From 2d83ac67b23e4bb550f83bfa47ede22711181094 Mon Sep 17 00:00:00 2001 From: Bill Monkman Date: Tue, 28 Apr 2020 17:07:35 -0700 Subject: [PATCH 1/2] Add required aws account id to bootstrap so we don't create this stuff in the wrong account --- terraform/bootstrap/remote-state/main.tf | 1 + terraform/bootstrap/secrets/main.tf | 44 +++++++++++++----------- 2 files changed, 24 insertions(+), 21 deletions(-) diff --git a/terraform/bootstrap/remote-state/main.tf b/terraform/bootstrap/remote-state/main.tf index 9072262..f5f72cd 100644 --- a/terraform/bootstrap/remote-state/main.tf +++ b/terraform/bootstrap/remote-state/main.tf @@ -1,5 +1,6 @@ provider "aws" { region = "<% index .Params `region` %>" + allowed_account_ids = "<% index .Params `accountId` %>" } resource "aws_s3_bucket" "terraform_remote_state" { diff --git a/terraform/bootstrap/secrets/main.tf b/terraform/bootstrap/secrets/main.tf index bfaa619..4a5eaf6 100644 --- a/terraform/bootstrap/secrets/main.tf +++ b/terraform/bootstrap/secrets/main.tf @@ -1,30 +1,32 @@ -provider "aws" { - region = "<% index .Params `region` %>" -} +provider "aws" { + region = "<% index .Params `region` %>" + allowed_account_ids = "<% index .Params `accountId` %>" +} + -terraform { - required_version = ">= 0.12" -} +terraform { + required_version = ">= 0.12" +} locals { project = "<% .Name %>" } -# Create the CI User -resource "aws_iam_user" "ci_user" { - name = "${local.project}-ci-user" -} +# Create the CI User +resource "aws_iam_user" "ci_user" { + name = "${local.project}-ci-user" +} -# Create a keypair to be used by CI systems -resource "aws_iam_access_key" "ci_user" { - user = aws_iam_user.ci_user.name -} +# Create a keypair to be used by CI systems +resource "aws_iam_access_key" "ci_user" { + user = aws_iam_user.ci_user.name +} -# Add the keys to AWS secrets manager -module "ci_user_keys" { - source = "../../modules/secret" +# Add the keys to AWS secrets manager +module "ci_user_keys" { + source = "../../modules/secret" - name_prefix = "ci-user-aws-keys" - type = "map" - values = map("access_key_id", aws_iam_access_key.ci_user.id, "secret_key", aws_iam_access_key.ci_user.secret) -} + name_prefix = "ci-user-aws-keys" + type = "map" + values = map("access_key_id", aws_iam_access_key.ci_user.id, "secret_key", aws_iam_access_key.ci_user.secret) +} From c2c8d45d4f8709646dbf8ca976325b3d35e95c34 Mon Sep 17 00:00:00 2001 From: Bill Monkman Date: Tue, 28 Apr 2020 17:41:15 -0700 Subject: [PATCH 2/2] Fixed type to be list --- terraform/bootstrap/remote-state/main.tf | 2 +- terraform/bootstrap/secrets/main.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/bootstrap/remote-state/main.tf b/terraform/bootstrap/remote-state/main.tf index f5f72cd..7cf1422 100644 --- a/terraform/bootstrap/remote-state/main.tf +++ b/terraform/bootstrap/remote-state/main.tf @@ -1,6 +1,6 @@ provider "aws" { region = "<% index .Params `region` %>" - allowed_account_ids = "<% index .Params `accountId` %>" + allowed_account_ids = [ "<% index .Params `accountId` %>" ] } resource "aws_s3_bucket" "terraform_remote_state" { diff --git a/terraform/bootstrap/secrets/main.tf b/terraform/bootstrap/secrets/main.tf index 4a5eaf6..7f9fc13 100644 --- a/terraform/bootstrap/secrets/main.tf +++ b/terraform/bootstrap/secrets/main.tf @@ -1,6 +1,6 @@ provider "aws" { region = "<% index .Params `region` %>" - allowed_account_ids = "<% index .Params `accountId` %>" + allowed_account_ids = [ "<% index .Params `accountId` %>" ] }