diff --git a/.github/workflows/delete-workflow-run.yaml b/.github/workflows/delete-workflow-run.yaml index 3555976..d1628d9 100644 --- a/.github/workflows/delete-workflow-run.yaml +++ b/.github/workflows/delete-workflow-run.yaml @@ -2,7 +2,7 @@ name: Delete old workflow runs on: schedule: - cron: 0 0 1 * * - workflow_call: {} + workflow_dispatch: {} # Disable permissions for all available scopes permissions: {} diff --git a/.github/workflows/infracost.yaml b/.github/workflows/infracost.yaml index bf65c66..645d4a0 100644 --- a/.github/workflows/infracost.yaml +++ b/.github/workflows/infracost.yaml @@ -3,10 +3,12 @@ name: Infracost on: pull_request: branches: [main] - types: [opened, synchronize] + types: [opened, reopened, synchronize] paths: - - "**/*.tf" - - "**/*.tfvars" + - iac/**/*.tf + - iac/**/*.tfvars + - iac/**/*.tftpl + - iac/**/*.hcl permissions: {} @@ -14,17 +16,18 @@ concurrency: group: ${{ github.workflow }}-${{ github.repository }} cancel-in-progress: true +defaults: + run: + shell: bash + working-directory: iac + jobs: infracost: name: Infracost Pull Request Checks - runs-on: ubuntu-latest - defaults: - run: - shell: bash - working-directory: ./terraform permissions: contents: read pull-requests: write + runs-on: ubuntu-latest timeout-minutes: 10 steps: - name: Setup Infracost @@ -37,6 +40,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ github.event.pull_request.base.ref }} + persist-credentials: false # Generate Infracost JSON file as the baseline. - name: Generate Infracost cost estimate baseline diff --git a/.github/workflows/terraform-docs.yaml b/.github/workflows/terraform-docs.yaml index 7c524f9..9e56cc1 100644 --- a/.github/workflows/terraform-docs.yaml +++ b/.github/workflows/terraform-docs.yaml @@ -5,9 +5,10 @@ on: types: [closed] branches: [main] paths: - - terraform/**/*.tf - - terraform/**/*.tfvars - - terraform/**/*.tftpl + - iac/**/*.tf + - iac/**/*.tfvars + - iac/**/*.tftpl + - iac/**/*.hcl # Disable permissions for all available scopes permissions: {} diff --git a/.trunk/configs/.tflint_ci.hcl b/.trunk/configs/.tflint_ci.hcl index 35d7581..bf3f718 100644 --- a/.trunk/configs/.tflint_ci.hcl +++ b/.trunk/configs/.tflint_ci.hcl @@ -4,14 +4,11 @@ plugin "terraform" { preset = "all" } -Enable the AWS plugin if required plugin "aws" { enabled = true version = "0.33.0" source = "github.com/terraform-linters/tflint-ruleset-aws" # Deep check can be enabled in CI/CD pipelines, where AWS credentials are set - # This configuration file should be references using the `--config` flag - # Example: https://github.com/3ware/aws-network-speciality/blob/79a2be0813e053f17ed4f802705f7b6f2c350f0d/.github/workflows/terraform-ci.yaml#L114 deep_check = true -} \ No newline at end of file +} diff --git a/iac/environments/dev/.terraform.lock.hcl b/iac/environments/dev/.terraform.lock.hcl new file mode 100644 index 0000000..6a9e7b5 --- /dev/null +++ b/iac/environments/dev/.terraform.lock.hcl @@ -0,0 +1,20 @@ +# This file is maintained automatically by "tofu init". +# Manual edits may be lost in future updates. + +provider "registry.opentofu.org/hashicorp/aws" { + version = "5.94.0" + constraints = ">= 5.69.0, ~> 5.90, < 6.0.0" + hashes = [ + "h1:YpkAgMQgrfZCupXyaPfFiPkxacISmUnZhexHgarPk4U=", + "zh:17fa3264940caf41e83ed26b791ff8197576af23a24aab4fe717c27f2ecf0c93", + "zh:2f2ceff112db49542c8fb93a0d01c480b6b8be71a792b5675b6f3cac1b93cccf", + "zh:4aa15c4ea935c03ec5a51378d9076a1fd71e53b36c94191bcbfa81a9c75b9b42", + "zh:7a3913086814004d44309b860d1596a78633cff3f98adfb1639433c7c64d6682", + "zh:7b4f816e608529288dcf84e54f555f585367a99ee7e5f70e08ffab69cc5a7e6a", + "zh:81539e502099eddf8f69ce74906ade95f39addcfedeb6adab008df7ca325a827", + "zh:89930b745bd45ad547eaf8cd734c148665c3f0915692ad773414b2407d14139b", + "zh:c083cab919b58943ac87fcc44bf49a6c0aad54e9302986a9d03fedd82f545ed2", + "zh:d6ac2a98456d632e47fee0fdb45f29f5c4b661a2d11519344c9dbf565d18f92e", + "zh:d9665bc66772d358e7ea3f015a2279e69dff52158d42a5313599a4d0043a53b2", + ] +} diff --git a/iac/environments/dev/main.tf b/iac/environments/dev/main.tf new file mode 100644 index 0000000..84eac09 --- /dev/null +++ b/iac/environments/dev/main.tf @@ -0,0 +1,43 @@ +terraform { + required_version = ">= 1.9, < 2.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.90" + } + } + + cloud { + organization = "3ware" + hostname = "app.terraform.io" + + workspaces { + project = var.aws_project + name = "${var.aws_service}-${var.aws_region}-${var.aws_environment}" + + } + } +} + +provider "aws" { + region = var.aws_region + + default_tags { + tags = { + "3ware:project-id" = var.aws_project + "3ware:environment" = var.aws_environment + "3ware:service" = var.aws_service + "3ware:managed-by-terraform" = true + "3ware:workspace" = terraform.workspace + } + } +} + +module "gitops_2024" { + source = "../../modules/gitops-2024" + + aws_environment = var.aws_environment + instance_type = "t2.micro" + vpc_cidr_block = "10.0.0.0/16" +} diff --git a/iac/environments/dev/outputs.tf b/iac/environments/dev/outputs.tf new file mode 100644 index 0000000..2f69999 --- /dev/null +++ b/iac/environments/dev/outputs.tf @@ -0,0 +1,4 @@ +output "grafana_ip" { + description = "The public IP address of the Grafana instance" + value = module.gitops_2024.grafana_ip +} diff --git a/iac/environments/dev/terraform.tfvars b/iac/environments/dev/terraform.tfvars new file mode 100644 index 0000000..6526713 --- /dev/null +++ b/iac/environments/dev/terraform.tfvars @@ -0,0 +1,4 @@ +aws_environment = "development" +aws_project = "gitops-2024" +aws_region = "eu-west-2" +aws_service = "gitops-infra" diff --git a/iac/environments/dev/variables.tf b/iac/environments/dev/variables.tf new file mode 100644 index 0000000..a653edd --- /dev/null +++ b/iac/environments/dev/variables.tf @@ -0,0 +1,19 @@ +variable "aws_environment" { + description = "(Required) The AWS environment to deploy resources to" + type = string +} + +variable "aws_project" { + description = "(Required) The AWS project to deploy resources to" + type = string +} + +variable "aws_region" { + description = "(Required) The AWS region to deploy resources to" + type = string +} + +variable "aws_service" { + description = "(Required) The AWS service being deployed" + type = string +} diff --git a/terraform/development/README.md b/iac/modules/gitops-2024/README.md similarity index 100% rename from terraform/development/README.md rename to iac/modules/gitops-2024/README.md diff --git a/terraform/production/main.tf b/iac/modules/gitops-2024/main.tf similarity index 84% rename from terraform/production/main.tf rename to iac/modules/gitops-2024/main.tf index 9a7c87e..2865fe1 100644 --- a/terraform/production/main.tf +++ b/iac/modules/gitops-2024/main.tf @@ -4,7 +4,7 @@ resource "aws_vpc" "gitops_vpc" { enable_dns_hostnames = true tags = { - Name = "gitops-vpc-${local.environment}" + Name = "gitops-vpc-${var.aws_environment}" } } @@ -16,7 +16,7 @@ resource "aws_internet_gateway" "gitops_igw" { vpc_id = aws_vpc.gitops_vpc.id tags = { - Name = "gitops-igw-${local.environment}" + Name = "gitops-igw-${var.aws_environment}" } } @@ -29,17 +29,17 @@ resource "aws_route_table" "gitops_rt" { } tags = { - Name = "gitops-rt-${local.environment}" + Name = "gitops-rt-${var.aws_environment}" } } resource "aws_subnet" "gitops_subnet" { vpc_id = aws_vpc.gitops_vpc.id - cidr_block = var.subnet_cidr_block + cidr_block = cidrsubnet(var.vpc_cidr_block, 8, 1) map_public_ip_on_launch = true tags = { - Name = "gitops-subnet-${local.environment}" + Name = "gitops-subnet-${var.aws_environment}" } } @@ -63,7 +63,7 @@ resource "aws_vpc_security_group_ingress_rule" "grafana_ingress" { to_port = 3000 tags = { - Name = "grafana-ingress-sg-rule-${local.environment}" + Name = "grafana-ingress-sg-rule-${var.aws_environment}" } lifecycle { @@ -78,7 +78,7 @@ resource "aws_vpc_security_group_egress_rule" "grafana_egress" { ip_protocol = "-1" tags = { - Name = "grafana-egress-sg-rule-${local.environment}" + Name = "grafana-egress-sg-rule-${var.aws_environment}" } lifecycle { @@ -107,10 +107,10 @@ resource "aws_instance" "grafana_server" { instance_type = var.instance_type subnet_id = aws_subnet.gitops_subnet.id vpc_security_group_ids = [aws_security_group.grafana_sg.id] - user_data = file("userdata.tftpl") + user_data = file("${path.module}/userdata.tftpl") tags = { - Name = "grafana-server-${local.environment}" + Name = "grafana-server-${var.aws_environment}" } } diff --git a/terraform/development/outputs.tf b/iac/modules/gitops-2024/outputs.tf similarity index 100% rename from terraform/development/outputs.tf rename to iac/modules/gitops-2024/outputs.tf diff --git a/terraform/development/userdata.tftpl b/iac/modules/gitops-2024/userdata.tftpl similarity index 100% rename from terraform/development/userdata.tftpl rename to iac/modules/gitops-2024/userdata.tftpl diff --git a/iac/modules/gitops-2024/variables.tf b/iac/modules/gitops-2024/variables.tf new file mode 100644 index 0000000..c7c79a9 --- /dev/null +++ b/iac/modules/gitops-2024/variables.tf @@ -0,0 +1,46 @@ +variable "aws_environment" { + description = < 1.9` means any version greater than or equal to 1.9 but less than 2.0 - required_version = "~> 1.9" - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5.69.0" - } - # http = { - # source = "hashicorp/http" - # version = "~>3.4.5" - # } - sops = { - source = "carlpett/sops" - version = "~> 1.1.1" - } - } - cloud { - organization = "3ware" - hostname = "app.terraform.io" - - workspaces { - # Tags are used to when the workspace exists locally and workspace are used to separate the configuration - # Set the TF_WORKSPACE environment variable in CI - # tags = ["gitops", "mtc", "aws"] - name = "app-us-east-1-development" - project = "gitops-2024" - } - } -} diff --git a/terraform/production/.sops-files/sensitive.enc.yaml b/terraform/production/.sops-files/sensitive.enc.yaml deleted file mode 100644 index ec205bc..0000000 --- a/terraform/production/.sops-files/sensitive.enc.yaml +++ /dev/null @@ -1,21 +0,0 @@ -production_aws_account_id: ENC[AES256_GCM,data:OGQZoe74L66XGHe5,iv:FI81M4+97WLF5KzLjA3H7AkaFC4uDx+ooS0vXGv4scM=,tag:K0yrBflkL/cObMnb+HWVIw==,type:int] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1wpy4kcrhan5ffwwv9dke50v9e302lhravg2njkze9qu33xgnr42q9p2d22 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvbDlpYlJsOHE1SVd4MWZj - eXNuZ1dyVTVWbGZqZXpUTWdRWnc5TnFOd21zCkd2TkQrUWhwaWhJaThjZmVBZGYw - ck1WRkhtK0ZNYmFmaXNMQXQweVFPZFkKLS0tIGFCZytBUy9SbnNkbUFIVCtKZWJH - Q3dVbjg3NXZPME9sdUtEYzVlcGhPbG8KyuJvku8qDbnmOm2zG94RthEQM8ML2U3n - YFfHPYaKVQydgbb6lziQywZja2oJICXM1zRbGvadQNpN4VH6D7OFfw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-01T14:56:19Z" - mac: ENC[AES256_GCM,data:OVSNjOmC9onsy5pQPO7nIQOsDXkY3CiJ611x+Etun5XMqVpPFaVqv6xsQeNXNth4bc0uqui8zH6hGJ8TZ6Y5idfzej3fqOJ0Qz1VoLKgYNSnUsQJ/LtIKTrVaJv6zMqIrkcTwC+4Xva+Rrb538XavQ/J6PP8JOez2ako5E3BYpc=,iv:SuPbeZ1MBySAKnMY3gryyOzX3cZ0ajblmfYMBqA+zy4=,tag:chYjPV86oIqUGm+b3XHpuQ==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.1 