(github actions) generated latest snippets

Author: milldr

examples/snippets/.github/workflows/atmos-pro-terraform-apply.yaml

@@ -53,6 +53,8 @@ jobs:
 
       - name: Apply Atmos Component
         uses: cloudposse/github-action-atmos-terraform-apply@v4
+        env:
+          ATMOS_PROFILE: "github"
         with:
           # Atmos Pro args
           component: ${{ inputs.component }}

examples/snippets/.github/workflows/atmos-pro-terraform-plan.yaml

@@ -45,6 +45,8 @@ jobs:
 
       - name: Plan Atmos Component
         uses: cloudposse/github-action-atmos-terraform-plan@v5
+        env:
+          ATMOS_PROFILE: "github"
         with:
           # Atmos Pro args
           component: ${{ inputs.component }}

examples/snippets/.github/workflows/atmos-pro.yaml

@@ -72,6 +72,7 @@ jobs:
         uses: cloudposse/github-action-atmos-affected-stacks@v6
         env:
           ATMOS_PRO_WORKSPACE_ID: ${{ vars.ATMOS_PRO_WORKSPACE_ID }}
+          ATMOS_PROFILE: "github"
         with:
           atmos-version: ${{ vars.ATMOS_VERSION }}
           atmos-config-path: ${{ vars.ATMOS_CONFIG_PATH }}

examples/snippets/stacks/workflows/quickstart/app/app-on-lambda-with-atmos.yaml

@@ -3,7 +3,7 @@ workflows:
     steps:
       - command: workflow init/artifact-bucket -f quickstart/app/app-on-lambda-with-atmos
       - command: workflow init/app-on-lambda-with-atmos -f quickstart/app/app-on-lambda-with-atmos
-      - command: workflow deploy/github-oidc-role -f quickstart/app/app-on-lambda-with-atmos
+      - command: workflow deploy/iam-role -f quickstart/app/app-on-lambda-with-atmos
       - command: workflow deploy/artifact-bucket -f quickstart/app/app-on-lambda-with-atmos
 
   init/artifact-bucket:
@@ -18,14 +18,14 @@ workflows:
     steps:
       - command: terraform deploy s3-bucket/github-action-artifacts -s core-us-east-1-artifacts
 
-  deploy/github-oidc-role:
+  deploy/iam-role:
     description: |
-      This workflow deploys the github-oidc-role for the app-on-lambda-with-atmos workflow.
+      This workflow deploys the iam-role for the app-on-lambda-with-atmos workflow.
+      TODO: Create iam-role/lambda-publish catalog configuration to replace github-oidc-role/lambda-publish
     steps:
-      - command: terraform deploy github-oidc-role/lambda-publish -s core-gbl-artifacts
-      - command: terraform deploy github-oidc-role/app-on-lambda-with-atmos -s plat-gbl-dev
-      - command: terraform deploy github-oidc-role/app-on-lambda-with-atmos -s plat-gbl-staging
-      - command: terraform deploy github-oidc-role/app-on-lambda-with-atmos -s plat-gbl-prod
+      # TODO: Add iam-role/lambda-publish deployment
+      # - command: terraform deploy iam-role/lambda-publish -s core-gbl-artifacts
+      - command: echo "TODO - iam-role/lambda-publish deployment not yet configured"
 
   init/app-on-lambda-with-atmos:
     description: Initializes SSM parameters for app-on-lambda-with-atmos, these are not valid until the github actions run to update the values.

examples/snippets/stacks/workflows/quickstart/foundation/accounts.yaml

@@ -17,7 +17,6 @@ workflows:
     description: Deploys all AWS Organization accounts
     steps:
       - command: terraform apply account -s core-gbl-root
-      - command: terraform deploy account-map -s core-gbl-root
 
   deploy/account-settings:
     description: Apply AWS Account settings for best practices.
@@ -26,7 +25,6 @@ workflows:
       - command: terraform deploy account-settings -s core-gbl-audit
       - command: terraform deploy account-settings -s core-gbl-auto
       - command: terraform deploy account-settings -s core-gbl-dns
-      - command: terraform deploy account-settings -s core-gbl-identity
       - command: terraform deploy account-settings -s core-gbl-network
       - command: terraform deploy account-settings -s core-gbl-root
       - command: terraform deploy account-settings -s core-gbl-security

