CCM-8478 expanding example/starter

aidenvaines-cgi · aidenvaines-cgi · commit 031610009f6b · 2025-01-30T15:05:37.000Z
diff --git a/infrastructure/terraform/components/acct/iam_policy_github_deploy_overload.tf b/infrastructure/terraform/components/acct/iam_policy_github_deploy_overload.tf
@@ -0,0 +1,22 @@
+resource "aws_iam_policy" "github_deploy_overload" {
+  name        = "${local.csi}-github-deploy-overload"
+  description = "Overloads the github permission to perform build actions for services in this account"
+  policy      = data.aws_iam_policy_document.github_deploy.json
+}
+
+resource "aws_iam_role_policy_attachment" "github_deploy_overload" {
+  role       = local.bootstrap.iam_github_deploy_role["name"]
+  policy_arn = aws_iam_policy.github_deploy_overload.arn
+}
+
+#tfsec:ignore:aws-iam-no-policy-wildcards Policy voilation expected for CI user role
+data "aws_iam_policy_document" "github_deploy" {
+  statement {
+    effect = "Allow"
+
+    actions = [
+      "grafana:*",
+    ]
+    resources = ["*"]
+  }
+}
diff --git a/infrastructure/terraform/components/acct/locals_remote_state.tf b/infrastructure/terraform/components/acct/locals_remote_state.tf
@@ -0,0 +1,21 @@
+locals {
+  bootstrap = data.terraform_remote_state.bootstrap.outputs
+}
+
+data "terraform_remote_state" "bootstrap" {
+  backend = "s3"
+
+  config = {
+    bucket = local.terraform_state_bucket
+
+    key = format(
+      "%s/%s/%s/%s/bootstrap.tfstate",
+      var.project,
+      var.aws_account_id,
+      "eu-west-2",
+      "bootstrap"
+    )
+
+    region = "eu-west-2"
+  }
+}
diff --git a/infrastructure/terraform/components/examplecomponent/locals_remote_state.tf b/infrastructure/terraform/components/examplecomponent/locals_remote_state.tf
@@ -0,0 +1,40 @@
+locals {
+  bootstrap = data.terraform_remote_state.bootstrap.outputs
+  acct      = data.terraform_remote_state.acct.outputs
+}
+
+data "terraform_remote_state" "bootstrap" {
+  backend = "s3"
+
+  config = {
+    bucket = local.terraform_state_bucket
+
+    key = format(
+      "%s/%s/%s/%s/bootstrap.tfstate",
+      var.project,
+      var.aws_account_id,
+      "eu-west-2",
+      "bootstrap"
+    )
+
+    region = "eu-west-2"
+  }
+}
+
+data "terraform_remote_state" "acct" {
+  backend = "s3"
+
+  config = {
+    bucket = local.terraform_state_bucket
+
+    key = format(
+      "%s/%s/%s/%s/acct.tfstate",
+      var.project,
+      var.aws_account_id,
+      "eu-west-2",
+      var.parent_acct_environment
+    )
+
+    region = "eu-west-2"
+  }
+}
diff --git a/infrastructure/terraform/components/examplecomponent/locals_tfscaffold.tf b/infrastructure/terraform/components/examplecomponent/locals_tfscaffold.tf
@@ -0,0 +1,44 @@
+locals {
+  terraform_state_bucket = format(
+    "%s-tfscaffold-%s-%s",
+    var.project,
+    var.aws_account_id,
+    var.region,
+  )
+
+  csi = replace(
+    format(
+      "%s-%s-%s",
+      var.project,
+      var.environment,
+      var.component,
+    ),
+    "_",
+    "",
+  )
+
+  # CSI for use in resources with a global namespace, i.e. S3 Buckets
+  csi_global = replace(
+    format(
+      "%s-%s-%s-%s-%s",
+      var.project,
+      var.aws_account_id,
+      var.region,
+      var.environment,
+      var.component,
+    ),
+    "_",
+    "",
+  )
+
+  default_tags = merge(
+    var.default_tags,
+    {
+      Project     = var.project
+      Environment = var.environment
+      Component   = var.component
+      Group       = var.group
+      Name        = local.csi
+    },
+  )
+}
diff --git a/infrastructure/terraform/components/examplecomponent/variables.tf b/infrastructure/terraform/components/examplecomponent/variables.tf
@@ -1 +1,58 @@
-# Define the variables that will be initialised in etc/{env,versions}_<region>_<environment>.tfvars...
+##
+# Basic Required Variables for tfscaffold Components
+##
+
+variable "project" {
+  type        = string
+  description = "The name of the tfscaffold project"
+}
+
+variable "environment" {
+  type        = string
+  description = "The name of the tfscaffold environment"
+}
+
+variable "aws_account_id" {
+  type        = string
+  description = "The AWS Account ID (numeric)"
+}
+
+variable "region" {
+  type        = string
+  description = "The AWS Region"
+}
+
+variable "group" {
+  type        = string
+  description = "The group variables are being inherited from (often synonmous with account short-name)"
+}
+
+##
+# tfscaffold variables specific to this component
+##
+
+# This is the only primary variable to have its value defined as
+# a default within its declaration in this file, because the variables
+# purpose is as an identifier unique to this component, rather
+# then to the environment from where all other variables come.
+variable "component" {
+  type        = string
+  description = "The variable encapsulating the name of this component"
+  default     = "examplecomponent"
+}
+
+variable "default_tags" {
+  type        = map(string)
+  description = "A map of default tags to apply to all taggable resources within the component"
+  default     = {}
+}
+
+##
+# Variables specific to the component
+##
+
+variable "log_retention_in_days" {
+  type        = number
+  description = "The retention period in days for the Cloudwatch Logs events to be retained, default of 0 is indefinite"
+  default     = 0
+}
