Merge pull request #1 from rhythmictech/init

init

Author: smiller171

Diff for: .gitignore

@@ -7,6 +7,7 @@
 
 # .tfvars files
 *.tfvars
+!example/**/*.tfvars
 
 # pem files
 *.pem

Diff for: cloudformation.yml.tpl

@@ -0,0 +1,87 @@
+Resources:
+  distConfig:
+    Type: AWS::ImageBuilder::DistributionConfiguration
+    Properties:
+      Name: ${name} - Distribution Config
+      %{~ if description != null ~}
+      Description: ${description}
+      %{~ endif ~}
+      Distributions:
+        %{~ for region in regions ~}
+        - AmiDistributionConfiguration:
+            Name: '${name} - AmiCopyConfiguration - {{ imagebuilder:buildDate }}'
+            %{~ if description != null ~}
+            Description: ${description}
+            %{~ endif ~}
+            AmiTags:
+              ${ indent(14, chomp(yamlencode(tags))) }
+            %{~ if shared_account_ids != null ~}
+            LaunchPermissionConfiguration:
+              UserIds:
+                ${ indent(14, chomp(yamlencode(shared_account_ids))) }
+            %{~ endif ~}
+          %{~ if license_config_arns != null ~}
+          LicenseConfigurationArns:
+            ${ indent(12, chomp(yamlencode(license_config_arns)))}
+          %{~ endif ~}
+          Region: ${region}
+        %{~ endfor ~}
+      Tags:
+        ${ indent(8, chomp(yamlencode(tags))) }
+  infraConfig:
+    Type: AWS::ImageBuilder::InfrastructureConfiguration
+    Properties: 
+      Name: ${name}-infrastructure-configuration
+      %{~ if description != null ~}
+      Description: ${description}
+      %{~ endif ~}
+      InstanceProfileName: ${instance_profile}
+      %{~ if instance_types != null ~}
+      InstanceTypes:
+        ${ indent(8, chomp(yamlencode(instance_types))) }
+      %{~ endif ~}
+      %{~ if key_pair != null ~}
+      KeyPair: ${key_pair}
+      %{~ endif ~}
+      %{~ if log_bucket != null ~}
+      Logging:
+        S3Logs:
+          S3BucketName: ${log_bucket}
+          %{~ if log_prefix != null ~}
+          S3KeyPrefix: ${log_prefix}
+          %{~ endif ~}
+      %{~ endif ~}
+      %{~ if security_group_ids != null ~}
+      SecurityGroupIds:
+        ${ indent(8, chomp(yamlencode(security_group_ids))) }
+      %{~ endif ~}
+      %{~ if sns_topic_arn != null ~}
+      SnsTopicArn: ${sns_topic_arn}
+      %{~ endif ~}
+      %{~ if subnet != null ~}
+      SubnetId: ${subnet}
+      %{~ endif ~}
+      Tags:
+        ${ indent(8, chomp(yamlencode(tags))) }
+      TerminateInstanceOnFailure: ${terminate_on_failure}
+  imageBuildPipeline:
+    Type: AWS::ImageBuilder::ImagePipeline
+    Properties:
+      Name: ${name}
+      %{~ if description != null ~}
+      Description: ${description}
+      %{~ endif ~}
+      DistributionConfigurationArn: !Ref "distConfig"
+      ImageRecipeArn: ${recipe_arn}
+      ImageTestsConfiguration:
+        ${ indent(8, chomp(yamlencode(test_config))) }
+      InfrastructureConfigurationArn: !Ref "infraConfig"
+      Schedule:
+        ${ indent(8, chomp(yamlencode(schedule))) }
+      Status: ${status}
+      Tags:
+        ${ indent(8, chomp(yamlencode(tags))) }
+Outputs:
+  PipelineArn:
+    Description: ARN of the created component
+    Value: !Ref "imageBuildPipeline"

Diff for: example/basic/common.tf

@@ -0,0 +1,23 @@
+##################################################
+# Provider/Backend/Workspace Check
+##################################################
+provider "aws" {
+  region = var.region
+}
+
+terraform {
+  required_version = ">= 0.12.25"
+  required_providers {
+    aws = "~> 2.61.0"
+  }
+}
+
+variable "owner" {
+  description = "Team/person responsible for resources defined within this project"
+  type        = string
+}
+
+variable "region" {
+  description = "Region resources are being deployed to"
+  type        = string
+}

Diff for: example/basic/global.auto.tfvars

@@ -0,0 +1,5 @@
+
+# Project defaults
+region = "us-east-1"
+owner  = "test"
+

Diff for: example/basic/main.tf

@@ -0,0 +1,60 @@
+data "aws_caller_identity" "current" {
+}
+
+locals {
+  account_id = data.aws_caller_identity.current.account_id
+  tags       = module.tags.tags_no_name
+}
+
+module "tags" {
+  source = "git::https://github.com/rhythmictech/terraform-terraform-tags.git?ref=v1.0.0"
+
+  names = [
+    "smiller",
+    "imagebuilder-test"
+  ]
+
+  tags = merge({
+    "Env"       = "test"
+    "Namespace" = "smiller"
+    "notes"     = "Testing only - Can be safely deleted"
+    "Owner"     = var.owner
+  }, var.additional_tags)
+}
+
+module "test_component" {
+  source = "git::https://github.com/rhythmictech/terraform-aws-imagebuilder-component-ansible.git?ref=v0.1.0"
+
+  component_version = "1.0.0"
+  description       = "Testing component"
+  name              = "testing-component"
+  playbook_dir      = "packer-generic-images/base"
+  playbook_repo     = "https://github.com/rhythmictech/packer-generic-images.git"
+  tags              = local.tags
+}
+
+module "test_recipe" {
+  source = "git::https://github.com/rhythmictech/terraform-aws-imagebuilder-recipe.git?ref=v0.1.0"
+
+  description    = "Testing recipe"
+  name           = "test-recipe"
+  parent_image   = "arn:aws:imagebuilder:us-east-1:aws:image/amazon-linux-2-x86/x.x.x"
+  recipe_version = "1.0.0"
+  tags           = local.tags
+  update         = true
+
+  component_arns = [
+    module.test_component.component_arn,
+    "arn:aws:imagebuilder:us-east-1:aws:component/simple-boot-test-linux/1.0.0/1",
+    "arn:aws:imagebuilder:us-east-1:aws:component/reboot-test-linux/1.0.0/1"
+  ]
+}
+
+module "test_pipeline" {
+  source = "../../"
+
+  description = "Testing pipeline"
+  name        = "test-pipeline"
+  tags        = local.tags
+  recipe_arn  = module.test_recipe.recipe_arn
+}

Diff for: example/basic/variables.tf

@@ -0,0 +1,8 @@
+########################################
+# General Vars
+########################################
+variable "additional_tags" {
+  default     = {}
+  description = "Additional tags to add to supported resources"
+  type        = map(string)
+}

Diff for: main.tf

@@ -0,0 +1,112 @@
+locals {
+  log_prefix_computed = (
+    var.log_prefix != null
+    ? replace("/${var.log_prefix}/*", "//{2,}/", "/")
+    : "/*"
+  )
+}
+
+data "aws_iam_policy_document" "log_write" {
+  count = var.log_bucket != null ? 1 : 0
+
+  statement {
+    actions   = ["s3:PutObject"]
+    resources = ["arn:aws:s3:::${var.log_bucket}${local.log_prefix_computed}"]
+  }
+}
+
+resource "aws_iam_policy" "log_write" {
+  count = var.log_bucket != null ? 1 : 0
+
+  description = "IAM policy granting write access to the logging bucket for ${var.name}"
+  name_prefix = "${var.name}-logging-policy-"
+  policy      = data.aws_iam_policy_document.log_write[count.index].json
+}
+
+locals {
+  core_iam_policies = [
+    "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",
+    "arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilder"
+  ]
+  iam_policies = concat(
+    local.core_iam_policies,
+    aws_iam_policy.log_write[*].arn,
+    var.additional_iam_policy_arns
+  )
+}
+
+data "aws_iam_policy_document" "assume" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["ec2.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_role" "this" {
+  assume_role_policy = data.aws_iam_policy_document.assume.json
+  name_prefix        = "${var.name}-imagebuilder-role-"
+
+  tags = merge(
+    var.tags,
+    {
+      Name : "${var.name}-imagebuilder-role"
+    }
+  )
+}
+
+resource "aws_iam_role_policy_attachment" "this" {
+  count = (
+    var.log_bucket == null
+    ? length(local.core_iam_policies) + length(var.additional_iam_policy_arns)
+    : length(local.core_iam_policies) + length(var.additional_iam_policy_arns) + 1
+  )
+
+  policy_arn = local.iam_policies[count.index]
+  role       = aws_iam_role.this.name
+}
+
+resource "aws_iam_instance_profile" "this" {
+  name_prefix = "${var.name}-imagebuilder-instance-profile-"
+  role        = aws_iam_role.this.name
+}
+
+resource "aws_cloudformation_stack" "this" {
+  name               = var.name
+  on_failure         = "ROLLBACK"
+  timeout_in_minutes = var.cloudformation_timeout
+
+  tags = merge(
+    var.tags,
+    { Name : "${var.name}-stack" }
+  )
+
+  template_body = templatefile("${path.module}/cloudformation.yml.tpl", {
+    description          = var.description
+    instance_profile     = aws_iam_instance_profile.this.name
+    instance_types       = var.instance_types
+    key_pair             = var.key_pair
+    license_config_arns  = var.license_config_arns
+    log_bucket           = var.log_bucket
+    log_prefix           = var.log_prefix
+    name                 = var.name
+    recipe_arn           = var.recipe_arn
+    regions              = var.regions
+    schedule             = var.schedule
+    security_group_ids   = var.security_group_ids
+    shared_account_ids   = var.shared_account_ids
+    sns_topic_arn        = var.sns_topic_arn
+    status               = var.enabled ? "ENABLED" : "DISABLED"
+    subnet               = var.subnet
+    terminate_on_failure = var.terminate_on_failure
+    test_config          = var.test_config
+
+    tags = merge(
+      var.tags,
+      { Name : var.name }
+    )
+  })
+}

Diff for: outputs.tf

@@ -0,0 +1,3 @@
+output "pipeline_arn" {
+  value = aws_cloudformation_stack.this.outputs["PipelineArn"]
+}