-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
131 lines (108 loc) · 2.78 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
terraform {
required_version = ">= 1.4.6"
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.66.1"
}
doppler = {
source = "DopplerHQ/doppler"
version = "~> 1.2.2"
}
google = {
source = "hashicorp/google"
version = "~> 4.64.0"
}
}
cloud {
organization = "wafflehacks"
workspaces {
name = "wafflehacks"
}
}
}
provider "aws" {
region = var.aws.region
default_tags {
tags = {
ManagedBy = "terraform"
}
}
}
provider "aws" {
alias = "us_east_1"
region = "us-east-1"
default_tags {
tags = {
ManagedBy = "terraform"
}
}
}
provider "doppler" {
doppler_token = var.doppler_token
}
provider "google" {
project = var.google.project
region = var.google.region
}
# Handle configuring the organization accounts
module "organization" {
source = "./modules/organization"
}
# Creates an federated identity provider for GitHub Actions using OpenID Connect
# Handles both Google and AWS
module "github_actions" {
source = "./modules/github-actions"
}
module "application_portal" {
source = "./modules/application-portal"
providers = {
aws.us_east_1 = aws.us_east_1
}
github_actions_provider = module.github_actions.google
}
resource "google_artifact_registry_repository" "internal" {
repository_id = "internal"
description = "Internal APIs and services for other WaffleHacks applications"
format = "DOCKER"
mode = "STANDARD_REPOSITORY"
}
resource "google_artifact_registry_repository_iam_binding" "internal_all_users" {
project = google_artifact_registry_repository.internal.project
location = google_artifact_registry_repository.internal.location
repository = google_artifact_registry_repository.internal.name
role = "roles/artifactregistry.reader"
members = ["allUsers"]
}
module "mailer" {
source = "./modules/mailer"
providers = {
aws.us_east_1 = aws.us_east_1
}
github_actions_provider = module.github_actions.google
}
module "wafflebot" {
source = "./modules/wafflebot"
providers = {
aws.us_east_1 = aws.us_east_1
}
github_actions_provider = module.github_actions.google
}
module "nats" {
source = "./modules/nats"
providers = {
aws.us_east_1 = aws.us_east_1
}
github_actions_provider = module.github_actions.google
}
resource "google_artifact_registry_repository_iam_binding" "interanl_service_accounts" {
project = google_artifact_registry_repository.internal.project
location = google_artifact_registry_repository.internal.location
repository = google_artifact_registry_repository.internal.name
role = "roles/artifactregistry.writer"
members = [
module.nats.service_account_member,
module.wafflebot.service_account_member,
module.mailer.service_account_member,
]
}