diff --git a/locals.tf b/locals.tf new file mode 100644 index 0000000..a840973 --- /dev/null +++ b/locals.tf @@ -0,0 +1,11 @@ + +locals { + common_tags = { + environment = var.environment + environment_abbr = var.environment_abbr + organization = var.organization + finops_project_name = var.finops_project_name + finops_project_number = var.finops_project_number + finops_project_role = var.finops_project_role + } +} \ No newline at end of file diff --git a/main.tf b/main.tf index 567eb3a..dc080c8 100644 --- a/main.tf +++ b/main.tf @@ -1,25 +1,3 @@ -provider "aws" { - default_tags { - tags = { - organization = "census:ocio:csvd" - finops_project_name = "csvd_platformbaseline" - finops_project_number = "fs0000000078" - finops_project_role = "csvd_platformbaseline_app" - } - } -} - -locals { - common_tags = { - environment = var.environment - environment_abbr = var.environment_abbr - organization = var.organization - finops_project_name = var.finops_project_name - finops_project_number = var.finops_project_number - finops_project_role = var.finops_project_role - } -} - # API Gateway resource "aws_api_gateway_rest_api" "eks_automation" { name = "eks-automation-api" @@ -33,17 +11,17 @@ resource "aws_api_gateway_resource" "eks_automation" { } resource "aws_api_gateway_method" "eks_automation" { - rest_api_id = aws_api_gateway_rest_api.eks_automation.id - resource_id = aws_api_gateway_resource.eks_automation.id - http_method = "POST" - authorization = "NONE" + rest_api_id = aws_api_gateway_rest_api.eks_automation.id + resource_id = aws_api_gateway_resource.eks_automation.id + http_method = "POST" + authorization = "NONE" api_key_required = true } resource "aws_api_gateway_integration" "lambda" { - rest_api_id = aws_api_gateway_rest_api.eks_automation.id - resource_id = aws_api_gateway_resource.eks_automation.id - http_method = aws_api_gateway_method.eks_automation.http_method + rest_api_id = aws_api_gateway_rest_api.eks_automation.id + resource_id = aws_api_gateway_resource.eks_automation.id + http_method = aws_api_gateway_method.eks_automation.http_method integration_http_method = "POST" type = "AWS_PROXY" uri = aws_lambda_function.eks_automation.invoke_arn @@ -90,7 +68,7 @@ resource "aws_api_gateway_method_response" "options" { resource_id = aws_api_gateway_resource.eks_automation.id http_method = aws_api_gateway_method.options.http_method status_code = "200" - + response_parameters = { "method.response.header.Access-Control-Allow-Headers" = true, "method.response.header.Access-Control-Allow-Methods" = true, @@ -145,20 +123,20 @@ resource "aws_api_gateway_usage_plan_key" "eks_automation" { # Lambda Layer resource "aws_lambda_layer_version" "git" { - filename = "layer.zip" # Make sure to create this zip file with Git binaries - layer_name = "git-lambda-layer" - description = "Git Lambda Layer" + filename = "layer.zip" # Make sure to create this zip file with Git binaries + layer_name = "git-lambda-layer" + description = "Git Lambda Layer" compatible_runtimes = ["python3.9", "python3.10", "python3.11"] } # Lambda Function resource "aws_lambda_function" "eks_automation" { - filename = "eks_automation.zip" # Make sure to create this zip file + filename = "eks_automation.zip" # Make sure to create this zip file function_name = "eks-automation" - role = aws_iam_role.lambda_role.arn - handler = "app.lambda_handler" - runtime = "python3.11" - timeout = var.lambda_timeout + role = aws_iam_role.lambda_role.arn + handler = "app.lambda_handler" + runtime = "python3.11" + timeout = var.lambda_timeout vpc_config { subnet_ids = var.vpc_subnet_ids @@ -210,9 +188,9 @@ resource "aws_iam_role_policy" "lambda_ssm_access" { Version = "2012-10-17" Statement = [ { - Sid = "SSMDescribeParametersPolicy" - Effect = "Allow" - Action = ["ssm:DescribeParameters"] + Sid = "SSMDescribeParametersPolicy" + Effect = "Allow" + Action = ["ssm:DescribeParameters"] Resource = "*" }, { diff --git a/providers.tf b/providers.tf new file mode 100644 index 0000000..b79bf75 --- /dev/null +++ b/providers.tf @@ -0,0 +1,6 @@ +provider "aws" { + region = var.aws_region + default_tags { + tags = local.common_tags + } +} diff --git a/varfiles/sct-engineering.tfvars b/varfiles/sct-engineering.tfvars index e69de29..f710d01 100644 --- a/varfiles/sct-engineering.tfvars +++ b/varfiles/sct-engineering.tfvars @@ -0,0 +1,15 @@ +environment = "development" +environment_abbr = "dev" +organization = "census:ocio:csvd" +finops_project_name = "csvd_platformbaseline" +finops_project_number = "fs0000000078" +finops_project_role = "csvd_platformbaseline_app" +vpc_security_group_ids = [ + "sg-0641c697588b9aa6b", + "sg-0cc69de0fa6f337c5" +] +vpc_subnet_ids = [ + "subnet-062189d742937204e" +] +lambda_timeout = 30 +aws_region = "us-gov-west-1" diff --git a/variables.tf b/variables.tf index 14a8a65..a8ea3da 100644 --- a/variables.tf +++ b/variables.tf @@ -1,53 +1,50 @@ variable "environment" { description = "Environment name" type = string - default = "development" } variable "environment_abbr" { description = "Environment abbreviation" type = string - default = "dev" } variable "organization" { description = "Organization name" type = string - default = "census:ocio:csvd" } variable "finops_project_name" { description = "FinOps project name" type = string - default = "csvd_platformbaseline" } variable "finops_project_number" { description = "FinOps project number" type = string - default = "fs0000000078" } variable "finops_project_role" { description = "FinOps project role" type = string - default = "csvd_platformbaseline_app" } variable "vpc_security_group_ids" { description = "List of VPC security group IDs" type = list(string) - default = ["sg-03cbf2a626ed55c7e"] } variable "vpc_subnet_ids" { description = "List of VPC subnet IDs" type = list(string) - default = ["subnet-05192178ac094f639", "subnet-022370a5a03585376"] } variable "lambda_timeout" { description = "Lambda function timeout in seconds" type = number - default = 30 } + +variable "aws_region" { + description = "AWS region" + type = string + default = "us-gov-west-2" +} \ No newline at end of file