Skip to content

Commit

Permalink
fix: validate terraform
Browse files Browse the repository at this point in the history
  • Loading branch information
nvernooy committed Jun 21, 2023
1 parent 21d58fc commit 764e4dc
Showing 9 changed files with 28 additions and 16 deletions.
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
#!/bin/bash

MY_IP=$(./bin/get-my-global-ip)
MY_AMI_ID=$(terraform output -raw ami_id | tail -n1)

cat terraform.tfvars.template | sed s/{admin_ip}/$MY_IP/ > terraform.tfvars
cat terraform.tfvars.template | sed "s/{admin_ip}/$MY_IP/;s/{ami_id}/$MY_AMI_ID/" > terraform.tfvars
Original file line number Diff line number Diff line change
@@ -29,7 +29,7 @@ resource "aws_security_group" "admin" {
from_port = 8080
to_port = 8080
protocol = "tcp"
cidr_blocks = var.admin_ip
cidr_blocks = [var.admin_ip]
}

ingress {
@@ -43,7 +43,7 @@ resource "aws_security_group" "admin" {
from_port = 30000
to_port = 40000
protocol = "tcp"
cidr_blocks = var.admin_ip
cidr_blocks = [var.admin_ip]
}

egress {
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
admin_ip = "{admin_ip}/32"
ami_id = "{ami_id}"
Original file line number Diff line number Diff line change
@@ -5,10 +5,10 @@ variable "admin_ip" {
variable "ami_id" {
type = string
description = "AMI id to use in the EC2 instance, warning - will update when AMI updates"
default = data.aws_ami.latest_ubuntu.id
default = "ami-053b0d53c279acc90"
}

# will fetch the latest ubuntu ami
# will fetch the latest ubuntu ami and store in terraform.tfvars
# change ami_id to be constant if you dont want it to change on the next release
data "aws_ami" "latest_ubuntu" {
most_recent = true
Original file line number Diff line number Diff line change
@@ -32,7 +32,7 @@ resource "aws_s3_bucket_ownership_controls" "tf_state_controls" {
}
}

resource "aws_s3_bucket_acl" "acl" {
resource "aws_s3_bucket_acl" "tf_state_acl" {
depends_on = [aws_s3_bucket_ownership_controls.tf_state_controls]

bucket = aws_s3_bucket.terraform_state.id
@@ -53,6 +53,8 @@ resource "aws_dynamodb_table" "terraform_state" {
}
}

#################################################

provider "aws" {
region = module.global_variables.aws_region
assume_role {
8 changes: 8 additions & 0 deletions {{cookiecutter.project_slug}}/terraform/management/locals.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
locals {
common_tags = {
automation = "terraform"
"automation.config" = "{{cookiecutter.project_slug}}"
application = module.global_variables.application
environment = var.environment
}
}
12 changes: 6 additions & 6 deletions {{cookiecutter.project_slug}}/terraform/management/s3.tf
Original file line number Diff line number Diff line change
@@ -1,16 +1,16 @@
resource "aws_s3_bucket" "cloudnative_pg" {
bucket_prefix = "${module.global_variables.application}-cloudnative-pg-"
tags = var.tags
tags = local.common_tags
}

resource "aws_s3_bucket_versioning" "versioning" {
resource "aws_s3_bucket_versioning" "cnpg_versioning" {
bucket = aws_s3_bucket.cloudnative_pg.id
versioning_configuration {
status = "Enabled"
}
}

resource "aws_s3_bucket_server_side_encryption_configuration" "encryption" {
resource "aws_s3_bucket_server_side_encryption_configuration" "cnpg_encryption" {
bucket = aws_s3_bucket.cloudnative_pg.id

rule {
@@ -20,15 +20,15 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "encryption" {
}
}

resource "aws_s3_bucket_ownership_controls" "controls" {
resource "aws_s3_bucket_ownership_controls" "cnpg_controls" {
bucket = aws_s3_bucket.cloudnative_pg.id
rule {
object_ownership = "BucketOwnerPreferred"
}
}

resource "aws_s3_bucket_acl" "acl" {
depends_on = [aws_s3_bucket_ownership_controls.controls]
resource "aws_s3_bucket_acl" "cnpg_acl" {
depends_on = [aws_s3_bucket_ownership_controls.cnpg_controls]

bucket = aws_s3_bucket.cloudnative_pg.id
acl = "private"
4 changes: 2 additions & 2 deletions {{cookiecutter.project_slug}}/terraform/prod/route53.tf
Original file line number Diff line number Diff line change
@@ -5,7 +5,7 @@ data "aws_route53_zone" "route_zone" {

# record for calls to frontend
resource "aws_route53_record" "prod" {
zone_id = aws_route53_zone.route_zone.zone_id
zone_id = data.aws_route53_zone.route_zone.zone_id
name = var.domain
type = "A"
records = [data.aws_instance.ec2_cluster.public_ip]
@@ -14,7 +14,7 @@ resource "aws_route53_record" "prod" {

# record for api calls to backend
resource "aws_route53_record" "prod_api" {
zone_id = aws_route53_zone.route_zone.zone_id
zone_id = data.aws_route53_zone.route_zone.zone_id
name = var.api_domain
type = "A"
records = [data.aws_instance.ec2_cluster.public_ip]
4 changes: 2 additions & 2 deletions {{cookiecutter.project_slug}}/terraform/sandbox/route53.tf
Original file line number Diff line number Diff line change
@@ -5,7 +5,7 @@ data "aws_route53_zone" "route_zone" {

# record for calls to frontend
resource "aws_route53_record" "sandbox" {
zone_id = aws_route53_zone.route_zone.zone_id
zone_id = data.aws_route53_zone.route_zone.zone_id
name = var.domain
type = "A"
records = [data.aws_instance.ec2_cluster.public_ip]
@@ -14,7 +14,7 @@ resource "aws_route53_record" "sandbox" {

# record for api calls to backend
resource "aws_route53_record" "sandbox_api" {
zone_id = aws_route53_zone.route_zone.zone_id
zone_id = data.aws_route53_zone.route_zone.zone_id
name = var.api_domain
type = "A"
records = [data.aws_instance.ec2_cluster.public_ip]

0 comments on commit 764e4dc

Please # to comment.