xdr-terraform-live/common/aws-us-gov/afs-mdr-common-services-gov/355-codebuild-xdr-base-image/terragrunt.hcl

locals {
  # If you want to use any of the variables in _this_ file, you have to load them here.
  # However, they will all be available as inputs to the module loaded in terraform.source
  # below.
  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))

  # Generate our standard tags
  standard_tags = merge(
    local.global_vars.locals.global_tags,
    local.environment_vars.locals.environment_tags,
    local.partition_vars.locals.partition_tags,
    local.region_vars.locals.region_tags,
    local.account_vars.locals.account_tags
  )

  # Extract the variables we need for easy access
  account_name   = local.account_vars.locals.account_name
  account_id     = local.account_vars.locals.aws_account_id
  aws_region     = local.region_vars.locals.aws_region
  aws_partition  = local.partition_vars.locals.aws_partition
  common_services_account = local.partition_vars.locals.common_services_account
  legacy_account = local.environment_vars.locals.legacy_account
  tfstate_region = local.partition_vars.locals.tfstate_region

  common_profile = local.partition_vars.locals.common_profile
}

# ---------------------------------------------------------------------------------------------------------------------
# Generate an AWS provider block
# Temp fix to backlevel provider because of codebuild issue
# <insert github link here to provider issue>
# ---------------------------------------------------------------------------------------------------------------------
generate "provider" {
  path      = "provider.tf"
  if_exists = "overwrite_terragrunt"
  contents  = <<EOF
provider "template" {
}

provider "aws" {
  region = "${local.aws_region}"

  assume_role {
    role_arn = "arn:${local.aws_partition}:iam::${local.account_id}:role/user/mdr_terraformer"
    session_name = "terraform-default"
  }

  profile = "${local.common_profile}"

  # Only these AWS Account IDs may be operated on by this template
  allowed_account_ids = ["${local.account_id}"]
}

# The "common" provider in the respective partition is always available
provider "aws" {
  region = "${local.aws_region}"
  allowed_account_ids = [ "471284459109", "701290387780" ]
  profile = "${local.common_profile}"
  alias   = "common"

  assume_role {
    role_arn = "arn:${local.aws_partition}:iam::${local.common_services_account}:role/user/mdr_terraformer"
    session_name = "terraform-common"
  }
}

# The "mdr-common-services-commercial" provider is used for public DNS entries
provider "aws" {
  region = "us-east-1"
  allowed_account_ids = [ "471284459109" ]
  profile = "commercial"
  alias   = "mdr-common-services-commercial"

  assume_role {
    role_arn = "arn:aws:iam::471284459109:role/user/mdr_terraformer"
    session_name = "terraform-mdr-common-services-commercial"
  }
}

# The "C2" provider, used for private DNS
provider "aws" {
  region = "us-gov-east-1"
  allowed_account_ids = [ "721817724804", "738800754746" ]
  profile = "govcloud"
  alias   = "c2"
  #use_fips_endpoint = true

  assume_role {
    role_arn = "arn:aws-us-gov:iam::${ local.environment_vars.locals.c2_accounts["aws-us-gov"] }:role/user/mdr_terraformer"
    session_name = "terraform-c2"
  }
}
EOF
}


#Github specific provider
generate "required_providers" {
  path      = "required_provider.tf"
  if_exists = "overwrite_terragrunt"
  contents  = <<EOF
terraform {
  required_providers {
    aws = {
      source = "hashicorp/aws"
      version = "= 3.63.0" # 2022-03-08: upgrade from 3.63.0; 2021-09-21: upgrade from 3.37.0
    }
    vault = {
      source = "hashicorp/vault"
      version = "= 2.19.1" # 2021-04-29: upgrade from 2.18.0
    }
    sensu = {
      source = "jtopjian/sensu"
      version = "= 0.10.5"
    }
    github = {
      source = "integrations/github"
      version = "4.2.0"
    }
  }
}
EOF
}

# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
# working directory, into a temporary folder, and execute your Terraform commands in that folder.
terraform {
  # Double slash is intentional and required to show root of modules
  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_project_no_artifact?ref=v4.0.11"
}

# Include all settings from the root terragrunt.hcl file
include {
  path = find_in_parent_folders()
}

dependency "codebuild-ecr-base" {
  config_path = "../075-codebuild-ecr-base"
}

# These are the variables we have to pass in to use the module specified in the terragrunt source above
inputs = {
  # All of the inputs from the inherited hcl files are available automatically
  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
  # will be more flexible if you specify particular input values.
  tags = {
    Purpose = "Build EC2 Base Image"
    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
  }
  name                    = "xdr-ec2-base-image"
  service_role            = dependency.codebuild-ecr-base.outputs.service_role
  kms_key                 = dependency.codebuild-ecr-base.outputs.kms_key
  image                   = "701290387780.dkr.ecr.us-gov-east-1.amazonaws.com/codebuild-rhel7"
  github_clone_url        = "https://github.xdr.accenturefederalcyber.com/mdr-engineering/xdr-images"
  source_version          = "main"
  buildspec               = "base/aws/buildspec.yml"
}
terraform_version_constraint = "= 1.1.6"
terragrunt_version_constraint = "= 0.36.2"