AFS
/
xdr-terraform-live


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117
							# ---------------------------------------------------------------------------------------------------------------------
# Global Variables and Terragrunt Configuration
# ---------------------------------------------------------------------------------------------------------------------
# This file takes care of the global variables. These are settings that should apply to ALL environments: prod, test,
# *AND* common, across both partitions (govcloud and commercial)
# 
# It also takes care of setting up:
#   The provider file
#     * A default provider for the account you're in
#     * A 'commercial' provider alias for the common services account in commercial
#     * A 'govcloud' provider alias for the common services account in govcloud
#   The backend file
#     * 

# ---------------------------------------------------------------------------------------------------------------------
# Variables
# ---------------------------------------------------------------------------------------------------------------------
locals {
  # Automatically load account-level variables
  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))

  # Automatically load region-level variables
  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))

  # Automatically load partitiot-level variables
  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))

  # Automatically load environment-level variables
  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))

  # Automatically load global-level variables
  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))

  # Extract the variables we need for easy access
  account_name   = local.account_vars.locals.account_name
  account_id     = local.account_vars.locals.aws_account_id
  aws_region     = local.region_vars.locals.aws_region
  aws_partition  = local.partition_vars.locals.aws_partition
  common_services_account = local.partition_vars.locals.common_services_account

  common_profile = local.partition_vars.locals.common_profile

  # variables created here are available to *.hcl files in this hierarchy, but are not
  # automatically sent via inputs to the modules. Put global variables in global.hcl
  # 
  # (Conversely, inputs are not automatically available to the hcl files)
}

# ---------------------------------------------------------------------------------------------------------------------
# Generate an AWS provider block
# ---------------------------------------------------------------------------------------------------------------------
generate "provider" {
  path      = "provider.tf"
  if_exists = "overwrite_terragrunt"
  contents  = <<EOF
provider "aws" {
  version = "~> 2.66"
  region = "${local.aws_region}"

  assume_role {
    role_arn = "arn:${local.aws_partition}:iam::${local.account_id}:role/user/mdr_terraformer"
    session_name = "terraform"
  }
  
  profile = "${local.common_profile}"

  # Only these AWS Account IDs may be operated on by this template
  allowed_account_ids = ["${local.account_id}"]
}

# The "common services" provider in the respective partition is always available
provider "aws" {
  region = "${local.aws_region}"
  allowed_account_ids = [ "471284459109", "701290387780" ]
  profile = "${local.common_profile}"
  alias   = "common"
}
EOF
}

# Configure Terragrunt to automatically store tfstate files in an S3 bucket
# We'll want to reenable this when we have valid settings
remote_state {
  backend = "s3"
  generate = {
    path      = "backend.tf"
    if_exists = "overwrite_terragrunt"
  }
  config = {
    bucket         = local.global_vars.locals.remote_state_bucket
    # This key includes the terraform-0.12 directory name, which i don't like
    #key            = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/terraform.tfstate"
    key            = "aws/${path_relative_to_include()}/terraform.tfstate"
    region         = "${local.aws_region}"
    encrypt        = true
    dynamodb_table = "afsxdr-terraform-state"
    profile        = "${local.common_profile}"
    role_arn       = "arn:${local.aws_partition}:iam::${local.common_services_account}:role/user/mdr_terraformer"
  }
}


# ---------------------------------------------------------------------------------------------------------------------
# GLOBAL PARAMETERS
# These variables apply to all configurations in this subfolder. These are automatically merged into the child
# `terragrunt.hcl` config via the include block.
# ---------------------------------------------------------------------------------------------------------------------

# Configure root level variables that all resources can inherit. This is especially helpful with multi-account configs
# where terraform_remote_state data sources are placed directly into the modules.
inputs = merge(
  local.account_vars.locals,
  local.region_vars.locals,
  local.partition_vars.locals,
  local.environment_vars.locals,
  local.global_vars.locals,
)