From 4a97f1f754eb930a507e8ab9ee38cda9035950fe Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Mon, 24 Apr 2023 16:45:32 +0000 Subject: [PATCH 01/58] Initial GitHub Actions workflow --- .github/deploy.yml | 39 ----------------------- .github/workflows/deploy-sit.yml | 54 ++++++++++++++++++++++++++++++++ .github/workflows/deploy.yml | 42 ------------------------- 3 files changed, 54 insertions(+), 81 deletions(-) delete mode 100644 .github/deploy.yml create mode 100644 .github/workflows/deploy-sit.yml delete mode 100644 .github/workflows/deploy.yml diff --git a/.github/deploy.yml b/.github/deploy.yml deleted file mode 100644 index 79568e5..0000000 --- a/.github/deploy.yml +++ /dev/null @@ -1,39 +0,0 @@ -# This is the main build pipeline that verifies and publishes the software -name: Build -# Controls when the workflow will run -on: - # Allows you to run this workflow manually from the Actions tab - workflow_dispatch: - -env: - TARGET_ENV_UPPERCASE: 'SANDBOX' - -jobs: - build: - name: Deploy - # The type of runner that the job will run on - runs-on: ubuntu-latest - - steps: - - name: Set AWS Env Variables - run: echo "AWS_ACCESS_KEY_ID=${{ secrets[format('AWS_ACCESS_KEY_ID_CUMULUS_{0}', env.TARGET_ENV_UPPERCASE)] }}" >> $GITHUB_ENV | - echo "AWS_SECRET_ACCESS_KEY=${{ secrets[format('AWS_SECRET_ACCESS_KEY_CUMULUS_{0}', env.TARGET_ENV_UPPERCASE)] }}" >> $GITHUB_ENV - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 - env: - AWS_ACCESS_KEY_ID: ${{ secrets[format('AWS_ACCESS_KEY_ID_CUMULUS_{0}', env.TARGET_ENV_UPPERCASE)] }} - AWS_SECRET_ACCESS_KEY: ${{ secrets[format('AWS_SECRET_ACCESS_KEY_CUMULUS_{0}', env.TARGET_ENV_UPPERCASE)] }} - with: - aws-region: us-west-2 - role-session-name: GitHubActions - - run: aws sts get-caller-identity - - - name: Setup Terraform - uses: hashicorp/setup-terraform@v2 - with: - terraform_version: 0.12.31 - terraform_wrapper: false - - - name: Deploy - run: ls -al; cd terraform ; terraform init ; terraform plan diff --git a/.github/workflows/deploy-sit.yml b/.github/workflows/deploy-sit.yml new file mode 100644 index 0000000..7b5e019 --- /dev/null +++ b/.github/workflows/deploy-sit.yml @@ -0,0 +1,54 @@ +# Main build pipeline that verifies, builds, and deploys the software +name: Build and Deploy +# Events that trigger the workflow +on: + # Trigger based on push to all branches + push: + branches: + - 'development' + tags-ignore: + - '*' + # Run workflow manually from the Actions tab + workflow_dispatch: + +# Environment variables +env: + TARGET_ENV: 'SIT' + PREFIX_ENV: 'service-generate-sit' + +jobs: + build: + name: Build and Deploy + # The type of runner that the job will run on + runs-on: ubuntu-latest + + steps: + # Set up Terraform + - name: Setup Terraform + uses: hashicorp/setup-terraform@v2.0.3 + with: + terraform_version: 1.3.7 + + # Validate Terraform file + - name: Validate Terraform + run: terraform validate -no-color + + # Deploy Terraform + - name: Deploy Terraform + working-directory: terraform/ + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_SERVICES_SIT }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_SERVICES_SIT }} + AWS_DEFAULT_REGION: us-west-2 + + TF_VAR_cross_account_id: ${{ secrets.CROSS_ACCOUNT_ID }} + TF_VAR_environment: $TARGET_ENV + TF_VAR_prefix: $PREFIX_ENV + TF_VAR_sns_topic_email: ${{ secrets.SNS_TOPIC_EMAIL }} + + run: + terraform init -reconfigure \ + -backend-config="bucket=$PREFIX-tf-state" \ + -backend-config="key=generate.tfstate" \ + -backend-config="region=$AWS_DEFAULT_REGION" + terraform apply -auto-approve diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml deleted file mode 100644 index 8b047aa..0000000 --- a/.github/workflows/deploy.yml +++ /dev/null @@ -1,42 +0,0 @@ -# This is the main build pipeline that verifies and publishes the software -name: Build -# Controls when the workflow will run -on: - # Allows you to run this workflow manually from the Actions tab - workflow_dispatch: - -env: - TARGET_ENV_UPPERCASE: 'SANDBOX' - -jobs: - build: - name: Deploy - # The type of runner that the job will run on - runs-on: ubuntu-latest - - steps: - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v2 - - - name: Set AWS Env Variables - run: echo "AWS_ACCESS_KEY_ID=${{ secrets[format('AWS_ACCESS_KEY_ID_CUMULUS_{0}', env.TARGET_ENV_UPPERCASE)] }}" >> $GITHUB_ENV | - echo "AWS_SECRET_ACCESS_KEY=${{ secrets[format('AWS_SECRET_ACCESS_KEY_CUMULUS_{0}', env.TARGET_ENV_UPPERCASE)] }}" >> $GITHUB_ENV - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 - env: - AWS_ACCESS_KEY_ID: ${{ secrets[format('AWS_ACCESS_KEY_ID_CUMULUS_{0}', env.TARGET_ENV_UPPERCASE)] }} - AWS_SECRET_ACCESS_KEY: ${{ secrets[format('AWS_SECRET_ACCESS_KEY_CUMULUS_{0}', env.TARGET_ENV_UPPERCASE)] }} - with: - aws-region: us-west-2 - role-session-name: GitHubActions - - run: aws sts get-caller-identity - - - name: Setup Terraform - uses: hashicorp/setup-terraform@v2 - with: - terraform_version: 0.12.31 - terraform_wrapper: false - - - name: Deploy - run: cd terraform ; terraform init ; terraform plan From 279ac25264d3c7be34003f5bc111db1ed6c289f0 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Mon, 24 Apr 2023 17:07:19 +0000 Subject: [PATCH 02/58] Check out github repo --- .github/workflows/deploy-sit.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/deploy-sit.yml b/.github/workflows/deploy-sit.yml index 7b5e019..998d1e2 100644 --- a/.github/workflows/deploy-sit.yml +++ b/.github/workflows/deploy-sit.yml @@ -23,6 +23,9 @@ jobs: runs-on: ubuntu-latest steps: + # Check out GitHub repo + - uses: actions/checkout@v3 + # Set up Terraform - name: Setup Terraform uses: hashicorp/setup-terraform@v2.0.3 From 36bd77bf73e35424cfafaf32641ad28d7ca6779a Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Mon, 24 Apr 2023 17:16:15 +0000 Subject: [PATCH 03/58] Fix too many arguments --- .github/workflows/deploy-sit.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy-sit.yml b/.github/workflows/deploy-sit.yml index 998d1e2..b156792 100644 --- a/.github/workflows/deploy-sit.yml +++ b/.github/workflows/deploy-sit.yml @@ -50,8 +50,6 @@ jobs: TF_VAR_sns_topic_email: ${{ secrets.SNS_TOPIC_EMAIL }} run: - terraform init -reconfigure \ - -backend-config="bucket=$PREFIX-tf-state" \ - -backend-config="key=generate.tfstate" \ - -backend-config="region=$AWS_DEFAULT_REGION" + terraform init -reconfigure -backend-config="bucket=$PREFIX-tf-state" -backend-config="key=generate.tfstate" -backend-config="region=$AWS_DEFAULT_REGION" + run: terraform apply -auto-approve From 3a6eb0cf7553ef44f3037b267c8e506c7ec07ed6 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Mon, 24 Apr 2023 17:18:53 +0000 Subject: [PATCH 04/58] Fix too many arguments with pipe on run attribute --- .github/workflows/deploy-sit.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/deploy-sit.yml b/.github/workflows/deploy-sit.yml index b156792..36094d1 100644 --- a/.github/workflows/deploy-sit.yml +++ b/.github/workflows/deploy-sit.yml @@ -49,7 +49,6 @@ jobs: TF_VAR_prefix: $PREFIX_ENV TF_VAR_sns_topic_email: ${{ secrets.SNS_TOPIC_EMAIL }} - run: + run: | terraform init -reconfigure -backend-config="bucket=$PREFIX-tf-state" -backend-config="key=generate.tfstate" -backend-config="region=$AWS_DEFAULT_REGION" - run: terraform apply -auto-approve From 10b1492f03f4a2a6e533f9bc63de002ac9b23abc Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Mon, 24 Apr 2023 17:23:23 +0000 Subject: [PATCH 05/58] Test use of environment variables in init command --- .github/workflows/deploy-sit.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deploy-sit.yml b/.github/workflows/deploy-sit.yml index 36094d1..3458883 100644 --- a/.github/workflows/deploy-sit.yml +++ b/.github/workflows/deploy-sit.yml @@ -50,5 +50,8 @@ jobs: TF_VAR_sns_topic_email: ${{ secrets.SNS_TOPIC_EMAIL }} run: | - terraform init -reconfigure -backend-config="bucket=$PREFIX-tf-state" -backend-config="key=generate.tfstate" -backend-config="region=$AWS_DEFAULT_REGION" + terraform init -reconfigure \ + -backend-config="bucket=${PREFIX}-tf-state" \ + -backend-config="key=generate.tfstate" \ + -backend-config="region=${AWS_DEFAULT_REGION}" terraform apply -auto-approve From b34a732a566054921258d6426b8c599097bb8db7 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Mon, 24 Apr 2023 17:24:56 +0000 Subject: [PATCH 06/58] Update deploy step use of prefix env var --- .github/workflows/deploy-sit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-sit.yml b/.github/workflows/deploy-sit.yml index 3458883..3071c0e 100644 --- a/.github/workflows/deploy-sit.yml +++ b/.github/workflows/deploy-sit.yml @@ -51,7 +51,7 @@ jobs: run: | terraform init -reconfigure \ - -backend-config="bucket=${PREFIX}-tf-state" \ + -backend-config="bucket=${PREFIX_ENV}-tf-state" \ -backend-config="key=generate.tfstate" \ -backend-config="region=${AWS_DEFAULT_REGION}" terraform apply -auto-approve From f028c96908277e6e918097e440c7a2eb318ff24e Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Mon, 24 Apr 2023 17:28:59 +0000 Subject: [PATCH 07/58] Remove use of named profile --- terraform/main.tf | 1 - terraform/variables.tf | 5 ----- 2 files changed, 6 deletions(-) diff --git a/terraform/main.tf b/terraform/main.tf index 99a1c56..3222fd1 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -19,7 +19,6 @@ provider "aws" { key_prefixes = ["gsfc-ngap"] } region = var.aws_region - profile = var.profile } # Data sources diff --git a/terraform/variables.tf b/terraform/variables.tf index d63743b..03a9fdc 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -47,11 +47,6 @@ variable "prefix" { description = "Prefix to add to all AWS resources as a unique identifier" } -variable "profile" { - type = string - description = "Named profile to build infrastructure with" -} - variable "sns_topic_email" { type = string description = "Email to send SNS Topic messages to" From 2855aafca3fcec466df748846ae2aa2a382ad223 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Mon, 24 Apr 2023 17:35:50 +0000 Subject: [PATCH 08/58] Export TF_VAR to GitHub ENV --- .github/workflows/deploy-sit.