From 0621010b71d6c0e9decbcd061aeac0761dbe58b4 Mon Sep 17 00:00:00 2001
From: Eugene Istrati <eistrati@amazon.com>
Date: Fri, 26 Apr 2024 09:47:26 -0400
Subject: [PATCH] initial commit

---
 bin/deploy.sh                                  |  2 +-
 iac/cicd/codebuild_project/default.tfvars      | 17 +++++++++++++++++
 iac/cicd/iam_role_assume/default.tfvars        |  6 ++++++
 iac/cicd/iam_role_codebuild/default.tfvars     |  5 +++++
 iac/fraud/ecr_fraud/default.tfvars             |  7 +++++++
 iac/fraud/iam_role_lambda_fraud/default.tfvars |  5 +++++
 iac/fraud/lambda_fraud/default.tfvars          | 18 ++++++++++++++++++
 iac/fraud/s3_runtime/default.tfvars            | 11 +++++++++++
 8 files changed, 70 insertions(+), 1 deletion(-)
 create mode 100644 iac/cicd/codebuild_project/default.tfvars
 create mode 100644 iac/cicd/iam_role_assume/default.tfvars
 create mode 100644 iac/cicd/iam_role_codebuild/default.tfvars
 create mode 100644 iac/fraud/ecr_fraud/default.tfvars
 create mode 100644 iac/fraud/iam_role_lambda_fraud/default.tfvars
 create mode 100644 iac/fraud/lambda_fraud/default.tfvars
 create mode 100644 iac/fraud/s3_runtime/default.tfvars

diff --git a/bin/deploy.sh b/bin/deploy.sh
index c21d3119..fb174b8e 100755
--- a/bin/deploy.sh
+++ b/bin/deploy.sh
@@ -4,7 +4,7 @@ help()
 {
   echo "Deploy AWS resource using Terraform and Terragrunt"
   echo
-  echo "Syntax: deploy.sh [-a|-b|c|d|i|r|t]"
+  echo "Syntax: deploy.sh [-a|b|c|d|i|r|t]"
   echo "Options:"
   echo "a     Specify AWS application ARN (e.g. arn:aws:resource-groups:us-east-1:123456789012:group/SPF/abcd1234)"
   echo "b     Specify Terraform backend config (e.g. {\"us-east-1\"=\"spf-backend-us-east-1\"})"
diff --git a/iac/cicd/codebuild_project/default.tfvars b/iac/cicd/codebuild_project/default.tfvars
new file mode 100644
index 00000000..12c28297
--- /dev/null
+++ b/iac/cicd/codebuild_project/default.tfvars
@@ -0,0 +1,17 @@
+q = {
+  name                        = "spf-cicd-pipeline"
+  description                 = "SPF CICD PIPELINE"
+  build_timeout               = 60
+  file                        = "buildspec.yml.tftpl"
+  compute_type                = "BUILD_GENERAL1_LARGE"
+  type                        = "ARM_CONTAINER"
+  image                       = "aws/codebuild/amazonlinux2-aarch64-standard:3.0"
+  image_pull_credentials_type = "CODEBUILD"
+  privileged_mode             = true
+  cw_group_name_prefix        = "/aws/codebuild"
+  retention_in_days           = 5
+  skip_destroy                = true
+  s3_logs_status              = "ENABLED"
+  s3_logs_location            = "codebuild"
+  s3_cache_location           = "cache"
+}
diff --git a/iac/cicd/iam_role_assume/default.tfvars b/iac/cicd/iam_role_assume/default.tfvars
new file mode 100644
index 00000000..eb2e5e37
--- /dev/null
+++ b/iac/cicd/iam_role_assume/default.tfvars
@@ -0,0 +1,6 @@
+q = {
+  name        = "spf-cicd-assume-role"
+  description = "SPF CICD ASSUME ROLE"
+  path        = "/"
+  policy_arn  = "arn:aws:iam::aws:policy/AdministratorAccess"
+}
diff --git a/iac/cicd/iam_role_codebuild/default.tfvars b/iac/cicd/iam_role_codebuild/default.tfvars
new file mode 100644
index 00000000..661365de
--- /dev/null
+++ b/iac/cicd/iam_role_codebuild/default.tfvars
@@ -0,0 +1,5 @@
+q = {
+  name        = "spf-cicd-pipeline-role"
+  description = "SPF CICD PIPELINE ROLE"
+  path        = "/service-role/"
+}
diff --git a/iac/fraud/ecr_fraud/default.tfvars b/iac/fraud/ecr_fraud/default.tfvars
new file mode 100644
index 00000000..bc5dd4ba
--- /dev/null
+++ b/iac/fraud/ecr_fraud/default.tfvars
@@ -0,0 +1,7 @@
+q = {
+  name                 = "spf-fraud"
+  force_delete         = true
+  image_tag_mutability = "MUTABLE"
+  encryption_type      = "KMS"
+  scan_on_push         = true
+}
diff --git a/iac/fraud/iam_role_lambda_fraud/default.tfvars b/iac/fraud/iam_role_lambda_fraud/default.tfvars
new file mode 100644
index 00000000..c7ae4151
--- /dev/null
+++ b/iac/fraud/iam_role_lambda_fraud/default.tfvars
@@ -0,0 +1,5 @@
+q = {
+  name        = "spf-lambda-fraud-role"
+  description = "Allows spf-fraud Lambda function to call AWS services"
+  path        = "/"
+}
diff --git a/iac/fraud/lambda_fraud/default.tfvars b/iac/fraud/lambda_fraud/default.tfvars
new file mode 100644
index 00000000..b46dda54
--- /dev/null
+++ b/iac/fraud/lambda_fraud/default.tfvars
@@ -0,0 +1,18 @@
+q = {
+  name          = "spf-fraud"
+  description   = "SPF FRAUD"
+  package_type  = "Image"
+  architecture  = "arm64"
+  memory_size   = 128
+  timeout       = 15
+  publish       = false
+  storage_size  = 512
+  tracing_mode  = "PassThrough"
+  reserved      = 20
+  logging       = "INFO"
+
+  secrets_manager_ttl  = 300
+  cw_group_name_prefix = "/aws/lambda"
+  retention_in_days    = 5
+  skip_destroy         = true
+}
diff --git a/iac/fraud/s3_runtime/default.tfvars b/iac/fraud/s3_runtime/default.tfvars
new file mode 100644
index 00000000..b77549db
--- /dev/null
+++ b/iac/fraud/s3_runtime/default.tfvars
@@ -0,0 +1,11 @@
+q = {
+  bucket              = "spf-runtime"
+  force_destroy       = true
+  object_lock_enabled = true
+  object_lock_mode    = "COMPLIANCE"
+  object_lock_days    = 36500
+  object_lock_retain  = "2345-12-31T23:59:59Z"
+  sse_algorithm       = "AES256" # "aws:kms"
+  versioning_status   = "Enabled"
+  logs_prefix         = "s3_runtime_logs"
+}