Skip to content

Commit

Permalink
Initial version 0.0.1 (#29)
Browse files Browse the repository at this point in the history
Terraform Cloud Agent on Amazon ECS cluster
* Feature : bring your own ECS cluster
* Feature : single execution mode
* Feature : Fargate Spot
  • Loading branch information
wellsiau-aws authored Jun 7, 2024
1 parent 24e3539 commit a7117f3
Show file tree
Hide file tree
Showing 31 changed files with 547 additions and 100 deletions.
8 changes: 3 additions & 5 deletions .config/.checkov.yml
Original file line number Diff line number Diff line change
@@ -1,15 +1,13 @@
download-external-modules: False
evaluate-variables: true
file:
- 'tf.json'
directory:
- ./
framework:
- terraform_plan
- terraform
skip-check:
- CKV2_GCP*
- CKV_AZURE*
- CKV2_AZURE*
repo-root-for-plan-enrichment:
- '.'
summary-position: bottom
output: 'cli'
compact: True
Expand Down
2 changes: 1 addition & 1 deletion .config/functional_tests/post-entrypoint-helpers.sh
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#!/bin/bash
## NOTE: this script runs at the end of functional test
## Use this to load any configurations after the functional test
## Use this to load any configurations after the functional test
## TIPS: avoid modifying the .project_automation/functional_test/entrypoint.sh
## migrate any customization you did on entrypoint.sh to this helper script
echo "Executing Post-Entrypoint Helpers"
18 changes: 16 additions & 2 deletions .config/functional_tests/pre-entrypoint-helpers.sh
Original file line number Diff line number Diff line change
@@ -1,6 +1,20 @@
#!/bin/bash
## NOTE: this script runs at the start of functional test
## use this to load any configuration before the functional test
## use this to load any configuration before the functional test
## TIPS: avoid modifying the .project_automation/functional_test/entrypoint.sh
## migrate any customization you did on entrypoint.sh to this helper script
echo "Executing Pre-Entrypoint Helpers"
echo "Executing Pre-Entrypoint Helpers"

#********** TFC Env Vars *************
echo "Load env vars"
export AWS_DEFAULT_REGION=us-west-2
export TFE_TOKEN=`aws secretsmanager get-secret-value --secret-id abp/hcp/token | jq -r ".SecretString"`

#********** Get tfvars from SSM *************
echo "Get *.tfvars from SSM parameter"
aws ssm get-parameter \
--name "/abp/hcp/functional/terraform_test.tfvars" \
--with-decryption \
--query "Parameter.Value" \
--output "text" \
--region "us-west-2" > ./tests/terraform.auto.tfvars
2 changes: 1 addition & 1 deletion .config/static_tests/post-entrypoint-helpers.sh
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#!/bin/bash
## NOTE: this script runs at the end of static test
## Use this to load any configurations after the static test
## Use this to load any configurations after the static test
## TIPS: avoid modifying the .project_automation/static_test/entrypoint.sh
## migrate any customization you did on entrypoint.sh to this helper script
echo "Executing Post-Entrypoint Helpers"
2 changes: 1 addition & 1 deletion .config/static_tests/pre-entrypoint-helpers.sh
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#!/bin/bash
## NOTE: this script runs at the start of static test
## use this to load any configuration before the static test
## use this to load any configuration before the static test
## TIPS: avoid modifying the .project_automation/static_test/entrypoint.sh
## migrate any customization you did on entrypoint.sh to this helper script
echo "Executing Pre-Entrypoint Helpers"
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ plan.out.json

# Local .terraform directories
**/.terraform/*
**/.terraform

# .tfstate files
*.tfstate
Expand Down
21 changes: 17 additions & 4 deletions .header.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,20 @@
# Terraform Module Project
# Terraform Cloud Agent on Amazon ECS

:no_entry_sign: Do not edit this readme.md file. To learn how to change this content and work with this repository, refer to CONTRIBUTING.md
This solution creates self-hosted HashiCorp Cloud Platform (HCP) Terraform agent on Amazon ECS cluster. HCP Terraform allows you to manage isolated, private, or on-premises infrastructure using self-hosted HCP Terraform agents. The agent polls HCP Terraform or HCP Terraform Enterprise for any changes to your configuration and executes the changes locally, so you do not need to allow public ingress traffic to your resources. Agents allow you to control infrastructure in private environments without modifying your network perimeter.

## Readme Content
## Architecture

This file will contain any instructional information about this module.
![Terraform Cloud Agent on Amazon ECS architecture](/assets/architecture.png)

## Prerequisites

To use this module you need to have the following:

1. [HashiCorp Cloud Platform (HCP) Terraform](https://www.hashicorp.com/products/terraform) subscription
2. Terraform API token with permission to create Terraform agent pool
3. AWS account and credentials to provision resources as mentioned below.
4. VPC with private subnets

## Getting Started

Please refer to the [examples](./examples/basic) on how to get started.
20 changes: 12 additions & 8 deletions .project_automation/functional_tests/entrypoint.sh
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
#!/bin/bash

## WARNING: DO NOT modify the content of entrypoint.sh
# Use ./config/functional_tests/pre-entrypoint-helpers.sh or ./config/functional_tests/post-entrypoint-helpers.sh
# Use ./config/functional_tests/pre-entrypoint-helpers.sh or ./config/functional_tests/post-entrypoint-helpers.sh
# to load any customizations or additional configurations

