Skip to content

Commit

Permalink
chore: tf apply — add eks-terragrunt-repo-creator CodeBuild project +…
Browse files Browse the repository at this point in the history 
… Lambda CODEBUILD_PROJECT_NAME env var
  • Loading branch information
Your Name committed Apr 6, 2026
1 parent ec54b54 commit 52ebef0
Show file tree
Hide file tree
Showing 2 changed files with 146 additions and 60 deletions.
151 changes: 137 additions & 14 deletions deploy/terraform.tfstate
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"version": 4,
"terraform_version": "1.9.1",
"serial": 188,
"serial": 191,
"lineage": "637f189b-ce2c-766c-35d1-8b43eb7ae216",
"outputs": {
"api_endpoint": {
Expand Down Expand Up @@ -92,6 +92,128 @@
}
]
},
{
"mode": "managed",
"type": "aws_codebuild_project",
"name": "eks_repo_creator",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws-us-gov:codebuild:us-gov-west-1:229685449397:project/eks-terragrunt-repo-creator",
"artifacts": [
{
"artifact_identifier": "",
"bucket_owner_access": "",
"encryption_disabled": false,
"location": "",
"name": "",
"namespace_type": "",
"override_artifact_name": false,
"packaging": "",
"path": "",
"type": "NO_ARTIFACTS"
}
],
"badge_enabled": false,
"badge_url": "",
"build_batch_config": [],
"build_timeout": 15,
"cache": [
{
"location": "",
"modes": [],
"type": "NO_CACHE"
}
],
"concurrent_build_limit": 0,
"description": "Runs terraform-eks-deployment to create EKS cluster repos on GitHub Enterprise",
"encryption_key": "arn:aws-us-gov:kms:us-gov-west-1:229685449397:alias/aws/s3",
"environment": [
{
"certificate": "",
"compute_type": "BUILD_GENERAL1_SMALL",
"environment_variable": [],
"fleet": [],
"image": "aws/codebuild/amazonlinux2-x86_64-standard:3.0",
"image_pull_credentials_type": "CODEBUILD",
"privileged_mode": false,
"registry_credential": [],
"type": "LINUX_CONTAINER"
}
],
"file_system_locations": [],
"id": "arn:aws-us-gov:codebuild:us-gov-west-1:229685449397:project/eks-terragrunt-repo-creator",
"logs_config": [
{
"cloudwatch_logs": [
{
"group_name": "",
"status": "ENABLED",
"stream_name": ""
}
],
"s3_logs": [
{
"bucket_owner_access": "",
"encryption_disabled": false,
"location": "",
"status": "DISABLED"
}
]
}
],
"name": "eks-terragrunt-repo-creator",
"project_visibility": "PRIVATE",
"public_project_alias": "",
"queued_timeout": 480,
"resource_access_role": "",
"secondary_artifacts": [],
"secondary_source_version": [],
"secondary_sources": [],
"service_role": "arn:aws-us-gov:iam::229685449397:role/CodeBuildPackerRole-eks-terragrunt-repo-generator-builder",
"source": [
{
"auth": [],
"build_status_config": [],
"buildspec": "version: 0.2\n# buildspec.yml — terraform-eks-deployment / eks-terragrunt-repo-creator\n#\n# This buildspec is used by the CodeBuild project that is triggered by the\n# Lambda function (eks-terragrunt-repo-gen-template-automation) to create an\n# EKS cluster GitHub repository.\n#\n# Required environment variables (injected by the Lambda as overrides):\n# TF_VAR_name — cluster / repo name\n# TF_VAR_environment — environment (dev / nonprod / prod)\n# TF_VAR_region — AWS region (e.g. us-gov-west-1)\n# TF_VAR_cluster_config — JSON object with account_name, aws_account_id, etc.\n# TF_VAR_finops — JSON object with finops project_name / project_number\n# GITHUB_TOKEN — GitHub PAT (passed from Lambda's Secrets Manager read)\n# GITHUB_OWNER — GitHub org (default: SCT-Engineering)\n# GITHUB_BASE_URL — GHE base URL (e.g. https://github.e.it.census.gov)\n\nenv:\n variables:\n TF_VERSION: \"1.9.0\"\n ASSETS_BUCKET: \"csvd-packer-pipeline-assets\"\n REPO_HOST: \"github.e.it.census.gov\"\n REPO_ORG: \"CSVD\"\n REPO_NAME: \"terraform-eks-deployment\"\n # Disable TLS verification for Census GHE (Census CA cert not trusted by default)\n GIT_SSL_NO_VERIFY: \"true\"\n TF_CLI_ARGS: \"-no-color\"\n\nphases:\n install:\n commands:\n # ── Install Terraform ─────────────────────────────────────────────────\n - |\n if ! command -v terraform \u0026\u003e/dev/null; then\n TF_ZIP=\"terraform_${TF_VERSION}_linux_amd64.zip\"\n echo \"Installing Terraform ${TF_VERSION}...