-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmain.tf
More file actions
71 lines (66 loc) · 4.28 KB
/
Copy pathmain.tf
File metadata and controls
71 lines (66 loc) · 4.28 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
variable "forms_runner_image_tag" {
type = string
description = "The image tag to deploy"
nullable = true
default = null
}
module "forms_people" {
source = "../../../modules/users"
}
data "aws_iam_role" "readonly_people_roles" {
# Readonly roles are made for each of the people in these lists
for_each = toset(concat(
module.forms_people.with_role["deploy_admin"],
module.forms_people.with_role["deploy_support"],
module.forms_people.with_role["deploy_readonly"]
))
name = "${each.value}-readonly"
}
locals {
allowed_submissions_to_s3_role_assumers = var.forms_runner_settings.allow_human_readonly_roles_to_assume_submissions_to_s3_role ? (
[for role in data.aws_iam_role.readonly_people_roles : role.arn]
) : (
[]
)
allowed_forms_runner_role_assumers = var.forms_runner_settings.allow_human_readonly_roles_to_assume_submissions_to_runner_role ? (
[for role in data.aws_iam_role.readonly_people_roles : role.arn]
) : (
[]
)
}
module "forms_runner" {
source = "../../../modules/forms-runner"
env_name = var.environment_name
environment_type = var.environment_type
root_domain = var.root_domain
image_tag = var.forms_runner_image_tag
cpu = var.forms_runner_settings.cpu
memory = var.forms_runner_settings.memory
min_capacity = var.forms_runner_settings.min_capacity
max_capacity = var.forms_runner_settings.max_capacity
api_base_url = "https://api.${var.root_domain}"
admin_base_url = "https://admin.${var.root_domain}"
enable_maintenance_mode = var.forms_runner_settings.enable_maintenance_mode
cloudwatch_metrics_enabled = var.forms_runner_settings.cloudwatch_metrics_enabled
analytics_enabled = var.forms_runner_settings.analytics_enabled
deploy_account_id = var.deploy_account_id
api_v2_enabled = var.forms_runner_settings.api_v2_enabled
ses_submission_email_from_email_address = var.forms_runner_settings.ses_submission_email_from_email_address
ses_submission_email_reply_to_email_address = var.forms_runner_settings.ses_submission_email_reply_to_email_address
ses_submission_configuration_set_name = data.terraform_remote_state.forms_ses.outputs.form_submissions_configuration_set_name
additional_submissions_to_s3_role_assumers = local.allowed_submissions_to_s3_role_assumers
additional_forms_runner_role_assumers = local.allowed_forms_runner_role_assumers
elasticache_port = data.terraform_remote_state.redis.outputs.elasticache_port
elasticache_primary_endpoint_address = data.terraform_remote_state.redis.outputs.elasticache_primary_endpoint_address
container_repository = "${var.container_registry}/forms-runner-deploy"
vpc_id = data.terraform_remote_state.forms_environment.outputs.vpc_id
vpc_cidr_block = data.terraform_remote_state.forms_environment.outputs.vpc_cidr_block
private_subnet_ids = data.terraform_remote_state.forms_environment.outputs.private_subnet_ids
ecs_cluster_arn = data.terraform_remote_state.forms_environment.outputs.ecs_cluster_arn
alb_arn_suffix = data.terraform_remote_state.forms_environment.outputs.alb_arn_suffix
alb_listener_arn = data.terraform_remote_state.forms_environment.outputs.alb_main_listener_arn
send_logs_to_cyber = var.send_logs_to_cyber
bounces_and_complaints_kms_key_arn = data.terraform_remote_state.forms_ses.outputs.submission_email_bounces_and_complaints_kms_key_arn
deliveries_kms_key_arn = data.terraform_remote_state.forms_ses.outputs.submission_email_successful_deliveries_kms_key_arn
ses_submissions_enabled = var.forms_runner_settings.ses_submissions_enabled
}