diff --git a/terraform/production/.terraform.lock.hcl b/terraform/production/.terraform.lock.hcl deleted file mode 100644 index 336a268..0000000 --- a/terraform/production/.terraform.lock.hcl +++ /dev/null @@ -1,40 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/carlpett/sops" { - version = "1.1.1" - constraints = "~> 1.1.1" - hashes = [ - "h1:0lv+4VCaIRTkBAMXmCxSJC1dsYPuoyBAvnrLsofcseA=", - "zh:175ec198e1b4d1cad1ae559ebe8cdf574617805010c22dfb8af93a2057ba8332", - "zh:2b550b2372f71408e7b47b099f314d981bbb82b263cb55248a36a9af8afd44a1", - "zh:684544ed3460c34585b090b5de1d4e0caf8eba8e6ba50ad0734cda818a6c86f0", - "zh:6ab656d3f3645b8158769f34c16820523a621b9e735c1b3233cecf010ac61dda", - "zh:6b1f0007569ea36903c9b2b1b114c3cec7c163d9b83946362c3e165e255f64e7", - "zh:7d562f2fc76c954f974f2745557059a4d33dacb8d46e9f1cf09323348dcf5ddc", - "zh:cc7e97d8b55ebd90a4c1424cf9cb930af76e98a11c6eeb07e51d648369859fa1", - ] -} - -provider "registry.terraform.io/hashicorp/aws" { - version = "5.69.0" - constraints = "~> 5.69.0" - hashes = [ - "h1:unGIj/eLOrl42LQm7u0fjtjQHp+FHKinpSxR1ZuWsfI=", - "zh:123af8815a80abfd62eab5f9fc3d9226735cfea3627e834a1b48321cd8d391a6", - "zh:1298f312e239768c1846541e89b4fbec7eb21769c4a488c87181909049219fbe", - "zh:4edc950b39f3653beb8cd3e0b86a7dc9b6a77e90e543ed7be72639107bbc48a9", - "zh:5f24c916d6d2ce51e18210628b3b1aca8b85b383982a920b2a6adc259bdbd4e9", - "zh:66f0b2f5869a4dfed7154444c272022c6d9350dc4dfa0fc6d87ccbfc983ec560", - "zh:67e3be60863cf1c51c5be866d8646d433cc31e07514b9121611f812e73f2400d", - "zh:884672345a1d0362644a4d1588085fd4c4f56d3ca61b10c0d25cd1940d828fec", - "zh:8ab0f92da124171c80a2361beb79822fb0f074ffab74e506f58e953a69b283ce", - "zh:908d879139f2246024b5510a38f00f61489eeee6f3f72be10acc5b424c8fc723", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:9db6331398d648d9f2f4aa4db1eb9081e9bff584dcfe8f5350e04e6c5d339899", - "zh:a809bbd43bc392e91485b72bd9693874972bc5697b4f24fbcd61b461618ebb6d", - "zh:b9e9464458e7beb9fbf59f8db02f56138f398aaa6173b58a8bfa76aca82106d9", - "zh:cd7f041edaeeb1c4b06152ac8f3ce7b31c39a80a949083255f8fc81bbb11aeac", - "zh:eb71c9b2071ab2caa7aba577902df41c25ded1251c28560f0ac45f5e0f47360e", - ] -} diff --git a/terraform/production/README.md b/terraform/production/README.md deleted file mode 100644 index 9ba7260..0000000 --- a/terraform/production/README.md +++ /dev/null @@ -1,56 +0,0 @@ -# More Than Certified GitOps 2024 Minicamp Terraform documentation - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | ~> 1.9 | -| [aws](#requirement\_aws) | ~> 5.69.0 | -| [sops](#requirement\_sops) | ~> 1.1.1 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 5.69.0 | -| [sops](#provider\_sops) | 1.1.1 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [aws_default_security_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_security_group) | resource | -| [aws_instance.grafana_server](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource | -| [aws_internet_gateway.gitops_igw](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/internet_gateway) | resource | -| [aws_route_table.gitops_rt](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource | -| [aws_route_table_association.gitops_rta](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource | -| [aws_security_group.grafana_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | -| [aws_subnet.gitops_subnet](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource | -| [aws_vpc.gitops_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc) | resource | -| [aws_vpc_security_group_egress_rule.grafana_egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_egress_rule) | resource | -| [aws_vpc_security_group_ingress_rule.grafana_ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_ingress_rule) | resource | -| [aws_ami.ubuntu](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source | -| [sops_file.aws_account_id](https://registry.terraform.io/providers/carlpett/sops/latest/docs/data-sources/file) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [environment](#input\_environment) | (Required) Terraform deployment environment | `string` | n/a | yes | -| [instance\_type](#input\_instance\_type) | (Required) Instance type to use. Should be within the free tier | `string` | n/a | yes | -| [project\_id](#input\_project\_id) | (Required) Name of the project | `string` | n/a | yes | -| [region](#input\_region) | (Required) Name of the AWS region resources will be deployed into. | `string` | n/a | yes | -| [subnet\_cidr\_block](#input\_subnet\_cidr\_block) | (Required) A valid CIDR block to assign to the Grafana Server subnet | `string` | n/a | yes | -| [vpc\_cidr\_block](#input\_vpc\_cidr\_block) | (Required) A valid CIDR block to assign to the VPC | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [grafana\_ip](#output\_grafana\_ip) | The connection details of the grafana server. | - diff --git a/terraform/production/data.tf b/terraform/production/data.tf deleted file mode 100644 index c7de0ff..0000000 --- a/terraform/production/data.tf +++ /dev/null @@ -1,5 +0,0 @@ -# The locals in this file are used across multiple .tf files -locals { - workspace_split = split("-", terraform.workspace) - environment = element(local.workspace_split, length(local.workspace_split) - 1) -} diff --git a/terraform/production/outputs.tf b/terraform/production/outputs.tf deleted file mode 100644 index ffa5917..0000000 --- a/terraform/production/outputs.tf +++ /dev/null @@ -1,4 +0,0 @@ -output "grafana_ip" { - description = "The connection details of the grafana server." - value = "http://${aws_instance.grafana_server.public_ip}:3000" -} diff --git a/terraform/production/providers.tf b/terraform/production/providers.tf deleted file mode 100644 index 9c473e8..0000000 --- a/terraform/production/providers.tf +++ /dev/null @@ -1,16 +0,0 @@ -data "sops_file" "aws_account_id" { - source_file = "${path.module}/.sops-files/sensitive.enc.yaml" -} - -provider "aws" { - region = var.region - allowed_account_ids = [data.sops_file.aws_account_id.data["${var.environment}_aws_account_id"]] - default_tags { - tags = { - "3ware:project-id" = var.project_id - "3ware:environment" = var.environment - "3ware:managed-by-terraform" = true - "3ware:workspace" = terraform.workspace - } - } -} diff --git a/terraform/production/terraform.tfvars b/terraform/production/terraform.tfvars deleted file mode 100644 index 4ca3fe6..0000000 --- a/terraform/production/terraform.tfvars +++ /dev/null @@ -1,6 +0,0 @@ -environment = "production" -instance_type = "t2.micro" -project_id = "gitops-2024" -region = "us-east-1" -subnet_cidr_block = "10.0.2.0/24" -vpc_cidr_block = "10.0.0.0/16" diff --git a/terraform/production/userdata.tftpl b/terraform/production/userdata.tftpl deleted file mode 100644 index 6bb94de..0000000 --- a/terraform/production/userdata.tftpl +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash -sudo apt-get install -y apt-transport-https software-properties-common wget && -sudo mkdir -p /etc/apt/keyrings/ && -wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor | sudo tee /etc/apt/keyrings/grafana.gpg > /dev/null && -echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable