Merge pull request #94 from mdr-engineering/feature/dw_MSOCI-1481_ebs_key_for_lcp

[WIP] Attempt at supporting regions

common/aws-us-gov/afs-mdr-common-services-gov/050-lcp-ami-sharing/terragrunt.hcl

@@ -0,0 +1,37 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/lcp_ami_key?ref=v1.21.8"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+
+  # Overrides "account_list" from partition.hcl
+  #account_list = local.partition_vars.locals.customer_aws_accounts_to_share_lcp_with
+
+  tags = {
+    Purpose = "Shares LCP AMI with customers"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+}

common/aws-us-gov/afs-mdr-common-services-gov/us-gov-west-1/050-lcp-ami-sharing/.tfswitch.toml

@@ -0,0 +1 @@
+version = "0.13.5"

common/aws-us-gov/afs-mdr-common-services-gov/us-gov-west-1/050-lcp-ami-sharing/terragrunt.hcl

@@ -0,0 +1,38 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/lcp_ami_key?ref=v1.21.8"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+
+  # Overrides "account_list" from partition.hcl
+  #account_list = sort(concat(local.partition_vars.locals.account_list,local.partition_vars.locals.customer_aws_accounts_to_share_lcp_with))
+  #customer_account_list = local.partition_vars.locals.customer_aws_accounts_to_share_lcp_with
+
+  tags = {
+    Purpose = "Shares LCP AMI with customers"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+}

common/aws-us-gov/afs-mdr-common-services-gov/us-gov-west-1/region.hcl

@@ -0,0 +1,10 @@
+# Set common variables for the region. This is automatically pulled in in the root terragrunt.hcl configuration to
+# feed forward to the child modules.
+#
+# NOTE: There is only one copy of this, in the `common/` tree, and the others are symbolic links.
+# 
+# At some point, this may need to be added as a hierarchical directory when we move to additional regions.
+locals {
+  aws_region = "us-gov-west-1"
+  region_tags = { }
+}

common/aws-us-gov/partition.hcl

@@ -7,6 +7,7 @@ locals {
   aws_partition_alias = "govcloud"
   common_services_account = "701290387780"
   common_profile = "${local.aws_partition == "aws-us-gov" ? "govcloud" : "commercial"}"
+  tfstate_region = "us-gov-east-1"
   binaries_key = "key/a3ed054e-73be-45b4-acf8-6d06cb18cff9"
 
   # Statically setting the 'last known good' ami gives us some added flexibility
@@ -60,4 +61,9 @@ locals {
   partition_tags = {
     aws_partition = local.aws_partition
   }
+
+  # Some customers need access to the LCP 
+  #customer_aws_accounts_to_share_lcp_with = [
+  #  "738577959608",   # AFS AIP VA / CMPS / "C116"
+  #]
 }

common/aws/partition.hcl

@@ -7,6 +7,7 @@ locals {
   aws_partition_alias = "commercial"
   common_services_account = "471284459109"
   common_profile = "${local.aws_partition == "aws-us-gov" ? "govcloud" : "commercial"}"
+  tfstate_region = "us-east-1"
   binaries_key = "key/b51760b2-d6e1-438a-afd4-1e56f5ac82ef"
 
   # Statically setting the 'last known good' ami gives us some added flexibility

prod/aws-us-gov/partition.hcl

@@ -7,6 +7,7 @@ locals {
   aws_partition_alias = "govcloud"
   common_services_account = "701290387780"
   common_profile = "${local.aws_partition == "aws-us-gov" ? "govcloud" : "commercial"}"
+  tfstate_region = "us-gov-east-1"
   binaries_key = "key/a3ed054e-73be-45b4-acf8-6d06cb18cff9"
 
   # Statically setting the 'last known good' ami gives us some added flexibility

prod/aws/partition.hcl

@@ -7,6 +7,7 @@ locals {
   aws_partition_alias = "commercial"
   common_services_account = "471284459109"
   common_profile = "${local.aws_partition == "aws-us-gov" ? "govcloud" : "commercial"}"
+  tfstate_region = "us-east-1"
   binaries_key = "key/b51760b2-d6e1-438a-afd4-1e56f5ac82ef"
 
   # Statically setting the 'last known good' ami gives us some added flexibility

terragrunt.hcl

@@ -47,6 +47,7 @@ locals {
   aws_partition  = local.partition_vars.locals.aws_partition
   common_services_account = local.partition_vars.locals.common_services_account
   legacy_account = local.environment_vars.locals.legacy_account
+  tfstate_region = local.partition_vars.locals.tfstate_region
 
   common_profile = local.partition_vars.locals.common_profile
 
@@ -138,7 +139,7 @@ remote_state {
     # This key includes the terraform-0.12 directory name, which i don't like
     #key            = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/terraform.tfstate"
     key            = "aws/${path_relative_to_include()}/terraform.tfstate"
-    region         = "${local.aws_region}"
+    region         = "${local.tfstate_region}"
     encrypt        = true
     dynamodb_table = "afsxdr-terraform-state"
     profile        = "${local.common_profile}"

test/aws-us-gov/partition.hcl

@@ -7,6 +7,7 @@ locals {
   aws_partition_alias = "govcloud"
   common_services_account = "701290387780"
   common_profile = "${local.aws_partition == "aws-us-gov" ? "govcloud" : "commercial"}"
+  tfstate_region = "us-gov-east-1"
   binaries_key = "key/a3ed054e-73be-45b4-acf8-6d06cb18cff9"
 
   # Statically setting the 'last known good' ami gives us some added flexibility

test/aws/partition.hcl

@@ -7,6 +7,7 @@ locals {
   aws_partition_alias = "commercial"
   common_services_account = "471284459109"
   common_profile = "${local.aws_partition == "aws-us-gov" ? "govcloud" : "commercial"}"
+  tfstate_region = "us-east-1"
   binaries_key = "key/b51760b2-d6e1-438a-afd4-1e56f5ac82ef"
 
   # Statically setting the 'last known good' ami gives us some added flexibility