initial commit

aws-samples · Apr 26, 2024 · 0621010 · 0621010
1 parent 29dd9ce
commit 0621010
Show file tree

Hide file tree

Showing 8 changed files with 70 additions and 1 deletion.
diff --git a/bin/deploy.sh b/bin/deploy.sh
@@ -4,7 +4,7 @@ help()
 {
   echo "Deploy AWS resource using Terraform and Terragrunt"
   echo
-  echo "Syntax: deploy.sh [-a|-b|c|d|i|r|t]"
+  echo "Syntax: deploy.sh [-a|b|c|d|i|r|t]"
   echo "Options:"
   echo "a     Specify AWS application ARN (e.g. arn:aws:resource-groups:us-east-1:123456789012:group/SPF/abcd1234)"
   echo "b     Specify Terraform backend config (e.g. {\"us-east-1\"=\"spf-backend-us-east-1\"})"

diff --git a/iac/cicd/codebuild_project/default.tfvars b/iac/cicd/codebuild_project/default.tfvars
@@ -0,0 +1,17 @@
+q = {
+  name                        = "spf-cicd-pipeline"
+  description                 = "SPF CICD PIPELINE"
+  build_timeout               = 60
+  file                        = "buildspec.yml.tftpl"
+  compute_type                = "BUILD_GENERAL1_LARGE"
+  type                        = "ARM_CONTAINER"
+  image                       = "aws/codebuild/amazonlinux2-aarch64-standard:3.0"
+  image_pull_credentials_type = "CODEBUILD"
+  privileged_mode             = true
+  cw_group_name_prefix        = "/aws/codebuild"
+  retention_in_days           = 5
+  skip_destroy                = true
+  s3_logs_status              = "ENABLED"
+  s3_logs_location            = "codebuild"
+  s3_cache_location           = "cache"
+}
diff --git a/iac/cicd/iam_role_assume/default.tfvars b/iac/cicd/iam_role_assume/default.tfvars
@@ -0,0 +1,6 @@
+q = {
+  name        = "spf-cicd-assume-role"
+  description = "SPF CICD ASSUME ROLE"
+  path        = "/"
+  policy_arn  = "arn:aws:iam::aws:policy/AdministratorAccess"
+}
diff --git a/iac/cicd/iam_role_codebuild/default.tfvars b/iac/cicd/iam_role_codebuild/default.tfvars
@@ -0,0 +1,5 @@
+q = {
+  name        = "spf-cicd-pipeline-role"
+  description = "SPF CICD PIPELINE ROLE"
+  path        = "/service-role/"
+}
diff --git a/iac/fraud/ecr_fraud/default.tfvars b/iac/fraud/ecr_fraud/default.tfvars
@@ -0,0 +1,7 @@
+q = {
+  name                 = "spf-fraud"
+  force_delete         = true
+  image_tag_mutability = "MUTABLE"
+  encryption_type      = "KMS"
+  scan_on_push         = true
+}
diff --git a/iac/fraud/iam_role_lambda_fraud/default.tfvars b/iac/fraud/iam_role_lambda_fraud/default.tfvars
@@ -0,0 +1,5 @@
+q = {
+  name        = "spf-lambda-fraud-role"
+  description = "Allows spf-fraud Lambda function to call AWS services"
+  path        = "/"
+}
diff --git a/iac/fraud/lambda_fraud/default.tfvars b/iac/fraud/lambda_fraud/default.tfvars
@@ -0,0 +1,18 @@
+q = {
+  name          = "spf-fraud"
+  description   = "SPF FRAUD"
+  package_type  = "Image"
+  architecture  = "arm64"
+  memory_size   = 128
+  timeout       = 15
+  publish       = false
+  storage_size  = 512
+  tracing_mode  = "PassThrough"
+  reserved      = 20
+  logging       = "INFO"
+
+  secrets_manager_ttl  = 300
+  cw_group_name_prefix = "/aws/lambda"
+  retention_in_days    = 5
+  skip_destroy         = true
+}
diff --git a/iac/fraud/s3_runtime/default.tfvars b/iac/fraud/s3_runtime/default.tfvars
@@ -0,0 +1,11 @@
+q = {
+  bucket              = "spf-runtime"
+  force_destroy       = true
+  object_lock_enabled = true
+  object_lock_mode    = "COMPLIANCE"
+  object_lock_days    = 36500
+  object_lock_retain  = "2345-12-31T23:59:59Z"
+  sse_algorithm       = "AES256" # "aws:kms"
+  versioning_status   = "Enabled"
+  logs_prefix         = "s3_runtime_logs"
+}