kpeder · kpeder · Apr 15, 2024 · Apr 11, 2024 · Apr 11, 2024
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,6 @@
+# .terragrunt-cache directories
+**/.terragrunt-cache/*
+
 # .terraform directories
 **/.terraform/*
 

diff --git a/aws/aws_gitlab_terragrunt.hcl b/aws/aws_gitlab_terragrunt.hcl
@@ -28,7 +28,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "${format("~> %s", local.versions.aws_provider_version)}"
+      version = "${format("~> %s.0", local.versions.aws_provider_version)}"
     }
   }
 }

diff --git a/aws/gitlab/env.yaml b/aws/gitlab/env.yaml
@@ -7,8 +7,8 @@ labels:
   team: devops
 
 dependencies:
-  demo_vpc_dependency_path: "reg-primary/vpcs/custom"
-  demo_vpc_mock_outputs:
+  custom_vpc_dependency_path: "reg-primary/vpcs/custom"
+  custom_vpc_mock_outputs:
     azs:
       - "us-east-2a"
       - "us-east-2b"
@@ -44,3 +44,14 @@ dependencies:
     vpc_enable_dns_support: true
     vpc_id: "vpc-0d8148e657a7787f1"
     vpc_main_route_table_id: "rtb-0ade48517f021bfde"
+
+  gitlab_keypair_dependency_path: "reg-primary/keypairs/gitlab"
+  gitlab_keypair_mock_outputs:
+    key_pair_id: "key-0576e69c4b8faacc2"
+    key_pair_name: "kped-demo-gitlab"
+
+  gitlab_sg_dependency_path: "reg-primary/sgs/gitlab"
+  gitlab_sg_mock_outputs:
+    security_group_id: "sg-03d25a67"
+    security_group_name: "kped-demo-gitlab"
+    security_group_vpc_id: "vpc-0d8148e657a7787f1"
diff --git a/aws/gitlab/global/.gitkeep b/aws/gitlab/global/.gitkeep
diff --git a/aws/gitlab/reg-primary/instances/gitlab/inputs.yaml b/aws/gitlab/reg-primary/instances/gitlab/inputs.yaml
@@ -0,0 +1,6 @@
+---
+ami: "ami-0b8b44ec9a8f90422"
+labels: {}
+monitoring: false
+name: "gitlab"
+type: "c7i.large"
diff --git a/aws/gitlab/reg-primary/instances/gitlab/remotestate.tf b/aws/gitlab/reg-primary/instances/gitlab/remotestate.tf
@@ -0,0 +1,4 @@
+terraform {
+  # Intentionally unconfigured. Managed by Terragrunt.
+  backend "s3" {}
+}
diff --git a/aws/gitlab/reg-primary/instances/gitlab/terragrunt.hcl b/aws/gitlab/reg-primary/instances/gitlab/terragrunt.hcl
@@ -0,0 +1,55 @@
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders("aws_gitlab_terragrunt.hcl")
+}
+
+# Resources should not be destroyed without careful consideration of effects
+prevent_destroy = false
+
+locals {
+  env      = yamldecode(file(find_in_parent_folders("env.yaml")))
+  inputs   = yamldecode(file("inputs.yaml"))
+  platform = fileexists(find_in_parent_folders("local.aws.yaml")) ? yamldecode(file(find_in_parent_folders("local.aws.yaml"))) : yamldecode(file(find_in_parent_folders("aws.yaml")))
+  region   = yamldecode(file(find_in_parent_folders("region.yaml")))
+  versions = yamldecode(file(find_in_parent_folders("versions.yaml")))
+}
+
+dependency "custom_vpc" {
+  config_path  = find_in_parent_folders(local.env.dependencies.custom_vpc_dependency_path)
+  mock_outputs = local.env.dependencies.custom_vpc_mock_outputs
+
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate"]
+}
+
+dependency "gitlab_keypair" {
+  config_path  = find_in_parent_folders(local.env.dependencies.gitlab_keypair_dependency_path)
+  mock_outputs = local.env.dependencies.gitlab_keypair_mock_outputs
+
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate"]
+}
+
+dependency "gitlab_sg" {
+  config_path  = find_in_parent_folders(local.env.dependencies.gitlab_sg_dependency_path)
+  mock_outputs = local.env.dependencies.gitlab_sg_mock_outputs
+
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate"]
+}
+
+terraform {
+  source = "git::[email protected]:terraform-aws-modules/terraform-aws-ec2-instance?ref=${local.versions.aws_module_ec2}"
+}
+
+inputs = {
+  ami                    = local.inputs.ami
+  name                   = format("%s-%s-%s", local.platform.prefix, local.env.environment, local.inputs.name)
+  zone                   = format("%s%s", local.region.location, local.region.zone_preference)
+  instance_type          = local.inputs.type
+  key_name               = dependency.gitlab_keypair.outputs.key_pair_name
+  monitoring             = local.inputs.monitoring
+  subnet_id              = dependency.custom_vpc.outputs.public_subnets[0]