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-sit.yml b/.github/workflows/deploy-sit.yml index 3071c0e..4c38652 100644 --- a/.github/workflows/deploy-sit.yml +++ b/.github/workflows/deploy-sit.yml @@ -45,10 +45,14 @@ jobs: AWS_DEFAULT_REGION: us-west-2 TF_VAR_cross_account_id: ${{ secrets.CROSS_ACCOUNT_ID }} - TF_VAR_environment: $TARGET_ENV - TF_VAR_prefix: $PREFIX_ENV TF_VAR_sns_topic_email: ${{ secrets.SNS_TOPIC_EMAIL }} + + # Set TF_VAR environment variables + run: | + echo "TF_VAR_environment=$TARGET_ENV" >> $GITHUB_ENV + echo "TF_VAR_prefix=$PREFIX_ENV" >> $GITHUB_ENV + # Initialize and run terraform run: | terraform init -reconfigure \ -backend-config="bucket=${PREFIX_ENV}-tf-state" \ From d38c8cd618f4fe08619aeb4dc41b56a8263fb602 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Mon, 24 Apr 2023 17:40:02 +0000 Subject: [PATCH 09/58] rovide consistent use of TF_VAR --- .github/workflows/deploy-sit.yml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/workflows/deploy-sit.yml b/.github/workflows/deploy-sit.yml index 4c38652..3e3f389 100644 --- a/.github/workflows/deploy-sit.yml +++ b/.github/workflows/deploy-sit.yml @@ -43,19 +43,17 @@ jobs: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_SERVICES_SIT }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_SERVICES_SIT }} AWS_DEFAULT_REGION: us-west-2 - - TF_VAR_cross_account_id: ${{ secrets.CROSS_ACCOUNT_ID }} - TF_VAR_sns_topic_email: ${{ secrets.SNS_TOPIC_EMAIL }} - # Set TF_VAR environment variables + # Set TF_VAR environment variables, initialize and run terraform run: | + echo "TF_VAR_cross_account_id=${{ secrets.CROSS_ACCOUNT_ID }}" >> $GITHUB_ENV echo "TF_VAR_environment=$TARGET_ENV" >> $GITHUB_ENV echo "TF_VAR_prefix=$PREFIX_ENV" >> $GITHUB_ENV + echo "TF_VAR_sns_topic_email=${{ secrets.SNS_TOPIC_EMAIL }}" >> $GITHUB_ENV - # Initialize and run terraform - run: | terraform init -reconfigure \ -backend-config="bucket=${PREFIX_ENV}-tf-state" \ -backend-config="key=generate.tfstate" \ -backend-config="region=${AWS_DEFAULT_REGION}" + terraform apply -auto-approve From 9cccf3689a2b5741e28cdfbc2c2dfee7e1f0c01e Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Mon, 24 Apr 2023 17:51:27 +0000 Subject: [PATCH 10/58] Test environment variables --- .github/workflows/deploy-sit.yml | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/.github/workflows/deploy-sit.yml b/.github/workflows/deploy-sit.yml index 3e3f389..d84c740 100644 --- a/.github/workflows/deploy-sit.yml +++ b/.github/workflows/deploy-sit.yml @@ -43,17 +43,21 @@ jobs: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_SERVICES_SIT }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_SERVICES_SIT }} AWS_DEFAULT_REGION: us-west-2 + + TF_VAR_cross_account_id: ${{ secrets.CROSS_ACCOUNT_ID }} + TF_VAR_sns_topic_email: ${{ secrets.SNS_TOPIC_EMAIL }} # Set TF_VAR environment variables, initialize and run terraform run: | - echo "TF_VAR_cross_account_id=${{ secrets.CROSS_ACCOUNT_ID }}" >> $GITHUB_ENV echo "TF_VAR_environment=$TARGET_ENV" >> $GITHUB_ENV echo "TF_VAR_prefix=$PREFIX_ENV" >> $GITHUB_ENV - echo "TF_VAR_sns_topic_email=${{ secrets.SNS_TOPIC_EMAIL }}" >> $GITHUB_ENV - terraform init -reconfigure \ - -backend-config="bucket=${PREFIX_ENV}-tf-state" \ - -backend-config="key=generate.tfstate" \ - -backend-config="region=${AWS_DEFAULT_REGION}" + echo "$TF_VAR_environment" + echo "$TF_VAR_prefix" - terraform apply -auto-approve + # terraform init -reconfigure \ + # -backend-config="bucket=${PREFIX_ENV}-tf-state" \ + # -backend-config="key=generate.tfstate" \ + # -backend-config="region=${AWS_DEFAULT_REGION}" + + # terraform apply -auto-approve From f39e77d595c7cbea883d528a9e50e8442c4d2d59 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Mon, 24 Apr 2023 17:53:23 +0000 Subject: [PATCH 11/58] Test environment variables --- .github/workflows/deploy-sit.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-sit.yml b/.github/workflows/deploy-sit.yml index d84c740..1c48a94 100644 --- a/.github/workflows/deploy-sit.yml +++ b/.github/workflows/deploy-sit.yml @@ -52,8 +52,8 @@ jobs: echo "TF_VAR_environment=$TARGET_ENV" >> $GITHUB_ENV echo "TF_VAR_prefix=$PREFIX_ENV" >> $GITHUB_ENV - echo "$TF_VAR_environment" - echo "$TF_VAR_prefix" + echo "ENVIRONMENT: $TF_VAR_environment" + echo "PREFIX: $TF_VAR_prefix" # terraform init -reconfigure \ # -backend-config="bucket=${PREFIX_ENV}-tf-state" \ From 8c39d9169354c2e561561e027f8a947ed1888a75 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Mon, 24 Apr 2023 17:55:54 +0000 Subject: [PATCH 12/58] Test environment variables --- .github/workflows/deploy-sit.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-sit.yml b/.github/workflows/deploy-sit.yml index 1c48a94..16b44bf 100644 --- a/.github/workflows/deploy-sit.yml +++ b/.github/workflows/deploy-sit.yml @@ -49,8 +49,8 @@ jobs: # Set TF_VAR environment variables, initialize and run terraform run: | - echo "TF_VAR_environment=$TARGET_ENV" >> $GITHUB_ENV - echo "TF_VAR_prefix=$PREFIX_ENV" >> $GITHUB_ENV + echo "TF_VAR_environment=${{ env.TARGET_ENV }}" >> $GITHUB_ENV + echo "TF_VAR_prefix=${{ env.PREFIX_ENV }}" >> $GITHUB_ENV echo "ENVIRONMENT: $TF_VAR_environment" echo "PREFIX: $TF_VAR_prefix" From b03e6b4c85f1ecc8b83d766d43c2b6d341b2e8a7 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Mon, 24 Apr 2023 18:00:14 +0000 Subject: [PATCH 13/58] Test environment variables definition to Github ENV --- .github/workflows/deploy-sit.yml | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/.github/workflows/deploy-sit.yml b/.github/workflows/deploy-sit.yml index 16b44bf..cfd334d 100644 --- a/.github/workflows/deploy-sit.yml +++ b/.github/workflows/deploy-sit.yml @@ -35,6 +35,14 @@ jobs: # Validate Terraform file - name: Validate Terraform run: terraform validate -no-color + + # Set up TF_VAR environment variables + -name: TF_VAR values + run: | + echo "TF_VAR_environment=$TARGET_ENV" >> $GITHUB_ENV + echo "TF_VAR_prefix=$PREFIX_ENV" >> $GITHUB_ENV + echo "TF_VAR_cross_account_id=${{ secrets.CROSS_ACCOUNT_ID }}" >> $GITHUB_ENV + echo "TF_VAR_sns_topic_email=${{ secrets.SNS_TOPIC_EMAIL }}" >> $GITHUB_ENV # Deploy Terraform - name: Deploy Terraform @@ -43,15 +51,10 @@ jobs: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_SERVICES_SIT }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_SERVICES_SIT }} AWS_DEFAULT_REGION: us-west-2 - - TF_VAR_cross_account_id: ${{ secrets.CROSS_ACCOUNT_ID }} - TF_VAR_sns_topic_email: ${{ secrets.SNS_TOPIC_EMAIL }} # Set TF_VAR environment variables, initialize and run terraform run: | - echo "TF_VAR_environment=${{ env.TARGET_ENV }}" >> $GITHUB_ENV - echo "TF_VAR_prefix=${{ env.PREFIX_ENV }}" >> $GITHUB_ENV - + echo "ENVIRONMENT: $TF_VAR_environment" echo "PREFIX: $TF_VAR_prefix" From a20e0393c9906cceaf7a4aa362fa5b501a27ead9 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Mon, 24 Apr 2023 18:01:30 +0000 Subject: [PATCH 14/58] Test environment variables definition to Github ENV --- .github/workflows/deploy-sit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-sit.yml b/.github/workflows/deploy-sit.yml index cfd334d..79356a6 100644 --- a/.github/workflows/deploy-sit.yml +++ b/.github/workflows/deploy-sit.yml @@ -37,7 +37,7 @@ jobs: run: terraform validate -no-color # Set up TF_VAR environment variables - -name: TF_VAR values + - name: TF_VAR values run: | echo "TF_VAR_environment=$TARGET_ENV" >> $GITHUB_ENV echo "TF_VAR_prefix=$PREFIX_ENV" >> $GITHUB_ENV From a3dbada2aa23d118f0fbae2f8bae60f6c23c8a91 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Mon, 24 Apr 2023 18:02:28 +0000 Subject: [PATCH 15/58] Implement terraform deployment --- .github/workflows/deploy-sit.yml | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/.github/workflows/deploy-sit.yml b/.github/workflows/deploy-sit.yml index 79356a6..8c1f690 100644 --- a/.github/workflows/deploy-sit.yml +++ b/.github/workflows/deploy-sit.yml @@ -54,13 +54,9 @@ jobs: # Set TF_VAR environment variables, initialize and run terraform run: | - - echo "ENVIRONMENT: $TF_VAR_environment" - echo "PREFIX: $TF_VAR_prefix" + terraform init -reconfigure \ + -backend-config="bucket=${PREFIX_ENV}-tf-state" \ + -backend-config="key=generate.tfstate" \ + -backend-config="region=${AWS_DEFAULT_REGION}" - # terraform init -reconfigure \ - # -backend-config="bucket=${PREFIX_ENV}-tf-state" \ - # -backend-config="key=generate.tfstate" \ - # -backend-config="region=${AWS_DEFAULT_REGION}" - - # terraform apply -auto-approve + terraform apply -auto-approve From f93c335e33c753ebb12faca79715529bb6483d41 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Thu, 27 Apr 2023 16:26:13 +0000 Subject: [PATCH 16/58] Add creation of S3 bucket for IDL client files --- terraform/generate-s3.tf | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/terraform/generate-s3.tf b/terraform/generate-s3.tf index fad137b..db4b8c9 100644 --- a/terraform/generate-s3.tf +++ b/terraform/generate-s3.tf @@ -85,4 +85,35 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "aws_s3_bucket_dlc kms_master_key_id = "aws/s3" } } -} \ No newline at end of file +} + +# Bucket to hold IDL client files +resource "aws_s3_bucket" "aws_s3_bucket_idl_client" { + bucket = "${var.prefix}-idl-client" + tags = { Name = "${var.prefix}-idl-client" } +} + +resource "aws_s3_bucket_public_access_block" "aws_s3_bucket_idl_client_public_block" { + bucket = aws_s3_bucket.aws_s3_bucket_idl_client.id + block_public_acls = true + block_public_policy = true + ignore_public_acls = true + restrict_public_buckets = true +} + +resource "aws_s3_bucket_ownership_controls" "aws_s3_bucket_idl_client_ownership" { + bucket = aws_s3_bucket.aws_s3_bucket_idl_client.id + rule { + object_ownership = "BucketOwnerEnforced" + } +} + +resource "aws_s3_bucket_server_side_encryption_configuration" "aws_s3_bucket_idl_client_encryption" { + bucket = aws_s3_bucket.aws_s3_bucket_idl_client.bucket + rule { + apply_server_side_encryption_by_default { + sse_algorithm = "aws:kms" + kms_master_key_id = "aws/s3" + } + } +} From 5cd98b3ce706fd03cfc687cddd41ea3a77f6abfb Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Thu, 27 Apr 2023 16:30:46 +0000 Subject: [PATCH 17/58] Test for deploying to different environments --- .github/workflows/deploy-sit.yml | 76 +++++++++++++++++--------------- 1 file changed, 40 insertions(+), 36 deletions(-) diff --git a/.github/workflows/deploy-sit.yml b/.github/workflows/deploy-sit.yml index 8c1f690..7ec0a66 100644 --- a/.github/workflows/deploy-sit.yml +++ b/.github/workflows/deploy-sit.yml @@ -11,11 +11,6 @@ on: # Run workflow manually from the Actions tab workflow_dispatch: -# Environment variables -env: - TARGET_ENV: 'SIT' - PREFIX_ENV: 'service-generate-sit' - jobs: build: name: Build and Deploy @@ -23,40 +18,49 @@ jobs: runs-on: ubuntu-latest steps: - # Check out GitHub repo - - uses: actions/checkout@v3 + + # Environment variables based on branch + # if: + # env: + # TARGET_ENV: 'SIT' + # PREFIX_ENV: 'service-generate-sit' + - name: Set Environment Variables + run: echo $GITHUB_HEAD_REF + + # # Check out GitHub repo + # - uses: actions/checkout@v3 - # Set up Terraform - - name: Setup Terraform - uses: hashicorp/setup-terraform@v2.0.3 - with: - terraform_version: 1.3.7 + # # Set up Terraform + # - name: Setup Terraform + # uses: hashicorp/setup-terraform@v2.0.3 + # with: + # terraform_version: 1.3.7 - # Validate Terraform file - - name: Validate Terraform - run: terraform validate -no-color + # # Validate Terraform file + # - name: Validate Terraform + # run: terraform validate -no-color - # Set up TF_VAR environment variables - - name: TF_VAR values - run: | - echo "TF_VAR_environment=$TARGET_ENV" >> $GITHUB_ENV - echo "TF_VAR_prefix=$PREFIX_ENV" >> $GITHUB_ENV - echo "TF_VAR_cross_account_id=${{ secrets.CROSS_ACCOUNT_ID }}" >> $GITHUB_ENV - echo "TF_VAR_sns_topic_email=${{ secrets.SNS_TOPIC_EMAIL }}" >> $GITHUB_ENV + # # Set up TF_VAR environment variables + # - name: TF_VAR values + # run: | + # echo "TF_VAR_environment=$TARGET_ENV" >> $GITHUB_ENV + # echo "TF_VAR_prefix=$PREFIX_ENV" >> $GITHUB_ENV + # echo "TF_VAR_cross_account_id=${{ secrets.CROSS_ACCOUNT_ID }}" >> $GITHUB_ENV + # echo "TF_VAR_sns_topic_email=${{ secrets.SNS_TOPIC_EMAIL }}" >> $GITHUB_ENV - # Deploy Terraform - - name: Deploy Terraform - working-directory: terraform/ - env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_SERVICES_SIT }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_SERVICES_SIT }} - AWS_DEFAULT_REGION: us-west-2 + # # Deploy Terraform + # - name: Deploy Terraform + # working-directory: terraform/ + # env: + # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_SERVICES_SIT }} + # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_SERVICES_SIT }} + # AWS_DEFAULT_REGION: us-west-2 - # Set TF_VAR environment variables, initialize and run terraform - run: | - terraform init -reconfigure \ - -backend-config="bucket=${PREFIX_ENV}-tf-state" \ - -backend-config="key=generate.tfstate" \ - -backend-config="region=${AWS_DEFAULT_REGION}" + # # Set TF_VAR environment variables, initialize and run terraform + # run: | + # terraform init -reconfigure \ + # -backend-config="bucket=${PREFIX_ENV}-tf-state" \ + # -backend-config="key=generate.tfstate" \ + # -backend-config="region=${AWS_DEFAULT_REGION}" - terraform apply -auto-approve + # terraform apply -auto-approve From 753eacf2f20bbb9466ee63f59905f6af52e3b2e1 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Thu, 27 Apr 2023 16:32:19 +0000 Subject: [PATCH 18/58] Test for deploying to different environments 1 --- .github/workflows/deploy-sit.