository_name = "image-pipeline-ansible-roles"
-  description     = "This is the Sample App Repository"
-}
-
-data "aws_region" "current" {}
-
-
-module "main" {
-  source                      = "HappyPathway/image-pipeline/aws"
-  project_name                = "HelloAMI"
-  environment                 = "dev"
-  source_repo_name            = "image-pipeline-hello-world"
-  source_repo_branch          = "main"
-  create_new_repo             = true
-  create_new_role             = true
-  build_permissions_iam_doc   = data.aws_iam_policy_document.s3_access
-  build_environment_variables = local.example_build_variables
-  ansible_repo                = aws_codecommit_repository.ansible
-  vpc_config = {
-    vpc_id = local.vpc_id
-    security_group_ids = []
-    subnets = [
-      "subnet-062189d742937204e"
-    ]
-  }   
-}
-
-
-resource "aws_iam_service_specific_credential" "codecommit" {
-  service_name = "codecommit.amazonaws.com"
-  user_name    = module.main.build_user.name
-}
-
-output codecommit_credentials_username {
-  value = aws_iam_service_specific_credential.codecommit.service_user_name
-}
-
-output codecommit_credentials_password {
-  value =nonsensitive(aws_iam_service_specific_credential.codecommit.service_password)
-}
-
-
-output iam_arn {
-  value = module.main.iam_arn
-}
+locals {
+  proxy_env_vars = {
+    HTTP_PROXY = "http://proxy.tco.census.gov:3128"
+    NO_PROXY = ".census.gov,169.254.169.254,148.129.*,10.*,172.18.*,172.22.*,172.23.*,172.24.*,172.25.*,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com,.gcr.io,.pkg.dev"
+    HTTPS_PROXY = "http://proxy.tco.census.gov:3128"
+  }
+}
+
+data "aws_iam_policy_document" "s3_access" {
+  statement {
+    effect = "Allow"
+    actions   = ["s3:*"]
+    resources = ["*"]
+  }
+}
+
+
+locals {
+  example_build_variables = [
+    {
+      name = "TF_VAR_greeting",
+      value = "Dave",
+      type = "PLAINTEXT"
+    }
+  ]
+}
+
+locals {
+  vpc_id = "vpc-00576a396ec570b94"
+}
+
+resource "aws_codecommit_repository" "ansible" {
+  repository_name = "image-pipeline-ansible-roles"
+  description     = "This is the Sample App Repository"
+}
+
+data "aws_region" "current" {}
+
+
+module "main" {
+  source                      = "HappyPathway/image-pipeline/aws"
+  project_name                = "HelloAMI"
+  environment                 = "dev"
+  source_repo_name            = "image-pipeline-hello-world"
+  source_repo_branch          = "main"
+  create_new_repo             = true
+  create_new_role             = true
+  build_permissions_iam_doc   = data.aws_iam_policy_document.s3_access
+  build_environment_variables = [ 
+    for proxy_var in keys(local.proxy_env_vars) :
+    { 
+      name=proxy_var, 
+      value=lookup(local.proxy_env_vars),
+      type = "PLAINTEXT"
+    }
+  ]
+  ansible_repo                = aws_codecommit_repository.ansible
+  vpc_config = {
+    vpc_id = local.vpc_id
+    security_group_ids = []
+    subnets = [
+      "subnet-062189d742937204e"
+    ]
+  }   
+}
+
+
+resource "aws_iam_service_specific_credential" "codecommit" {
+  service_name = "codecommit.amazonaws.com"
+  user_name    = module.main.build_user.name
+}
+
+output codecommit_credentials_username {
+  value = aws_iam_service_specific_credential.codecommit.service_user_name
+}
+
+output codecommit_credentials_password {
+  value =nonsensitive(aws_iam_service_specific_credential.codecommit.service_password)
+}
+
+
+output iam_arn {
+  value = module.main.iam_arn
+}