-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathsetup.yaml
134 lines (131 loc) · 4.85 KB
/
setup.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
AWSTemplateFormatVersion: "2010-09-09"
Description: >
This CloudFormation template creates the necessary resources or the Cloudsoft::Terraform::Infrastructure to work
as expected. For instance, this creates:
- a role assumed by CloudFormation during CRUDL operations to ship logs to CloudWatch.
- a log group were the log will be ship to.
- parameters for the SSH connection to the Terraform server
Resources:
LoggingRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service: cloudformation.amazonaws.com
Action: sts:AssumeRole
Path: "/"
Policies:
- PolicyName: LogAndMetricsDeliveryRolePolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:DescribeLogGroups
- logs:DescribeLogStreams
- logs:PutLogEvents
- cloudwatch:ListMetrics
- cloudwatch:PutMetricData
Resource: "*"
LogGroup:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: cloudsoft-terraform-infrastructure-logs
RetentionInDays: 7
TerraformSSHHostParameter:
Type: AWS::SSM::Parameter
Properties:
Description: Terraform server hostname or IP address to connect to for SSH connections
Name: /cfn/terraform/ssh-host
Type: String
Value: FIXME
TerraformSSHPortParameter:
Type: AWS::SSM::Parameter
Properties:
Description: Terraform server port to connect to for SSH connections
Name: /cfn/terraform/ssh-port
Type: String
Value: '22'
TerraformSSHUsernameParameter:
Type: AWS::SSM::Parameter
Properties:
Description: Username of the Terraform server host for SSH connections
Name: /cfn/terraform/ssh-username
Type: String
Value: FIXME
TerraformSSHKeyParameter:
Type: AWS::SSM::Parameter
Properties:
Description: Private SSH key of the CloudFormation client for SSH connections
Name: /cfn/terraform/ssh-key
Type: String
Value: |
-----BEGIN OPENSSH PRIVATE KEY-----
FIXME - this is required to connect to the server
-----END OPENSSH PRIVATE KEY-----
TerraformSSHFingerprintParameter:
Type: AWS::SSM::Parameter
Properties:
Description: |
Public SSH key fingerprint of the Terraform server to verify SSH connections.
Any key value will enforce a fingerprint check during SSH connection.
This can be set to "default" to not require fingerprint checks,
for instance if you trust the environment wherte this is running.
Name: /cfn/terraform/ssh-fingerprint
Type: String
Value: 'default'
TerraformProcessManagerParameter:
Type: AWS::SSM::Parameter
Properties:
Description: Process manager to use on the server to interact with a detached Terraform process ("systemd" or "nohup")
Name: /cfn/terraform/process-manager
Type: String
Value: 'nohup'
TerraformLogsS3BucketName:
Type: AWS::SSM::Parameter
Properties:
Description: |
Optional bucket where all Terraform logs will be shipped.
Any value other than "default" will result in a bucket being created as necessary and logs copied to it,
so that the user can easily inspect the logs (without needing special CloudWatch access).
This parameter value can contain a * character which will be replaced by the model's identifier,
ensuring creation of a new bucket for each run which the user will have access to but other users will not.
If the value does not contain * the bucket should be created ahead of time with appropriate permissions for
users to see and for this resource provider to write to, otherwise the bucket may be unusable or inaccessible to some users.
Note this can be overridden by the user with a property on the resource (see the user guide).
Name: /cfn/terraform/logs-s3-bucket-name
Type: String
Value: 'default'
Outputs:
LoggingRoleArn:
Value:
Fn::GetAtt: LoggingRole.Arn
LogGroup:
Value:
Ref: LogGroup
TerraformSSHHostParameter:
Value:
Ref: TerraformSSHHostParameter
TerraformSSHPortParameter:
Value:
Ref: TerraformSSHPortParameter
TerraformSSHUsernameParameter:
Value:
Ref: TerraformSSHUsernameParameter
TerraformSSHKeyParameter:
Value:
Ref: TerraformSSHKeyParameter
TerraformSSHFingerprintParameter:
Value:
Ref: TerraformSSHFingerprintParameter
TerraformProcessManagerParameter:
Value:
Ref: TerraformProcessManagerParameter
TerraformLogsS3BucketName:
Value:
Ref: TerraformLogsS3BucketName