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deploy-sit.yml b/.github/workflows/deploy-sit.yml index 7ec0a66..f4d4c0b 100644 --- a/.github/workflows/deploy-sit.yml +++ b/.github/workflows/deploy-sit.yml @@ -25,7 +25,8 @@ jobs: # TARGET_ENV: 'SIT' # PREFIX_ENV: 'service-generate-sit' - name: Set Environment Variables - run: echo $GITHUB_HEAD_REF + run: | + echo "GITHUB REF: ${GITHUB_REF}" # # Check out GitHub repo # - uses: actions/checkout@v3 From 2f5b7acbf114eed4df6f63c8bbed90dba83a5d32 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Thu, 27 Apr 2023 16:41:13 +0000 Subject: [PATCH 19/58] Test for deploying to different environments 2 --- .github/workflows/deploy-sit.yml | 35 +++++++++++++++++++++++++------- 1 file changed, 28 insertions(+), 7 deletions(-) diff --git a/.github/workflows/deploy-sit.yml b/.github/workflows/deploy-sit.yml index f4d4c0b..432f5b2 100644 --- a/.github/workflows/deploy-sit.yml +++ b/.github/workflows/deploy-sit.yml @@ -6,6 +6,9 @@ on: push: branches: - 'development' + - 'feature/**' + - 'release/**' + - 'main' tags-ignore: - '*' # Run workflow manually from the Actions tab @@ -16,17 +19,35 @@ jobs: name: Build and Deploy # The type of runner that the job will run on runs-on: ubuntu-latest - steps: - # Environment variables based on branch - # if: - # env: - # TARGET_ENV: 'SIT' - # PREFIX_ENV: 'service-generate-sit' + # SIT environment variables - name: Set Environment Variables + if: | + startsWith(${GITHUB_REF}, refs/heads/development) || + startsWith(${GITHUB_REF}, refs/heads/feature) run: | - echo "GITHUB REF: ${GITHUB_REF}" + echo "TARGET_ENV=SIT" >> $GITHUB_ENV + echo "PREFIX_ENV=service-generate-sit" >> $GITHUB_ENV + + # UAT environment variables + - name: Set Environment Variables + if: startsWith(${GITHUB_REF}, refs/heads/release) + run: | + echo "TARGET_ENV=UAT" >> $GITHUB_ENV + echo "PREFIX_ENV=service-generate-uat" >> $GITHUB_ENV + + # OPS environment variables + - name: Set Environment Variables + if: startsWith(${GITHUB_REF}, refs/heads/main) + run: | + echo "TARGET_ENV=OPS" >> $GITHUB_ENV + echo "PREFIX_ENV=service-generate-ops" >> $GITHUB_ENV + + - name: Echo environment variables + run: | + echo "TARGET_ENV: $TARGET_ENV" + echo "PREFIX_ENV: $PREFIX_ENV" # # Check out GitHub repo # - uses: actions/checkout@v3 From 5239980de90155c64ec977291a7387fce31475cc Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Thu, 27 Apr 2023 16:42:17 +0000 Subject: [PATCH 20/58] Test for deploying to different environments 3 --- .github/workflows/deploy-sit.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy-sit.yml b/.github/workflows/deploy-sit.yml index 432f5b2..6ddb209 100644 --- a/.github/workflows/deploy-sit.yml +++ b/.github/workflows/deploy-sit.yml @@ -24,22 +24,22 @@ jobs: # SIT environment variables - name: Set Environment Variables if: | - startsWith(${GITHUB_REF}, refs/heads/development) || - startsWith(${GITHUB_REF}, refs/heads/feature) + startsWith($GITHUB_REF, refs/heads/development) || + startsWith($GITHUB_REF, refs/heads/feature) run: | echo "TARGET_ENV=SIT" >> $GITHUB_ENV echo "PREFIX_ENV=service-generate-sit" >> $GITHUB_ENV # UAT environment variables - name: Set Environment Variables - if: startsWith(${GITHUB_REF}, refs/heads/release) + if: startsWith($GITHUB_REF, refs/heads/release) run: | echo "TARGET_ENV=UAT" >> $GITHUB_ENV echo "PREFIX_ENV=service-generate-uat" >> $GITHUB_ENV # OPS environment variables - name: Set Environment Variables - if: startsWith(${GITHUB_REF}, refs/heads/main) + if: startsWith($GITHUB_REF, refs/heads/main) run: | echo "TARGET_ENV=OPS" >> $GITHUB_ENV echo "PREFIX_ENV=service-generate-ops" >> $GITHUB_ENV From 7677c3fd4f65377870ab7ccd3a87fead53c1c64d Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Thu, 27 Apr 2023 16:43:53 +0000 Subject: [PATCH 21/58] Test for deploying to different environments 4 --- .github/workflows/deploy-sit.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy-sit.yml b/.github/workflows/deploy-sit.yml index 6ddb209..4c34080 100644 --- a/.github/workflows/deploy-sit.yml +++ b/.github/workflows/deploy-sit.yml @@ -24,22 +24,22 @@ jobs: # SIT environment variables - name: Set Environment Variables if: | - startsWith($GITHUB_REF, refs/heads/development) || - startsWith($GITHUB_REF, refs/heads/feature) + startsWith(github.ref, refs/heads/development) || + startsWith(github.ref, refs/heads/feature) run: | echo "TARGET_ENV=SIT" >> $GITHUB_ENV echo "PREFIX_ENV=service-generate-sit" >> $GITHUB_ENV # UAT environment variables - name: Set Environment Variables - if: startsWith($GITHUB_REF, refs/heads/release) + if: startsWith(github.ref, refs/heads/release) run: | echo "TARGET_ENV=UAT" >> $GITHUB_ENV echo "PREFIX_ENV=service-generate-uat" >> $GITHUB_ENV # OPS environment variables - name: Set Environment Variables - if: startsWith($GITHUB_REF, refs/heads/main) + if: startsWith(github.ref, refs/heads/main) run: | echo "TARGET_ENV=OPS" >> $GITHUB_ENV echo "PREFIX_ENV=service-generate-ops" >> $GITHUB_ENV From 744cebbd8d0077638f2bb151c475eeabc0bd9b8b Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Thu, 27 Apr 2023 16:45:27 +0000 Subject: [PATCH 22/58] Test for deploying to different environments 5 --- .github/workflows/deploy-sit.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy-sit.yml b/.github/workflows/deploy-sit.yml index 4c34080..7204823 100644 --- a/.github/workflows/deploy-sit.yml +++ b/.github/workflows/deploy-sit.yml @@ -24,22 +24,22 @@ jobs: # SIT environment variables - name: Set Environment Variables if: | - startsWith(github.ref, refs/heads/development) || - startsWith(github.ref, refs/heads/feature) + startsWith(github.ref, 'refs/heads/development') || + startsWith(github.ref, 'refs/heads/feature') run: | echo "TARGET_ENV=SIT" >> $GITHUB_ENV echo "PREFIX_ENV=service-generate-sit" >> $GITHUB_ENV # UAT environment variables - name: Set Environment Variables - if: startsWith(github.ref, refs/heads/release) + if: startsWith(github.ref, 'refs/heads/release') run: | echo "TARGET_ENV=UAT" >> $GITHUB_ENV echo "PREFIX_ENV=service-generate-uat" >> $GITHUB_ENV # OPS environment variables - name: Set Environment Variables - if: startsWith(github.ref, refs/heads/main) + if: startsWith(github.ref, 'refs/heads/main') run: | echo "TARGET_ENV=OPS" >> $GITHUB_ENV echo "PREFIX_ENV=service-generate-ops" >> $GITHUB_ENV From 4309d7bf6460b69a32da6e30d2b1f4c23bf98906 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Thu, 27 Apr 2023 16:52:43 +0000 Subject: [PATCH 23/58] Test for deploying to different environments 6 --- .github/workflows/deploy-sit.yml | 68 +++++++++++++++----------------- 1 file changed, 32 insertions(+), 36 deletions(-) diff --git a/.github/workflows/deploy-sit.yml b/.github/workflows/deploy-sit.yml index 7204823..14dc856 100644 --- a/.github/workflows/deploy-sit.yml +++ b/.github/workflows/deploy-sit.yml @@ -44,45 +44,41 @@ jobs: echo "TARGET_ENV=OPS" >> $GITHUB_ENV echo "PREFIX_ENV=service-generate-ops" >> $GITHUB_ENV - - name: Echo environment variables - run: | - echo "TARGET_ENV: $TARGET_ENV" - echo "PREFIX_ENV: $PREFIX_ENV" - - # # Check out GitHub repo - # - uses: actions/checkout@v3 + # Check out GitHub repo + - uses: actions/checkout@v3 - # # Set up Terraform - # - name: Setup Terraform - # uses: hashicorp/setup-terraform@v2.0.3 - # with: - # terraform_version: 1.3.7 + # Set up Terraform + - name: Setup Terraform + uses: hashicorp/setup-terraform@v2.0.3 + with: + terraform_version: 1.3.7 - # # Validate Terraform file - # - name: Validate Terraform - # run: terraform validate -no-color + # Validate Terraform file + - name: Validate Terraform + run: terraform validate -no-color - # # Set up TF_VAR environment variables - # - name: TF_VAR values - # run: | - # echo "TF_VAR_environment=$TARGET_ENV" >> $GITHUB_ENV - # echo "TF_VAR_prefix=$PREFIX_ENV" >> $GITHUB_ENV - # echo "TF_VAR_cross_account_id=${{ secrets.CROSS_ACCOUNT_ID }}" >> $GITHUB_ENV - # echo "TF_VAR_sns_topic_email=${{ secrets.SNS_TOPIC_EMAIL }}" >> $GITHUB_ENV + # Set up TF_VAR environment variables + - name: TF_VAR values + run: | + echo "TF_VAR_environment=$TARGET_ENV" >> $GITHUB_ENV + echo "TF_VAR_prefix=$PREFIX_ENV" >> $GITHUB_ENV + echo "TF_VAR_cross_account_id=${{ secrets.format(CROSS_ACCOUNT_ID_{0}, $TARGET_ENV) }}" >> $GITHUB_ENV + echo "TF_VAR_sns_topic_email=${{ secrets.format(SNS_TOPIC_EMAIL_{0}, $TARGET_ENV) }}" >> $GITHUB_ENV - # # Deploy Terraform - # - name: Deploy Terraform - # working-directory: terraform/ - # env: - # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_SERVICES_SIT }} - # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_SERVICES_SIT }} - # AWS_DEFAULT_REGION: us-west-2 + # Deploy Terraform + - name: Deploy Terraform + working-directory: terraform/ + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_SERVICES_SIT }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_SERVICES_SIT }} + AWS_DEFAULT_REGION: us-west-2 - # # Set TF_VAR environment variables, initialize and run terraform - # run: | - # terraform init -reconfigure \ - # -backend-config="bucket=${PREFIX_ENV}-tf-state" \ - # -backend-config="key=generate.tfstate" \ - # -backend-config="region=${AWS_DEFAULT_REGION}" + # Set TF_VAR environment variables, initialize and run terraform + run: | + terraform init -reconfigure \ + -backend-config="bucket=${PREFIX_ENV}-tf-state" \ + -backend-config="key=generate.tfstate" \ + -backend-config="region=${AWS_DEFAULT_REGION}" - # terraform apply -auto-approve + # terraform apply -auto-approve + terraform plan From babb29a995542d47fa0445a82f14c2ec6a1791e5 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Thu, 27 Apr 2023 16:54:17 +0000 Subject: [PATCH 24/58] Test for deploying to different environments 7 --- .github/workflows/deploy-sit.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-sit.yml b/.github/workflows/deploy-sit.yml index 14dc856..cf9470c 100644 --- a/.github/workflows/deploy-sit.yml +++ b/.github/workflows/deploy-sit.yml @@ -62,8 +62,8 @@ jobs: run: | echo "TF_VAR_environment=$TARGET_ENV" >> $GITHUB_ENV echo "TF_VAR_prefix=$PREFIX_ENV" >> $GITHUB_ENV - echo "TF_VAR_cross_account_id=${{ secrets.format(CROSS_ACCOUNT_ID_{0}, $TARGET_ENV) }}" >> $GITHUB_ENV - echo "TF_VAR_sns_topic_email=${{ secrets.format(SNS_TOPIC_EMAIL_{0}, $TARGET_ENV) }}" >> $GITHUB_ENV + echo "TF_VAR_cross_account_id=${{ secrets.format('CROSS_ACCOUNT_ID_{0}', $TARGET_ENV) }}" >> $GITHUB_ENV + echo "TF_VAR_sns_topic_email=${{ secrets.format('SNS_TOPIC_EMAIL_{0}', $TARGET_ENV) }}" >> $GITHUB_ENV # Deploy Terraform - name: Deploy Terraform From 93622f4c5889f721f7ab774f8da901f0c9eb7295 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Thu, 27 Apr 2023 16:54:54 +0000 Subject: [PATCH 25/58] Test for deploying to different environments 8 --- .github/workflows/deploy-sit.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-sit.yml b/.github/workflows/deploy-sit.yml index cf9470c..e14bc3f 100644 --- a/.github/workflows/deploy-sit.yml +++ b/.github/workflows/deploy-sit.yml @@ -62,8 +62,8 @@ jobs: run: | echo "TF_VAR_environment=$TARGET_ENV" >> $GITHUB_ENV echo "TF_VAR_prefix=$PREFIX_ENV" >> $GITHUB_ENV - echo "TF_VAR_cross_account_id=${{ secrets.format('CROSS_ACCOUNT_ID_{0}', $TARGET_ENV) }}" >> $GITHUB_ENV - echo "TF_VAR_sns_topic_email=${{ secrets.format('SNS_TOPIC_EMAIL_{0}', $TARGET_ENV) }}" >> $GITHUB_ENV + echo "TF_VAR_cross_account_id=${{ secrets[format('CROSS_ACCOUNT_ID_{0}', $TARGET_ENV)] }}" >> $GITHUB_ENV + echo "TF_VAR_sns_topic_email=${{ secrets[format('SNS_TOPIC_EMAIL_{0}', $TARGET_ENV)] }}" >> $GITHUB_ENV # Deploy Terraform - name: Deploy Terraform From 1c270934450e89ab210e745126e44cbe290896bd Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Thu, 27 Apr 2023 16:55:41 +0000 Subject: [PATCH 26/58] Test for deploying to different environments 9 --- .github/workflows/deploy-sit.