diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md index 363eec95..e2d39e70 100644 --- a/.github/copilot-instructions.md +++ b/.github/copilot-instructions.md @@ -77,8 +77,31 @@ SC Console (user fills form) → SC provisioned product shows as AVAILABLE ``` -The SC product is **managed by `terraform-service-catalog-census`** (not deployed from this repo). -The live CFN template lives at: +## SC Product Deployment Methods + +There are **two ways** to deploy the Service Catalog product. Both use the same +`service-catalog/product-template.yaml` CFN template — they must stay in sync. + +### Method 1: Direct Terraform via `deploy/` (canonical, use for testing/debugging) + +```bash +cd lambda-template-repo-generator/deploy +tf init +tf apply +``` + +This deploys the Lambda + SC portfolio + SC product + constraints directly. +Use this as the **reference deployment** when debugging issues with the census pipeline. +IDs after last apply: portfolio `port-h5qd63hw5yagq`, product `prod-lmua4oknugafg`. + +### Method 2: `terraform-service-catalog-census` Terragrunt (production path) + +```bash +cd terraform-service-catalog-census/non-prod/csvd-dev/west/service-catalog +tf apply # (via terragrunt) +``` + +This is the census-managed production deployment path. The live CFN template lives at: `terraform-service-catalog-census/templates/products/eks-terragrunt-repo/2-0-0.yaml` Both `service-catalog/product-template.yaml` here and `2-0-0.yaml` in census must stay in sync @@ -140,8 +163,10 @@ python scripts/check_github_permissions.py ## What NOT to Do -- ❌ Do not create a `buildspec.yml` for repo creation — there is no CodeBuild approach here -- ❌ Do not use `hashicorp/github` or `HappyPathway/terraform-github-repo` Terraform providers for SC products +- ❌ Do not create a `buildspec.yml` for repo creation using the **old** CodeBuild+Terraform approach +- ❌ Do not use `HappyPathway/terraform-github-repo` **public** module — it pins `github ~> 6.0` (conflicts with internal `>= 6.6.0`) +- ✅ DO use `CSVD/terraform-github-repo` (https://github.e.it.census.gov/CSVD/terraform-github-repo) — internal module, uses `github 6.6.0`, supports `template_repo` + `managed_extra_files` - ❌ Do not pass `vpc_id` to the Lambda — use `vpc_name` -- ❌ Do not deploy the SC portfolio/product from this repo — that's `terraform-service-catalog-census`'s job - ❌ Do not re-add `LambdaFunctionArn` as a CFN parameter — use `!Sub "arn:..."` directly +- ❌ Do not write temp files or command output to `/tmp` — use `~/tmp` (i.e. `/home/a/arnol377/tmp`) instead +- ❌ Do not use the `terraform` command directly — always use the `tf` alias (e.g. `tf plan`, `tf apply`, `tf init`) diff --git a/csvd_config_packer.hcl b/csvd_config_packer.hcl index 781cc5fe..fcdf9408 100644 --- a/csvd_config_packer.hcl +++ b/csvd_config_packer.hcl @@ -17,8 +17,8 @@ packer_pipeline { tools = [ { name = "packer" - version = "1.13.0" - zip_path = "packer_1.13.0_linux_amd64.zip" + version = "1.10.3" + zip_path = "packer_1.10.3_linux_amd64.zip" binary_name = "packer" install_path = "/usr/local/bin" } @@ -29,7 +29,8 @@ packer_pipeline { partition = "aws-us-gov" // AWS partition (aws or aws-us-gov) // Role management - create_role = true // Enable automatic role creation + create_role = false // Role already exists; provide ARN directly + codebuild_role_arn = "arn:aws-us-gov:iam::229685449397:role/CodeBuildPackerRole-eks-terragrunt-repo-generator-builder" // Region and partition configuration aws_region = "us-gov-west-1" // AWS region @@ -42,7 +43,7 @@ packer_pipeline { buildspec_template = "buildspec.yml.j2" // Buildspec template file // Post-build commands to push Docker image to ECR - additional_post_build_commands = "docker push ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${ECR_REPOSITORY}:${IMAGE_TAG}" + additional_post_build_commands = "- docker push ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${ECR_REPOSITORY}:${IMAGE_TAG}" // Exclude patterns for zip creation exclude_dirs = [ diff --git a/deploy/.terraform_commits b/deploy/.terraform_commits index b1d2acad..984a63b1 100644 --- a/deploy/.terraform_commits +++ b/deploy/.terraform_commits @@ -82,5 +82,17 @@ "commit_message": "pushing latest code", "author": "Your Name", "timestamp": "2026-02-11T17:09:42.508401" + }, + { + "commit_hash": "528f4b3c9d142dc7b5b4cd3e9f7ce00aa98352ca", + "commit_message": "fix: VERIFY_SSL=false; public repo visibility; add ec2:DescribeVpcs to SC launch role\n\n- VERIFY_SSL was incorrectly set to 'true' (Census CA cert not in certifi)\n- repo_visibility changed from 'internal' to 'public' per ECA requirements\n- Added EC2DescribeVpcs permission to SC launch role IAM policy", + "author": "Your Name", + "timestamp": "2026-04-06T12:12:58.619384" + }, + { + "commit_hash": "528f4b3c9d142dc7b5b4cd3e9f7ce00aa98352ca", + "commit_message": "fix: VERIFY_SSL=false; public repo visibility; add ec2:DescribeVpcs to SC launch role\n\n- VERIFY_SSL was incorrectly set to 'true' (Census CA cert not in certifi)\n- repo_visibility changed from 'internal' to 'public' per ECA requirements\n- Added EC2DescribeVpcs permission to SC launch role IAM policy", + "author": "Your Name", + "timestamp": "2026-04-06T12:18:21.814330" } ] \ No newline at end of file diff --git a/deploy/service_catalog.tf b/deploy/service_catalog.tf index 7486f667..532f29cf 100644 --- a/deploy/service_catalog.tf +++ b/deploy/service_catalog.tf @@ -189,33 +189,7 @@ resource "aws_servicecatalog_constraint" "launch" { description = "Launch constraint - uses a dedicated role to invoke the Lambda function" } -# ----------------------------------------------------------------------------- -# Template constraint – lock the hidden LambdaFunctionArn parameter -# ----------------------------------------------------------------------------- -resource "aws_servicecatalog_constraint" "template" { - count = local.create_sc ? 1 : 0 - - portfolio_id = aws_servicecatalog_portfolio.this[0].id - product_id = aws_servicecatalog_product.github_repository[0].id - type = "TEMPLATE" - - parameters = jsonencode({ - Rules = { - LockLambdaArn = { - Assertions = [ - { - Assert = { - "Fn::Equals" = [ - { Ref = "LambdaFunctionArn" }, - local.lambda_arn - ] - } - AssertDescription = "The Lambda function ARN cannot be changed" - } - ] - } - } - }) - - description = "Template constraint - locks the Lambda ARN to the deployed function" -} +# Template constraint removed: LambdaFunctionArn was dropped as a CFN parameter +# (ServiceToken is now hardcoded via !Sub in product-template.yaml). +# A template constraint referencing a non-existent parameter causes +# "Template Constraint Parameters Error" at launch time. diff --git a/deploy/terraform.tfstate b/deploy/terraform.tfstate index 072a764e..293633dc 100644 --- a/deploy/terraform.tfstate +++ b/deploy/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.9.1", - "serial": 153, + "serial": 188, "lineage": "637f189b-ce2c-766c-35d1-8b43eb7ae216", "outputs": { "api_endpoint": { @@ -25,15 +25,15 @@ "type": "string" }, "service_catalog_portfolio_id": { - "value": "port-uchiqj7m3d57k", + "value": "port-h5qd63hw5yagq", "type": "string" }, "service_catalog_product_id": { - "value": "prod-dafgxbqzsktco", + "value": "prod-lmua4oknugafg", "type": "string" }, "service_catalog_provisioning_url": { - "value": "https://console.amazonaws-us-gov.com/servicecatalog/home?region=us-gov-west-1#/products/prod-dafgxbqzsktco", + "value": "https://console.amazonaws-us-gov.com/servicecatalog/home?region=us-gov-west-1#/products/prod-lmua4oknugafg", "type": "string" } }, @@ -104,11 +104,16 @@ "attributes": { "arn": "arn:aws-us-gov:iam::229685449397:role/eks-terragrunt-sc-launch-role", "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"servicecatalog.amazonaws.com\"}}],\"Version\":\"2012-10-17\"}", - "create_date": "2026-02-20T20:07:36Z", + "create_date": "2026-04-02T19:46:58Z", "description": "", "force_detach_policies": false, "id": "eks-terragrunt-sc-launch-role", - "inline_policy": [], + "inline_policy": [ + { + "name": "invoke-lambda-and-cfn", + "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"lambda:InvokeFunction\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:eks-terragrunt-repo-gen-template-automation\",\"Sid\":\"InvokeLambda\"},{\"Action\":[\"cloudformation:CreateStack\",\"cloudformation:DeleteStack\",\"cloudformation:DescribeStacks\",\"cloudformation:DescribeStackEvents\",\"cloudformation:GetTemplate\",\"cloudformation:GetTemplateSummary\",\"cloudformation:ValidateTemplate\",\"cloudformation:UpdateStack\",\"cloudformation:SetStackPolicy\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"CloudFormationOperations\"},{\"Action\":[\"ec2:DescribeVpcs\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"EC2DescribeVpcs\"},{\"Action\":[\"s3:GetObject\"],\"Condition\":{\"StringEquals\":{\"s3:ExistingObjectTag/servicecatalog:provisioning\":[\"true\"]}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"S3ReadTemplate\"},{\"Action\":[\"s3:ListBucket\",\"s3:GetBucketLocation\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws-us-gov:s3:::servicecatalog-product-artifacts-20250904021619588100000003\",\"Sid\":\"S3ListBucket\"}]}" + } + ], "managed_policy_arns": [], "max_session_duration": 3600, "name": "eks-terragrunt-sc-launch-role", @@ -125,7 +130,7 @@ "ManagedBy": "Terraform", "Purpose": "EKSTerragruntRepoGenerator" }, - "unique_id": "AROATK6SR2K2Q5PRKRRG3" + "unique_id": "AROATK6SR2K26YSUS2WLQ" }, "sensitive_attributes": [], "private": "bnVsbA==" @@ -145,7 +150,7 @@ "id": "eks-terragrunt-sc-launch-role:invoke-lambda-and-cfn", "name": "invoke-lambda-and-cfn", "name_prefix": "", - "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"lambda:InvokeFunction\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:eks-terragrunt-repo-gen-template-automation\",\"Sid\":\"InvokeLambda\"},{\"Action\":[\"cloudformation:CreateStack\",\"cloudformation:DeleteStack\",\"cloudformation:DescribeStacks\",\"cloudformation:DescribeStackEvents\",\"cloudformation:GetTemplate\",\"cloudformation:GetTemplateSummary\",\"cloudformation:ValidateTemplate\",\"cloudformation:UpdateStack\",\"cloudformation:SetStackPolicy\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"CloudFormationOperations\"},{\"Action\":[\"s3:GetObject\"],\"Condition\":{\"StringEquals\":{\"s3:ExistingObjectTag/servicecatalog:provisioning\":[\"true\"]}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"S3ReadTemplate\"},{\"Action\":[\"s3:ListBucket\",\"s3:GetBucketLocation\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws-us-gov:s3:::servicecatalog-product-artifacts-20250904021619588100000003\",\"Sid\":\"S3ListBucket\"}]}", + "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"lambda:InvokeFunction\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:eks-terragrunt-repo-gen-template-automation\",\"Sid\":\"InvokeLambda\"},{\"Action\":[\"cloudformation:CreateStack\",\"cloudformation:DeleteStack\",\"cloudformation:DescribeStacks\",\"cloudformation:DescribeStackEvents\",\"cloudformation:GetTemplate\",\"cloudformation:GetTemplateSummary\",\"cloudformation:ValidateTemplate\",\"cloudformation:UpdateStack\",\"cloudformation:SetStackPolicy\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"CloudFormationOperations\"},{\"Action\":[\"ec2:DescribeVpcs\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"EC2DescribeVpcs\"},{\"Action\":[\"s3:GetObject\"],\"Condition\":{\"StringEquals\":{\"s3:ExistingObjectTag/servicecatalog:provisioning\":[\"true\"]}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"S3ReadTemplate\"},{\"Action\":[\"s3:ListBucket\",\"s3:GetBucketLocation\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws-us-gov:s3:::servicecatalog-product-artifacts-20250904021619588100000003\",\"Sid\":\"S3ListBucket\"}]}", "role": "eks-terragrunt-sc-launch-role" }, "sensitive_attributes": [], @@ -191,12 +196,12 @@ "content_encoding": "", "content_language": "", "content_type": "application/octet-stream", - "etag": "4fd86fe3494539adecacdeba049537d8", + "etag": "8b5997769f7c04a86468f9b1d41e03c3", "force_destroy": false, "id": "eks-terragrunt-repo-creator/v2.0/product-template.yaml", "key": "eks-terragrunt-repo-creator/v2.0/product-template.yaml", "kms_key_id": null, - "metadata": null, + "metadata": {}, "object_lock_legal_hold_status": "", "object_lock_mode": "", "object_lock_retain_until_date": "", @@ -237,11 +242,11 @@ "attributes": { "accept_language": "en", "description": "Launch constraint - uses a dedicated role to invoke the Lambda function", - "id": "cons-toptu5t557iyi", + "id": "cons-ac5osiweqnrke", "owner": "229685449397", "parameters": "{\"RoleArn\":\"arn:aws-us-gov:iam::229685449397:role/eks-terragrunt-sc-launch-role\"}", - "portfolio_id": "port-uchiqj7m3d57k", - "product_id": "prod-dafgxbqzsktco", + "portfolio_id": "port-h5qd63hw5yagq", + "product_id": "prod-lmua4oknugafg", "status": "AVAILABLE", "timeouts": null, "type": "LAUNCH" @@ -257,43 +262,6 @@ } ] }, - { - "mode": "managed", - "type": "aws_servicecatalog_constraint", - "name": "template", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "index_key": 0, - "schema_version": 0, - "attributes": { - "accept_language": "en", - "description": "Template constraint - locks the Lambda ARN to the deployed function", - "id": "cons-2zd5oy26nh7x2", - "owner": "229685449397", - "parameters": "{\"Rules\":{\"LockLambdaArn\":{\"Assertions\":[{\"Assert\":{\"Fn::Equals\":[{\"Ref\":\"LambdaFunctionArn\"},\"arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:eks-terragrunt-repo-gen-template-automation\"]},\"AssertDescription\":\"The Lambda function ARN cannot be changed\"}]}}}", - "portfolio_id": "port-uchiqj7m3d57k", - "product_id": "prod-dafgxbqzsktco", - "status": "AVAILABLE", - "timeouts": null, - "type": "TEMPLATE" - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAsImRlbGV0ZSI6MTgwMDAwMDAwMDAwLCJyZWFkIjo2MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwfX0=", - "dependencies": [ - "aws_servicecatalog_portfolio.this", - "aws_servicecatalog_product.github_repository", - "data.aws_caller_identity.current", - "data.aws_region.current", - "module.eks_terragrunt_repo_generator.aws_cloudwatch_log_group.lambda", - "module.eks_terragrunt_repo_generator.aws_iam_role.lambda", - "module.eks_terragrunt_repo_generator.aws_iam_role_policy_attachment.lambda_logs", - "module.eks_terragrunt_repo_generator.aws_lambda_function.this", - "module.eks_terragrunt_repo_generator.data.aws_partition.current" - ] - } - ] - }, { "mode": "managed", "type": "aws_servicecatalog_portfolio", @@ -304,10 +272,10 @@ "index_key": 0, "schema_version": 0, "attributes": { - "arn": "arn:aws-us-gov:catalog:us-gov-west-1:229685449397:portfolio/port-uchiqj7m3d57k", - "created_time": "2026-02-09T20:49:36Z", + "arn": "arn:aws-us-gov:catalog:us-gov-west-1:229685449397:portfolio/port-h5qd63hw5yagq", + "created_time": "2026-04-06T16:12:50Z", "description": "Self-service EKS cluster repository creation with Terragrunt configuration", - "id": "port-uchiqj7m3d57k", + "id": "port-h5qd63hw5yagq", "name": "eks-terragrunt-github-automation", "provider_name": "Platform Engineering", "tags": { @@ -338,8 +306,8 @@ "schema_version": 1, "attributes": { "accept_language": "en", - "id": "en,arn:aws-us-gov:iam::229685449397:role/aws-reserved/sso.amazonaws.com/us-gov-east-1/AWSReservedSSO_inf-admin-t2_4e0c6446aecbe4a0,port-uchiqj7m3d57k,IAM", - "portfolio_id": "port-uchiqj7m3d57k", + "id": "en,arn:aws-us-gov:iam::229685449397:role/aws-reserved/sso.amazonaws.com/us-gov-east-1/AWSReservedSSO_inf-admin-t2_4e0c6446aecbe4a0,port-h5qd63hw5yagq,IAM", + "portfolio_id": "port-h5qd63hw5yagq", "principal_arn": "arn:aws-us-gov:iam::229685449397:role/aws-reserved/sso.amazonaws.com/us-gov-east-1/AWSReservedSSO_inf-admin-t2_4e0c6446aecbe4a0", "principal_type": "IAM", "timeouts": null @@ -363,12 +331,12 @@ "schema_version": 0, "attributes": { "accept_language": "en", - "arn": "arn:aws-us-gov:catalog:us-gov-west-1:229685449397:product/prod-dafgxbqzsktco", - "created_time": "2026-02-20T20:07:37Z", + "arn": "arn:aws-us-gov:catalog:us-gov-west-1:229685449397:product/prod-lmua4oknugafg", + "created_time": "2026-04-06T16:12:50Z", "description": "Create an EKS cluster GitHub repository from a Terragrunt template with fully rendered HCL configuration, branch protection, and team access.", "distributor": "", "has_default_path": false, - "id": "prod-dafgxbqzsktco", + "id": "prod-lmua4oknugafg", "name": "eks-terragrunt-eks-repo-creator", "owner": "Platform Engineering", "provisioning_artifact_parameters": [ @@ -417,9 +385,9 @@ "schema_version": 0, "attributes": { "accept_language": "en", - "id": "en:port-uchiqj7m3d57k:prod-dafgxbqzsktco", - "portfolio_id": "port-uchiqj7m3d57k", - "product_id": "prod-dafgxbqzsktco", + "id": "en:port-h5qd63hw5yagq:prod-lmua4oknugafg", + "portfolio_id": "port-h5qd63hw5yagq", + "product_id": "prod-lmua4oknugafg", "source_portfolio_id": "", "timeouts": null }, @@ -452,6 +420,33 @@ } ] }, + { + "module": "module.eks_terragrunt_repo_generator", + "mode": "data", + "type": "aws_organizations_organization", + "name": "current", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "accounts": null, + "arn": "arn:aws-us-gov:organizations::252903981224:organization/o-8qizkt65j8", + "aws_service_access_principals": [], + "enabled_policy_types": [], + "feature_set": "ALL", + "id": "o-8qizkt65j8", + "master_account_arn": "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/252903981224", + "master_account_email": "csvd.aws.ma5-ew@census.gov", + "master_account_id": "252903981224", + "master_account_name": "", + "non_master_accounts": null, + "roots": null + }, + "sensitive_attributes": [] + } + ] + }, { "module": "module.eks_terragrunt_repo_generator", "mode": "data", @@ -517,7 +512,7 @@ "allow_origins": [ "*" ], - "expose_headers": null, + "expose_headers": [], "max_age": 0 } ], @@ -574,8 +569,8 @@ "integration_uri": "arn:aws-us-gov:apigateway:us-gov-west-1:lambda:path/2015-03-31/functions/arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:eks-terragrunt-repo-gen-template-automation/invocations", "passthrough_behavior": "", "payload_format_version": "2.0", - "request_parameters": null, - "request_templates": null, + "request_parameters": {}, + "request_templates": {}, "response_parameters": [], "template_selection_expression": "", "timeout_milliseconds": 30000, @@ -608,13 +603,13 @@ "attributes": { "api_id": "ckbv09fvak", "api_key_required": false, - "authorization_scopes": null, + "authorization_scopes": [], "authorization_type": "NONE", "authorizer_id": "", "id": "w8to7bo", "model_selection_expression": "", "operation_name": "", - "request_models": null, + "request_models": {}, "request_parameter": [], "route_key": "POST /template", "route_response_selection_expression": "", @@ -660,14 +655,14 @@ "throttling_rate_limit": 0 } ], - "deployment_id": "", + "deployment_id": "atplfn", "description": "", "execution_arn": "arn:aws-us-gov:execute-api:us-gov-west-1:229685449397:ckbv09fvak/$default", "id": "$default", "invoke_url": "https://ckbv09fvak.execute-api.us-gov-west-1.amazonaws.com/", "name": "$default", "route_settings": [], - "stage_variables": null, + "stage_variables": {}, "tags": { "Environment": "production", "ManagedBy": "Terraform", @@ -737,8 +732,24 @@ "description": "", "force_detach_policies": false, "id": "eks-terragrunt-repo-gen-lambda-role", - "inline_policy": [], - "managed_policy_arns": [], + "inline_policy": [ + { + "name": "eks-terragrunt-repo-gen-kms-access-policy", + "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"kms:Decrypt\",\"kms:DescribeKey\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"]}]}" + }, + { + "name": "eks-terragrunt-repo-gen-parameter-store-policy", + "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"ssm:GetParameter\",\"ssm:GetParameters\",\"ssm:GetParametersByPath\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws-us-gov:ssm:us-gov-west-1:229685449397:parameter/eks-terragrunt-repo-gen/*\"]}]}" + }, + { + "name": "eks-terragrunt-repo-gen-secrets-manager-policy", + "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"secretsmanager:GetSecretValue\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws-us-gov:secretsmanager:us-gov-west-1:229685449397:secret:/eks-cluster-deployment/github_token-*\"]}]}" + } + ], + "managed_policy_arns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" + ], "max_session_duration": 3600, "name": "eks-terragrunt-repo-gen-lambda-role", "name_prefix": "", @@ -910,7 +921,7 @@ "x86_64" ], "arn": "arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:eks-terragrunt-repo-gen-template-automation", - "code_sha256": "653294393ba5f064c2f8337c3c5f10d6b9bd16daa4dc0c30224bc4400245a00f", + "code_sha256": "b662e55783c01b6770306fd151ca27f39428666abf8970f9687b50340c8ec6c6", "code_signing_config_arn": null, "dead_letter_config": [], "description": "", @@ -921,9 +932,9 @@ "GITHUB_ORG_NAME": "SCT-Engineering", "GITHUB_TOKEN_SECRET_NAME": "/eks-cluster-deployment/github_token", "PARAM_STORE_PREFIX": "/eks-terragrunt-repo-gen", - "REPO_VISIBILITY": "internal", + "REPO_VISIBILITY": "public", "TEMPLATE_REPO_NAME": "template-eks-cluster", - "VERIFY_SSL": "true" + "VERIFY_SSL": "false" } } ], @@ -941,8 +952,8 @@ "image_uri": "229685449397.dkr.ecr.us-gov-west-1.amazonaws.com/eks-terragrunt-repo-generator/lambda:latest", "invoke_arn": "arn:aws-us-gov:apigateway:us-gov-west-1:lambda:path/2015-03-31/functions/arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:eks-terragrunt-repo-gen-template-automation/invocations", "kms_key_arn": "", - "last_modified": "2026-02-20T20:07:45.849+0000", - "layers": null, + "last_modified": "2026-04-02T19:48:24.000+0000", + "layers": [], "logging_config": [ { "application_log_level": "", @@ -954,8 +965,8 @@ "memory_size": 512, "package_type": "Image", "publish": true, - "qualified_arn": "arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:eks-terragrunt-repo-gen-template-automation:1", - "qualified_invoke_arn": "arn:aws-us-gov:apigateway:us-gov-west-1:lambda:path/2015-03-31/functions/arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:eks-terragrunt-repo-gen-template-automation:1/invocations", + "qualified_arn": "arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:eks-terragrunt-repo-gen-template-automation:3", + "qualified_invoke_arn": "arn:aws-us-gov:apigateway:us-gov-west-1:lambda:path/2015-03-31/functions/arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:eks-terragrunt-repo-gen-template-automation:3/invocations", "replace_security_groups_on_destroy": null, "replacement_security_group_ids": null, "reserved_concurrent_executions": -1, @@ -987,7 +998,7 @@ "mode": "PassThrough" } ], - "version": "1", + "version": "3", "vpc_config": [ { "ipv6_allowed_for_dual_stack": false, @@ -1091,13 +1102,13 @@ "event_source_token": "", "function_name": "eks-terragrunt-repo-gen-template-automation", "function_url_auth_type": "", - "id": "AllowCloudFormationInvoke", + "id": "AllowCloudFormationInvokeOrgWide", "principal": "cloudformation.amazonaws.com", - "principal_org_id": "", + "principal_org_id": "o-8qizkt65j8", "qualifier": "", - "source_account": "229685449397", + "source_account": "", "source_arn": null, - "statement_id": "AllowCloudFormationInvoke", + "statement_id": "AllowCloudFormationInvokeOrgWide", "statement_id_prefix": "" }, "sensitive_attributes": [], @@ -1109,7 +1120,7 @@ "module.eks_terragrunt_repo_generator.aws_iam_role.lambda", "module.eks_terragrunt_repo_generator.aws_iam_role_policy_attachment.lambda_logs", "module.eks_terragrunt_repo_generator.aws_lambda_function.this", - "module.eks_terragrunt_repo_generator.data.aws_caller_identity.current", + "module.eks_terragrunt_repo_generator.data.aws_organizations_organization.current", "module.eks_terragrunt_repo_generator.data.aws_partition.current" ] } @@ -1251,13 +1262,13 @@ [ { "type": "get_attr", - "value": "value" + "value": "value_wo" } ], [ { "type": "get_attr", - "value": "value_wo" + "value": "value" } ] ], @@ -1298,13 +1309,13 @@ [ { "type": "get_attr", - "value": "value" + "value": "value_wo" } ], [ { "type": "get_attr", - "value": "value_wo" + "value": "value" } ] ], @@ -1392,13 +1403,13 @@ [ { "type": "get_attr", - "value": "value" + "value": "value_wo" } ], [ { "type": "get_attr", - "value": "value_wo" + "value": "value" } ] ], @@ -1439,13 +1450,13 @@ [ { "type": "get_attr", - "value": "value_wo" + "value": "value" } ], [ { "type": "get_attr", - "value": "value" + "value": "value_wo" } ] ], diff --git a/deploy/terraform.tfstate.backup b/deploy/terraform.tfstate.backup index 442d8754..aceef672 100644 --- a/deploy/terraform.tfstate.backup +++ b/deploy/terraform.tfstate.backup @@ -1,39 +1,39 @@ { "version": 4, "terraform_version": "1.9.1", - "serial": 95, + "serial": 186, "lineage": "637f189b-ce2c-766c-35d1-8b43eb7ae216", "outputs": { "api_endpoint": { - "value": "https://h927hxw3oe.execute-api.us-gov-west-1.amazonaws.com/template", + "value": "https://ckbv09fvak.execute-api.us-gov-west-1.amazonaws.com/template", "type": "string" }, "cloudformation_template_example": { - "value": "Resources:\n MyRepository:\n Type: Custom::RepositoryCreator\n Properties:\n ServiceToken: arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:service-catalog-repo-gen-template-automation\n ProjectName: my-new-repo\n OwningTeam: platform-team\n Environment: development\n \nOutputs:\n RepositoryUrl:\n Value: !GetAtt MyRepository.RepositoryUrl\n PullRequestUrl:\n Value: !GetAtt MyRepository.PullRequestUrl\n", + "value": "Resources:\n MyEKSClusterRepo:\n Type: Custom::GitHubRepository\n Properties:\n ServiceToken: arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:eks-terragrunt-repo-gen-template-automation\n project_name: my-eks-cluster\n owning_team: platform-team\n cluster_name: my-eks-cluster\n environment: dev\n aws_region: us-gov-west-1\n account_name: csvd-dev-ew\n aws_account_id: \"123456789012\"\n environment_abbr: dev\n vpc_name: csvd-dev-ew-vpc-01\n vpc_domain_name: dev.inf.csp1.census.gov\n \nOutputs:\n RepositoryUrl:\n Value: !GetAtt MyEKSClusterRepo.repository_url\n PullRequestUrl:\n Value: !GetAtt MyEKSClusterRepo.pull_request_url\n", "type": "string" }, "cloudwatch_log_group": { - "value": "/aws/lambda/service-catalog-repo-gen-template-automation", + "value": "/aws/lambda/eks-terragrunt-repo-gen-template-automation", "type": "string" }, "lambda_function_arn": { - "value": "arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:service-catalog-repo-gen-template-automation", + "value": "arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:eks-terragrunt-repo-gen-template-automation", "type": "string" }, "lambda_function_name": { - "value": "service-catalog-repo-gen-template-automation", + "value": "eks-terragrunt-repo-gen-template-automation", "type": "string" }, "service_catalog_portfolio_id": { - "value": "port-uchiqj7m3d57k", + "value": "port-h5qd63hw5yagq", "type": "string" }, "service_catalog_product_id": { - "value": "prod-w3uvfaxmeblxe", + "value": "prod-lmua4oknugafg", "type": "string" }, "service_catalog_provisioning_url": { - "value": "https://console.amazonaws-us-gov.com/servicecatalog/home?region=us-gov-west-1#/products/prod-w3uvfaxmeblxe", + "value": "https://console.amazonaws-us-gov.com/servicecatalog/home?region=us-gov-west-1#/products/prod-lmua4oknugafg", "type": "string" } }, @@ -102,35 +102,35 @@ "index_key": 0, "schema_version": 0, "attributes": { - "arn": "arn:aws-us-gov:iam::229685449397:role/github-automation-sc-launch-role", + "arn": "arn:aws-us-gov:iam::229685449397:role/eks-terragrunt-sc-launch-role", "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"servicecatalog.amazonaws.com\"}}],\"Version\":\"2012-10-17\"}", - "create_date": "2026-02-09T20:49:36Z", + "create_date": "2026-04-02T19:46:58Z", "description": "", "force_detach_policies": false, - "id": "github-automation-sc-launch-role", + "id": "eks-terragrunt-sc-launch-role", "inline_policy": [ { "name": "invoke-lambda-and-cfn", - "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"lambda:InvokeFunction\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:service-catalog-repo-gen-template-automation\",\"Sid\":\"InvokeLambda\"},{\"Action\":[\"cloudformation:CreateStack\",\"cloudformation:DeleteStack\",\"cloudformation:DescribeStacks\",\"cloudformation:DescribeStackEvents\",\"cloudformation:GetTemplate\",\"cloudformation:GetTemplateSummary\",\"cloudformation:ValidateTemplate\",\"cloudformation:UpdateStack\",\"cloudformation:SetStackPolicy\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"CloudFormationOperations\"},{\"Action\":[\"s3:GetObject\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws-us-gov:s3:::servicecatalog-product-artifacts-20250904021619588100000003/*\",\"Sid\":\"S3ReadTemplate\"},{\"Action\":[\"s3:ListBucket\",\"s3:GetBucketLocation\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws-us-gov:s3:::servicecatalog-product-artifacts-20250904021619588100000003\",\"Sid\":\"S3ListBucket\"}]}" + "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"lambda:InvokeFunction\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:eks-terragrunt-repo-gen-template-automation\",\"Sid\":\"InvokeLambda\"},{\"Action\":[\"cloudformation:CreateStack\",\"cloudformation:DeleteStack\",\"cloudformation:DescribeStacks\",\"cloudformation:DescribeStackEvents\",\"cloudformation:GetTemplate\",\"cloudformation:GetTemplateSummary\",\"cloudformation:ValidateTemplate\",\"cloudformation:UpdateStack\",\"cloudformation:SetStackPolicy\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"CloudFormationOperations\"},{\"Action\":[\"ec2:DescribeVpcs\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"EC2DescribeVpcs\"},{\"Action\":[\"s3:GetObject\"],\"Condition\":{\"StringEquals\":{\"s3:ExistingObjectTag/servicecatalog:provisioning\":[\"true\"]}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"S3ReadTemplate\"},{\"Action\":[\"s3:ListBucket\",\"s3:GetBucketLocation\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws-us-gov:s3:::servicecatalog-product-artifacts-20250904021619588100000003\",\"Sid\":\"S3ListBucket\"}]}" } ], "managed_policy_arns": [], "max_session_duration": 3600, - "name": "github-automation-sc-launch-role", + "name": "eks-terragrunt-sc-launch-role", "name_prefix": "", "path": "/", "permissions_boundary": "", "tags": { "Environment": "production", "ManagedBy": "Terraform", - "Purpose": "ServiceCatalogRepoGenerator" + "Purpose": "EKSTerragruntRepoGenerator" }, "tags_all": { "Environment": "production", "ManagedBy": "Terraform", - "Purpose": "ServiceCatalogRepoGenerator" + "Purpose": "EKSTerragruntRepoGenerator" }, - "unique_id": "AROATK6SR2K2R3JB2C37U" + "unique_id": "AROATK6SR2K26YSUS2WLQ" }, "sensitive_attributes": [], "private": "bnVsbA==" @@ -147,11 +147,11 @@ "index_key": 0, "schema_version": 0, "attributes": { - "id": "github-automation-sc-launch-role:invoke-lambda-and-cfn", + "id": "eks-terragrunt-sc-launch-role:invoke-lambda-and-cfn", "name": "invoke-lambda-and-cfn", "name_prefix": "", - "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"lambda:InvokeFunction\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:service-catalog-repo-gen-template-automation\",\"Sid\":\"InvokeLambda\"},{\"Action\":[\"cloudformation:CreateStack\",\"cloudformation:DeleteStack\",\"cloudformation:DescribeStacks\",\"cloudformation:DescribeStackEvents\",\"cloudformation:GetTemplate\",\"cloudformation:GetTemplateSummary\",\"cloudformation:ValidateTemplate\",\"cloudformation:UpdateStack\",\"cloudformation:SetStackPolicy\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"CloudFormationOperations\"},{\"Action\":[\"s3:GetObject\"],\"Condition\":{\"StringEquals\":{\"s3:ExistingObjectTag/servicecatalog:provisioning\":[\"true\"]}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"S3ReadTemplate\"},{\"Action\":[\"s3:ListBucket\",\"s3:GetBucketLocation\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws-us-gov:s3:::servicecatalog-product-artifacts-20250904021619588100000003\",\"Sid\":\"S3ListBucket\"}]}", - "role": "github-automation-sc-launch-role" + "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"lambda:InvokeFunction\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:eks-terragrunt-repo-gen-template-automation\",\"Sid\":\"InvokeLambda\"},{\"Action\":[\"cloudformation:CreateStack\",\"cloudformation:DeleteStack\",\"cloudformation:DescribeStacks\",\"cloudformation:DescribeStackEvents\",\"cloudformation:GetTemplate\",\"cloudformation:GetTemplateSummary\",\"cloudformation:ValidateTemplate\",\"cloudformation:UpdateStack\",\"cloudformation:SetStackPolicy\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"CloudFormationOperations\"},{\"Action\":[\"ec2:DescribeVpcs\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"EC2DescribeVpcs\"},{\"Action\":[\"s3:GetObject\"],\"Condition\":{\"StringEquals\":{\"s3:ExistingObjectTag/servicecatalog:provisioning\":[\"true\"]}},\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"S3ReadTemplate\"},{\"Action\":[\"s3:ListBucket\",\"s3:GetBucketLocation\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws-us-gov:s3:::servicecatalog-product-artifacts-20250904021619588100000003\",\"Sid\":\"S3ListBucket\"}]}", + "role": "eks-terragrunt-sc-launch-role" }, "sensitive_attributes": [], "private": "bnVsbA==", @@ -160,11 +160,11 @@ "data.aws_caller_identity.current", "data.aws_partition.current", "data.aws_region.current", - "module.service_catalog_repo_generator.aws_cloudwatch_log_group.lambda", - "module.service_catalog_repo_generator.aws_iam_role.lambda", - "module.service_catalog_repo_generator.aws_iam_role_policy_attachment.lambda_logs", - "module.service_catalog_repo_generator.aws_lambda_function.this", - "module.service_catalog_repo_generator.data.aws_partition.current" + "module.eks_terragrunt_repo_generator.aws_cloudwatch_log_group.lambda", + "module.eks_terragrunt_repo_generator.aws_iam_role.lambda", + "module.eks_terragrunt_repo_generator.aws_iam_role_policy_attachment.lambda_logs", + "module.eks_terragrunt_repo_generator.aws_lambda_function.this", + "module.eks_terragrunt_repo_generator.data.aws_partition.current" ] } ] @@ -180,7 +180,7 @@ "schema_version": 0, "attributes": { "acl": null, - "arn": "arn:aws-us-gov:s3:::servicecatalog-product-artifacts-20250904021619588100000003/github-repo-creator/v1.0/product-template.yaml", + "arn": "arn:aws-us-gov:s3:::servicecatalog-product-artifacts-20250904021619588100000003/eks-terragrunt-repo-creator/v2.0/product-template.yaml", "bucket": "servicecatalog-product-artifacts-20250904021619588100000003", "bucket_key_enabled": false, "cache_control": "", @@ -195,11 +195,11 @@ "content_disposition": "", "content_encoding": "", "content_language": "", - "content_type": "binary/octet-stream", - "etag": "fe84992f754d4776f5b3242b952a8d84", + "content_type": "application/octet-stream", + "etag": "8b5997769f7c04a86468f9b1d41e03c3", "force_destroy": false, - "id": "github-repo-creator/v1.0/product-template.yaml", - "key": "github-repo-creator/v1.0/product-template.yaml", + "id": "eks-terragrunt-repo-creator/v2.0/product-template.yaml", + "key": "eks-terragrunt-repo-creator/v2.0/product-template.yaml", "kms_key_id": null, "metadata": {}, "object_lock_legal_hold_status": "", @@ -213,13 +213,13 @@ "tags": { "Environment": "production", "ManagedBy": "Terraform", - "Purpose": "ServiceCatalogRepoGenerator", + "Purpose": "EKSTerragruntRepoGenerator", "servicecatalog:provisioning": "true" }, "tags_all": { "Environment": "production", "ManagedBy": "Terraform", - "Purpose": "ServiceCatalogRepoGenerator", + "Purpose": "EKSTerragruntRepoGenerator", "servicecatalog:provisioning": "true" }, "version_id": "", @@ -242,11 +242,11 @@ "attributes": { "accept_language": "en", "description": "Launch constraint - uses a dedicated role to invoke the Lambda function", - "id": "cons-ufoejammwoed2", + "id": "cons-ac5osiweqnrke", "owner": "229685449397", - "parameters": "{\"RoleArn\":\"arn:aws-us-gov:iam::229685449397:role/github-automation-sc-launch-role\"}", - "portfolio_id": "port-uchiqj7m3d57k", - "product_id": "prod-w3uvfaxmeblxe", + "parameters": "{\"RoleArn\":\"arn:aws-us-gov:iam::229685449397:role/eks-terragrunt-sc-launch-role\"}", + "portfolio_id": "port-h5qd63hw5yagq", + "product_id": "prod-lmua4oknugafg", "status": "AVAILABLE", "timeouts": null, "type": "LAUNCH" @@ -274,11 +274,11 @@ "attributes": { "accept_language": "en", "description": "Template constraint - locks the Lambda ARN to the deployed function", - "id": "cons-yg6qot2tchwy2", + "id": "cons-mylfkxudrtotc", "owner": "229685449397", - "parameters": "{\"Rules\":{\"LockLambdaArn\":{\"Assertions\":[{\"Assert\":{\"Fn::Equals\":[{\"Ref\":\"LambdaFunctionArn\"},\"arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:service-catalog-repo-gen-template-automation\"]},\"AssertDescription\":\"The Lambda function ARN cannot be changed\"}]}}}", - "portfolio_id": "port-uchiqj7m3d57k", - "product_id": "prod-w3uvfaxmeblxe", + "parameters": "{\"Rules\":{\"LockLambdaArn\":{\"Assertions\":[{\"Assert\":{\"Fn::Equals\":[{\"Ref\":\"LambdaFunctionArn\"},\"arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:eks-terragrunt-repo-gen-template-automation\"]},\"AssertDescription\":\"The Lambda function ARN cannot be changed\"}]}}}", + "portfolio_id": "port-h5qd63hw5yagq", + "product_id": "prod-lmua4oknugafg", "status": "AVAILABLE", "timeouts": null, "type": "TEMPLATE" @@ -290,11 +290,11 @@ "aws_servicecatalog_product.github_repository", "data.aws_caller_identity.current", "data.aws_region.current", - "module.service_catalog_repo_generator.aws_cloudwatch_log_group.lambda", - "module.service_catalog_repo_generator.aws_iam_role.lambda", - "module.service_catalog_repo_generator.aws_iam_role_policy_attachment.lambda_logs", - "module.service_catalog_repo_generator.aws_lambda_function.this", - "module.service_catalog_repo_generator.data.aws_partition.current" + "module.eks_terragrunt_repo_generator.aws_cloudwatch_log_group.lambda", + "module.eks_terragrunt_repo_generator.aws_iam_role.lambda", + "module.eks_terragrunt_repo_generator.aws_iam_role_policy_attachment.lambda_logs", + "module.eks_terragrunt_repo_generator.aws_lambda_function.this", + "module.eks_terragrunt_repo_generator.data.aws_partition.current" ] } ] @@ -309,21 +309,21 @@ "index_key": 0, "schema_version": 0, "attributes": { - "arn": "arn:aws-us-gov:catalog:us-gov-west-1:229685449397:portfolio/port-uchiqj7m3d57k", - "created_time": "2026-02-09T20:49:36Z", - "description": "Self-service GitHub repository creation from approved templates", - "id": "port-uchiqj7m3d57k", - "name": "github-automation-github-automation", + "arn": "arn:aws-us-gov:catalog:us-gov-west-1:229685449397:portfolio/port-h5qd63hw5yagq", + "created_time": "2026-04-06T16:12:50Z", + "description": "Self-service EKS cluster repository creation with Terragrunt configuration", + "id": "port-h5qd63hw5yagq", + "name": "eks-terragrunt-github-automation", "provider_name": "Platform Engineering", "tags": { "Environment": "production", "ManagedBy": "Terraform", - "Purpose": "ServiceCatalogRepoGenerator" + "Purpose": "EKSTerragruntRepoGenerator" }, "tags_all": { "Environment": "production", "ManagedBy": "Terraform", - "Purpose": "ServiceCatalogRepoGenerator" + "Purpose": "EKSTerragruntRepoGenerator" }, "timeouts": null }, @@ -343,8 +343,8 @@ "schema_version": 1, "attributes": { "accept_language": "en", - "id": "en,arn:aws-us-gov:iam::229685449397:role/aws-reserved/sso.amazonaws.com/us-gov-east-1/AWSReservedSSO_inf-admin-t2_4e0c6446aecbe4a0,port-uchiqj7m3d57k,IAM", - "portfolio_id": "port-uchiqj7m3d57k", + "id": "en,arn:aws-us-gov:iam::229685449397:role/aws-reserved/sso.amazonaws.com/us-gov-east-1/AWSReservedSSO_inf-admin-t2_4e0c6446aecbe4a0,port-h5qd63hw5yagq,IAM", + "portfolio_id": "port-h5qd63hw5yagq", "principal_arn": "arn:aws-us-gov:iam::229685449397:role/aws-reserved/sso.amazonaws.com/us-gov-east-1/AWSReservedSSO_inf-admin-t2_4e0c6446aecbe4a0", "principal_type": "IAM", "timeouts": null @@ -368,21 +368,21 @@ "schema_version": 0, "attributes": { "accept_language": "en", - "arn": "arn:aws-us-gov:catalog:us-gov-west-1:229685449397:product/prod-w3uvfaxmeblxe", - "created_time": "2026-02-09T23:03:16Z", - "description": "Create a GitHub repository from an approved template with standard configuration, branch protection, and team access.", + "arn": "arn:aws-us-gov:catalog:us-gov-west-1:229685449397:product/prod-lmua4oknugafg", + "created_time": "2026-04-06T16:12:50Z", + "description": "Create an EKS cluster GitHub repository from a Terragrunt template with fully rendered HCL configuration, branch protection, and team access.", "distributor": "", "has_default_path": false, - "id": "prod-w3uvfaxmeblxe", - "name": "github-automation-github-repo-creator", + "id": "prod-lmua4oknugafg", + "name": "eks-terragrunt-eks-repo-creator", "owner": "Platform Engineering", "provisioning_artifact_parameters": [ { - "description": "Version 1.0 of the GitHub Repository Creator", + "description": "Version 2.0 of the GitHub Repository Creator", "disable_template_validation": false, - "name": "v1.0", + "name": "v2.0", "template_physical_id": "", - "template_url": "https://servicecatalog-product-artifacts-20250904021619588100000003.s3.us-gov-west-1.amazonaws.com/github-repo-creator/v1.0/product-template.yaml", + "template_url": "https://servicecatalog-product-artifacts-20250904021619588100000003.s3.us-gov-west-1.amazonaws.com/eks-terragrunt-repo-creator/v2.0/product-template.yaml", "type": "CLOUD_FORMATION_TEMPLATE" } ], @@ -393,12 +393,12 @@ "tags": { "Environment": "production", "ManagedBy": "Terraform", - "Purpose": "ServiceCatalogRepoGenerator" + "Purpose": "EKSTerragruntRepoGenerator" }, "tags_all": { "Environment": "production", "ManagedBy": "Terraform", - "Purpose": "ServiceCatalogRepoGenerator" + "Purpose": "EKSTerragruntRepoGenerator" }, "timeouts": null, "type": "CLOUD_FORMATION_TEMPLATE" @@ -422,9 +422,9 @@ "schema_version": 0, "attributes": { "accept_language": "en", - "id": "en:port-uchiqj7m3d57k:prod-w3uvfaxmeblxe", - "portfolio_id": "port-uchiqj7m3d57k", - "product_id": "prod-w3uvfaxmeblxe", + "id": "en:port-h5qd63hw5yagq:prod-lmua4oknugafg", + "portfolio_id": "port-h5qd63hw5yagq", + "product_id": "prod-lmua4oknugafg", "source_portfolio_id": "", "timeouts": null }, @@ -439,7 +439,7 @@ ] }, { - "module": "module.service_catalog_repo_generator", + "module": "module.eks_terragrunt_repo_generator", "mode": "data", "type": "aws_caller_identity", "name": "current", @@ -458,7 +458,34 @@ ] }, { - "module": "module.service_catalog_repo_generator", + "module": "module.eks_terragrunt_repo_generator", + "mode": "data", + "type": "aws_organizations_organization", + "name": "current", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "accounts": null, + "arn": "arn:aws-us-gov:organizations::252903981224:organization/o-8qizkt65j8", + "aws_service_access_principals": [], + "enabled_policy_types": [], + "feature_set": "ALL", + "id": "o-8qizkt65j8", + "master_account_arn": "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/252903981224", + "master_account_email": "csvd.aws.ma5-ew@census.gov", + "master_account_id": "252903981224", + "master_account_name": "", + "non_master_accounts": null, + "roots": null + }, + "sensitive_attributes": [] + } + ] + }, + { + "module": "module.eks_terragrunt_repo_generator", "mode": "data", "type": "aws_partition", "name": "current", @@ -477,7 +504,7 @@ ] }, { - "module": "module.service_catalog_repo_generator", + "module": "module.eks_terragrunt_repo_generator", "mode": "data", "type": "aws_region", "name": "current", @@ -496,7 +523,7 @@ ] }, { - "module": "module.service_catalog_repo_generator", + "module": "module.eks_terragrunt_repo_generator", "mode": "managed", "type": "aws_apigatewayv2_api", "name": "this", @@ -505,9 +532,9 @@ { "schema_version": 0, "attributes": { - "api_endpoint": "https://h927hxw3oe.execute-api.us-gov-west-1.amazonaws.com", + "api_endpoint": "https://ckbv09fvak.execute-api.us-gov-west-1.amazonaws.com", "api_key_selection_expression": "$request.header.x-api-key", - "arn": "arn:aws-us-gov:apigateway:us-gov-west-1::/apis/h927hxw3oe", + "arn": "arn:aws-us-gov:apigateway:us-gov-west-1::/apis/ckbv09fvak", "body": null, "cors_configuration": [ { @@ -529,23 +556,23 @@ "credentials_arn": null, "description": "API Gateway for template automation Lambda function", "disable_execute_api_endpoint": false, - "execution_arn": "arn:aws-us-gov:execute-api:us-gov-west-1:229685449397:h927hxw3oe", + "execution_arn": "arn:aws-us-gov:execute-api:us-gov-west-1:229685449397:ckbv09fvak", "fail_on_warnings": null, - "id": "h927hxw3oe", + "id": "ckbv09fvak", "ip_address_type": "ipv4", - "name": "service-catalog-repo-gen-api", + "name": "eks-terragrunt-repo-gen-api", "protocol_type": "HTTP", "route_key": null, "route_selection_expression": "$request.method $request.path", "tags": { "Environment": "production", "ManagedBy": "Terraform", - "Purpose": "ServiceCatalogRepoGenerator" + "Purpose": "EKSTerragruntRepoGenerator" }, "tags_all": { "Environment": "production", "ManagedBy": "Terraform", - "Purpose": "ServiceCatalogRepoGenerator" + "Purpose": "EKSTerragruntRepoGenerator" }, "target": null, "version": "" @@ -556,7 +583,7 @@ ] }, { - "module": "module.service_catalog_repo_generator", + "module": "module.eks_terragrunt_repo_generator", "mode": "managed", "type": "aws_apigatewayv2_integration", "name": "this", @@ -565,18 +592,18 @@ { "schema_version": 0, "attributes": { - "api_id": "h927hxw3oe", + "api_id": "ckbv09fvak", "connection_id": "", "connection_type": "INTERNET", "content_handling_strategy": "", "credentials_arn": "", "description": "", - "id": "m2nl375", + "id": "gev713r", "integration_method": "POST", "integration_response_selection_expression": "", "integration_subtype": "", "integration_type": "AWS_PROXY", - "integration_uri": "arn:aws-us-gov:apigateway:us-gov-west-1:lambda:path/2015-03-31/functions/arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:service-catalog-repo-gen-template-automation/invocations", + "integration_uri": "arn:aws-us-gov:apigateway:us-gov-west-1:lambda:path/2015-03-31/functions/arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:eks-terragrunt-repo-gen-template-automation/invocations", "passthrough_behavior": "", "payload_format_version": "2.0", "request_parameters": {}, @@ -591,18 +618,18 @@ "dependencies": [ "data.aws_caller_identity.current", "data.aws_region.current", - "module.service_catalog_repo_generator.aws_apigatewayv2_api.this", - "module.service_catalog_repo_generator.aws_cloudwatch_log_group.lambda", - "module.service_catalog_repo_generator.aws_iam_role.lambda", - "module.service_catalog_repo_generator.aws_iam_role_policy_attachment.lambda_logs", - "module.service_catalog_repo_generator.aws_lambda_function.this", - "module.service_catalog_repo_generator.data.aws_partition.current" + "module.eks_terragrunt_repo_generator.aws_apigatewayv2_api.this", + "module.eks_terragrunt_repo_generator.aws_cloudwatch_log_group.lambda", + "module.eks_terragrunt_repo_generator.aws_iam_role.lambda", + "module.eks_terragrunt_repo_generator.aws_iam_role_policy_attachment.lambda_logs", + "module.eks_terragrunt_repo_generator.aws_lambda_function.this", + "module.eks_terragrunt_repo_generator.data.aws_partition.current" ] } ] }, { - "module": "module.service_catalog_repo_generator", + "module": "module.eks_terragrunt_repo_generator", "mode": "managed", "type": "aws_apigatewayv2_route", "name": "this", @@ -611,38 +638,38 @@ { "schema_version": 0, "attributes": { - "api_id": "h927hxw3oe", + "api_id": "ckbv09fvak", "api_key_required": false, "authorization_scopes": [], "authorization_type": "NONE", "authorizer_id": "", - "id": "4j0end6", + "id": "w8to7bo", "model_selection_expression": "", "operation_name": "", "request_models": {}, "request_parameter": [], "route_key": "POST /template", "route_response_selection_expression": "", - "target": "integrations/m2nl375" + "target": "integrations/gev713r" }, "sensitive_attributes": [], "private": "bnVsbA==", "dependencies": [ "data.aws_caller_identity.current", "data.aws_region.current", - "module.service_catalog_repo_generator.aws_apigatewayv2_api.this", - "module.service_catalog_repo_generator.aws_apigatewayv2_integration.this", - "module.service_catalog_repo_generator.aws_cloudwatch_log_group.lambda", - "module.service_catalog_repo_generator.aws_iam_role.lambda", - "module.service_catalog_repo_generator.aws_iam_role_policy_attachment.lambda_logs", - "module.service_catalog_repo_generator.aws_lambda_function.this", - "module.service_catalog_repo_generator.data.aws_partition.current" + "module.eks_terragrunt_repo_generator.aws_apigatewayv2_api.this", + "module.eks_terragrunt_repo_generator.aws_apigatewayv2_integration.this", + "module.eks_terragrunt_repo_generator.aws_cloudwatch_log_group.lambda", + "module.eks_terragrunt_repo_generator.aws_iam_role.lambda", + "module.eks_terragrunt_repo_generator.aws_iam_role_policy_attachment.lambda_logs", + "module.eks_terragrunt_repo_generator.aws_lambda_function.this", + "module.eks_terragrunt_repo_generator.data.aws_partition.current" ] } ] }, { - "module": "module.service_catalog_repo_generator", + "module": "module.eks_terragrunt_repo_generator", "mode": "managed", "type": "aws_apigatewayv2_stage", "name": "this", @@ -652,8 +679,8 @@ "schema_version": 0, "attributes": { "access_log_settings": [], - "api_id": "h927hxw3oe", - "arn": "arn:aws-us-gov:apigateway:us-gov-west-1::/apis/h927hxw3oe/stages/$default", + "api_id": "ckbv09fvak", + "arn": "arn:aws-us-gov:apigateway:us-gov-west-1::/apis/ckbv09fvak/stages/$default", "auto_deploy": true, "client_certificate_id": "", "default_route_settings": [ @@ -665,35 +692,35 @@ "throttling_rate_limit": 0 } ], - "deployment_id": "3syxmt", + "deployment_id": "atplfn", "description": "", - "execution_arn": "arn:aws-us-gov:execute-api:us-gov-west-1:229685449397:h927hxw3oe/$default", + "execution_arn": "arn:aws-us-gov:execute-api:us-gov-west-1:229685449397:ckbv09fvak/$default", "id": "$default", - "invoke_url": "https://h927hxw3oe.execute-api.us-gov-west-1.amazonaws.com/", + "invoke_url": "https://ckbv09fvak.execute-api.us-gov-west-1.amazonaws.com/", "name": "$default", "route_settings": [], "stage_variables": {}, "tags": { "Environment": "production", "ManagedBy": "Terraform", - "Purpose": "ServiceCatalogRepoGenerator" + "Purpose": "EKSTerragruntRepoGenerator" }, "tags_all": { "Environment": "production", "ManagedBy": "Terraform", - "Purpose": "ServiceCatalogRepoGenerator" + "Purpose": "EKSTerragruntRepoGenerator" } }, "sensitive_attributes": [], "private": "bnVsbA==", "dependencies": [ - "module.service_catalog_repo_generator.aws_apigatewayv2_api.this" + "module.eks_terragrunt_repo_generator.aws_apigatewayv2_api.this" ] } ] }, { - "module": "module.service_catalog_repo_generator", + "module": "module.eks_terragrunt_repo_generator", "mode": "managed", "type": "aws_cloudwatch_log_group", "name": "lambda", @@ -702,23 +729,23 @@ { "schema_version": 0, "attributes": { - "arn": "arn:aws-us-gov:logs:us-gov-west-1:229685449397:log-group:/aws/lambda/service-catalog-repo-gen-template-automation", - "id": "/aws/lambda/service-catalog-repo-gen-template-automation", + "arn": "arn:aws-us-gov:logs:us-gov-west-1:229685449397:log-group:/aws/lambda/eks-terragrunt-repo-gen-template-automation", + "id": "/aws/lambda/eks-terragrunt-repo-gen-template-automation", "kms_key_id": "", "log_group_class": "STANDARD", - "name": "/aws/lambda/service-catalog-repo-gen-template-automation", + "name": "/aws/lambda/eks-terragrunt-repo-gen-template-automation", "name_prefix": "", "retention_in_days": 14, "skip_destroy": false, "tags": { "Environment": "production", "ManagedBy": "Terraform", - "Purpose": "ServiceCatalogRepoGenerator" + "Purpose": "EKSTerragruntRepoGenerator" }, "tags_all": { "Environment": "production", "ManagedBy": "Terraform", - "Purpose": "ServiceCatalogRepoGenerator" + "Purpose": "EKSTerragruntRepoGenerator" } }, "sensitive_attributes": [], @@ -727,7 +754,7 @@ ] }, { - "module": "module.service_catalog_repo_generator", + "module": "module.eks_terragrunt_repo_generator", "mode": "managed", "type": "aws_iam_role", "name": "lambda", @@ -736,23 +763,23 @@ { "schema_version": 0, "attributes": { - "arn": "arn:aws-us-gov:iam::229685449397:role/service-catalog-repo-gen-lambda-role", + "arn": "arn:aws-us-gov:iam::229685449397:role/eks-terragrunt-repo-gen-lambda-role", "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"lambda.amazonaws.com\"}}],\"Version\":\"2012-10-17\"}", - "create_date": "2026-02-09T18:09:28Z", + "create_date": "2026-02-20T20:07:36Z", "description": "", "force_detach_policies": false, - "id": "service-catalog-repo-gen-lambda-role", + "id": "eks-terragrunt-repo-gen-lambda-role", "inline_policy": [ { - "name": "service-catalog-repo-gen-kms-access-policy", + "name": "eks-terragrunt-repo-gen-kms-access-policy", "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"kms:Decrypt\",\"kms:DescribeKey\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"]}]}" }, { - "name": "service-catalog-repo-gen-parameter-store-policy", - "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"ssm:GetParameter\",\"ssm:GetParameters\",\"ssm:GetParametersByPath\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws-us-gov:ssm:us-gov-west-1:229685449397:parameter/service-catalog-repo-gen/*\"]}]}" + "name": "eks-terragrunt-repo-gen-parameter-store-policy", + "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"ssm:GetParameter\",\"ssm:GetParameters\",\"ssm:GetParametersByPath\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws-us-gov:ssm:us-gov-west-1:229685449397:parameter/eks-terragrunt-repo-gen/*\"]}]}" }, { - "name": "service-catalog-repo-gen-secrets-manager-policy", + "name": "eks-terragrunt-repo-gen-secrets-manager-policy", "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"secretsmanager:GetSecretValue\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws-us-gov:secretsmanager:us-gov-west-1:229685449397:secret:/eks-cluster-deployment/github_token-*\"]}]}" } ], @@ -761,32 +788,32 @@ "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" ], "max_session_duration": 3600, - "name": "service-catalog-repo-gen-lambda-role", + "name": "eks-terragrunt-repo-gen-lambda-role", "name_prefix": "", "path": "/", "permissions_boundary": "", "tags": { "Environment": "production", "ManagedBy": "Terraform", - "Purpose": "ServiceCatalogRepoGenerator" + "Purpose": "EKSTerragruntRepoGenerator" }, "tags_all": { "Environment": "production", "ManagedBy": "Terraform", - "Purpose": "ServiceCatalogRepoGenerator" + "Purpose": "EKSTerragruntRepoGenerator" }, - "unique_id": "AROATK6SR2K2TB6XLBCUA" + "unique_id": "AROATK6SR2K23EPE6MZJ3" }, "sensitive_attributes": [], "private": "bnVsbA==", "dependencies": [ - "module.service_catalog_repo_generator.data.aws_partition.current" + "module.eks_terragrunt_repo_generator.data.aws_partition.current" ] } ] }, { - "module": "module.service_catalog_repo_generator", + "module": "module.eks_terragrunt_repo_generator", "mode": "managed", "type": "aws_iam_role_policy", "name": "kms_access", @@ -795,23 +822,23 @@ { "schema_version": 0, "attributes": { - "id": "service-catalog-repo-gen-lambda-role:service-catalog-repo-gen-kms-access-policy", - "name": "service-catalog-repo-gen-kms-access-policy", + "id": "eks-terragrunt-repo-gen-lambda-role:eks-terragrunt-repo-gen-kms-access-policy", + "name": "eks-terragrunt-repo-gen-kms-access-policy", "name_prefix": "", "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"kms:Decrypt\",\"kms:DescribeKey\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"]}]}", - "role": "service-catalog-repo-gen-lambda-role" + "role": "eks-terragrunt-repo-gen-lambda-role" }, "sensitive_attributes": [], "private": "bnVsbA==", "dependencies": [ - "module.service_catalog_repo_generator.aws_iam_role.lambda", - "module.service_catalog_repo_generator.data.aws_partition.current" + "module.eks_terragrunt_repo_generator.aws_iam_role.lambda", + "module.eks_terragrunt_repo_generator.data.aws_partition.current" ] } ] }, { - "module": "module.service_catalog_repo_generator", + "module": "module.eks_terragrunt_repo_generator", "mode": "managed", "type": "aws_iam_role_policy", "name": "parameter_store", @@ -820,25 +847,25 @@ { "schema_version": 0, "attributes": { - "id": "service-catalog-repo-gen-lambda-role:service-catalog-repo-gen-parameter-store-policy", - "name": "service-catalog-repo-gen-parameter-store-policy", + "id": "eks-terragrunt-repo-gen-lambda-role:eks-terragrunt-repo-gen-parameter-store-policy", + "name": "eks-terragrunt-repo-gen-parameter-store-policy", "name_prefix": "", - "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"ssm:GetParameter\",\"ssm:GetParameters\",\"ssm:GetParametersByPath\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws-us-gov:ssm:us-gov-west-1:229685449397:parameter/service-catalog-repo-gen/*\"]}]}", - "role": "service-catalog-repo-gen-lambda-role" + "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"ssm:GetParameter\",\"ssm:GetParameters\",\"ssm:GetParametersByPath\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws-us-gov:ssm:us-gov-west-1:229685449397:parameter/eks-terragrunt-repo-gen/*\"]}]}", + "role": "eks-terragrunt-repo-gen-lambda-role" }, "sensitive_attributes": [], "private": "bnVsbA==", "dependencies": [ - "module.service_catalog_repo_generator.aws_iam_role.lambda", - "module.service_catalog_repo_generator.data.aws_caller_identity.current", - "module.service_catalog_repo_generator.data.aws_partition.current", - "module.service_catalog_repo_generator.data.aws_region.current" + "module.eks_terragrunt_repo_generator.aws_iam_role.lambda", + "module.eks_terragrunt_repo_generator.data.aws_caller_identity.current", + "module.eks_terragrunt_repo_generator.data.aws_partition.current", + "module.eks_terragrunt_repo_generator.data.aws_region.current" ] } ] }, { - "module": "module.service_catalog_repo_generator", + "module": "module.eks_terragrunt_repo_generator", "mode": "managed", "type": "aws_iam_role_policy", "name": "secrets_manager", @@ -847,11 +874,11 @@ { "schema_version": 0, "attributes": { - "id": "service-catalog-repo-gen-lambda-role:service-catalog-repo-gen-secrets-manager-policy", - "name": "service-catalog-repo-gen-secrets-manager-policy", + "id": "eks-terragrunt-repo-gen-lambda-role:eks-terragrunt-repo-gen-secrets-manager-policy", + "name": "eks-terragrunt-repo-gen-secrets-manager-policy", "name_prefix": "", "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"secretsmanager:GetSecretValue\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws-us-gov:secretsmanager:us-gov-west-1:229685449397:secret:/eks-cluster-deployment/github_token-*\"]}]}", - "role": "service-catalog-repo-gen-lambda-role" + "role": "eks-terragrunt-repo-gen-lambda-role" }, "sensitive_attributes": [ [ @@ -863,16 +890,16 @@ ], "private": "bnVsbA==", "dependencies": [ - "module.service_catalog_repo_generator.aws_iam_role.lambda", - "module.service_catalog_repo_generator.data.aws_caller_identity.current", - "module.service_catalog_repo_generator.data.aws_partition.current", - "module.service_catalog_repo_generator.data.aws_region.current" + "module.eks_terragrunt_repo_generator.aws_iam_role.lambda", + "module.eks_terragrunt_repo_generator.data.aws_caller_identity.current", + "module.eks_terragrunt_repo_generator.data.aws_partition.current", + "module.eks_terragrunt_repo_generator.data.aws_region.current" ] } ] }, { - "module": "module.service_catalog_repo_generator", + "module": "module.eks_terragrunt_repo_generator", "mode": "managed", "type": "aws_iam_role_policy_attachment", "name": "lambda_logs", @@ -881,21 +908,21 @@ { "schema_version": 0, "attributes": { - "id": "service-catalog-repo-gen-lambda-role-20260209180928877000000001", + "id": "eks-terragrunt-repo-gen-lambda-role-20260220200737020600000003", "policy_arn": "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - "role": "service-catalog-repo-gen-lambda-role" + "role": "eks-terragrunt-repo-gen-lambda-role" }, "sensitive_attributes": [], "private": "bnVsbA==", "dependencies": [ - "module.service_catalog_repo_generator.aws_iam_role.lambda", - "module.service_catalog_repo_generator.data.aws_partition.current" + "module.eks_terragrunt_repo_generator.aws_iam_role.lambda", + "module.eks_terragrunt_repo_generator.data.aws_partition.current" ] } ] }, { - "module": "module.service_catalog_repo_generator", + "module": "module.eks_terragrunt_repo_generator", "mode": "managed", "type": "aws_iam_role_policy_attachment", "name": "lambda_vpc", @@ -904,21 +931,21 @@ { "schema_version": 0, "attributes": { - "id": "service-catalog-repo-gen-lambda-role-20260209180929142200000002", + "id": "eks-terragrunt-repo-gen-lambda-role-20260220200736975200000002", "policy_arn": "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole", - "role": "service-catalog-repo-gen-lambda-role" + "role": "eks-terragrunt-repo-gen-lambda-role" }, "sensitive_attributes": [], "private": "bnVsbA==", "dependencies": [ - "module.service_catalog_repo_generator.aws_iam_role.lambda", - "module.service_catalog_repo_generator.data.aws_partition.current" + "module.eks_terragrunt_repo_generator.aws_iam_role.lambda", + "module.eks_terragrunt_repo_generator.data.aws_partition.current" ] } ] }, { - "module": "module.service_catalog_repo_generator", + "module": "module.eks_terragrunt_repo_generator", "mode": "managed", "type": "aws_lambda_function", "name": "this", @@ -930,17 +957,21 @@ "architectures": [ "x86_64" ], - "arn": "arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:service-catalog-repo-gen-template-automation", - "code_sha256": "d5243afe238a27c480d2cd9c385bf859b7f06599d55752f11787515cc2b2ba94", + "arn": "arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:eks-terragrunt-repo-gen-template-automation", + "code_sha256": "b662e55783c01b6770306fd151ca27f39428666abf8970f9687b50340c8ec6c6", "code_signing_config_arn": null, "dead_letter_config": [], "description": "", "environment": [ { "variables": { + "GITHUB_API": "https://github.e.it.census.gov", + "GITHUB_ORG_NAME": "SCT-Engineering", "GITHUB_TOKEN_SECRET_NAME": "/eks-cluster-deployment/github_token", - "PARAM_STORE_PREFIX": "/service-catalog-repo-gen", - "VERIFY_SSL": "true" + "PARAM_STORE_PREFIX": "/eks-terragrunt-repo-gen", + "REPO_VISIBILITY": "public", + "TEMPLATE_REPO_NAME": "template-eks-cluster", + "VERIFY_SSL": "false" } } ], @@ -951,32 +982,32 @@ ], "file_system_config": [], "filename": null, - "function_name": "service-catalog-repo-gen-template-automation", + "function_name": "eks-terragrunt-repo-gen-template-automation", "handler": "", - "id": "service-catalog-repo-gen-template-automation", + "id": "eks-terragrunt-repo-gen-template-automation", "image_config": [], - "image_uri": "229685449397.dkr.ecr.us-gov-west-1.amazonaws.com/service-catalog-repo-generator/lambda:latest", - "invoke_arn": "arn:aws-us-gov:apigateway:us-gov-west-1:lambda:path/2015-03-31/functions/arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:service-catalog-repo-gen-template-automation/invocations", + "image_uri": "229685449397.dkr.ecr.us-gov-west-1.amazonaws.com/eks-terragrunt-repo-generator/lambda:latest", + "invoke_arn": "arn:aws-us-gov:apigateway:us-gov-west-1:lambda:path/2015-03-31/functions/arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:eks-terragrunt-repo-gen-template-automation/invocations", "kms_key_arn": "", - "last_modified": "2026-02-09T18:24:01.000+0000", + "last_modified": "2026-04-02T19:48:24.000+0000", "layers": [], "logging_config": [ { "application_log_level": "", "log_format": "Text", - "log_group": "/aws/lambda/service-catalog-repo-gen-template-automation", + "log_group": "/aws/lambda/eks-terragrunt-repo-gen-template-automation", "system_log_level": "" } ], "memory_size": 