+  tags                   = merge(local.env.labels, local.inputs.labels)
+  vpc_security_group_ids = tolist([dependency.gitlab_sg.outputs.security_group_id])
+}
diff --git a/aws/gitlab/reg-primary/keypairs/gitlab/inputs.yaml b/aws/gitlab/reg-primary/keypairs/gitlab/inputs.yaml
@@ -0,0 +1,5 @@
+---
+labels: {}
+name: "gitlab"
+pubkey_str: ""
+pubkey_file: "~/.ssh/id_rsa.pub"
diff --git a/aws/gitlab/reg-primary/keypairs/gitlab/remotestate.tf b/aws/gitlab/reg-primary/keypairs/gitlab/remotestate.tf
@@ -0,0 +1,4 @@
+terraform {
+  # Intentionally unconfigured. Managed by Terragrunt.
+  backend "s3" {}
+}
diff --git a/aws/gitlab/reg-primary/keypairs/gitlab/terragrunt.hcl b/aws/gitlab/reg-primary/keypairs/gitlab/terragrunt.hcl
@@ -0,0 +1,27 @@
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders("aws_gitlab_terragrunt.hcl")
+}
+
+# Resources should not be destroyed without careful consideration of effects
+prevent_destroy = false
+
+locals {
+  env      = yamldecode(file(find_in_parent_folders("env.yaml")))
+  inputs   = yamldecode(file("inputs.yaml"))
+  platform = fileexists(find_in_parent_folders("local.aws.yaml")) ? yamldecode(file(find_in_parent_folders("local.aws.yaml"))) : yamldecode(file(find_in_parent_folders("aws.yaml")))
+  versions = yamldecode(file(find_in_parent_folders("versions.yaml")))
+}
+
+terraform {
+  source = "git::[email protected]:terraform-aws-modules/terraform-aws-key-pair?ref=${local.versions.aws_module_keypair}"
+}
+
+inputs = {
+  key_name   = format("%s-%s-%s", local.platform.prefix, local.env.environment, local.inputs.name)
+  public_key = coalesce(local.inputs.pubkey_str, file(local.inputs.pubkey_file))
+  tags       = merge(local.env.labels, local.inputs.labels)
+}
diff --git a/aws/gitlab/reg-primary/sgs/gitlab/inputs.yaml b/aws/gitlab/reg-primary/sgs/gitlab/inputs.yaml
@@ -0,0 +1,9 @@
+---
+description: "Security group for network access to GitLab instance from the Internet"
+ingress_cidr_blocks:
+  - "0.0.0.0/0"
+ingress_rules:
+  - "https-8443-tcp"
+  - "ssh-tcp"
+labels: {}
+name: "gitlab"
diff --git a/aws/gitlab/reg-primary/sgs/gitlab/remotestate.tf b/aws/gitlab/reg-primary/sgs/gitlab/remotestate.tf
@@ -0,0 +1,4 @@
+terraform {
+  # Intentionally unconfigured. Managed by Terragrunt.
+  backend "s3" {}
+}
diff --git a/aws/gitlab/reg-primary/sgs/gitlab/terragrunt.hcl b/aws/gitlab/reg-primary/sgs/gitlab/terragrunt.hcl
@@ -0,0 +1,38 @@
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders("aws_gitlab_terragrunt.hcl")
+}
+
+# Resources should not be destroyed without careful consideration of effects
+prevent_destroy = false
+
+locals {
+  env      = yamldecode(file(find_in_parent_folders("env.yaml")))
+  inputs   = yamldecode(file("inputs.yaml"))
+  platform = fileexists(find_in_parent_folders("local.aws.yaml")) ? yamldecode(file(find_in_parent_folders("local.aws.yaml"))) : yamldecode(file(find_in_parent_folders("aws.yaml")))
+  region   = yamldecode(file(find_in_parent_folders("region.yaml")))
+  versions = yamldecode(file(find_in_parent_folders("versions.yaml")))
+}
+
+dependency "custom_vpc" {
+  config_path  = find_in_parent_folders(local.env.dependencies.custom_vpc_dependency_path)
+  mock_outputs = local.env.dependencies.custom_vpc_mock_outputs
+
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate"]
+}
+
+terraform {
+  source = "git::[email protected]:terraform-aws-modules/terraform-aws-security-group?ref=${local.versions.aws_module_sg}"
+}
+
+inputs = {
+  description         = local.inputs.description
+  ingress_cidr_blocks = local.inputs.ingress_cidr_blocks
+  ingress_rules       = local.inputs.ingress_rules
+  name                = format("%s-%s-%s", local.platform.prefix, local.env.environment, local.inputs.name)
+  tags                = merge(local.env.labels, local.inputs.labels)
+  vpc_id              = dependency.custom_vpc.outputs.vpc_id
+}
diff --git a/aws/gitlab/reg-primary/vpcs/custom/inputs.yaml b/aws/gitlab/reg-primary/vpcs/custom/inputs.yaml
@@ -5,6 +5,7 @@ dns:
   support: true
 internet:
   deploy_gateway: true
+labels: {}
 name: "custom"
 nat:
   deploy_gateways: true

diff --git a/aws/gitlab/reg-primary/vpcs/custom/terragrunt.hcl b/aws/gitlab/reg-primary/vpcs/custom/terragrunt.hcl
@@ -56,5 +56,5 @@ inputs = {
   enable_vpn_gateway            = local.inputs.vpn.deploy_gateway
   vpn_gateway_az                = format("%s%s", local.region.location, local.region.zone_preference)
 
-  tags                          = local.env.labels
+  tags                          = merge(local.env.labels, local.inputs.labels)
 }
diff --git a/aws/gitlab/scripts/configure.sh b/aws/gitlab/scripts/configure.sh
@@ -82,3 +82,6 @@ sed -i -e "s:ZONE:a:g" reg-primary/region.yaml
 sed -i -e "s:REGION:${SREGION}:g" reg-secondary/region.yaml
 sed -i -e "s:ZONE:a:g" reg-secondary/region.yaml
 sed -i -e "s:TEAM:${TEAM}:g" env.yaml
+
+aws configure set default.region ${PREGION}
+aws configure set default.output json
diff --git a/aws/gitlab/templates/env.tpl b/aws/gitlab/templates/env.tpl
@@ -7,8 +7,8 @@ labels:
   team: TEAM
 
 dependencies:
-  demo_vpc_dependency_path: "reg-primary/vpcs/custom"
-  demo_vpc_mock_outputs:
+  custom_vpc_dependency_path: "reg-primary/vpcs/custom"
+  custom_vpc_mock_outputs:
     azs:
       - "PREGIONa"
       - "PREGIONb"
@@ -44,3 +44,14 @@ dependencies:
     vpc_enable_dns_support: true
     vpc_id: "vpc-0d8148e657a7787f1"
     vpc_main_route_table_id: "rtb-0ade48517f021bfde"
+
+  gitlab_keypair_dependency_path: "reg-primary/keypairs/gitlab"
+  gitlab_keypair_mock_outputs:
+    key_pair_id: "key-0576e69c4b8faacc2"
+    key_pair_name: "PREFIX-ENVIRONMENT-gitlab"
+
+  gitlab_sg_dependency_path: "reg-primary/sgs/gitlab"
+  gitlab_sg_mock_outputs:
+    security_group_id: "sg-03d25a67"
+    security_group_name: "PREFIX-ENVIRONMENT-gitlab"
+    security_group_vpc_id: "vpc-0d8148e657a7787f1"