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-sit.yml b/.github/workflows/deploy-sit.yml index e14bc3f..4a3fe00 100644 --- a/.github/workflows/deploy-sit.yml +++ b/.github/workflows/deploy-sit.yml @@ -62,8 +62,8 @@ jobs: run: | echo "TF_VAR_environment=$TARGET_ENV" >> $GITHUB_ENV echo "TF_VAR_prefix=$PREFIX_ENV" >> $GITHUB_ENV - echo "TF_VAR_cross_account_id=${{ secrets[format('CROSS_ACCOUNT_ID_{0}', $TARGET_ENV)] }}" >> $GITHUB_ENV - echo "TF_VAR_sns_topic_email=${{ secrets[format('SNS_TOPIC_EMAIL_{0}', $TARGET_ENV)] }}" >> $GITHUB_ENV + echo "TF_VAR_cross_account_id=${{ secrets[format('CROSS_ACCOUNT_ID_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV + echo "TF_VAR_sns_topic_email=${{ secrets[format('SNS_TOPIC_EMAIL_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV # Deploy Terraform - name: Deploy Terraform From 91a5eca138794ab380de8b6dd03b2f970e6d1139 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Thu, 27 Apr 2023 16:58:25 +0000 Subject: [PATCH 27/58] Use one deploy file for all deployment environments --- .github/workflows/{deploy-sit.yml => deploy.yml} | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) rename .github/workflows/{deploy-sit.yml => deploy.yml} (97%) diff --git a/.github/workflows/deploy-sit.yml b/.github/workflows/deploy.yml similarity index 97% rename from .github/workflows/deploy-sit.yml rename to .github/workflows/deploy.yml index 4a3fe00..53e1a36 100644 --- a/.github/workflows/deploy-sit.yml +++ b/.github/workflows/deploy.yml @@ -80,5 +80,4 @@ jobs: -backend-config="key=generate.tfstate" \ -backend-config="region=${AWS_DEFAULT_REGION}" - # terraform apply -auto-approve - terraform plan + terraform apply -auto-approve From 8dd68b34fd963f3460b9206b90b93214bc5cbf52 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Thu, 27 Apr 2023 17:03:53 +0000 Subject: [PATCH 28/58] Use one deploy file for all deployment environments --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 53e1a36..caa9fc7 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -80,4 +80,4 @@ jobs: -backend-config="key=generate.tfstate" \ -backend-config="region=${AWS_DEFAULT_REGION}" - terraform apply -auto-approve + terraform apply -auto-approve From b80832348a11e545c7e2be332a522d873fde1830 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Thu, 27 Apr 2023 17:06:55 +0000 Subject: [PATCH 29/58] Remove yml file --- .github/workflows/deploy.yml | 83 ------------------------------------ 1 file changed, 83 deletions(-) delete mode 100644 .github/workflows/deploy.yml diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml deleted file mode 100644 index caa9fc7..0000000 --- a/.github/workflows/deploy.yml +++ /dev/null @@ -1,83 +0,0 @@ -# Main build pipeline that verifies, builds, and deploys the software -name: Build and Deploy -# Events that trigger the workflow -on: - # Trigger based on push to all branches - push: - branches: - - 'development' - - 'feature/**' - - 'release/**' - - 'main' - tags-ignore: - - '*' - # Run workflow manually from the Actions tab - workflow_dispatch: - -jobs: - build: - name: Build and Deploy - # The type of runner that the job will run on - runs-on: ubuntu-latest - steps: - - # SIT environment variables - - name: Set Environment Variables - if: | - startsWith(github.ref, 'refs/heads/development') || - startsWith(github.ref, 'refs/heads/feature') - run: | - echo "TARGET_ENV=SIT" >> $GITHUB_ENV - echo "PREFIX_ENV=service-generate-sit" >> $GITHUB_ENV - - # UAT environment variables - - name: Set Environment Variables - if: startsWith(github.ref, 'refs/heads/release') - run: | - echo "TARGET_ENV=UAT" >> $GITHUB_ENV - echo "PREFIX_ENV=service-generate-uat" >> $GITHUB_ENV - - # OPS environment variables - - name: Set Environment Variables - if: startsWith(github.ref, 'refs/heads/main') - run: | - echo "TARGET_ENV=OPS" >> $GITHUB_ENV - echo "PREFIX_ENV=service-generate-ops" >> $GITHUB_ENV - - # Check out GitHub repo - - uses: actions/checkout@v3 - - # Set up Terraform - - name: Setup Terraform - uses: hashicorp/setup-terraform@v2.0.3 - with: - terraform_version: 1.3.7 - - # Validate Terraform file - - name: Validate Terraform - run: terraform validate -no-color - - # Set up TF_VAR environment variables - - name: TF_VAR values - run: | - echo "TF_VAR_environment=$TARGET_ENV" >> $GITHUB_ENV - echo "TF_VAR_prefix=$PREFIX_ENV" >> $GITHUB_ENV - echo "TF_VAR_cross_account_id=${{ secrets[format('CROSS_ACCOUNT_ID_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV - echo "TF_VAR_sns_topic_email=${{ secrets[format('SNS_TOPIC_EMAIL_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV - - # Deploy Terraform - - name: Deploy Terraform - working-directory: terraform/ - env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_SERVICES_SIT }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_SERVICES_SIT }} - AWS_DEFAULT_REGION: us-west-2 - - # Set TF_VAR environment variables, initialize and run terraform - run: | - terraform init -reconfigure \ - -backend-config="bucket=${PREFIX_ENV}-tf-state" \ - -backend-config="key=generate.tfstate" \ - -backend-config="region=${AWS_DEFAULT_REGION}" - - terraform apply -auto-approve From 0ad84d385507b6040804c48201b5a95dc7a13441 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Thu, 27 Apr 2023 17:07:51 +0000 Subject: [PATCH 30/58] Re-add deploy.yml file to trigger action --- .github/workflows/deploy.yml | 83 ++++++++++++++++++++++++++++++++++++ 1 file changed, 83 insertions(+) create mode 100644 .github/workflows/deploy.yml diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 0000000..caa9fc7 --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,83 @@ +# Main build pipeline that verifies, builds, and deploys the software +name: Build and Deploy +# Events that trigger the workflow +on: + # Trigger based on push to all branches + push: + branches: + - 'development' + - 'feature/**' + - 'release/**' + - 'main' + tags-ignore: + - '*' + # Run workflow manually from the Actions tab + workflow_dispatch: + +jobs: + build: + name: Build and Deploy + # The type of runner that the job will run on + runs-on: ubuntu-latest + steps: + + # SIT environment variables + - name: Set Environment Variables + if: | + startsWith(github.ref, 'refs/heads/development') || + startsWith(github.ref, 'refs/heads/feature') + run: | + echo "TARGET_ENV=SIT" >> $GITHUB_ENV + echo "PREFIX_ENV=service-generate-sit" >> $GITHUB_ENV + + # UAT environment variables + - name: Set Environment Variables + if: startsWith(github.ref, 'refs/heads/release') + run: | + echo "TARGET_ENV=UAT" >> $GITHUB_ENV + echo "PREFIX_ENV=service-generate-uat" >> $GITHUB_ENV + + # OPS environment variables + - name: Set Environment Variables + if: startsWith(github.ref, 'refs/heads/main') + run: | + echo "TARGET_ENV=OPS" >> $GITHUB_ENV + echo "PREFIX_ENV=service-generate-ops" >> $GITHUB_ENV + + # Check out GitHub repo + - uses: actions/checkout@v3 + + # Set up Terraform + - name: Setup Terraform + uses: hashicorp/setup-terraform@v2.0.3 + with: + terraform_version: 1.3.7 + + # Validate Terraform file + - name: Validate Terraform + run: terraform validate -no-color + + # Set up TF_VAR environment variables + - name: TF_VAR values + run: | + echo "TF_VAR_environment=$TARGET_ENV" >> $GITHUB_ENV + echo "TF_VAR_prefix=$PREFIX_ENV" >> $GITHUB_ENV + echo "TF_VAR_cross_account_id=${{ secrets[format('CROSS_ACCOUNT_ID_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV + echo "TF_VAR_sns_topic_email=${{ secrets[format('SNS_TOPIC_EMAIL_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV + + # Deploy Terraform + - name: Deploy Terraform + working-directory: terraform/ + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_SERVICES_SIT }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_SERVICES_SIT }} + AWS_DEFAULT_REGION: us-west-2 + + # Set TF_VAR environment variables, initialize and run terraform + run: | + terraform init -reconfigure \ + -backend-config="bucket=${PREFIX_ENV}-tf-state" \ + -backend-config="key=generate.tfstate" \ + -backend-config="region=${AWS_DEFAULT_REGION}" + + terraform apply -auto-approve From bf0ae7fc6f92957ad7a22ce95ec3a9ae2cb4c7a2 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Thu, 27 Apr 2023 17:09:30 +0000 Subject: [PATCH 31/58] Test workflow 1 --- .github/workflows/deploy.yml | 62 ++++++++++++++++++------------------ 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index caa9fc7..32889b2 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -44,40 +44,40 @@ jobs: echo "TARGET_ENV=OPS" >> $GITHUB_ENV echo "PREFIX_ENV=service-generate-ops" >> $GITHUB_ENV - # Check out GitHub repo - - uses: actions/checkout@v3 + # # Check out GitHub repo + # - uses: actions/checkout@v3 - # Set up Terraform - - name: Setup Terraform - uses: hashicorp/setup-terraform@v2.0.3 - with: - terraform_version: 1.3.7 + # # Set up Terraform + # - name: Setup Terraform + # uses: hashicorp/setup-terraform@v2.0.3 + # with: + # terraform_version: 1.3.7 - # Validate Terraform file - - name: Validate Terraform - run: terraform validate -no-color + # # Validate Terraform file + # - name: Validate Terraform + # run: terraform validate -no-color - # Set up TF_VAR environment variables - - name: TF_VAR values - run: | - echo "TF_VAR_environment=$TARGET_ENV" >> $GITHUB_ENV - echo "TF_VAR_prefix=$PREFIX_ENV" >> $GITHUB_ENV - echo "TF_VAR_cross_account_id=${{ secrets[format('CROSS_ACCOUNT_ID_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV - echo "TF_VAR_sns_topic_email=${{ secrets[format('SNS_TOPIC_EMAIL_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV + # # Set up TF_VAR environment variables + # - name: TF_VAR values + # run: | + # echo "TF_VAR_environment=$TARGET_ENV" >> $GITHUB_ENV + # echo "TF_VAR_prefix=$PREFIX_ENV" >> $GITHUB_ENV + # echo "TF_VAR_cross_account_id=${{ secrets[format('CROSS_ACCOUNT_ID_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV + # echo "TF_VAR_sns_topic_email=${{ secrets[format('SNS_TOPIC_EMAIL_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV - # Deploy Terraform - - name: Deploy Terraform - working-directory: terraform/ - env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_SERVICES_SIT }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_SERVICES_SIT }} - AWS_DEFAULT_REGION: us-west-2 + # # Deploy Terraform + # - name: Deploy Terraform + # working-directory: terraform/ + # env: + # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_SERVICES_SIT }} + # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_SERVICES_SIT }} + # AWS_DEFAULT_REGION: us-west-2 - # Set TF_VAR environment variables, initialize and run terraform - run: | - terraform init -reconfigure \ - -backend-config="bucket=${PREFIX_ENV}-tf-state" \ - -backend-config="key=generate.tfstate" \ - -backend-config="region=${AWS_DEFAULT_REGION}" + # # Set TF_VAR environment variables, initialize and run terraform + # run: | + # terraform init -reconfigure \ + # -backend-config="bucket=${PREFIX_ENV}-tf-state" \ + # -backend-config="key=generate.tfstate" \ + # -backend-config="region=${AWS_DEFAULT_REGION}" - terraform apply -auto-approve + # terraform apply -auto-approve From a8d2d53572f2ccae8f8d11d3fa50c7ff92a31ffa Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Thu, 27 Apr 2023 17:10:48 +0000 Subject: [PATCH 32/58] Rename deployment file --- .github/workflows/deploy-generate.yml | 83 +++++++++++++++++++++++++++ .github/workflows/deploy.yml | 83 --------------------------- 2 files changed, 83 insertions(+), 83 deletions(-) create mode 100644 .github/workflows/deploy-generate.yml