reconciling for original intended purposes

CSVD · Aug 6, 2024 · dae2ca0 · dae2ca0
2 parents 89c9790 + 006b732
commit dae2ca0
Show file tree

Hide file tree

Showing 5 changed files with 113 additions and 41 deletions.
diff --git a/.github/workflows/sync-to-codecommit.yml b/.github/workflows/sync-to-codecommit.yml
@@ -0,0 +1,31 @@
+name: Sync to CodeCommit
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  sync:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v2
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: us-gov-west-1
+
+    - name: Sync to CodeCommit Goss Testing
+      run: |
+        git remote add goss-upstream ssh://git-codecommit.us-gov-west-1.amazonaws.com/v1/repos/image-pipeline-goss-testing
+        git push goss-upstream main --force
+
+    - name: Sync to CodeCommit Ansible Playbooks
+      run: |
+        git remote add ansible-upstream ssh://git-codecommit.us-gov-west-1.amazonaws.com/v1/repos/image-pipeline-ansible-playbooks
+        git push ansible-upstream main --force
diff --git a/README.md b/README.md
@@ -1,2 +1,34 @@
 # aws-image-pipeline
 Terraform Workspace for creating and managing AWS Image Pipelines
+
+
+
+To SSO Login: 
+aws sso login --profile 229685449397-csvd-dev-gov.inf-admin-t2
+
+export AWS_PROFILE=229685449397-csvd-dev-gov.inf-admin-t2
+
+aws sts get-caller-identity
+
+
+Git Syncing / Mirroring:
+
+git remote add ansible-upstream https://git-codecommit.us-gov-west-1.amazonaws.com/v1/repos/image-pipeline-ansible-playbooks
+
+git remote add goss-upstream https://git-codecommit.us-gov-west-1.amazonaws.com/v1/repos/image-pipeline-goss-testing
+
+git push origin main --force
+git push ansible-upstream main --force
+git push goss-upstream main --force
+
+rebecaa linn : She does x86 (get context for ARM)
+
+
+cd ~/.aws/
+
+terraform plan -out=plan.out | tee terraform_plan.log
+
+#Formatting error command
+yamllint 'file name'
+
+
diff --git a/main.tf b/main.tf
@@ -1,4 +1,3 @@
-
 locals {
     proxy_env_vars = {
         HTTP_PROXY = "http://proxy.tco.census.gov:3128"
@@ -37,14 +36,25 @@ locals {
     }  
 }
 
-resource random_uuid random {}
-resource aws_s3_bucket state_bucket {
+resource "random_uuid" "random" {}
+
+resource "aws_s3_bucket" "state_bucket" {
   bucket = "inf-test-${random_uuid.random.result}"
 }
 
+resource "aws_s3_bucket_server_side_encryption_configuration" "state_bucket_encryption" {
+  bucket = aws_s3_bucket.state_bucket.bucket
+
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm = "aws:kms"
+    }
+  }
+}
+
 data "aws_iam_policy_document" "s3_access" {
   statement {
-    effect = "Allow"
+    effect    = "Allow"
     actions   = ["s3:*"]
     resources = ["*"]
   }
@@ -62,14 +72,13 @@ resource "aws_security_group" "allow_amznlinux_cdn" {
 resource "aws_vpc_security_group_egress_rule" "allow_all_traffic_ipv4" {
   security_group_id = aws_security_group.allow_amznlinux_cdn.id
   cidr_ipv4         = "0.0.0.0/0"
-  ip_protocol       = "-1" # semantically equivalent to all ports
+  ip_protocol       = "-1"
 }
 
-# referenced_security_group_id
 resource "aws_vpc_security_group_ingress_rule" "allow_all_between_self" {
-  security_group_id = aws_security_group.allow_amznlinux_cdn.id
-  ip_protocol       = "-1" # semantically equivalent to all ports
-  referenced_security_group_id = aws_security_group.allow_amznlinux_cdn.id
+  security_group_id              = aws_security_group.allow_amznlinux_cdn.id
+  ip_protocol                    = "-1"
+  referenced_security_group_id   = aws_security_group.allow_amznlinux_cdn.id
 }
 
 data "aws_codecommit_repository" "ansible" {
@@ -94,10 +103,10 @@ module "main" {
   playbook                    = "hello-world.yaml"
   terraform_version           = "1.8.5"
   build_permissions_iam_doc   = data.aws_iam_policy_document.s3_access
-  build_environment_variables = [ 
+  build_environment_variables = [
    for proxy_var in keys(local.proxy_env_vars) :
-   { 
-     name=proxy_var, 
+   {
+     name=proxy_var,
      value=lookup(local.proxy_env_vars, proxy_var),
      type = "PLAINTEXT"
    }
@@ -111,7 +120,6 @@ module "main" {
   instance_type = "t2.micro"
 }
 
