updating documentation

CSVD · Mar 3, 2026 · 3a11631 · 3a11631
1 parent 5fc3708
commit 3a11631
Show file tree

Hide file tree

Showing 4 changed files with 599 additions and 137 deletions.
diff --git a/.gitignore b/.gitignore
@@ -20,3 +20,5 @@ build/
 dist/
 venv/
 docs/venv/
+# Packer pipeline zip files
+eks-terragrunt-repo-generator-builder.zip
diff --git a/config_packer.hcl → csvd_config_packer.hcl b/config_packer.hcl → csvd_config_packer.hcl
@@ -2,10 +2,15 @@
 // Builds the Lambda container that renders Terragrunt HCL files into new GitHub repos.
 
 packer_pipeline {
+  // Environment name — used to derive bucket names when not explicitly set
+  // Convention: {environment_name}-packer-pipeline-{builds|assets}
+  // Run `packer-pipeline init` to create buckets and download tools for a new environment
+  environment_name     = "csvd"
+
   // Required parameters
   packer_template_file = "packer.pkr.hcl"  // Relative path within the repo to the Packer template
-  s3_bucket            = "csvd-template-automation-builds"  // S3 bucket for artifacts
-  assets_bucket        = "image-pipeline-assets-dev"       // S3 bucket containing tool assets
+  s3_bucket            = "csvd-packer-pipeline-builds"     // S3 bucket for artifacts (derived from environment_name)
+  assets_bucket        = "csvd-packer-pipeline-assets"     // S3 bucket containing tool assets (derived from environment_name)
   codebuild_project_name = "eks-terragrunt-repo-generator-builder"  // Name for the CodeBuild project
 
   // Tools configuration
@@ -64,7 +69,14 @@ packer_pipeline {
     IMAGE_TAG       = "latest"
     HTTP_PROXY      = "http://proxy.tco.census.gov:3128"
     HTTPS_PROXY     = "http://proxy.tco.census.gov:3128"
-    NO_PROXY        = "public.ecr.aws,pypi.org,github.e.it.census.gov,files.pythonhosted.org,nexus.it.census.gov,public.ecr.aws"
+    // NO_PROXY: things that should bypass the proxy entirely
+    //   - 169.254.*           = EC2 metadata / ECS task credentials
+    //   - .s3.*amazonaws.com  = S3 via VPC gateway endpoint
+    //   - .dkr.ecr / .ecr    = private ECR via internal routing
+    //   - sts / logs          = AWS service endpoints via internal routing
+    //   - github.e.it / nexus = internal census hosts
+    // Everything else (pypi.org, files.pythonhosted.org, public.ecr.aws) goes through proxy
+    NO_PROXY        = "169.254.169.254,169.254.170.2,.s3.us-gov-west-1.amazonaws.com,.s3.amazonaws.com,.s3-fips.us-gov-west-1.amazonaws.com,.dkr.ecr.us-gov-west-1.amazonaws.com,.ecr.us-gov-west-1.amazonaws.com,sts.us-gov-west-1.amazonaws.com,logs.us-gov-west-1.amazonaws.com,github.e.it.census.gov,nexus.it.census.gov"
     ECR_REGISTRY    = "229685449397.dkr.ecr.us-gov-west-1.amazonaws.com"  // ECR registry URL
   }