delete mode 100644 .github/workflows/deploy.yml diff --git a/.github/workflows/deploy-generate.yml b/.github/workflows/deploy-generate.yml new file mode 100644 index 0000000..caa9fc7 --- /dev/null +++ b/.github/workflows/deploy-generate.yml @@ -0,0 +1,83 @@ +# Main build pipeline that verifies, builds, and deploys the software +name: Build and Deploy +# Events that trigger the workflow +on: + # Trigger based on push to all branches + push: + branches: + - 'development' + - 'feature/**' + - 'release/**' + - 'main' + tags-ignore: + - '*' + # Run workflow manually from the Actions tab + workflow_dispatch: + +jobs: + build: + name: Build and Deploy + # The type of runner that the job will run on + runs-on: ubuntu-latest + steps: + + # SIT environment variables + - name: Set Environment Variables + if: | + startsWith(github.ref, 'refs/heads/development') || + startsWith(github.ref, 'refs/heads/feature') + run: | + echo "TARGET_ENV=SIT" >> $GITHUB_ENV + echo "PREFIX_ENV=service-generate-sit" >> $GITHUB_ENV + + # UAT environment variables + - name: Set Environment Variables + if: startsWith(github.ref, 'refs/heads/release') + run: | + echo "TARGET_ENV=UAT" >> $GITHUB_ENV + echo "PREFIX_ENV=service-generate-uat" >> $GITHUB_ENV + + # OPS environment variables + - name: Set Environment Variables + if: startsWith(github.ref, 'refs/heads/main') + run: | + echo "TARGET_ENV=OPS" >> $GITHUB_ENV + echo "PREFIX_ENV=service-generate-ops" >> $GITHUB_ENV + + # Check out GitHub repo + - uses: actions/checkout@v3 + + # Set up Terraform + - name: Setup Terraform + uses: hashicorp/setup-terraform@v2.0.3 + with: + terraform_version: 1.3.7 + + # Validate Terraform file + - name: Validate Terraform + run: terraform validate -no-color + + # Set up TF_VAR environment variables + - name: TF_VAR values + run: | + echo "TF_VAR_environment=$TARGET_ENV" >> $GITHUB_ENV + echo "TF_VAR_prefix=$PREFIX_ENV" >> $GITHUB_ENV + echo "TF_VAR_cross_account_id=${{ secrets[format('CROSS_ACCOUNT_ID_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV + echo "TF_VAR_sns_topic_email=${{ secrets[format('SNS_TOPIC_EMAIL_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV + + # Deploy Terraform + - name: Deploy Terraform + working-directory: terraform/ + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_SERVICES_SIT }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_SERVICES_SIT }} + AWS_DEFAULT_REGION: us-west-2 + + # Set TF_VAR environment variables, initialize and run terraform + run: | + terraform init -reconfigure \ + -backend-config="bucket=${PREFIX_ENV}-tf-state" \ + -backend-config="key=generate.tfstate" \ + -backend-config="region=${AWS_DEFAULT_REGION}" + + terraform apply -auto-approve diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml deleted file mode 100644 index 32889b2..0000000 --- a/.github/workflows/deploy.yml +++ /dev/null @@ -1,83 +0,0 @@ -# Main build pipeline that verifies, builds, and deploys the software -name: Build and Deploy -# Events that trigger the workflow -on: - # Trigger based on push to all branches - push: - branches: - - 'development' - - 'feature/**' - - 'release/**' - - 'main' - tags-ignore: - - '*' - # Run workflow manually from the Actions tab - workflow_dispatch: - -jobs: - build: - name: Build and Deploy - # The type of runner that the job will run on - runs-on: ubuntu-latest - steps: - - # SIT environment variables - - name: Set Environment Variables - if: | - startsWith(github.ref, 'refs/heads/development') || - startsWith(github.ref, 'refs/heads/feature') - run: | - echo "TARGET_ENV=SIT" >> $GITHUB_ENV - echo "PREFIX_ENV=service-generate-sit" >> $GITHUB_ENV - - # UAT environment variables - - name: Set Environment Variables - if: startsWith(github.ref, 'refs/heads/release') - run: | - echo "TARGET_ENV=UAT" >> $GITHUB_ENV - echo "PREFIX_ENV=service-generate-uat" >> $GITHUB_ENV - - # OPS environment variables - - name: Set Environment Variables - if: startsWith(github.ref, 'refs/heads/main') - run: | - echo "TARGET_ENV=OPS" >> $GITHUB_ENV - echo "PREFIX_ENV=service-generate-ops" >> $GITHUB_ENV - - # # Check out GitHub repo - # - uses: actions/checkout@v3 - - # # Set up Terraform - # - name: Setup Terraform - # uses: hashicorp/setup-terraform@v2.0.3 - # with: - # terraform_version: 1.3.7 - - # # Validate Terraform file - # - name: Validate Terraform - # run: terraform validate -no-color - - # # Set up TF_VAR environment variables - # - name: TF_VAR values - # run: | - # echo "TF_VAR_environment=$TARGET_ENV" >> $GITHUB_ENV - # echo "TF_VAR_prefix=$PREFIX_ENV" >> $GITHUB_ENV - # echo "TF_VAR_cross_account_id=${{ secrets[format('CROSS_ACCOUNT_ID_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV - # echo "TF_VAR_sns_topic_email=${{ secrets[format('SNS_TOPIC_EMAIL_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV - - # # Deploy Terraform - # - name: Deploy Terraform - # working-directory: terraform/ - # env: - # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_SERVICES_SIT }} - # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_SERVICES_SIT }} - # AWS_DEFAULT_REGION: us-west-2 - - # # Set TF_VAR environment variables, initialize and run terraform - # run: | - # terraform init -reconfigure \ - # -backend-config="bucket=${PREFIX_ENV}-tf-state" \ - # -backend-config="key=generate.tfstate" \ - # -backend-config="region=${AWS_DEFAULT_REGION}" - - # terraform apply -auto-approve From 9798f7a0f5afe88c4b83b679fe58b506d6efc77b Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Thu, 27 Apr 2023 17:32:55 +0000 Subject: [PATCH 33/58] Read aws credentials from target environment variable --- .github/workflows/deploy-generate.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-generate.yml b/.github/workflows/deploy-generate.yml index caa9fc7..3de4d8a 100644 --- a/.github/workflows/deploy-generate.yml +++ b/.github/workflows/deploy-generate.yml @@ -69,8 +69,8 @@ jobs: - name: Deploy Terraform working-directory: terraform/ env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_SERVICES_SIT }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_SERVICES_SIT }} + AWS_ACCESS_KEY_ID: ${{ secrets[format.('AWS_ACCESS_KEY_ID_SERVICES_SIT_{0}', env.TARGET_ENV)] }} + AWS_SECRET_ACCESS_KEY: ${{ secrets[format.('AWS_SECRET_ACCESS_KEY_SERVICES_{0}', env.TARGET_ENV)] }} AWS_DEFAULT_REGION: us-west-2 # Set TF_VAR environment variables, initialize and run terraform From 661f3320ab962c2bee63ee2fc1c863bd40e01631 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Thu, 27 Apr 2023 17:35:20 +0000 Subject: [PATCH 34/58] Read aws credentials from target environment variable --- .github/workflows/deploy-generate.yml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/.github/workflows/deploy-generate.yml b/.github/workflows/deploy-generate.yml index 3de4d8a..5afa18a 100644 --- a/.github/workflows/deploy-generate.yml +++ b/.github/workflows/deploy-generate.yml @@ -57,23 +57,20 @@ jobs: - name: Validate Terraform run: terraform validate -no-color - # Set up TF_VAR environment variables + # Set up TF_VAR and AWS credentials environment variables - name: TF_VAR values run: | echo "TF_VAR_environment=$TARGET_ENV" >> $GITHUB_ENV echo "TF_VAR_prefix=$PREFIX_ENV" >> $GITHUB_ENV echo "TF_VAR_cross_account_id=${{ secrets[format('CROSS_ACCOUNT_ID_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV echo "TF_VAR_sns_topic_email=${{ secrets[format('SNS_TOPIC_EMAIL_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV + echo "AWS_ACCESS_KEY_ID=${{ secrets[format.('AWS_ACCESS_KEY_ID_SERVICES_SIT_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV + echo "AWS_SECRET_ACCESS_KEY=${{ secrets[format.('AWS_SECRET_ACCESS_KEY_SERVICES_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV + echo "AWS_DEFAULT_REGION=us-west-2" >> $GITHUB_ENV # Deploy Terraform - name: Deploy Terraform working-directory: terraform/ - env: - AWS_ACCESS_KEY_ID: ${{ secrets[format.('AWS_ACCESS_KEY_ID_SERVICES_SIT_{0}', env.TARGET_ENV)] }} - AWS_SECRET_ACCESS_KEY: ${{ secrets[format.('AWS_SECRET_ACCESS_KEY_SERVICES_{0}', env.TARGET_ENV)] }} - AWS_DEFAULT_REGION: us-west-2 - - # Set TF_VAR environment variables, initialize and run terraform run: | terraform init -reconfigure \ -backend-config="bucket=${PREFIX_ENV}-tf-state" \ From acffb1b3dc45120b31aa3a9517171a65024f7bb8 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Thu, 27 Apr 2023 17:36:11 +0000 Subject: [PATCH 35/58] Fix format syntax --- .github/workflows/deploy-generate.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-generate.yml b/.github/workflows/deploy-generate.yml index 5afa18a..c0fcc4f 100644 --- a/.github/workflows/deploy-generate.yml +++ b/.github/workflows/deploy-generate.yml @@ -64,8 +64,8 @@ jobs: echo "TF_VAR_prefix=$PREFIX_ENV" >> $GITHUB_ENV echo "TF_VAR_cross_account_id=${{ secrets[format('CROSS_ACCOUNT_ID_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV echo "TF_VAR_sns_topic_email=${{ secrets[format('SNS_TOPIC_EMAIL_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV - echo "AWS_ACCESS_KEY_ID=${{ secrets[format.('AWS_ACCESS_KEY_ID_SERVICES_SIT_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV - echo "AWS_SECRET_ACCESS_KEY=${{ secrets[format.('AWS_SECRET_ACCESS_KEY_SERVICES_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV + echo "AWS_ACCESS_KEY_ID=${{ secrets[format('AWS_ACCESS_KEY_ID_SERVICES_SIT_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV + echo "AWS_SECRET_ACCESS_KEY=${{ secrets[format('AWS_SECRET_ACCESS_KEY_SERVICES_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV echo "AWS_DEFAULT_REGION=us-west-2" >> $GITHUB_ENV # Deploy Terraform From 3f24b9e7dd09a96dce136773c1fd74427eb35004 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Thu, 27 Apr 2023 17:37:46 +0000 Subject: [PATCH 36/58] Fix reference to target environment --- .github/workflows/deploy-generate.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-generate.yml b/.github/workflows/deploy-generate.yml index c0fcc4f..3681047 100644 --- a/.github/workflows/deploy-generate.yml +++ b/.github/workflows/deploy-generate.yml @@ -58,13 +58,13 @@ jobs: run: terraform validate -no-color # Set up TF_VAR and AWS credentials environment variables - - name: TF_VAR values + - name: TF_VAR and AWS credentials run: | echo "TF_VAR_environment=$TARGET_ENV" >> $GITHUB_ENV echo "TF_VAR_prefix=$PREFIX_ENV" >> $GITHUB_ENV echo "TF_VAR_cross_account_id=${{ secrets[format('CROSS_ACCOUNT_ID_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV echo "TF_VAR_sns_topic_email=${{ secrets[format('SNS_TOPIC_EMAIL_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV - echo "AWS_ACCESS_KEY_ID=${{ secrets[format('AWS_ACCESS_KEY_ID_SERVICES_SIT_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV + echo "AWS_ACCESS_KEY_ID=${{ secrets[format('AWS_ACCESS_KEY_ID_SERVICES_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV echo "AWS_SECRET_ACCESS_KEY=${{ secrets[format('AWS_SECRET_ACCESS_KEY_SERVICES_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV echo "AWS_DEFAULT_REGION=us-west-2" >> $GITHUB_ENV From 777760e26bb6ad977e89cab1a16ecb433f523c7d Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Fri, 28 Apr 2023 14:44:07 +0000 Subject: [PATCH 37/58] Support deletion of AWS resources via terraform destroy --- terraform/generate-batch.tf | 12 +++++++++--- terraform/generate-ecr.tf | 8 ++++++++ terraform/generate-s3.tf | 3 +++ 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/terraform/generate-batch.tf b/terraform/generate-batch.tf index 8643e1b..ae16ff3 100644 --- a/terraform/generate-batch.tf +++ b/terraform/generate-batch.tf @@ -44,7 +44,9 @@ resource "aws_batch_compute_environment" "generate_aqua" { type = "MANAGED" depends_on = [ - aws_iam_role.aws_batch_service_role + aws_iam_role.aws_batch_service_role, + aws_iam_policy.batch_service_role_policy, + aws_iam_role_policy_attachment.aws_batch_service_role_policy_attach ] } @@ -98,7 +100,9 @@ resource "aws_batch_compute_environment" "generate_terra" { type = "MANAGED" depends_on = [ - aws_iam_role.aws_batch_service_role + aws_iam_role.aws_batch_service_role, + aws_iam_policy.batch_service_role_policy, + aws_iam_role_policy_attachment.aws_batch_service_role_policy_attach ] } @@ -152,7 +156,9 @@ resource "aws_batch_compute_environment" "generate_viirs" { type = "MANAGED" depends_on = [ - aws_iam_role.aws_batch_service_role + aws_iam_role.aws_batch_service_role, + aws_iam_policy.batch_service_role_policy, + aws_iam_role_policy_attachment.aws_batch_service_role_policy_attach ] } diff --git a/terraform/generate-ecr.tf b/terraform/generate-ecr.tf index 2ddbe44..b3ebd71 100644 --- a/terraform/generate-ecr.tf +++ b/terraform/generate-ecr.tf @@ -2,6 +2,7 @@ resource "aws_ecr_repository" "download_list_creator" { name = "${var.prefix}-download-list-creator" image_tag_mutability = "MUTABLE" + force_delete = true image_scanning_configuration { scan_on_push = false } @@ -11,6 +12,7 @@ resource "aws_ecr_repository" "download_list_creator" { resource "aws_ecr_repository" "partition_submit" { name = "${var.prefix}-partition-submit" image_tag_mutability = "MUTABLE" + force_delete = true image_scanning_configuration { scan_on_push = false } @@ -20,6 +22,7 @@ resource "aws_ecr_repository" "partition_submit" { resource "aws_ecr_repository" "downloader" { name = "${var.prefix}-downloader" image_tag_mutability = "MUTABLE" + force_delete = true image_scanning_configuration { scan_on_push = false } @@ -29,6 +32,7 @@ resource "aws_ecr_repository" "downloader" { resource "aws_ecr_repository" "combiner" { name = "${var.prefix}-combiner" image_tag_mutability = "MUTABLE" + force_delete = true image_scanning_configuration { scan_on_push = false } @@ -38,6 +42,7 @@ resource "aws_ecr_repository" "combiner" { resource "aws_ecr_repository" "processor" { name = "${var.prefix}-processor" image_tag_mutability = "MUTABLE" + force_delete = true image_scanning_configuration { scan_on_push = false } @@ -47,6 +52,7 @@ resource "aws_ecr_repository" "processor" { resource "aws_ecr_repository" "uploader" { name = "${var.prefix}-uploader" image_tag_mutability = "MUTABLE" + force_delete = true image_scanning_configuration { scan_on_push = false } @@ -56,6 +62,7 @@ resource "aws_ecr_repository" "uploader" { resource "aws_ecr_repository" "license_returner" { name = "${var.prefix}-license-returner" image_tag_mutability = "MUTABLE" + force_delete = true image_scanning_configuration { scan_on_push = false } @@ -65,6 +72,7 @@ resource "aws_ecr_repository" "license_returner" { resource "aws_ecr_repository" "reporter" { name = "${var.prefix}-reporter" image_tag_mutability = "MUTABLE" + force_delete = true image_scanning_configuration { scan_on_push = false } diff --git a/terraform/generate-s3.tf b/terraform/generate-s3.tf index db4b8c9..41305a2 100644 --- a/terraform/generate-s3.tf +++ b/terraform/generate-s3.tf @@ -1,6 +1,7 @@ # S3 Bucket to hold final L2P granules resource "aws_s3_bucket" "aws_s3_bucket_final_granules" { bucket = "${var.prefix}-l2p-granules" + force_destroy = true tags = { Name = "${var.prefix}-l2p-granules" } } @@ -59,6 +60,7 @@ resource "aws_s3_bucket_policy" "allow_access_from_another_account" { # Bucket to hold download lists resource "aws_s3_bucket" "aws_s3_bucket_dlc" { bucket = "${var.prefix}-download-lists" + force_destroy = true tags = { Name = "${var.prefix}-download-lists" } } @@ -90,6 +92,7 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "aws_s3_bucket_dlc # Bucket to hold IDL client files resource "aws_s3_bucket" "aws_s3_bucket_idl_client" { bucket = "${var.prefix}-idl-client" + force_destroy = true tags = { Name = "${var.prefix}-idl-client" } } From a25ef0bd94ae8a3c4d5d1956b75916ce6473ce22 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Fri, 28 Apr 2023 15:56:46 +0000 Subject: [PATCH 38/58] Update posix user for partition & submit --- terraform/generate-efs.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/generate-efs.tf b/terraform/generate-efs.tf index 1700756..ddf9d4d 100644 --- a/terraform/generate-efs.tf +++ b/terraform/generate-efs.tf @@ -21,8 +21,8 @@ resource "aws_efs_access_point" "generate_efs_ap_ps" { file_system_id = aws_efs_file_system.generate_efs_fs.id tags = { Name = "${var.prefix}-partition-submit" } posix_user { - gid = 1000 - uid = 1000 + gid = 0 + uid = 0 } root_directory { creation_info { From 46b4b8f1c6361e8f26ccd374131f988a6bd2c227 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Tue, 2 May 2023 17:12:24 +0000 Subject: [PATCH 39/58] Allow root posix user for reporter creation of reports --- terraform/generate-efs.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/generate-efs.tf b/terraform/generate-efs.tf index ddf9d4d..4412ebf 100644 --- a/terraform/generate-efs.tf +++ b/terraform/generate-efs.tf @@ -57,8 +57,8 @@ resource "aws_efs_access_point" "generate_efs_ap_r" { file_system_id = aws_efs_file_system.generate_efs_fs.id tags = { Name = "${var.prefix}-reporter" } posix_user { - gid = 1000 - uid = 1000 + gid = 0 + uid = 0 } root_directory { creation_info { From cc5199b1e051dbf9da848e3be71a86187d0d0473 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Thu, 4 May 2023 13:58:36 +0000 Subject: [PATCH 40/58] Move EDL token creation to top-level --- terraform/generate-ssm.tf | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/terraform/generate-ssm.tf b/terraform/generate-ssm.tf index 2b38536..d1bfa9f 100644 --- a/terraform/generate-ssm.tf +++ b/terraform/generate-ssm.tf @@ -1,4 +1,4 @@ -# SSM Parameter Store parameters for IDL idlenses +# SSM Parameter Store parameters for IDL licenses # MODIS Aqua resource "aws_ssm_parameter" "aws_ssm_parameter_ps_idl_aqua" { name = "${var.prefix}-idl-aqua" @@ -32,4 +32,13 @@ resource "aws_ssm_parameter" "aws_ssm_parameter_ps_idl_ret" { name = "${var.prefix}-idl-retrieving-license" type = "String" value = "False" +} + +# SSM Parameter Store parameter to EDL bearer token +resource "aws_ssm_parameter" "aws_ssm_parameter_edl_token" { + name = "${var.prefix}-edl-token" + description = "Temporary EDL bearer token" + type = "SecureString" + value = "start" + overwrite = true } \ No newline at end of file From 6fe7bb0f5b38556ab6d37e15c8b7660f8a97b2ef Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Mon, 15 May 2023 14:44:12 +0000 Subject: [PATCH 41/58] Update to central S3 bucket for Generate data --- terraform/generate-s3.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/generate-s3.tf b/terraform/generate-s3.tf index 41305a2..95a712c 100644 --- a/terraform/generate-s3.tf +++ b/terraform/generate-s3.tf @@ -59,9 +59,9 @@ resource "aws_s3_bucket_policy" "allow_access_from_another_account" { # Bucket to hold download lists resource "aws_s3_bucket" "aws_s3_bucket_dlc" { - bucket = "${var.prefix}-download-lists" + bucket = "${var.prefix}" force_destroy = true - tags = { Name = "${var.prefix}-download-lists" } + tags = { Name = "${var.prefix}" } } resource "aws_s3_bucket_public_access_block" "aws_s3_bucket_dlc_public_block" { From 30c8b4fe71d0af5250326bc4ab503974e9e2d9f4 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Tue, 16 May 2023 17:51:54 +0000 Subject: [PATCH 42/58] Update IDL licenses per dataset --- terraform/generate-ssm.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/terraform/generate-ssm.tf b/terraform/generate-ssm.tf index d1bfa9f..841c30c 100644 --- a/terraform/generate-ssm.tf +++ b/terraform/generate-ssm.tf @@ -3,28 +3,28 @@ resource "aws_ssm_parameter" "aws_ssm_parameter_ps_idl_aqua" { name = "${var.prefix}-idl-aqua" type = "String" - value = "4" + value = "6" } # MODIS Terra resource "aws_ssm_parameter" "aws_ssm_parameter_ps_idl_terra" { name = "${var.prefix}-idl-terra" type = "String" - value = "4" + value = "6" } # VIIRS resource "aws_ssm_parameter" "aws_ssm_parameter_ps_idl_viirs" { name = "${var.prefix}-idl-viirs" type = "String" - value = "4" + value = "6" } # Floating resource "aws_ssm_parameter" "aws_ssm_parameter_ps_idl_floating" { name = "${var.prefix}-idl-floating" type = "String" - value = "4" + value = "2" } # Retrieval indicator From ae3cadeda99f870176844da34621ccdcef51e078 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Wed, 17 May 2023 22:40:35 +0000 Subject: [PATCH 43/58] Remove upload of IDL files - Includes formatting fixes --- terraform/generate-batch.tf | 8 +++--- terraform/generate-ecr.tf | 16 +++++------ terraform/generate-s3.tf | 56 ++++++++----------------------------- terraform/main.tf | 2 +- 4 files changed, 25 insertions(+), 57 deletions(-) diff --git a/terraform/generate-batch.tf b/terraform/generate-batch.tf index ae16ff3..688e852 100644 --- a/terraform/generate-batch.tf +++ b/terraform/generate-batch.tf @@ -44,9 +44,9 @@ resource "aws_batch_compute_environment" "generate_aqua" { type = "MANAGED" depends_on = [ - aws_iam_role.aws_batch_service_role, + aws_iam_role.aws_batch_service_role, aws_iam_policy.batch_service_role_policy, - aws_iam_role_policy_attachment.aws_batch_service_role_policy_attach + aws_iam_role_policy_attachment.aws_batch_service_role_policy_attach ] } @@ -100,7 +100,7 @@ resource "aws_batch_compute_environment" "generate_terra" { type = "MANAGED" depends_on = [ - aws_iam_role.aws_batch_service_role, + aws_iam_role.aws_batch_service_role, aws_iam_policy.batch_service_role_policy, aws_iam_role_policy_attachment.aws_batch_service_role_policy_attach ] @@ -156,7 +156,7 @@ resource "aws_batch_compute_environment" "generate_viirs" { type = "MANAGED" depends_on = [ - aws_iam_role.aws_batch_service_role, + aws_iam_role.aws_batch_service_role, aws_iam_policy.batch_service_role_policy, aws_iam_role_policy_attachment.aws_batch_service_role_policy_attach ] diff --git a/terraform/generate-ecr.tf b/terraform/generate-ecr.tf index b3ebd71..631294b 100644 --- a/terraform/generate-ecr.tf +++ b/terraform/generate-ecr.tf @@ -2,7 +2,7 @@ resource "aws_ecr_repository" "download_list_creator" { name = "${var.prefix}-download-list-creator" image_tag_mutability = "MUTABLE" - force_delete = true + force_delete = true image_scanning_configuration { scan_on_push = false } @@ -12,7 +12,7 @@ resource "aws_ecr_repository" "download_list_creator" { resource "aws_ecr_repository" "partition_submit" { name = "${var.prefix}-partition-submit" image_tag_mutability = "MUTABLE" - force_delete = true + force_delete = true image_scanning_configuration { scan_on_push = false } @@ -22,7 +22,7 @@ resource "aws_ecr_repository" "partition_submit" { resource "aws_ecr_repository" "downloader" { name = "${var.prefix}-downloader" image_tag_mutability = "MUTABLE" - force_delete = true + force_delete = true image_scanning_configuration { scan_on_push = false } @@ -32,7 +32,7 @@ resource "aws_ecr_repository" "downloader" { resource "aws_ecr_repository" "combiner" { name = "${var.prefix}-combiner" image_tag_mutability = "MUTABLE" - force_delete = true + force_delete = true image_scanning_configuration { scan_on_push = false } @@ -42,7 +42,7 @@ resource "aws_ecr_repository" "combiner" { resource "aws_ecr_repository" "processor" { name = "${var.prefix}-processor" image_tag_mutability = "MUTABLE" - force_delete = true + force_delete = true image_scanning_configuration { scan_on_push = false } @@ -52,7 +52,7 @@ resource "aws_ecr_repository" "processor" { resource "aws_ecr_repository" "uploader" { name = "${var.prefix}-uploader" image_tag_mutability = "MUTABLE" - force_delete = true + force_delete = true image_scanning_configuration { scan_on_push = false } @@ -62,7 +62,7 @@ resource "aws_ecr_repository" "uploader" { resource "aws_ecr_repository" "license_returner" { name = "${var.prefix}-license-returner" image_tag_mutability = "MUTABLE" - force_delete = true + force_delete = true image_scanning_configuration { scan_on_push = false } @@ -72,7 +72,7 @@ resource "aws_ecr_repository" "license_returner" { resource "aws_ecr_repository" "reporter" { name = "${var.prefix}-reporter" image_tag_mutability = "MUTABLE" - force_delete = true + force_delete = true image_scanning_configuration { scan_on_push = false } diff --git a/terraform/generate-s3.tf b/terraform/generate-s3.tf index 95a712c..8d1d258 100644 --- a/terraform/generate-s3.tf +++ b/terraform/generate-s3.tf @@ -1,8 +1,8 @@ # S3 Bucket to hold final L2P granules resource "aws_s3_bucket" "aws_s3_bucket_final_granules" { - bucket = "${var.prefix}-l2p-granules" + bucket = "${var.prefix}-l2p-granules" force_destroy = true - tags = { Name = "${var.prefix}-l2p-granules" } + tags = { Name = "${var.prefix}-l2p-granules" } } resource "aws_s3_bucket_public_access_block" "aws_s3_bucket_idl_server_public_block" { @@ -57,62 +57,30 @@ resource "aws_s3_bucket_policy" "allow_access_from_another_account" { }) } -# Bucket to hold download lists -resource "aws_s3_bucket" "aws_s3_bucket_dlc" { - bucket = "${var.prefix}" +# Bucket to hold Generate data including download lists +resource "aws_s3_bucket" "aws_s3_bucket_gen" { + bucket = var.prefix force_destroy = true - tags = { Name = "${var.prefix}" } + tags = { Name = "${var.prefix}" } } -resource "aws_s3_bucket_public_access_block" "aws_s3_bucket_dlc_public_block" { - bucket = aws_s3_bucket.aws_s3_bucket_dlc.id +resource "aws_s3_bucket_public_access_block" "aws_s3_bucket_gen_public_block" { + bucket = aws_s3_bucket.aws_s3_bucket_gen.id block_public_acls = true block_public_policy = true ignore_public_acls = true restrict_public_buckets = true } -resource "aws_s3_bucket_ownership_controls" "aws_s3_bucket_dlc_ownership" { - bucket = aws_s3_bucket.aws_s3_bucket_dlc.id +resource "aws_s3_bucket_ownership_controls" "aws_s3_bucket_gen_ownership" { + bucket = aws_s3_bucket.aws_s3_bucket_gen.id rule { object_ownership = "BucketOwnerEnforced" } } -resource "aws_s3_bucket_server_side_encryption_configuration" "aws_s3_bucket_dlc_encryption" { - bucket = aws_s3_bucket.aws_s3_bucket_dlc.bucket - rule { - apply_server_side_encryption_by_default { - sse_algorithm = "aws:kms" - kms_master_key_id = "aws/s3" - } - } -} - -# Bucket to hold IDL client files -resource "aws_s3_bucket" "aws_s3_bucket_idl_client" { - bucket = "${var.prefix}-idl-client" - force_destroy = true - tags = { Name = "${var.prefix}-idl-client" } -} - -resource "aws_s3_bucket_public_access_block" "aws_s3_bucket_idl_client_public_block" { - bucket = aws_s3_bucket.aws_s3_bucket_idl_client.id - block_public_acls = true - block_public_policy = true - ignore_public_acls = true - restrict_public_buckets = true -} - -resource "aws_s3_bucket_ownership_controls" "aws_s3_bucket_idl_client_ownership" { - bucket = aws_s3_bucket.aws_s3_bucket_idl_client.id - rule { - object_ownership = "BucketOwnerEnforced" - } -} - -resource "aws_s3_bucket_server_side_encryption_configuration" "aws_s3_bucket_idl_client_encryption" { - bucket = aws_s3_bucket.aws_s3_bucket_idl_client.bucket +resource "aws_s3_bucket_server_side_encryption_configuration" "aws_s3_bucket_gen_encryption" { + bucket = aws_s3_bucket.aws_s3_bucket_gen.bucket rule { apply_server_side_encryption_by_default { sse_algorithm = "aws:kms" diff --git a/terraform/main.tf b/terraform/main.tf index 3222fd1..d7dc2d9 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -18,7 +18,7 @@ provider "aws" { ignore_tags { key_prefixes = ["gsfc-ngap"] } - region = var.aws_region + region = var.aws_region } # Data sources From 000121a9038f1a92269bfdfb0b5b13a3b47c2545 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Tue, 6 Jun 2023 13:43:41 +0000 Subject: [PATCH 44/58] Increase max vcpus for batch compute environment --- terraform/generate-batch.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform/generate-batch.tf b/terraform/generate-batch.tf index 688e852..81fdb03 100644 --- a/terraform/generate-batch.tf +++ b/terraform/generate-batch.tf @@ -30,7 +30,7 @@ resource "aws_batch_compute_environment" "generate_aqua" { launch_template_id = aws_launch_template.aws_batch_ce_lt.id version = aws_launch_template.aws_batch_ce_lt.latest_version } - max_vcpus = 32 + max_vcpus = 128 min_vcpus = 0 security_group_ids = data.aws_security_groups.vpc_default_sg.ids subnets = data.aws_subnets.private_application_subnets.ids @@ -86,7 +86,7 @@ resource "aws_batch_compute_environment" "generate_terra" { launch_template_id = aws_launch_template.aws_batch_ce_lt.id version = aws_launch_template.aws_batch_ce_lt.latest_version } - max_vcpus = 32 + max_vcpus = 128 min_vcpus = 0 security_group_ids = data.aws_security_groups.vpc_default_sg.ids subnets = data.aws_subnets.private_application_subnets.ids @@ -142,7 +142,7 @@ resource "aws_batch_compute_environment" "generate_viirs" { launch_template_id = aws_launch_template.aws_batch_ce_lt.id version = aws_launch_template.aws_batch_ce_lt.latest_version } - max_vcpus = 32 + max_vcpus = 128 min_vcpus = 0 security_group_ids = data.aws_security_groups.vpc_default_sg.ids subnets = data.aws_subnets.private_application_subnets.ids From 2a7fc83816532e78384ddd41af9dec0108ca6024 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Thu, 20 Jul 2023 14:55:23 +0000 Subject: [PATCH 45/58] Set log retention to infinite --- terraform/generate-cw.tf | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/terraform/generate-cw.tf b/terraform/generate-cw.tf index 5ee864a..8151077 100644 --- a/terraform/generate-cw.tf +++ b/terraform/generate-cw.tf @@ -3,44 +3,44 @@ # Downloader resource "aws_cloudwatch_log_group" "generate_cw_log_group_downloader" { name = "/aws/batch/job/${var.prefix}-downloader/" - retention_in_days = 120 + retention_in_days = 0 } resource "aws_cloudwatch_log_group" "generate_cw_log_group_downloader_error" { name = "/aws/batch/job/${var.prefix}-downloader-errors/" - retention_in_days = 120 + retention_in_days = 0 } # Combiner resource "aws_cloudwatch_log_group" "generate_cw_log_group_combiner" { name = "/aws/batch/job/${var.prefix}-combiner/" - retention_in_days = 120 + retention_in_days = 0 } resource "aws_cloudwatch_log_group" "generate_cw_log_group_combiner_error" { name = "/aws/batch/job/${var.prefix}-combiner-errors/" - retention_in_days = 120 + retention_in_days = 0 } # Processor resource "aws_cloudwatch_log_group" "generate_cw_log_group_processor" { name = "/aws/batch/job/${var.prefix}-processor/" - retention_in_days = 120 + retention_in_days = 0 } resource "aws_cloudwatch_log_group" "generate_cw_log_group_processor_error" { name = "/aws/batch/job/${var.prefix}-processor-errors/" - retention_in_days = 120 + retention_in_days = 0 } # Uploader resource "aws_cloudwatch_log_group" "generate_cw_log_group_uploader" { name = "/aws/batch/job/${var.prefix}-uploader/" - retention_in_days = 120 + retention_in_days = 0 } # CloudWatch Logs resource "aws_cloudwatch_log_group" "generate_cw_log_group_license_returner" { name = "/aws/batch/job/${var.prefix}-license-returner/" - retention_in_days = 120 + retention_in_days = 0 } \ No newline at end of file From d51dc3b8e73fded561976d581cef01baa5331d07 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Tue, 25 Jul 2023 22:02:07 +0000 Subject: [PATCH 46/58] Create purger ECR repo --- terraform/generate-ecr.tf | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/terraform/generate-ecr.tf b/terraform/generate-ecr.tf index 631294b..71431c5 100644 --- a/terraform/generate-ecr.tf +++ b/terraform/generate-ecr.tf @@ -76,4 +76,14 @@ resource "aws_ecr_repository" "reporter" { image_scanning_configuration { scan_on_push = false } +} + +# Purger +resource "aws_ecr_repository" "purger" { + name = "${var.prefix}-purger" + image_tag_mutability = "MUTABLE" + force_delete = true + image_scanning_configuration { + scan_on_push = false + } } \ No newline at end of file From 72989f5fc2f7b5a1afb5117fa2d09c2f26063331 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Mon, 31 Jul 2023 15:07:50 +0000 Subject: [PATCH 47/58] Remove SSM Parameter Store parameter for EDL token - ORG AWS credentials not working --- .github/workflows/deploy-generate.yml | 4 ++-- terraform/generate-ssm.tf | 9 --------- 2 files changed, 2 insertions(+), 11 deletions(-) diff --git a/.github/workflows/deploy-generate.yml b/.github/workflows/deploy-generate.yml index 3681047..7c135cb 100644 --- a/.github/workflows/deploy-generate.yml +++ b/.github/workflows/deploy-generate.yml @@ -64,8 +64,8 @@ jobs: echo "TF_VAR_prefix=$PREFIX_ENV" >> $GITHUB_ENV echo "TF_VAR_cross_account_id=${{ secrets[format('CROSS_ACCOUNT_ID_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV echo "TF_VAR_sns_topic_email=${{ secrets[format('SNS_TOPIC_EMAIL_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV - echo "AWS_ACCESS_KEY_ID=${{ secrets[format('AWS_ACCESS_KEY_ID_SERVICES_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV - echo "AWS_SECRET_ACCESS_KEY=${{ secrets[format('AWS_SECRET_ACCESS_KEY_SERVICES_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV + echo "AWS_ACCESS_KEY_ID=${{ secrets[format('AWS_ACCESS_KEY_ID_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV + echo "AWS_SECRET_ACCESS_KEY=${{ secrets[format('AWS_SECRET_ACCESS_KEY_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV echo "AWS_DEFAULT_REGION=us-west-2" >> $GITHUB_ENV # Deploy Terraform diff --git a/terraform/generate-ssm.tf b/terraform/generate-ssm.tf index 841c30c..245aeb5 100644 --- a/terraform/generate-ssm.tf +++ b/terraform/generate-ssm.tf @@ -33,12 +33,3 @@ resource "aws_ssm_parameter" "aws_ssm_parameter_ps_idl_ret" { type = "String" value = "False" } - -# SSM Parameter Store parameter to EDL bearer token -resource "aws_ssm_parameter" "aws_ssm_parameter_edl_token" { - name = "${var.prefix}-edl-token" - description = "Temporary EDL bearer token" - type = "SecureString" - value = "start" - overwrite = true -} \ No newline at end of file From 705bad8fbc2725506b44140ade73dfddcf09198f Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Thu, 3 Aug 2023 15:48:29 +0000 Subject: [PATCH 48/58] Implement SNYK blocking and report --- .github/workflows/deploy-generate.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/.github/workflows/deploy-generate.yml b/.github/workflows/deploy-generate.yml index 3681047..2eb1bf6 100644 --- a/.github/workflows/deploy-generate.yml +++ b/.github/workflows/deploy-generate.yml @@ -46,6 +46,30 @@ jobs: # Check out GitHub repo - uses: actions/checkout@v3 + + # SNYK blocking + - name: Run Snyk as a blocking step + uses: snyk/actions/python-3.8@master + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + command: test + args: > + --org=${{ secrets.SNYK_ORG_ID }} + --project-name=${{ github.repository }} + --severity-threshold=high + --fail-on=all + + # SNYK report + - name: Run Snyk on Python + uses: snyk/actions/python-3.8@master + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + command: monitor + args: > + --org=${{ secrets.SNYK_ORG_ID }} + --project-name=${{ github.repository }} # Set up Terraform - name: Setup Terraform From 097f201f6ecb8912953382a7985b71568bb5f785 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Thu, 3 Aug 2023 16:40:49 +0000 Subject: [PATCH 49/58] Modify snyk test argument to include entire codebase --- .github/workflows/deploy-generate.