-
 module "rhel" {
   source                      = "HappyPathway/image-pipeline/aws"
   project_name                = "rhel-image-pipeline-demo"
@@ -120,39 +128,39 @@ module "rhel" {
   builder_image               = "aws/codebuild/standard:7.0"
   create_new_repo             = false
   create_new_role             = true
-  create_vpc_endpoint         = false # we already created one for this vpc
+  create_vpc_endpoint         = false
   ssh_user                    = "ec2-user"
-  playbook                    = "rhel-baseline.yaml"
+  playbook                    = "rhel-arm-baseline.yaml"
   terraform_version           = "1.8.5"
   troubleshoot                = true
   build_permissions_iam_doc   = data.aws_iam_policy_document.s3_access
-  build_environment_variables = [ 
-   for proxy_var in keys(local.proxy_env_vars) :
-   { 
-     name=proxy_var, 
-     value=lookup(local.proxy_env_vars, proxy_var),
-     type = "PLAINTEXT"
-   }
+  build_environment_variables = [
+    for proxy_var in keys(local.proxy_env_vars) : {
+      name  = proxy_var
+      value = lookup(local.proxy_env_vars, proxy_var)
+      type  = "PLAINTEXT"
+    }
   ]
   ansible_repo                = data.aws_codecommit_repository.ansible
   goss_repo                   = data.aws_codecommit_repository.goss
   goss_profile                = "rhel-base-test"
-  state = local.state_config
-  vpc_config = local.vpc_config
-  source_ami = "ami-0ce8fc041db68907c"
-  instance_type = "t2.micro"
+  state                       = local.state_config
+  vpc_config                  = local.vpc_config
+  source_ami                  = "ami-03fadeeea589a106b"  # x86_64 compatible AMI
+  instance_type               = "t3.micro"  # x86_64 compatible instance type
 }
 
-resource random_password winrm {
+resource "random_password" "winrm" {
   length           = 24
   override_special = "$*!"
-  special = true
+  special          = true
 }
 
-output password {
+output "password" {
   value = nonsensitive(random_password.winrm.result)
 }
 
+
 module "windows" {
   source                      = "HappyPathway/image-pipeline/aws"
   project_name                = "windows-image-pipeline-demo"
@@ -169,22 +177,23 @@ module "windows" {
     password = random_password.winrm.result
   }
   userdata = "userdata/winrm.ps1"
-  build_environment_variables = [ 
-   for proxy_var in keys(local.proxy_env_vars) :
-   { 
-     name=proxy_var, 
-     value=lookup(local.proxy_env_vars, proxy_var),
-     type = "PLAINTEXT"
-   }
+  build_environment_variables = [
+    for proxy_var in keys(local.proxy_env_vars) : {
+      name  = proxy_var
+      value = lookup(local.proxy_env_vars, proxy_var)
+      type  = "PLAINTEXT"
+    }
   ]
   ansible_repo                = data.aws_codecommit_repository.ansible
   goss_repo                   = data.aws_codecommit_repository.goss
   goss_profile                = "windows-base-test"
-  state = local.state_config
-  vpc_config = local.vpc_config
-  source_ami = "ami-012fffaddacaa52ff"
-  instance_type = "t2.xlarge"
+  state                       = local.state_config
+  vpc_config                  = local.vpc_config
+  source_ami                  = "ami-012fffaddacaa52ff"  # x86_64 compatible AMI
+  instance_type               = "t2.xlarge"  # x86_64 compatible instance type
 }
+
+
 
 output iam_arn {
   value = module.main.iam_arn
@@ -193,7 +202,7 @@ output iam_arn {
 output codebuild_user {
   value =  module.main.build_user.name
 }
-
+  
 output parameters {
   value = keys(module.main.parameters)
   sensitive = true

diff --git a/playbook.yml b/playbook.yml
diff --git a/terraform.tfstate b/terraform.tfstate