examples/snippets/stacks/workflows/quickstart/foundation/baseline.yaml

@@ -13,7 +13,6 @@ workflows:
     description: Vendor baseline layer components.
     steps:
       - command: vendor pull --component account
-      - command: vendor pull --component account-map
       - command: vendor pull --component account-quotas
       - command: vendor pull --component account-settings
       - command: vendor pull --component cloudtrail
@@ -30,10 +29,7 @@ workflows:
       - command: terraform deploy tfstate-backend -var="access_roles_enabled=false" --stack core-use1-root --init-run-reconfigure=false
 
   deploy/tfstate:
-    description: >-
-      Deploy Terraform State Backend.
-
-      Finalize Terraform State Backend access, which requires AWS Teams to be deployed first.
+    description: Deploy Terraform State Backend.
     steps:
       - command: terraform deploy tfstate-backend --stack core-use1-root
 

examples/snippets/stacks/workflows/quickstart/foundation/github.yaml

@@ -11,7 +11,7 @@ workflows:
     description: |
       This workflow deploys Github OIDC Provider Configuration for Github Runners
     steps:
-      - command: terraform deploy github-oidc-provider -s core-gbl-identity
+      - command: terraform deploy github-oidc-provider -s core-use1-auto
       - command: terraform deploy github-oidc-provider -s core-gbl-artifacts
       - command: terraform deploy github-oidc-provider -s core-gbl-auto
       - command: terraform deploy github-oidc-provider -s plat-gbl-dev

examples/snippets/stacks/workflows/quickstart/foundation/gitops.yaml

@@ -10,14 +10,14 @@ workflows:
     description: Vendor Gitops required components.
     steps:
     - command: vendor pull --component github-oidc-provider
-    - command: vendor pull --component github-oidc-role
+    - command: vendor pull --component iam-role
     - command: vendor pull --component dynamodb
     - command: vendor pull --component s3-bucket
 
   deploy:
     description: Run deployment for Gitops requirements
     steps:
-      - command: terraform deploy github-oidc-provider -s core-gbl-identity
+      - command: terraform deploy github-oidc-provider -s core-use1-auto
       - command: terraform deploy gitops/s3-bucket --stack core-use1-auto
       - command: terraform deploy gitops/dynamodb --stack core-use1-auto
-      - command: terraform deploy github-oidc-role/gitops --stack core-use1-auto
+      - command: terraform deploy iam-role/gitops --stack core-use1-auto

examples/snippets/stacks/workflows/quickstart/foundation/identity.yaml

@@ -37,10 +37,8 @@ workflows:
   vendor/components:
     description: Vendor identity layer components.
     steps:
-      - command: vendor pull --component aws-saml
       - command: vendor pull --component aws-sso
-      - command: vendor pull --component aws-team-roles
-      - command: vendor pull --component aws-teams
+      - command: vendor pull --component iam-role
 
   vendor/aws-config:
     description: Vendor aws-config script.
@@ -59,37 +57,41 @@ workflows:
   deploy/all:
     description: Deploy all identity components.
     steps:
-      - command: workflow deploy/saml -f quickstart/foundation/identity
       - command: workflow deploy/sso -f quickstart/foundation/identity
-      - command: workflow deploy/teams -f quickstart/foundation/identity
-      - command: workflow update-aws-config -f quickstart/foundation/identity
-
-  deploy/saml:
-    description: Update aws-saml configuration (when adding a new Identity Provider).
-    steps:
-      - command: terraform deploy aws-saml -s core-gbl-identity
+      - command: workflow deploy/iam-role -f quickstart/foundation/identity
 
   deploy/sso:
     description: Update aws-sso configuration.
     steps:
       - command: terraform deploy aws-sso -s core-gbl-root
 