\"\n aws s3 cp \"s3://${ASSETS_BUCKET}/terraform/${TF_ZIP}\" /tmp/${TF_ZIP} 2\u003e/dev/null \\\n || curl -fsSL \"https://releases.hashicorp.com/terraform/${TF_VERSION}/${TF_ZIP}\" -o /tmp/${TF_ZIP}\n unzip -oq /tmp/${TF_ZIP} -d /usr/local/bin/\n chmod +x /usr/local/bin/terraform\n rm /tmp/${TF_ZIP}\n fi\n - terraform version\n\n # ── Clone terraform-eks-deployment ───────────────────────────────────\n - |\n git config --global credential.helper \\\n \"!f() { echo username=x-access-token; echo password=${GITHUB_TOKEN}; }; f\"\n git clone --depth 1 \\\n \"https://${REPO_HOST}/${REPO_ORG}/${REPO_NAME}.git\" \\\n /tmp/eks-deploy\n - echo \"Cloned ${REPO_ORG}/${REPO_NAME} @ $(git -C /tmp/eks-deploy rev-parse --short HEAD)\"\n\n build:\n commands:\n - cd /tmp/eks-deploy\n - echo \"=== terraform init ===\"\n - terraform init -no-color\n - echo \"=== terraform apply ===\"\n - terraform apply -auto-approve -no-color\n\n post_build:\n commands:\n - |\n if [ \"${CODEBUILD_BUILD_SUCCEEDING}\" = \"0\" ]; then\n echo \"Build FAILED — check logs above\"\n else\n echo \"Build SUCCEEDED — repository created\"\n fi\n",
"git_clone_depth": 0,
"git_submodules_config": [],
"insecure_ssl": false,
"location": "",
"report_build_status": false,
"type": "NO_SOURCE"
}
],
"source_version": "",
"tags": {
"Environment": "production",
"ManagedBy": "Terraform",
"Purpose": "EKSTerragruntRepoGenerator"
},
"tags_all": {
"Environment": "production",
"ManagedBy": "Terraform",
"Purpose": "EKSTerragruntRepoGenerator"
},
"vpc_config": [
{
"security_group_ids": [
"sg-0641c697588b9aa6b"
],
"subnets": [
"subnet-0b1992a84536c581b"
],
"vpc_id": "vpc-00576a396ec570b94"
}
]
},
"sensitive_attributes": [],
"private": "bnVsbA=="
}
]
},
{
"mode": "managed",
"type": "aws_iam_role",
Expand Down Expand Up @@ -921,13 +1043,14 @@
"x86_64"
],
"arn": "arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:eks-terragrunt-repo-gen-template-automation",
"code_sha256": "b662e55783c01b6770306fd151ca27f39428666abf8970f9687b50340c8ec6c6",
"code_sha256": "af0b5eedce3615cd1411857c54c548ae89c8dbd0593fb6e71716bf81812049b1",
"code_signing_config_arn": null,
"dead_letter_config": [],
"description": "",
"environment": [
{
"variables": {
"CODEBUILD_PROJECT_NAME": "eks-terragrunt-repo-creator",
"GITHUB_API": "https://github.e.it.census.gov",
"GITHUB_ORG_NAME": "SCT-Engineering",
"GITHUB_TOKEN_SECRET_NAME": "/eks-cluster-deployment/github_token",
Expand All @@ -952,7 +1075,7 @@
"image_uri": "229685449397.dkr.ecr.us-gov-west-1.amazonaws.com/eks-terragrunt-repo-generator/lambda:latest",
"invoke_arn": "arn:aws-us-gov:apigateway:us-gov-west-1:lambda:path/2015-03-31/functions/arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:eks-terragrunt-repo-gen-template-automation/invocations",
"kms_key_arn": "",
"last_modified": "2026-04-02T19:48:24.000+0000",
"last_modified": "2026-04-06T17:55:08.000+0000",
"layers": [],
"logging_config": [
{
Expand All @@ -965,8 +1088,8 @@
"memory_size": 512,
"package_type": "Image",
"publish": true,
"qualified_arn": "arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:eks-terragrunt-repo-gen-template-automation:3",
"qualified_invoke_arn": "arn:aws-us-gov:apigateway:us-gov-west-1:lambda:path/2015-03-31/functions/arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:eks-terragrunt-repo-gen-template-automation:3/invocations",
"qualified_arn": "arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:eks-terragrunt-repo-gen-template-automation:4",
"qualified_invoke_arn": "arn:aws-us-gov:apigateway:us-gov-west-1:lambda:path/2015-03-31/functions/arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:eks-terragrunt-repo-gen-template-automation:4/invocations",
"replace_security_groups_on_destroy": null,
"replacement_security_group_ids": null,
"reserved_concurrent_executions": -1,
Expand Down Expand Up @@ -998,7 +1121,7 @@
"mode": "PassThrough"
}
],
"version": "3",
"version": "4",
"vpc_config": [
{
"ipv6_allowed_for_dual_stack": false,
Expand Down Expand Up @@ -1168,13 +1291,13 @@
[
{
"type": "get_attr",
"value": "value"
"value": "value_wo"
}
],
[
{
"type": "get_attr",
"value": "value_wo"
"value": "value"
}
]
],
Expand Down Expand Up @@ -1215,13 +1338,13 @@
[
{
"type": "get_attr",
"value": "value"
"value": "value_wo"
}
],
[
{
"type": "get_attr",
"value": "value_wo"
"value": "value"
}
]
],
Expand Down Expand Up @@ -1309,13 +1432,13 @@
[
{
"type": "get_attr",
"value": "value_wo"
"value": "value"
}
],
[
{
"type": "get_attr",
"value": "value"
"value": "value_wo"
}
]
],
Expand Down Expand Up @@ -1403,13 +1526,13 @@
[
{
"type": "get_attr",
"value": "value_wo"
"value": "value"
}
],
[
{
"type": "get_attr",
"value": "value"
"value": "value_wo"
}
]
],
Expand Down
55 changes: 9 additions & 46 deletions deploy/terraform.tfstate.backup
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"version": 4,
"terraform_version": "1.9.1",
"serial": 186,
"serial": 188,
"lineage": "637f189b-ce2c-766c-35d1-8b43eb7ae216",
"outputs": {
"api_endpoint": {
Expand Down Expand Up @@ -262,43 +262,6 @@
}
]
},
{
"mode": "managed",
"type": "aws_servicecatalog_constraint",
"name": "template",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"accept_language": "en",
"description": "Template constraint - locks the Lambda ARN to the deployed function",
"id": "cons-mylfkxudrtotc",
"owner": "229685449397",
"parameters": "{\"Rules\":{\"LockLambdaArn\":{\"Assertions\":[{\"Assert\":{\"Fn::Equals\":[{\"Ref\":\"LambdaFunctionArn\"},\"arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:eks-terragrunt-repo-gen-template-automation\"]},\"AssertDescription\":\"The Lambda function ARN cannot be changed\"}]}}}",
"portfolio_id": "port-h5qd63hw5yagq",
"product_id": "prod-lmua4oknugafg",
"status": "AVAILABLE",
"timeouts": null,
"type": "TEMPLATE"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAsImRlbGV0ZSI6MTgwMDAwMDAwMDAwLCJyZWFkIjo2MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwfX0=",
"dependencies": [
"aws_servicecatalog_portfolio.this",
"aws_servicecatalog_product.github_repository",
"data.aws_caller_identity.current",
"data.aws_region.current",
"module.eks_terragrunt_repo_generator.aws_cloudwatch_log_group.lambda",
"module.eks_terragrunt_repo_generator.aws_iam_role.lambda",
"module.eks_terragrunt_repo_generator.aws_iam_role_policy_attachment.lambda_logs",
"module.eks_terragrunt_repo_generator.aws_lambda_function.this",
"module.eks_terragrunt_repo_generator.data.aws_partition.current"
]
}
]
},
{
"mode": "managed",
"type": "aws_servicecatalog_portfolio",
Expand Down Expand Up @@ -1252,13 +1215,13 @@
[
{
"type": "get_attr",
"value": "value_wo"
"value": "value"
}
],
[
{
"type": "get_attr",
"value": "value"
"value": "value_wo"
}
]
],
Expand Down Expand Up @@ -1393,13 +1356,13 @@
[
{
"type": "get_attr",
"value": "value_wo"
"value": "value"
}
],
[
{
"type": "get_attr",
"value": "value"
"value": "value_wo"
}
]
],
Expand Down Expand Up @@ -1440,13 +1403,13 @@
[
{
"type": "get_attr",
"value": "value"
"value": "value_wo"
}
],
[
{
"type": "get_attr",
"value": "value_wo"
"value": "value"
}
]
],
Expand Down Expand Up @@ -1487,13 +1450,13 @@
[
{
"type": "get_attr",
"value": "value_wo"
"value": "value"
}
],
[
{
"type": "get_attr",
"value": "value"
"value": "value_wo"
}
]
],
Expand Down

0 comments on commit 52ebef0

Please sign in to comment.