512, "package_type": "Image", "publish": true, - "qualified_arn": "arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:service-catalog-repo-gen-template-automation:2", - "qualified_invoke_arn": "arn:aws-us-gov:apigateway:us-gov-west-1:lambda:path/2015-03-31/functions/arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:service-catalog-repo-gen-template-automation:2/invocations", + "qualified_arn": "arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:eks-terragrunt-repo-gen-template-automation:3", + "qualified_invoke_arn": "arn:aws-us-gov:apigateway:us-gov-west-1:lambda:path/2015-03-31/functions/arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:eks-terragrunt-repo-gen-template-automation:3/invocations", "replace_security_groups_on_destroy": null, "replacement_security_group_ids": null, "reserved_concurrent_executions": -1, - "role": "arn:aws-us-gov:iam::229685449397:role/service-catalog-repo-gen-lambda-role", + "role": "arn:aws-us-gov:iam::229685449397:role/eks-terragrunt-repo-gen-lambda-role", "runtime": "", "s3_bucket": null, "s3_key": null, @@ -990,12 +1021,12 @@ "tags": { "Environment": "production", "ManagedBy": "Terraform", - "Purpose": "ServiceCatalogRepoGenerator" + "Purpose": "EKSTerragruntRepoGenerator" }, "tags_all": { "Environment": "production", "ManagedBy": "Terraform", - "Purpose": "ServiceCatalogRepoGenerator" + "Purpose": "EKSTerragruntRepoGenerator" }, "timeout": 300, "timeouts": null, @@ -1004,7 +1035,7 @@ "mode": "PassThrough" } ], - "version": "2", + "version": "3", "vpc_config": [ { "ipv6_allowed_for_dual_stack": false, @@ -1048,16 +1079,16 @@ "dependencies": [ "data.aws_caller_identity.current", "data.aws_region.current", - "module.service_catalog_repo_generator.aws_cloudwatch_log_group.lambda", - "module.service_catalog_repo_generator.aws_iam_role.lambda", - "module.service_catalog_repo_generator.aws_iam_role_policy_attachment.lambda_logs", - "module.service_catalog_repo_generator.data.aws_partition.current" + "module.eks_terragrunt_repo_generator.aws_cloudwatch_log_group.lambda", + "module.eks_terragrunt_repo_generator.aws_iam_role.lambda", + "module.eks_terragrunt_repo_generator.aws_iam_role_policy_attachment.lambda_logs", + "module.eks_terragrunt_repo_generator.data.aws_partition.current" ] } ] }, { - "module": "module.service_catalog_repo_generator", + "module": "module.eks_terragrunt_repo_generator", "mode": "managed", "type": "aws_lambda_permission", "name": "apigw", @@ -1068,14 +1099,14 @@ "attributes": { "action": "lambda:InvokeFunction", "event_source_token": null, - "function_name": "service-catalog-repo-gen-template-automation", + "function_name": "eks-terragrunt-repo-gen-template-automation", "function_url_auth_type": null, "id": "AllowAPIGatewayInvoke", "principal": "apigateway.amazonaws.com", "principal_org_id": null, "qualifier": "", "source_account": null, - "source_arn": "arn:aws-us-gov:execute-api:us-gov-west-1:229685449397:h927hxw3oe/*/*/template", + "source_arn": "arn:aws-us-gov:execute-api:us-gov-west-1:229685449397:ckbv09fvak/*/*/template", "statement_id": "AllowAPIGatewayInvoke", "statement_id_prefix": "" }, @@ -1084,18 +1115,18 @@ "dependencies": [ "data.aws_caller_identity.current", "data.aws_region.current", - "module.service_catalog_repo_generator.aws_apigatewayv2_api.this", - "module.service_catalog_repo_generator.aws_cloudwatch_log_group.lambda", - "module.service_catalog_repo_generator.aws_iam_role.lambda", - "module.service_catalog_repo_generator.aws_iam_role_policy_attachment.lambda_logs", - "module.service_catalog_repo_generator.aws_lambda_function.this", - "module.service_catalog_repo_generator.data.aws_partition.current" + "module.eks_terragrunt_repo_generator.aws_apigatewayv2_api.this", + "module.eks_terragrunt_repo_generator.aws_cloudwatch_log_group.lambda", + "module.eks_terragrunt_repo_generator.aws_iam_role.lambda", + "module.eks_terragrunt_repo_generator.aws_iam_role_policy_attachment.lambda_logs", + "module.eks_terragrunt_repo_generator.aws_lambda_function.this", + "module.eks_terragrunt_repo_generator.data.aws_partition.current" ] } ] }, { - "module": "module.service_catalog_repo_generator", + "module": "module.eks_terragrunt_repo_generator", "mode": "managed", "type": "aws_lambda_permission", "name": "cloudformation", @@ -1106,15 +1137,15 @@ "attributes": { "action": "lambda:InvokeFunction", "event_source_token": "", - "function_name": "service-catalog-repo-gen-template-automation", + "function_name": "eks-terragrunt-repo-gen-template-automation", "function_url_auth_type": "", - "id": "AllowCloudFormationInvoke", + "id": "AllowCloudFormationInvokeOrgWide", "principal": "cloudformation.amazonaws.com", - "principal_org_id": "", + "principal_org_id": "o-8qizkt65j8", "qualifier": "", - "source_account": "229685449397", + "source_account": "", "source_arn": null, - "statement_id": "AllowCloudFormationInvoke", + "statement_id": "AllowCloudFormationInvokeOrgWide", "statement_id_prefix": "" }, "sensitive_attributes": [], @@ -1122,18 +1153,18 @@ "dependencies": [ "data.aws_caller_identity.current", "data.aws_region.current", - "module.service_catalog_repo_generator.aws_cloudwatch_log_group.lambda", - "module.service_catalog_repo_generator.aws_iam_role.lambda", - "module.service_catalog_repo_generator.aws_iam_role_policy_attachment.lambda_logs", - "module.service_catalog_repo_generator.aws_lambda_function.this", - "module.service_catalog_repo_generator.data.aws_caller_identity.current", - "module.service_catalog_repo_generator.data.aws_partition.current" + "module.eks_terragrunt_repo_generator.aws_cloudwatch_log_group.lambda", + "module.eks_terragrunt_repo_generator.aws_iam_role.lambda", + "module.eks_terragrunt_repo_generator.aws_iam_role_policy_attachment.lambda_logs", + "module.eks_terragrunt_repo_generator.aws_lambda_function.this", + "module.eks_terragrunt_repo_generator.data.aws_organizations_organization.current", + "module.eks_terragrunt_repo_generator.data.aws_partition.current" ] } ] }, { - "module": "module.service_catalog_repo_generator", + "module": "module.eks_terragrunt_repo_generator", "mode": "managed", "type": "aws_ssm_parameter", "name": "parameters", @@ -1144,28 +1175,28 @@ "schema_version": 0, "attributes": { "allowed_pattern": "", - "arn": "arn:aws-us-gov:ssm:us-gov-west-1:229685449397:parameter/service-catalog-repo-gen/GITHUB_API", + "arn": "arn:aws-us-gov:ssm:us-gov-west-1:229685449397:parameter/eks-terragrunt-repo-gen/GITHUB_API", "data_type": "text", "description": "", "has_value_wo": null, - "id": "/service-catalog-repo-gen/GITHUB_API", + "id": "/eks-terragrunt-repo-gen/GITHUB_API", "insecure_value": null, "key_id": "", - "name": "/service-catalog-repo-gen/GITHUB_API", + "name": "/eks-terragrunt-repo-gen/GITHUB_API", "overwrite": null, "tags": { "Environment": "production", "ManagedBy": "Terraform", - "Purpose": "ServiceCatalogRepoGenerator" + "Purpose": "EKSTerragruntRepoGenerator" }, "tags_all": { "Environment": "production", "ManagedBy": "Terraform", - "Purpose": "ServiceCatalogRepoGenerator" + "Purpose": "EKSTerragruntRepoGenerator" }, "tier": "Standard", "type": "String", - "value": "https://github.e.it.census.gov/api/v3", + "value": "https://github.e.it.census.gov", "value_wo": null, "value_wo_version": null, "version": 1 @@ -1174,13 +1205,13 @@ [ { "type": "get_attr", - "value": "value_wo" + "value": "value" } ], [ { "type": "get_attr", - "value": "value" + "value": "value_wo" } ] ], @@ -1191,24 +1222,24 @@ "schema_version": 0, "attributes": { "allowed_pattern": "", - "arn": "arn:aws-us-gov:ssm:us-gov-west-1:229685449397:parameter/service-catalog-repo-gen/GITHUB_COMMIT_AUTHOR_EMAIL", + "arn": "arn:aws-us-gov:ssm:us-gov-west-1:229685449397:parameter/eks-terragrunt-repo-gen/GITHUB_COMMIT_AUTHOR_EMAIL", "data_type": "text", "description": "", "has_value_wo": null, - "id": "/service-catalog-repo-gen/GITHUB_COMMIT_AUTHOR_EMAIL", + "id": "/eks-terragrunt-repo-gen/GITHUB_COMMIT_AUTHOR_EMAIL", "insecure_value": null, "key_id": "", - "name": "/service-catalog-repo-gen/GITHUB_COMMIT_AUTHOR_EMAIL", + "name": "/eks-terragrunt-repo-gen/GITHUB_COMMIT_AUTHOR_EMAIL", "overwrite": null, "tags": { "Environment": "production", "ManagedBy": "Terraform", - "Purpose": "ServiceCatalogRepoGenerator" + "Purpose": "EKSTerragruntRepoGenerator" }, "tags_all": { "Environment": "production", "ManagedBy": "Terraform", - "Purpose": "ServiceCatalogRepoGenerator" + "Purpose": "EKSTerragruntRepoGenerator" }, "tier": "Standard", "type": "String", @@ -1238,24 +1269,24 @@ "schema_version": 0, "attributes": { "allowed_pattern": "", - "arn": "arn:aws-us-gov:ssm:us-gov-west-1:229685449397:parameter/service-catalog-repo-gen/GITHUB_COMMIT_AUTHOR_NAME", + "arn": "arn:aws-us-gov:ssm:us-gov-west-1:229685449397:parameter/eks-terragrunt-repo-gen/GITHUB_COMMIT_AUTHOR_NAME", "data_type": "text", "description": "", "has_value_wo": null, - "id": "/service-catalog-repo-gen/GITHUB_COMMIT_AUTHOR_NAME", + "id": "/eks-terragrunt-repo-gen/GITHUB_COMMIT_AUTHOR_NAME", "insecure_value": null, "key_id": "", - "name": "/service-catalog-repo-gen/GITHUB_COMMIT_AUTHOR_NAME", + "name": "/eks-terragrunt-repo-gen/GITHUB_COMMIT_AUTHOR_NAME", "overwrite": null, "tags": { "Environment": "production", "ManagedBy": "Terraform", - "Purpose": "ServiceCatalogRepoGenerator" + "Purpose": "EKSTerragruntRepoGenerator" }, "tags_all": { "Environment": "production", "ManagedBy": "Terraform", - "Purpose": "ServiceCatalogRepoGenerator" + "Purpose": "EKSTerragruntRepoGenerator" }, "tier": "Standard", "type": "String", @@ -1268,13 +1299,13 @@ [ { "type": "get_attr", - "value": "value" + "value": "value_wo" } ], [ { "type": "get_attr", - "value": "value_wo" + "value": "value" } ] ], @@ -1285,43 +1316,43 @@ "schema_version": 0, "attributes": { "allowed_pattern": "", - "arn": "arn:aws-us-gov:ssm:us-gov-west-1:229685449397:parameter/service-catalog-repo-gen/GITHUB_ORG_NAME", + "arn": "arn:aws-us-gov:ssm:us-gov-west-1:229685449397:parameter/eks-terragrunt-repo-gen/GITHUB_ORG_NAME", "data_type": "text", "description": "", "has_value_wo": null, - "id": "/service-catalog-repo-gen/GITHUB_ORG_NAME", + "id": "/eks-terragrunt-repo-gen/GITHUB_ORG_NAME", "insecure_value": null, "key_id": "", - "name": "/service-catalog-repo-gen/GITHUB_ORG_NAME", + "name": "/eks-terragrunt-repo-gen/GITHUB_ORG_NAME", "overwrite": null, "tags": { "Environment": "production", "ManagedBy": "Terraform", - "Purpose": "ServiceCatalogRepoGenerator" + "Purpose": "EKSTerragruntRepoGenerator" }, "tags_all": { "Environment": "production", "ManagedBy": "Terraform", - "Purpose": "ServiceCatalogRepoGenerator" + "Purpose": "EKSTerragruntRepoGenerator" }, "tier": "Standard", "type": "String", "value": "SCT-Engineering", "value_wo": null, "value_wo_version": null, - "version": 2 + "version": 1 }, "sensitive_attributes": [ [ { "type": "get_attr", - "value": "value" + "value": "value_wo" } ], [ { "type": "get_attr", - "value": "value_wo" + "value": "value" } ] ], @@ -1332,24 +1363,24 @@ "schema_version": 