-  deploy/teams:
-    description: Establish cross account AWS Teams roles for access.
+  deploy/iam-role:
+    description: |
+      Deploy iam-role/terraform and iam-role/planner to all accounts (except root).
+      These roles are used by GitHub Actions for CI/CD.
     steps:
-      - command: terraform deploy aws-teams -s core-gbl-identity
-      - command: terraform deploy aws-team-roles -s core-gbl-artifacts
-      - command: terraform deploy aws-team-roles -s core-gbl-audit
-      - command: terraform deploy aws-team-roles -s core-gbl-auto
-      - command: terraform deploy aws-team-roles -s core-gbl-dns
-      - command: terraform deploy aws-team-roles -s core-gbl-identity
-      - command: terraform deploy aws-team-roles -s core-gbl-network
-      - command: terraform deploy aws-team-roles -s core-gbl-root
-      - command: terraform deploy aws-team-roles -s core-gbl-security
-      - command: terraform deploy aws-team-roles -s plat-gbl-dev
-      - command: terraform deploy aws-team-roles -s plat-gbl-prod
-      - command: terraform deploy aws-team-roles -s plat-gbl-sandbox
-      - command: terraform deploy aws-team-roles -s plat-gbl-staging
+      # Core accounts (except root)
+      - command: terraform deploy iam-role/terraform -s core-gbl-artifacts
+      - command: terraform deploy iam-role/planner -s core-gbl-artifacts
+      - command: terraform deploy iam-role/terraform -s core-gbl-audit
+      - command: terraform deploy iam-role/planner -s core-gbl-audit
+      - command: terraform deploy iam-role/terraform -s core-gbl-auto
+      - command: terraform deploy iam-role/planner -s core-gbl-auto
+      - command: terraform deploy iam-role/terraform -s core-gbl-dns
+      - command: terraform deploy iam-role/planner -s core-gbl-dns
+      - command: terraform deploy iam-role/terraform -s core-gbl-network
+      - command: terraform deploy iam-role/planner -s core-gbl-network
+      - command: terraform deploy iam-role/terraform -s core-gbl-security
+      - command: terraform deploy iam-role/planner -s core-gbl-security
+      # Platform accounts
+      - command: terraform deploy iam-role/terraform -s plat-gbl-dev
+      - command: terraform deploy iam-role/planner -s plat-gbl-dev
+      - command: terraform deploy iam-role/terraform -s plat-gbl-staging
+      - command: terraform deploy iam-role/planner -s plat-gbl-staging
+      - command: terraform deploy iam-role/terraform -s plat-gbl-prod
+      - command: terraform deploy iam-role/planner -s plat-gbl-prod
+      - command: terraform deploy iam-role/terraform -s plat-gbl-sandbox
+      - command: terraform deploy iam-role/planner -s plat-gbl-sandbox
 
   update-aws-config:
     description: Update AWS Config files.

examples/snippets/stacks/workflows/quickstart/monitor/compliance.yaml

@@ -37,39 +37,22 @@ workflows:
   deploy/aws-config/superadmin:
     description: Deploy AWS Config into accounts that require SuperAdmin to apply
     steps:
-      - command: terraform deploy aws-config-use1 -s core-use1-identity
       - command: terraform deploy aws-config-use1 -s core-use1-root
-      - command: terraform deploy aws-config-use2 -s core-use2-identity
       - command: terraform deploy aws-config-use2 -s core-use2-root
-      - command: terraform deploy aws-config-usw1 -s core-usw1-identity
       - command: terraform deploy aws-config-usw1 -s core-usw1-root
-      - command: terraform deploy aws-config-usw2 -s core-usw2-identity
       - command: terraform deploy aws-config-usw2 -s core-usw2-root
-      - command: terraform deploy aws-config-aps1 -s core-aps1-identity
       - command: terraform deploy aws-config-aps1 -s core-aps1-root
-      - command: terraform deploy aws-config-apne3 -s core-apne3-identity
       - command: terraform deploy aws-config-apne3 -s core-apne3-root
-      - command: terraform deploy aws-config-apne2 -s core-apne2-identity
       - command: terraform deploy aws-config-apne2 -s core-apne2-root
-      - command: terraform deploy aws-config-apne1 -s core-apne1-identity
       - command: terraform deploy aws-config-apne1 -s core-apne1-root
-      - command: terraform deploy aws-config-apse1 -s core-apse1-identity
       - command: terraform deploy aws-config-apse1 -s core-apse1-root
-      - command: terraform deploy aws-config-apse2 -s core-apse2-identity
       - command: terraform deploy aws-config-apse2 -s core-apse2-root
-      - command: terraform deploy aws-config-cac1 -s core-cac1-identity
       - command: terraform deploy aws-config-cac1 -s core-cac1-root
-      - command: terraform deploy aws-config-euc1 -s core-euc1-identity
       - command: terraform deploy aws-config-euc1 -s core-euc1-root
-      - command: terraform deploy aws-config-euw1 -s core-euw1-identity
       - command: terraform deploy aws-config-euw1 -s core-euw1-root
-      - command: terraform deploy aws-config-euw2 -s core-euw2-identity
       - command: terraform deploy aws-config-euw2 -s core-euw2-root
-      - command: terraform deploy aws-config-euw3 -s core-euw3-identity
       - command: terraform deploy aws-config-euw3 -s core-euw3-root
-      - command: terraform deploy aws-config-eun1 -s core-eun1-identity
       - command: terraform deploy aws-config-eun1 -s core-eun1-root
-      - command: terraform deploy aws-config-sae1 -s core-sae1-identity
       - command: terraform deploy aws-config-sae1 -s core-sae1-root
 
   deploy/security-hub/step1: