This simple child module comprises a limited number of data sources and outputs to facilitate standards adoption among resources that are largely managed by the CDAP team.
NOTE Ensure changes made to local.static_tags that are relevant to both this module and the platform module remain synchronized.
This module is suitable for CDAP-managed resources only
While this accommodates similar needs to that of the platform child module, it differs fundamentally in the following ways:
- This avoids potential circular dependencies where the CDAP-defined platform resources may be self-referential, e.g. the
platformmodule depends on the CDAP-managedsecurity-groupsmodule : thesecurity-groupsmodule should not depend on theplatformmodule. - The
platformmodule only supports the emerging greenfield environments. For terraservices likeapi-rdsthat maintain a consistent code base between both legacy and greenfield environments, theplatformmodule alone cannot provide the desired standards in these contexts. - Because we must continue to support the varied configuration among legacy environments, even if temporarily, this module cannot remain simple while making context-aware assumptions about the environments like the
platformmodule does.
As a result, this module makes few assumptions and is limited to providing modest helper resources such as default_tags, account_id, region_name, and the CMS Hybrid Cloud default ct-ado-poweruser-permissions-boundary-policy.
#Differentiating between `standards` and `platform` using `var.legacy`
module "standards" {
count = var.legacy ? 1 : 0
source = "../../modules/standards"
app = var.app
env = var.env
root_module = "https://github.com/CMSgov/cdap/tree/main/terraform/services/api-rds"
service = "api-rds"
}
module "platform" {
count = var.legacy ? 0 : 1
source = "git::https://github.com/CMSgov/cdap.git//terraform/modules/platform?ref=80d2d5e500bcf8a069386dee677404033af7782c"
app = var.app
env = var.env
root_module = "https://github.com/CMSgov/cdap/tree/main/terraform/services/api-rds"
service = "api-rds"
}
locals {
app = var.legacy ? module.standards[0].app : module.platform[0].app
env = var.legacy ? module.standards[0].env : module.platform[0].env
service = var.legacy ? module.standards[0].service : module.platform[0].service
}| Name | Version |
|---|---|
| aws | 6.14.1 |
| aws.secondary | 6.14.1 |
| Name | Version |
|---|---|
| aws | ~>6 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| app | The short name for the delivery team or ADO. | string |
n/a | yes |
| env | The solution's environment name. | string |
n/a | yes |
| root_module | The full URL to the terraform module root at issue for this infrastructure | string |
n/a | yes |
| service | Service or terraservice name. | string |
n/a | yes |
| additional_tags | Additional tags to merge into final default_tags output | map(string) |
{} |
no |
No modules.
| Name | Type |
|---|---|
| aws_caller_identity.this | data source |
| aws_iam_policy.permissions_boundary | data source |
| aws_region.secondary | data source |
| aws_region.this | data source |
| Name | Description |
|---|---|
| account_id | Deprecated. Use aws_caller_identity.account_id. The AWS account ID associated with the current caller identity |
| app | The short name for the delivery team or ADO. |
| aws_caller_identity | The current data.aws_caller_identity object. |
| default_permissions_boundary | Default permissions boundary aws_iam_policy data source |
| default_tags | Map of tags for use in AWS provider block default_tags. Merges collection of standard tags with optional, user-specificed additional_tags |
| env | The solution's application environment name. |
| is_ephemeral_env | Returns true when environment is _ephemeral_, false when _established_ |
| parent_env | The solution's source environment. For established environments this is equal to the environment's name |
| primary_region | The primary data.aws_region object from the current caller identity |
| secondary_region | The secondary data.aws_region object associated with the secondary region. |
| service | The name of the current service or terraservice. |