Initial version 0.0.1 (#29)

Terraform Cloud Agent on Amazon ECS cluster
* Feature : bring your own ECS cluster
* Feature : single execution mode
* Feature : Fargate Spot

Author: wellsiau-aws

.config/.checkov.yml

@@ -1,15 +1,13 @@
 download-external-modules: False
 evaluate-variables: true
-file:
-- 'tf.json'
+directory:
+- ./
 framework:
-- terraform_plan
+- terraform
 skip-check:
 - CKV2_GCP*
 - CKV_AZURE*
 - CKV2_AZURE*
-repo-root-for-plan-enrichment:
-- '.'
 summary-position: bottom
 output: 'cli'
 compact: True

.config/functional_tests/post-entrypoint-helpers.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 ## NOTE: this script runs at the end of functional test
-## Use this to load any configurations after the functional test 
+## Use this to load any configurations after the functional test
 ## TIPS: avoid modifying the .project_automation/functional_test/entrypoint.sh
 ## migrate any customization you did on entrypoint.sh to this helper script
 echo "Executing Post-Entrypoint Helpers"

.config/functional_tests/pre-entrypoint-helpers.sh

@@ -1,6 +1,20 @@
 #!/bin/bash
 ## NOTE: this script runs at the start of functional test
-## use this to load any configuration before the functional test 
+## use this to load any configuration before the functional test
 ## TIPS: avoid modifying the .project_automation/functional_test/entrypoint.sh
 ## migrate any customization you did on entrypoint.sh to this helper script
-echo "Executing Pre-Entrypoint Helpers"
+echo "Executing Pre-Entrypoint Helpers"
+
+#********** TFC Env Vars *************
+echo "Load env vars"
+export AWS_DEFAULT_REGION=us-west-2
+export TFE_TOKEN=`aws secretsmanager get-secret-value --secret-id abp/hcp/token | jq -r ".SecretString"`
+
+#********** Get tfvars from SSM *************
+echo "Get *.tfvars from SSM parameter"
+aws ssm get-parameter \
+  --name "/abp/hcp/functional/terraform_test.tfvars" \
+  --with-decryption \
+  --query "Parameter.Value" \
+  --output "text" \
+  --region "us-west-2" > ./tests/terraform.auto.tfvars

.config/static_tests/post-entrypoint-helpers.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 ## NOTE: this script runs at the end of static test
-## Use this to load any configurations after the static test 
+## Use this to load any configurations after the static test
 ## TIPS: avoid modifying the .project_automation/static_test/entrypoint.sh
 ## migrate any customization you did on entrypoint.sh to this helper script
 echo "Executing Post-Entrypoint Helpers"

.config/static_tests/pre-entrypoint-helpers.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 ## NOTE: this script runs at the start of static test
-## use this to load any configuration before the static test 
+## use this to load any configuration before the static test
 ## TIPS: avoid modifying the .project_automation/static_test/entrypoint.sh
 ## migrate any customization you did on entrypoint.sh to this helper script
 echo "Executing Pre-Entrypoint Helpers"

.gitignore

@@ -4,6 +4,7 @@ plan.out.json
 
 # Local .terraform directories
 **/.terraform/*
+**/.terraform
 
 # .tfstate files
 *.tfstate

.header.md

@@ -1,7 +1,20 @@
-# Terraform Module Project
+# Terraform Cloud Agent on Amazon ECS
 
-:no_entry_sign: Do not edit this readme.md file. To learn how to change this content and work with this repository, refer to CONTRIBUTING.md
+This solution creates self-hosted HashiCorp Cloud Platform (HCP) Terraform agent on Amazon ECS cluster. HCP Terraform allows you to manage isolated, private, or on-premises infrastructure using self-hosted HCP Terraform agents. The agent polls HCP Terraform or HCP Terraform Enterprise for any changes to your configuration and executes the changes locally, so you do not need to allow public ingress traffic to your resources. Agents allow you to control infrastructure in private environments without modifying your network perimeter.
 
-## Readme Content
+## Architecture
 
-This file will contain any instructional information about this module.
+![Terraform Cloud Agent on Amazon ECS architecture](/assets/architecture.png)
+
+## Prerequisites
+
+To use this module you need to have the following:
+
+1. [HashiCorp Cloud Platform (HCP) Terraform](https://www.hashicorp.com/products/terraform) subscription
+2. Terraform API token with permission to create Terraform agent pool
+3. AWS account and credentials to provision resources as mentioned below.
+4. VPC with private subnets
+
+## Getting Started
+
+Please refer to the [examples](./examples/basic) on how to get started.

.project_automation/functional_tests/entrypoint.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 ## WARNING: DO NOT modify the content of entrypoint.sh
-# Use ./config/functional_tests/pre-entrypoint-helpers.sh or ./config/functional_tests/post-entrypoint-helpers.sh 
+# Use ./config/functional_tests/pre-entrypoint-helpers.sh or ./config/functional_tests/post-entrypoint-helpers.sh
 # to load any customizations or additional configurations
 
 ## NOTE: paths may differ when running in a managed task. To ensure behavior is consistent between
@@ -22,7 +22,7 @@ pre_entrypoint() {
 post_entrypoint() {
     if [ -f ${PROJECT_PATH}/.config/functional_tests/post-entrypoint-helpers.sh ]; then
         echo "Post-entrypoint helper found"
-        source ${PROJECT_PATH}/.config/functional_tests/post-entrypoint-helpers.sh        
+        source ${PROJECT_PATH}/.config/functional_tests/post-entrypoint-helpers.sh
         echo "Post-entrypoint helper loaded"
     else
         echo "Post-entrypoint helper not found - skipped"
@@ -32,12 +32,16 @@ post_entrypoint() {
 #********** Pre-entrypoint helper *************
 pre_entrypoint
 
-#********** Checkov Analysis *************
-echo "Running Checkov Analysis"
-terraform init
-terraform plan -out tf.plan
-terraform show -json tf.plan  > tf.json
-checkov --config-file ${PROJECT_PATH}/.config/checkov.yml
+#********** Functional Test *************
+/bin/bash ${PROJECT_PATH}/.project_automation/functional_tests/functional_tests.sh
+if [ $? -eq 0 ]
+then
+    echo "Functional test completed"
+    EXIT_CODE=0
+else
+    echo "Functional test failed"
+    EXIT_CODE=1
+fi
 
 #********** Post-entrypoint helper *************
 post_entrypoint

.project_automation/functional_tests/functional_tests.sh

@@ -20,7 +20,7 @@ if test -f ${MANDATORY_TEST_PATH}; then
 else
     echo "File ${MANDATORY_TEST_PATH} not found. You must include at least one test run in file ${MANDATORY_TEST_PATH}"
     (exit 1)
-fi 
+fi
 
 if [ $? -eq 0 ]; then
     echo "Terraform Test Successfull"

.project_automation/static_tests/entrypoint.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 ## WARNING: DO NOT modify the content of entrypoint.sh
-# Use ./config/static_tests/pre-entrypoint-helpers.sh or ./config/static_tests/post-entrypoint-helpers.sh 
+# Use ./config/static_tests/pre-entrypoint-helpers.sh or ./config/static_tests/post-entrypoint-helpers.sh
 # to load any customizations or additional configurations
 
 ## NOTE: paths may differ when running in a managed task. To ensure behavior is consistent between
@@ -22,7 +22,7 @@ pre_entrypoint() {
 post_entrypoint() {
     if [ -f ${PROJECT_PATH}/.config/static_tests/post-entrypoint-helpers.sh ]; then
         echo "Post-entrypoint helper found"
-        source ${PROJECT_PATH}/.config/static_tests/post-entrypoint-helpers.sh        
+        source ${PROJECT_PATH}/.config/static_tests/post-entrypoint-helpers.sh
         echo "Post-entrypoint helper loaded"
     else
         echo "Post-entrypoint helper not found - skipped"