## NOTE: paths may differ when running in a managed task. To ensure behavior is consistent between
Expand All @@ -22,7 +22,7 @@ pre_entrypoint() {
post_entrypoint() {
if [ -f ${PROJECT_PATH}/.config/functional_tests/post-entrypoint-helpers.sh ]; then
echo "Post-entrypoint helper found"
source ${PROJECT_PATH}/.config/functional_tests/post-entrypoint-helpers.sh
source ${PROJECT_PATH}/.config/functional_tests/post-entrypoint-helpers.sh
echo "Post-entrypoint helper loaded"
else
echo "Post-entrypoint helper not found - skipped"
Expand All @@ -32,12 +32,16 @@ post_entrypoint() {
#********** Pre-entrypoint helper *************
pre_entrypoint

#********** Checkov Analysis *************
echo "Running Checkov Analysis"
terraform init
terraform plan -out tf.plan
terraform show -json tf.plan > tf.json
checkov --config-file ${PROJECT_PATH}/.config/checkov.yml
#********** Functional Test *************
/bin/bash ${PROJECT_PATH}/.project_automation/functional_tests/functional_tests.sh
if [ $? -eq 0 ]
then
echo "Functional test completed"
EXIT_CODE=0
else
echo "Functional test failed"
EXIT_CODE=1
fi

#********** Post-entrypoint helper *************
post_entrypoint
Expand Down
2 changes: 1 addition & 1 deletion .project_automation/functional_tests/functional_tests.sh
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ if test -f ${MANDATORY_TEST_PATH}; then
else
echo "File ${MANDATORY_TEST_PATH} not found. You must include at least one test run in file ${MANDATORY_TEST_PATH}"
(exit 1)
fi
fi

if [ $? -eq 0 ]; then
echo "Terraform Test Successfull"
Expand Down
4 changes: 2 additions & 2 deletions .project_automation/static_tests/entrypoint.sh
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
#!/bin/bash

## WARNING: DO NOT modify the content of entrypoint.sh
# Use ./config/static_tests/pre-entrypoint-helpers.sh or ./config/static_tests/post-entrypoint-helpers.sh
# Use ./config/static_tests/pre-entrypoint-helpers.sh or ./config/static_tests/post-entrypoint-helpers.sh
# to load any customizations or additional configurations

## NOTE: paths may differ when running in a managed task. To ensure behavior is consistent between
Expand All @@ -22,7 +22,7 @@ pre_entrypoint() {
post_entrypoint() {
if [ -f ${PROJECT_PATH}/.config/static_tests/post-entrypoint-helpers.sh ]; then
echo "Post-entrypoint helper found"
source ${PROJECT_PATH}/.config/static_tests/post-entrypoint-helpers.sh
source ${PROJECT_PATH}/.config/static_tests/post-entrypoint-helpers.sh
echo "Post-entrypoint helper loaded"
else
echo "Post-entrypoint helper not found - skipped"
Expand Down
5 changes: 4 additions & 1 deletion CODEOWNERS
Original file line number Diff line number Diff line change
@@ -1 +1,4 @@
* @aws-ia/aws-ia
gautam.baghel@hashicorp.com
dan.barr@hashicorp.com
manuchn@amazon.com
wellsiau@amazon.com
8 changes: 4 additions & 4 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ For best practices and information on developing with Terraform, see the [I&A Mo

## Contributing Code

In order to contibute code to this repository, you must submit a *[Pull Request](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request)*. To do so, you must *[fork](https://docs.github.com/en/get-started/quickstart/fork-a-repo)* this repostiory, make your changes in your forked version and submit a *Pull Request*.
In order to contribute code to this repository, you must submit a *[Pull Request](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request)*. To do so, you must *[fork](https://docs.github.com/en/get-started/quickstart/fork-a-repo)* this repository, make your changes in your forked version and submit a *Pull Request*.

## Writing Documentation

Expand All @@ -20,7 +20,7 @@ README.md is automatically generated by pulling in content from other files. For

Pull Requests (PRs) submitted against this repository undergo a series of static and functional checks.

> :exclamation: Note: Failures during funtional or static checks will prevent a pull request from being accepted.
> :exclamation: Note: Failures during functional or static checks will prevent a pull request from being accepted.
It is a best practice to perform these checks locally prior to submitting a pull request.

Expand All @@ -32,15 +32,15 @@ It is a best practice to perform these checks locally prior to submitting a pull
- Checkov
- Terratest

> :bangbang: The readme.md file will be created after all checks have completed successfuly, it is recommended that you install terraform-docs locally in order to preview your readme.md file prior to publication.
> :bangbang: The README.md file will be created after all checks have completed successfully, it is recommended that you install terraform-docs locally in order to preview your readme.md file prior to publication.
## Install the required tools

Prerequisites:

- [Python](https://docs.python.org/3/using/index.html)
- [Pip](https://pip.pypa.io/en/stable/installation/)
- [golang](https://go.dev/doc/install) (for macos you can use `brew`)
- [golang](https://go.dev/doc/install) (for macOS you can use `brew`)
- [tflint](https://github.com/terraform-linters/tflint)
- [tfsec](https://aquasecurity.github.io/tfsec/v1.0.11/)
- [Markdown Lint](https://github.com/markdownlint/markdownlint)
Expand Down
Loading

0 comments on commit a7117f3

Please sign in to comment.