diff --git a/.github/workflows/sync-to-codecommit.yml b/.github/workflows/sync-to-codecommit.yml new file mode 100644 index 0000000..68512ce --- /dev/null +++ b/.github/workflows/sync-to-codecommit.yml @@ -0,0 +1,31 @@ +name: Sync to CodeCommit + +on: + push: + branches: + - main + +jobs: + sync: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: us-gov-west-1 + + - name: Sync to CodeCommit Goss Testing + run: | + git remote add goss-upstream ssh://git-codecommit.us-gov-west-1.amazonaws.com/v1/repos/image-pipeline-goss-testing + git push goss-upstream main --force + + - name: Sync to CodeCommit Ansible Playbooks + run: | + git remote add ansible-upstream ssh://git-codecommit.us-gov-west-1.amazonaws.com/v1/repos/image-pipeline-ansible-playbooks + git push ansible-upstream main --force \ No newline at end of file diff --git a/README.md b/README.md index c4195ac..a9cd440 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,34 @@ # aws-image-pipeline Terraform Workspace for creating and managing AWS Image Pipelines + + + +To SSO Login: +aws sso login --profile 229685449397-csvd-dev-gov.inf-admin-t2 + +export AWS_PROFILE=229685449397-csvd-dev-gov.inf-admin-t2 + +aws sts get-caller-identity + + +Git Syncing / Mirroring: + +git remote add ansible-upstream https://git-codecommit.us-gov-west-1.amazonaws.com/v1/repos/image-pipeline-ansible-playbooks + +git remote add goss-upstream https://git-codecommit.us-gov-west-1.amazonaws.com/v1/repos/image-pipeline-goss-testing + +git push origin main --force +git push ansible-upstream main --force +git push goss-upstream main --force + +rebecaa linn : She does x86 (get context for ARM) + + +cd ~/.aws/ + +terraform plan -out=plan.out | tee terraform_plan.log + +#Formatting error command +yamllint 'file name' + + diff --git a/main.tf b/main.tf index 9d9988c..0fceefc 100644 --- a/main.tf +++ b/main.tf @@ -1,4 +1,3 @@ - locals { proxy_env_vars = { HTTP_PROXY = "http://proxy.tco.census.gov:3128" @@ -37,14 +36,25 @@ locals { } } -resource random_uuid random {} -resource aws_s3_bucket state_bucket { +resource "random_uuid" "random" {} + +resource "aws_s3_bucket" "state_bucket" { bucket = "inf-test-${random_uuid.random.result}" } +resource "aws_s3_bucket_server_side_encryption_configuration" "state_bucket_encryption" { + bucket = aws_s3_bucket.state_bucket.bucket + + rule { + apply_server_side_encryption_by_default { + sse_algorithm = "aws:kms" + } + } +} + data "aws_iam_policy_document" "s3_access" { statement { - effect = "Allow" + effect = "Allow" actions = ["s3:*"] resources = ["*"] } @@ -62,14 +72,13 @@ resource "aws_security_group" "allow_amznlinux_cdn" { resource "aws_vpc_security_group_egress_rule" "allow_all_traffic_ipv4" { security_group_id = aws_security_group.allow_amznlinux_cdn.id cidr_ipv4 = "0.0.0.0/0" - ip_protocol = "-1" # semantically equivalent to all ports + ip_protocol = "-1" } -# referenced_security_group_id resource "aws_vpc_security_group_ingress_rule" "allow_all_between_self" { - security_group_id = aws_security_group.allow_amznlinux_cdn.id - ip_protocol = "-1" # semantically equivalent to all ports - referenced_security_group_id = aws_security_group.allow_amznlinux_cdn.id + security_group_id = aws_security_group.allow_amznlinux_cdn.id + ip_protocol = "-1" + referenced_security_group_id = aws_security_group.allow_amznlinux_cdn.id } data "aws_codecommit_repository" "ansible" { @@ -94,10 +103,10 @@ module "main" { playbook = "hello-world.yaml" terraform_version = "1.8.5" build_permissions_iam_doc = data.aws_iam_policy_document.s3_access - build_environment_variables = [ + build_environment_variables = [ for proxy_var in keys(local.proxy_env_vars) : - { - name=proxy_var, + { + name=proxy_var, value=lookup(local.proxy_env_vars, proxy_var), type = "PLAINTEXT" } @@ -111,7 +120,6 @@ module "main" { instance_type = "t2.micro" } - module "rhel" { source = "HappyPathway/image-pipeline/aws" project_name = "rhel-image-pipeline-demo" @@ -120,39 +128,39 @@ module "rhel" { builder_image = "aws/codebuild/standard:7.0" create_new_repo = false create_new_role = true - create_vpc_endpoint = false # we already created one for this vpc + create_vpc_endpoint = false ssh_user = "ec2-user" - playbook = "rhel-baseline.yaml" + playbook = "rhel-arm-baseline.yaml" terraform_version = "1.8.5" troubleshoot = true build_permissions_iam_doc = data.aws_iam_policy_document.s3_access - build_environment_variables = [ - for proxy_var in keys(local.proxy_env_vars) : - { - name=proxy_var, - value=lookup(local.proxy_env_vars, proxy_var), - type = "PLAINTEXT" - } + build_environment_variables = [ + for proxy_var in keys(local.proxy_env_vars) : { + name = proxy_var + value = lookup(local.proxy_env_vars, proxy_var) + type = "PLAINTEXT" + } ] ansible_repo = data.aws_codecommit_repository.ansible goss_repo = data.aws_codecommit_repository.goss goss_profile = "rhel-base-test" - state = local.state_config - vpc_config = local.vpc_config - source_ami = "ami-0ce8fc041db68907c" - instance_type = "t2.micro" + state = local.state_config + vpc_config = local.vpc_config + source_ami = "ami-03fadeeea589a106b" # x86_64 compatible AMI + instance_type = "t3.micro" # x86_64 compatible instance type } -resource random_password winrm { +resource "random_password" "winrm" { length = 24 override_special = "$*!" - special = true + special = true } -output password { +output "password" { value = nonsensitive(random_password.winrm.result) } + module "windows" { source = "HappyPathway/image-pipeline/aws" project_name = "windows-image-pipeline-demo" @@ -169,22 +177,23 @@ module "windows" { password = random_password.winrm.result } userdata = "userdata/winrm.ps1" - build_environment_variables = [ - for proxy_var in keys(local.proxy_env_vars) : - { - name=proxy_var, - value=lookup(local.proxy_env_vars, proxy_var), - type = "PLAINTEXT" - } + build_environment_variables = [ + for proxy_var in keys(local.proxy_env_vars) : { + name = proxy_var + value = lookup(local.proxy_env_vars, proxy_var) + type = "PLAINTEXT" + } ] ansible_repo = data.aws_codecommit_repository.ansible goss_repo = data.aws_codecommit_repository.goss goss_profile = "windows-base-test" - state = local.state_config - vpc_config = local.vpc_config - source_ami = "ami-012fffaddacaa52ff" - instance_type = "t2.xlarge" + state = local.state_config + vpc_config = local.vpc_config + source_ami = "ami-012fffaddacaa52ff" # x86_64 compatible AMI + instance_type = "t2.xlarge" # x86_64 compatible instance type } + + output iam_arn { value = module.main.iam_arn @@ -193,7 +202,7 @@ output iam_arn { output codebuild_user { value = module.main.build_user.name } - + output parameters { value = keys(module.main.parameters) sensitive = true diff --git a/playbook.yml b/playbook.yml deleted file mode 100644 index e69de29..0000000 diff --git a/terraform.tfstate b/terraform.tfstate deleted file mode 100644 index e69de29..0000000