main" | sudo tee -a /etc/apt/sources.list.d/grafana.list && -sudo apt-get update && -sudo apt-get install -y grafana && -sudo systemctl start grafana-server && -sudo systemctl enable grafana-server \ No newline at end of file diff --git a/terraform/production/variables.tf b/terraform/production/variables.tf deleted file mode 100644 index 88db2ae..0000000 --- a/terraform/production/variables.tf +++ /dev/null @@ -1,90 +0,0 @@ -locals { - valid_environment = ["production"] -} - -variable "environment" { - description = "(Required) Terraform deployment environment" - type = string - - validation { - condition = contains(local.valid_environment, var.environment) - error_message = format( - "Invalid environment provided. Received: '%s', Require: '%v'.\n%s", - var.environment, - join(", ", local.valid_environment), - "Change the environment variable value to one that is permitted." - ) - } -} - - -locals { - valid_instance_types = ["t2.micro"] -} - -variable "instance_type" { - description = "(Required) Instance type to use. Should be within the free tier" - type = string - - validation { - condition = contains(local.valid_instance_types, var.instance_type) - error_message = format( - "Invalid instance type provided. Received: '%s', Require: '%v'.\n%s", - var.instance_type, - join(", ", local.valid_instance_types), - "Change the instance type variable to one that is permitted." - ) - } -} - -variable "project_id" { - description = "(Required) Name of the project" - type = string -} - -locals { - valid_regions = ["us-east-1"] -} - -variable "region" { - description = "(Required) Name of the AWS region resources will be deployed into." - type = string - - validation { - condition = contains(local.valid_regions, var.region) - error_message = format( - "Invalid AWS region provided. Received: '%s', Require: '%v'.\n%s", - var.region, - join(", ", local.valid_regions), - "Change the region variable to one that is permitted." - ) - } -} - -variable "subnet_cidr_block" { - description = "(Required) A valid CIDR block to assign to the Grafana Server subnet" - type = string - - validation { - condition = can(cidrhost(var.subnet_cidr_block, 0)) - error_message = format( - "Invalid CIDR block provided. Received: '%s'\n%s", - var.vpc_cidr_block, - "Check the syntax of the CIDR block is valid." - ) - } -} - -variable "vpc_cidr_block" { - description = "(Required) A valid CIDR block to assign to the VPC" - type = string - - validation { - condition = can(cidrhost(var.vpc_cidr_block, 0)) - error_message = format( - "Invalid CIDR block provided. Received: '%s'\n%s", - var.vpc_cidr_block, - "Check the syntax of the CIDR block is valid." - ) - } -} diff --git a/terraform/production/versions.tf b/terraform/production/versions.tf deleted file mode 100644 index 940fc13..0000000 --- a/terraform/production/versions.tf +++ /dev/null @@ -1,31 +0,0 @@ -terraform { - # Must be above 1.9.0 to allow cross-object referencing for input variable validations - # `~> 1.9` means any version greater than or equal to 1.9 but less than 2.0 - required_version = "~> 1.9" - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5.69.0" - } - # http = { - # source = "hashicorp/http" - # version = "~>3.4.5" - # } - sops = { - source = "carlpett/sops" - version = "~> 1.1.1" - } - } - cloud { - organization = "3ware" - hostname = "app.terraform.io" - - workspaces { - # Tags are used to when the workspace exists locally and workspace are used to separate the configuration - # Set the TF_WORKSPACE environment variable in CI - # tags = ["gitops", "mtc", "aws"] - name = "app-us-east-1-production" - project = "gitops-2024" - } - } -}