0, "attributes": { "allowed_pattern": "", - "arn": "arn:aws-us-gov:ssm:us-gov-west-1:229685449397:parameter/service-catalog-repo-gen/TEMPLATE_CONFIG_FILE", + "arn": "arn:aws-us-gov:ssm:us-gov-west-1:229685449397:parameter/eks-terragrunt-repo-gen/TEMPLATE_CONFIG_FILE", "data_type": "text", "description": "", "has_value_wo": null, - "id": "/service-catalog-repo-gen/TEMPLATE_CONFIG_FILE", + "id": "/eks-terragrunt-repo-gen/TEMPLATE_CONFIG_FILE", "insecure_value": null, "key_id": "", - "name": "/service-catalog-repo-gen/TEMPLATE_CONFIG_FILE", + "name": "/eks-terragrunt-repo-gen/TEMPLATE_CONFIG_FILE", "overwrite": null, "tags": { "Environment": "production", "ManagedBy": "Terraform", - "Purpose": "ServiceCatalogRepoGenerator" + "Purpose": "EKSTerragruntRepoGenerator" }, "tags_all": { "Environment": "production", "ManagedBy": "Terraform", - "Purpose": "ServiceCatalogRepoGenerator" + "Purpose": "EKSTerragruntRepoGenerator" }, "tier": "Standard", "type": "String", @@ -1362,13 +1393,13 @@ [ { "type": "get_attr", - "value": "value" + "value": "value_wo" } ], [ { "type": "get_attr", - "value": "value_wo" + "value": "value" } ] ], @@ -1379,24 +1410,24 @@ "schema_version": 0, "attributes": { "allowed_pattern": "", - "arn": "arn:aws-us-gov:ssm:us-gov-west-1:229685449397:parameter/service-catalog-repo-gen/TEMPLATE_REPO_NAME", + "arn": "arn:aws-us-gov:ssm:us-gov-west-1:229685449397:parameter/eks-terragrunt-repo-gen/TEMPLATE_REPO_NAME", "data_type": "text", "description": "", "has_value_wo": null, - "id": "/service-catalog-repo-gen/TEMPLATE_REPO_NAME", + "id": "/eks-terragrunt-repo-gen/TEMPLATE_REPO_NAME", "insecure_value": null, "key_id": "", - "name": "/service-catalog-repo-gen/TEMPLATE_REPO_NAME", + "name": "/eks-terragrunt-repo-gen/TEMPLATE_REPO_NAME", "overwrite": null, "tags": { "Environment": "production", "ManagedBy": "Terraform", - "Purpose": "ServiceCatalogRepoGenerator" + "Purpose": "EKSTerragruntRepoGenerator" }, "tags_all": { "Environment": "production", "ManagedBy": "Terraform", - "Purpose": "ServiceCatalogRepoGenerator" + "Purpose": "EKSTerragruntRepoGenerator" }, "tier": "Standard", "type": "String", @@ -1426,24 +1457,24 @@ "schema_version": 0, "attributes": { "allowed_pattern": "", - "arn": "arn:aws-us-gov:ssm:us-gov-west-1:229685449397:parameter/service-catalog-repo-gen/TEMPLATE_TOPICS", + "arn": "arn:aws-us-gov:ssm:us-gov-west-1:229685449397:parameter/eks-terragrunt-repo-gen/TEMPLATE_TOPICS", "data_type": "text", "description": "", "has_value_wo": null, - "id": "/service-catalog-repo-gen/TEMPLATE_TOPICS", + "id": "/eks-terragrunt-repo-gen/TEMPLATE_TOPICS", "insecure_value": null, "key_id": "", - "name": "/service-catalog-repo-gen/TEMPLATE_TOPICS", + "name": "/eks-terragrunt-repo-gen/TEMPLATE_TOPICS", "overwrite": null, "tags": { "Environment": "production", "ManagedBy": "Terraform", - "Purpose": "ServiceCatalogRepoGenerator" + "Purpose": "EKSTerragruntRepoGenerator" }, "tags_all": { "Environment": "production", "ManagedBy": "Terraform", - "Purpose": "ServiceCatalogRepoGenerator" + "Purpose": "EKSTerragruntRepoGenerator" }, "tier": "Standard", "type": "String", @@ -1471,5 +1502,17 @@ ] } ], - "check_results": null + "check_results": [ + { + "object_kind": "var", + "config_addr": "module.eks_terragrunt_repo_generator.var.repo_visibility", + "status": "pass", + "objects": [ + { + "object_addr": "module.eks_terragrunt_repo_generator.var.repo_visibility", + "status": "pass" + } + ] + } + ] } diff --git a/deploy/terraform_data_dirs/default/modules/modules.json b/deploy/terraform_data_dirs/default/modules/modules.json index af353be3..7461f3f2 100644 --- a/deploy/terraform_data_dirs/default/modules/modules.json +++ b/deploy/terraform_data_dirs/default/modules/modules.json @@ -1 +1 @@ -{"Modules":[{"Key":"","Source":"","Dir":"."},{"Key":"service_catalog_repo_generator","Source":"../../terraform-aws-template-automation","Dir":"../../terraform-aws-template-automation"}]} \ No newline at end of file +{"Modules":[{"Key":"","Source":"","Dir":"."},{"Key":"eks_terragrunt_repo_generator","Source":"../../terraform-aws-template-automation","Dir":"../../terraform-aws-template-automation"},{"Key":"service_catalog_repo_generator","Source":"../../terraform-aws-template-automation","Dir":"../../terraform-aws-template-automation"}]} \ No newline at end of file diff --git a/template_automation/app.py b/template_automation/app.py index bbac3829..a63faf3e 100644 --- a/template_automation/app.py +++ b/template_automation/app.py @@ -451,6 +451,65 @@ def send_cfn_response(event: dict, context, status: str, response_data: dict, ph except Exception as e: logger.error(f"Unexpected error sending CloudFormation response: {str(e)}") + +def build_eks_path_mapper(cfg: "EKSDeploymentConfig"): + """Return a path-mapper callable suitable for ``clone_repository_contents``. + + The ``template-eks-cluster`` repository uses literal placeholder folder + names (``environment/``, ``region/``, ``vpc/``, ``cluster/``) in its + directory hierarchy. When a real EKS cluster repo is generated we need + cluster-specific values (e.g. ``dev/us-gov-west-1/my-vpc/my-cluster/``) + so that Terragrunt's ``find_in_parent_folders()`` can locate rendered + config files from within the module sub-directories. + + Rules applied by the returned mapper: + + * ``environment/account.hcl`` → excluded (rendered separately) + * ``environment/region/region.hcl`` → excluded (rendered separately) + * ``environment/region/vpc/vpc.hcl`` → excluded (rendered separately) + * ``environment/region/vpc/cluster/cluster.hcl`` → excluded (rendered separately) + * ``environment/region/vpc/cluster/{rest}`` → ``{env}/{region}/{vpc}/{cluster}/{rest}`` + * Everything else → unchanged + + Args: + cfg: Fully-hydrated ``EKSDeploymentConfig`` used to resolve the + concrete environment / region / vpc / cluster path segments. + + Returns: + Callable ``(path: str) -> Optional[str]``. Returns the destination + path, or ``None`` to skip the file entirely. + """ + env = cfg.environment + region = cfg.region + vpc = cfg.cluster_config.vpc_name + cluster = cfg.cluster_config.cluster_name + + # These placeholder HCL files are replaced 1-for-1 by the rendered files + # that ``render_eks_config`` produces, so we skip them during the clone. + _skip = { + "environment/account.hcl", + "environment/region/region.hcl", + "environment/region/vpc/vpc.hcl", + "environment/region/vpc/cluster/cluster.hcl", + } + + _remap_prefix = "environment/region/vpc/cluster/" + _remap_target = f"{env}/{region}/{vpc}/{cluster}/" + + def _mapper(path: str) -> Optional[str]: + if path in _skip: + return None + if path.startswith(_remap_prefix): + return _remap_target + path[len(_remap_prefix):] + return path + + logger.info( + "EKS path mapper created: %s → %s (skipping %d placeholder files)", + _remap_prefix, _remap_target, len(_skip), + ) + return _mapper + + def lambda_handler(event: dict, context) -> dict: """Process CloudFormation Custom Resource events to create new repositories from templates. @@ -676,11 +735,26 @@ def lambda_handler(event: dict, context) -> dict: # Clone template contents to the config branch AFTER the branch is created template_repo = os.environ["TEMPLATE_REPO_NAME"] logger.info(f"[{request_id}] Cloning template contents from {template_repo} to {cfn_input.project_name} on branch {config_branch}") + + # For EKS deployments build the config early so we can pass a path + # mapper to clone_repository_contents that remaps the template's + # placeholder folder names (environment/region/vpc/cluster/) to the + # concrete values supplied by the user. + eks_cfg = None + clone_path_mapper = None + if cfn_input.is_eks_deployment: + eks_cfg = cfn_input.to_eks_deployment_config() + clone_path_mapper = build_eks_path_mapper(eks_cfg) + logger.info(f"[{request_id}] EKS path mapper active: will remap template placeholder dirs to " + f"{eks_cfg.environment}/{eks_cfg.region}/{eks_cfg.cluster_config.vpc_name}/" + f"{eks_cfg.cluster_config.cluster_name}/") + try: provider.clone_repository_contents( source_repo=template_repo, target_repo=cfn_input.project_name, - target_branch=config_branch # Explicitly specify the target branch + target_branch=config_branch, # Explicitly specify the target branch + path_mapper=clone_path_mapper, ) logger.info(f"[{request_id}] Template cloning completed successfully to {config_branch} branch") except Exception as e: @@ -700,7 +774,9 @@ def lambda_handler(event: dict, context) -> dict: if cfn_input.is_eks_deployment: # ── EKS deployment: render full Terragrunt file hierarchy ── logger.info(f"[{request_id}] EKS deployment detected – rendering Terragrunt config files") - eks_cfg = cfn_input.to_eks_deployment_config() + # eks_cfg was already built above for the path mapper; reuse it. + if eks_cfg is None: + eks_cfg = cfn_input.to_eks_deployment_config() rendered_files = render_eks_config(eks_cfg) logger.info(f"[{request_id}] Rendered {len(rendered_files)} files: {[f.path for f in rendered_files]}") diff --git a/template_automation/github_provider.py b/template_automation/github_provider.py index b32d22bd..8440b881 100644 --- a/template_automation/github_provider.py +++ b/template_automation/github_provider.py @@ -502,16 +502,23 @@ def clone_repository_contents( target_repo: str, source_branch: str = "main", target_branch: str = "main", - message: str = "Initial project setup from template" + message: str = "Initial project setup from template", + path_mapper: Optional[Any] = None, ) -> None: """Clone contents from one repository to another. - + Args: source_repo: Source repository name target_repo: Target repository name source_branch: Source branch name target_branch: Target branch name message: Commit message + path_mapper: Optional callable ``(original_path: str) -> Optional[str]``. + If provided, each file from the source is passed through this + function before being added to the target tree. Return the + desired destination path to include the file, or ``None`` to + exclude it entirely. Files whose mapped path differs from the + original are placed at the new location (rename / remap). """ # Get the source repository tree try: @@ -598,8 +605,19 @@ def clone_repository_contents( continue # For GitHub API batch operations, we can use the content directly + # Apply path mapper if provided + dest_path = item['path'] + if path_mapper is not None: + dest_path = path_mapper(item['path']) + if dest_path is None: + logger.debug(f"path_mapper excluded {item['path']}, skipping") + skipped_count += 1 + continue + if dest_path != item['path']: + logger.info(f"path_mapper remapped {item['path']} → {dest_path}") + blobs.append({ - 'path': item['path'], + 'path': dest_path, 'mode': '100644', # Regular file 'type': 'blob', 'content': base64.b64decode(blob['content']).decode('utf-8', errors='replace')