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/deploy-generate.yml b/.github/workflows/deploy-generate.yml index 2eb1bf6..7ab9300 100644 --- a/.github/workflows/deploy-generate.yml +++ b/.github/workflows/deploy-generate.yml @@ -57,6 +57,7 @@ jobs: args: > --org=${{ secrets.SNYK_ORG_ID }} --project-name=${{ github.repository }} + --all-projects --severity-threshold=high --fail-on=all From a13465a9c9cdc4fdcabc774ba848342fae4a8234 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Thu, 3 Aug 2023 16:48:03 +0000 Subject: [PATCH 50/58] Modify snyk test argument to include entire codebase v1 --- .github/workflows/deploy-generate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-generate.yml b/.github/workflows/deploy-generate.yml index 7ab9300..f15e5e1 100644 --- a/.github/workflows/deploy-generate.yml +++ b/.github/workflows/deploy-generate.yml @@ -57,7 +57,7 @@ jobs: args: > --org=${{ secrets.SNYK_ORG_ID }} --project-name=${{ github.repository }} - --all-projects + --detection-depth=5 --severity-threshold=high --fail-on=all From 4cc97b3272105cd04b9fd47f4d396dabf4cbbdda Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Thu, 3 Aug 2023 16:53:23 +0000 Subject: [PATCH 51/58] Change working directory to 'terraform' for SNYK action --- .github/workflows/deploy-generate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-generate.yml b/.github/workflows/deploy-generate.yml index f15e5e1..66244d2 100644 --- a/.github/workflows/deploy-generate.yml +++ b/.github/workflows/deploy-generate.yml @@ -52,12 +52,12 @@ jobs: uses: snyk/actions/python-3.8@master env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + working-directory: ./terraform with: command: test args: > --org=${{ secrets.SNYK_ORG_ID }} --project-name=${{ github.repository }} - --detection-depth=5 --severity-threshold=high --fail-on=all From 7e9a4085a1d441604c274801667704547db3bf9b Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Thu, 3 Aug 2023 17:34:07 +0000 Subject: [PATCH 52/58] Modify action to use infrastructure as code for SNYK --- .github/workflows/deploy-generate.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy-generate.yml b/.github/workflows/deploy-generate.yml index 66244d2..6d343e8 100644 --- a/.github/workflows/deploy-generate.yml +++ b/.github/workflows/deploy-generate.yml @@ -49,10 +49,9 @@ jobs: # SNYK blocking - name: Run Snyk as a blocking step - uses: snyk/actions/python-3.8@master + uses: snyk/actions/iac@master env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - working-directory: ./terraform with: command: test args: > @@ -63,7 +62,7 @@ jobs: # SNYK report - name: Run Snyk on Python - uses: snyk/actions/python-3.8@master + uses: snyk/actions/iac@master env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} with: From d456cae7e8db48ae5a97f64776e39a89d305c122 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Thu, 3 Aug 2023 17:38:13 +0000 Subject: [PATCH 53/58] Remove project name for iac action --- .github/workflows/deploy-generate.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/deploy-generate.yml b/.github/workflows/deploy-generate.yml index 6d343e8..cb25d89 100644 --- a/.github/workflows/deploy-generate.yml +++ b/.github/workflows/deploy-generate.yml @@ -56,7 +56,6 @@ jobs: command: test args: > --org=${{ secrets.SNYK_ORG_ID }} - --project-name=${{ github.repository }} --severity-threshold=high --fail-on=all From 462e4c3466ab3d2602e1b4491550bfd984629f5a Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Thu, 3 Aug 2023 17:40:06 +0000 Subject: [PATCH 54/58] Remove fail on argument for iac test --- .github/workflows/deploy-generate.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/deploy-generate.yml b/.github/workflows/deploy-generate.yml index cb25d89..5298a8b 100644 --- a/.github/workflows/deploy-generate.yml +++ b/.github/workflows/deploy-generate.yml @@ -57,7 +57,6 @@ jobs: args: > --org=${{ secrets.SNYK_ORG_ID }} --severity-threshold=high - --fail-on=all # SNYK report - name: Run Snyk on Python From 20efadf069a54bd326fd74d18fc80e56bc01d56d Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Thu, 3 Aug 2023 17:46:58 +0000 Subject: [PATCH 55/58] Modify SNYK action for IAC to scan and report --- .github/workflows/deploy-generate.yml | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/.github/workflows/deploy-generate.yml b/.github/workflows/deploy-generate.yml index 5298a8b..423bbb8 100644 --- a/.github/workflows/deploy-generate.yml +++ b/.github/workflows/deploy-generate.yml @@ -47,8 +47,8 @@ jobs: # Check out GitHub repo - uses: actions/checkout@v3 - # SNYK blocking - - name: Run Snyk as a blocking step + # SNYK scan and report + - name: Run Snyk to test and report uses: snyk/actions/iac@master env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} @@ -57,17 +57,7 @@ jobs: args: > --org=${{ secrets.SNYK_ORG_ID }} --severity-threshold=high - - # SNYK report - - name: Run Snyk on Python - uses: snyk/actions/iac@master - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - command: monitor - args: > - --org=${{ secrets.SNYK_ORG_ID }} - --project-name=${{ github.repository }} + --report # Set up Terraform - name: Setup Terraform From 142324fbdd1c5167014e674c557b0eb5eb7746f6 Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Mon, 14 Aug 2023 20:15:26 +0000 Subject: [PATCH 56/58] Add cloudwatch alarm metric for total vCPUs --- .github/workflows/deploy-generate.yml | 1 + terraform/generate-cw.tf | 31 +++++++++++++++++++++++ terraform/generate-sns.tf | 36 +++++++++++++++++++++++++++ terraform/variables.tf | 5 ++++ 4 files changed, 73 insertions(+) diff --git a/.github/workflows/deploy-generate.yml b/.github/workflows/deploy-generate.yml index a017a20..82986af 100644 --- a/.github/workflows/deploy-generate.yml +++ b/.github/workflows/deploy-generate.yml @@ -76,6 +76,7 @@ jobs: echo "TF_VAR_prefix=$PREFIX_ENV" >> $GITHUB_ENV echo "TF_VAR_cross_account_id=${{ secrets[format('CROSS_ACCOUNT_ID_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV echo "TF_VAR_sns_topic_email=${{ secrets[format('SNS_TOPIC_EMAIL_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV + echo "TF_VAR_sns_topic_email_alarms=${{ secrets[format('SNS_TOPIC_EMAIL_ALARMS{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV echo "AWS_ACCESS_KEY_ID=${{ secrets[format('AWS_ACCESS_KEY_ID_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV echo "AWS_SECRET_ACCESS_KEY=${{ secrets[format('AWS_SECRET_ACCESS_KEY_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV echo "AWS_DEFAULT_REGION=us-west-2" >> $GITHUB_ENV diff --git a/terraform/generate-cw.tf b/terraform/generate-cw.tf index 8151077..1eeddf9 100644 --- a/terraform/generate-cw.tf +++ b/terraform/generate-cw.tf @@ -1,3 +1,34 @@ +# CloudWatch Alarm +resource "aws_cloudwatch_metric_alarm" "aws_cloudwatch_ec2_vcpu_alarm" { + alarm_name = "${var.prefix}-ec2-vcpu-alarm" + comparison_operator = "GreaterThanThreshold" + evaluation_periods = "1" + threshold = "85" + alarm_description = "Alarm for when EC2 vCPU usage passes the 85% threshold for all available vCPUs in the account." + alarm_actions = [aws_sns_topic.aws_sns_topic_cloudwatch_alarms.arn] + metric_query { + id = "e1" + expression = "m1/SERVICE_QUOTA(m1)*100" + label = "Percentage" + return_data = "true" + } + metric_query { + id = "m1" + metric { + metric_name = "ResourceCount" + namespace = "AWS/Usage" + period = "180" + stat = "Average" + dimensions = { + Type = "Resource" + Service = "EC2" + Resource = "vCPU" + Class = "Standard/OnDemand" + } + } + } +} + # CloudWatch Logs # Downloader diff --git a/terraform/generate-sns.tf b/terraform/generate-sns.tf index 9ed6530..df744d8 100644 --- a/terraform/generate-sns.tf +++ b/terraform/generate-sns.tf @@ -65,4 +65,40 @@ resource "aws_sns_topic_subscription" "aws_sns_topic_batch_job_failure_subscript endpoint = var.sns_topic_email protocol = "email" topic_arn = aws_sns_topic.aws_sns_topic_batch_job_failure.arn +} + +# SNS Topic for CloudWatch alarms +resource "aws_sns_topic" "aws_sns_topic_cloudwatch_alarms" { + name = "${var.prefix}-cloudwatch-alarms" + display_name = "${var.prefix}-cloudwatch-alarms" +} + +resource "aws_sns_topic_policy" "aws_sns_topic_cloudwatch_alarms_policy" { + arn = aws_sns_topic.aws_sns_topic_cloudwatch_alarms.arn + policy = jsonencode({ + "Version" : "2008-10-17", + "Id" : "__default_policy_ID", + "Statement" : [ + { + "Sid" : "AllowPublishAlarms", + "Effect" : "Allow", + "Principal" : { + "Service" : "cloudwatch.amazonaws.com" + }, + "Action" : "sns:Publish", + "Resource" : "${aws_sns_topic.aws_sns_topic_cloudwatch_alarms.arn}", + "Condition" : { + "ArnLike" : { + "aws:SourceArn" : "arn:aws:cloudwatch:${var.aws_region}:${local.account_id}:alarm:*" + } + } + } + ] + }) +} + +resource "aws_sns_topic_subscription" "aws_sns_topic_cloudwatch_alarms_subscription" { + endpoint = var.sns_topic_email_alarms + protocol = "email" + topic_arn = aws_sns_topic.aws_sns_topic_cloudwatch_alarms.arn } \ No newline at end of file diff --git a/terraform/variables.tf b/terraform/variables.tf index 03a9fdc..7810d1a 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -50,4 +50,9 @@ variable "prefix" { variable "sns_topic_email" { type = string description = "Email to send SNS Topic messages to" +} + +variable "sns_topic_email_alarms" { + type = string + description = "Email to send CloudWatch alarms to" } \ No newline at end of file From 26f26b3787ed777e02664adfea9882c8b1b33eef Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Mon, 14 Aug 2023 20:21:47 +0000 Subject: [PATCH 57/58] Fix typo for alarms email --- .github/workflows/deploy-generate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-generate.yml b/.github/workflows/deploy-generate.yml index 82986af..12504a4 100644 --- a/.github/workflows/deploy-generate.yml +++ b/.github/workflows/deploy-generate.yml @@ -76,7 +76,7 @@ jobs: echo "TF_VAR_prefix=$PREFIX_ENV" >> $GITHUB_ENV echo "TF_VAR_cross_account_id=${{ secrets[format('CROSS_ACCOUNT_ID_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV echo "TF_VAR_sns_topic_email=${{ secrets[format('SNS_TOPIC_EMAIL_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV - echo "TF_VAR_sns_topic_email_alarms=${{ secrets[format('SNS_TOPIC_EMAIL_ALARMS{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV + echo "TF_VAR_sns_topic_email_alarms=${{ secrets[format('SNS_TOPIC_EMAIL_ALARMS_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV echo "AWS_ACCESS_KEY_ID=${{ secrets[format('AWS_ACCESS_KEY_ID_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV echo "AWS_SECRET_ACCESS_KEY=${{ secrets[format('AWS_SECRET_ACCESS_KEY_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV echo "AWS_DEFAULT_REGION=us-west-2" >> $GITHUB_ENV From 47398da3dc24526c19c005fcb5b26b3361f0175e Mon Sep 17 00:00:00 2001 From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com> Date: Wed, 16 Aug 2023 14:58:30 +0000 Subject: [PATCH 58/58] Move to organizational secrets for AWS creds --- .github/workflows/deploy-generate.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-generate.yml b/.github/workflows/deploy-generate.yml index 12504a4..35c097f 100644 --- a/.github/workflows/deploy-generate.yml +++ b/.github/workflows/deploy-generate.yml @@ -77,8 +77,8 @@ jobs: echo "TF_VAR_cross_account_id=${{ secrets[format('CROSS_ACCOUNT_ID_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV echo "TF_VAR_sns_topic_email=${{ secrets[format('SNS_TOPIC_EMAIL_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV echo "TF_VAR_sns_topic_email_alarms=${{ secrets[format('SNS_TOPIC_EMAIL_ALARMS_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV - echo "AWS_ACCESS_KEY_ID=${{ secrets[format('AWS_ACCESS_KEY_ID_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV - echo "AWS_SECRET_ACCESS_KEY=${{ secrets[format('AWS_SECRET_ACCESS_KEY_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV + echo "AWS_ACCESS_KEY_ID=${{ secrets[format('AWS_ACCESS_KEY_ID_SERVICES_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV + echo "AWS_SECRET_ACCESS_KEY=${{ secrets[format('AWS_SECRET_ACCESS_KEY_SERVICES_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV echo "AWS_DEFAULT_REGION=us-west-2" >> $GITHUB_ENV # Deploy Terraform