Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor AWS account setup #137

Merged
merged 10 commits into from
Jan 7, 2025
Merged

Refactor AWS account setup #137

merged 10 commits into from
Jan 7, 2025

Conversation

iuriaranda
Copy link
Contributor

@iuriaranda iuriaranda commented Dec 20, 2024
edited
Loading

This is a full refactor of the setup for our AWS account requirements setup. Spawned from the last hackathon.

  • The setup options for both the admin and the capa controller roles have been reduced to OpenTofu / Terraform
  • Update the documentation to inform that Giant Swarm takes over the maintenance of both IAM roles (once the admin role has been initially provisioned by the customer)

Checklist

  • Update changelog in CHANGELOG.md.

AndiDog and others added 9 commits December 18, 2024 16:44
@AndiDog
Reduce setup options to only CloudFormation stacks
d6c1c58
@iuriaranda
Create tf stack to apply all capa controller roles CF stacks
bed82ef
@iuriaranda
Refactor capa-controller-role module to not use CF
af7c278 
We found that importing existing resources into CF might be problematic, so migrating existing setups will be difficult

Instead we choose to use standalone TF resources with the corresponding import blocks.
@iuriaranda
Define variable optionals
5dfcff3
@iuriaranda
Separate AWS partitions in different tofu workspaces
84fb70b 
Different AWS partitions use completely different AWS credentials sets, so it would make sense to separate them in different tofu runs / workspaces, so we can still apply to one partition even if we don't have credentials for the other.
@iuriaranda
Moved aws-account-setup tofu config to a dedicated private repo
0e16a4f
@iuriaranda
Add support for adding additional policies to the capa controller role
48421c6 
Both inline and managed policies can  be added
@iuriaranda
Switch aws provider to the hashicorp namespace
fcdb7e3 
From this warning:

╷
│ Warning: Additional provider information from registry
│
│ The remote registry returned warnings for
│ registry.opentofu.org/opentofu/aws:
│ - You are using opentofu/aws instead of hashicorp/aws. This provider is
│ maintained by HashiCorp and the OpenTofu project only builds the provider
│ binaries from the source code. Both the opentofu/ and hashicorp/ namespaces
│ in the OpenTofu Registry contain the OpenTofu-built provider binaries based
│ on the HashiCorp source code. To avoid configuration errors, we recommend
│ using the hashicorp/ namespaced providers.
╵
@iuriaranda
Implement the admin role in terraform
c798923 
Also update the docs
@iuriaranda iuriaranda marked this pull request as ready for review January 3, 2025 16:09
@iuriaranda iuriaranda requested a review from a team as a code owner January 3, 2025 16:09
AndiDog
AndiDog approved these changes Jan 3, 2025
View reviewed changes
Copy link
Contributor

@AndiDog AndiDog left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fine, with one minor question

@iuriaranda iuriaranda merged commit 0d3aa39 into main Jan 7, 2025
2 checks passed
@iuriaranda iuriaranda deleted the opentofu-refactor branch January 7, 2025 15:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AndiDog AndiDog AndiDog approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@iuriaranda @AndiDog