forked from NHSDigital/repository-template
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
6d95eb4
commit 7628022
Showing
5 changed files
with
185 additions
and
1 deletion.
There are no files selected for viewing
22 changes: 22 additions & 0 deletions
22
infrastructure/terraform/components/acct/iam_policy_github_deploy_overload.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| resource "aws_iam_policy" "github_deploy_overload" { | ||
| name = "${local.csi}-github-deploy-overload" | ||
| description = "Overloads the github permission to perform build actions for services in this account" | ||
| policy = data.aws_iam_policy_document.github_deploy.json | ||
| } | ||
|
|
||
| resource "aws_iam_role_policy_attachment" "github_deploy_overload" { | ||
| role = local.bootstrap.iam_github_deploy_role["name"] | ||
| policy_arn = aws_iam_policy.github_deploy_overload.arn | ||
| } | ||
|
|
||
| #tfsec:ignore:aws-iam-no-policy-wildcards Policy voilation expected for CI user role | ||
| data "aws_iam_policy_document" "github_deploy" { | ||
| statement { | ||
| effect = "Allow" | ||
|
|
||
| actions = [ | ||
| "grafana:*", | ||
| ] | ||
| resources = ["*"] | ||
| } | ||
| } |
21 changes: 21 additions & 0 deletions
21
infrastructure/terraform/components/acct/locals_remote_state.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| locals { | ||
| bootstrap = data.terraform_remote_state.bootstrap.outputs | ||
| } | ||
|
|
||
| data "terraform_remote_state" "bootstrap" { | ||
| backend = "s3" | ||
|
|
||
| config = { | ||
| bucket = local.terraform_state_bucket | ||
|
|
||
| key = format( | ||
| "%s/%s/%s/%s/bootstrap.tfstate", | ||
| var.project, | ||
| var.aws_account_id, | ||
| "eu-west-2", | ||
| "bootstrap" | ||
| ) | ||
|
|
||
| region = "eu-west-2" | ||
| } | ||
| } |
40 changes: 40 additions & 0 deletions
40
infrastructure/terraform/components/examplecomponent/locals_remote_state.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| locals { | ||
| bootstrap = data.terraform_remote_state.bootstrap.outputs | ||
| acct = data.terraform_remote_state.acct.outputs | ||
| } | ||
|
|
||
| data "terraform_remote_state" "bootstrap" { | ||
| backend = "s3" | ||
|
|
||
| config = { | ||
| bucket = local.terraform_state_bucket | ||
|
|
||
| key = format( | ||
| "%s/%s/%s/%s/bootstrap.tfstate", | ||
| var.project, | ||
| var.aws_account_id, | ||
| "eu-west-2", | ||
| "bootstrap" | ||
| ) | ||
|
|
||
| region = "eu-west-2" | ||
| } | ||
| } | ||
|
|
||
| data "terraform_remote_state" "acct" { | ||
| backend = "s3" | ||
|
|
||
| config = { | ||
| bucket = local.terraform_state_bucket | ||
|
|
||
| key = format( | ||
| "%s/%s/%s/%s/acct.tfstate", | ||
| var.project, | ||
| var.aws_account_id, | ||
| "eu-west-2", | ||
| var.parent_acct_environment | ||
| ) | ||
|
|
||
| region = "eu-west-2" | ||
| } | ||
| } |
44 changes: 44 additions & 0 deletions
44
infrastructure/terraform/components/examplecomponent/locals_tfscaffold.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| locals { | ||
| terraform_state_bucket = format( | ||
| "%s-tfscaffold-%s-%s", | ||
| var.project, | ||
| var.aws_account_id, | ||
| var.region, | ||
| ) | ||
|
|
||
| csi = replace( | ||
| format( | ||
| "%s-%s-%s", | ||
| var.project, | ||
| var.environment, | ||
| var.component, | ||
| ), | ||
| "_", | ||
| "", | ||
| ) | ||
|
|
||
| # CSI for use in resources with a global namespace, i.e. S3 Buckets | ||
| csi_global = replace( | ||
| format( | ||
| "%s-%s-%s-%s-%s", | ||
| var.project, | ||
| var.aws_account_id, | ||
| var.region, | ||
| var.environment, | ||
| var.component, | ||
| ), | ||
| "_", | ||
| "", | ||
| ) | ||
|
|
||
| default_tags = merge( | ||
| var.default_tags, | ||
| { | ||
| Project = var.project | ||
| Environment = var.environment | ||
| Component = var.component | ||
| Group = var.group | ||
| Name = local.csi | ||
| }, | ||
| ) | ||
| } |
59 changes: 58 additions & 1 deletion
59
infrastructure/terraform/components/examplecomponent/variables.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1,58 @@ | ||
| # Define the variables that will be initialised in etc/{env,versions}_<region>_<environment>.tfvars... | ||
| ## | ||
| # Basic Required Variables for tfscaffold Components | ||
| ## | ||
|
|
||
| variable "project" { | ||
| type = string | ||
| description = "The name of the tfscaffold project" | ||
| } | ||
|
|
||
| variable "environment" { | ||
| type = string | ||
| description = "The name of the tfscaffold environment" | ||
| } | ||
|
|
||
| variable "aws_account_id" { | ||
| type = string | ||
| description = "The AWS Account ID (numeric)" | ||
| } | ||
|
|
||
| variable "region" { | ||
| type = string | ||
| description = "The AWS Region" | ||
| } | ||
|
|
||
| variable "group" { | ||
| type = string | ||
| description = "The group variables are being inherited from (often synonmous with account short-name)" | ||
| } | ||
|
|
||
| ## | ||
| # tfscaffold variables specific to this component | ||
| ## | ||
|
|
||
| # This is the only primary variable to have its value defined as | ||
| # a default within its declaration in this file, because the variables | ||
| # purpose is as an identifier unique to this component, rather | ||
| # then to the environment from where all other variables come. | ||
| variable "component" { | ||
| type = string | ||
| description = "The variable encapsulating the name of this component" | ||
| default = "examplecomponent" | ||
| } | ||
|
|
||
| variable "default_tags" { | ||
| type = map(string) | ||
| description = "A map of default tags to apply to all taggable resources within the component" | ||
| default = {} | ||
| } | ||
|
|
||
| ## | ||
| # Variables specific to the component | ||
| ## | ||
|
|
||
| variable "log_retention_in_days" { | ||
| type = number | ||
| description = "The retention period in days for the Cloudwatch Logs events to be retained, default of 0 is indefinite" | ||
| default = 0 | ||
| } |