move ecr to other modules

Author: briskt

terraform/040-id-broker/main.tf

@@ -403,6 +403,16 @@ resource "aws_iam_policy" "cd" {
   })
 }
 
+module "ecr" {
+  source                = "github.com/silinternational/terraform-modules//aws/ecr?ref=8.13.2"
+  repo_name             = "${var.idp_name}/id-broker"
+  ecsInstanceRole_arn   = var.ecs_instance_role_arn
+  ecsServiceRole_arn    = var.ecsServiceRole_arn
+  cd_user_arn           = var.cd_principal_arn
+  image_retention_count = 10
+  image_retention_tags  = ["latest"]
+}
+
 /*
  * AWS data
  */

terraform/040-id-broker/variables.tf

@@ -27,6 +27,11 @@ variable "app_name" {
   default     = "id-broker"
 }
 
+variable "cd_principal_arn" {
+  description = "The ARN of the user or role that will push images to ECR for this service."
+  type        = string
+}
+
 variable "cduser_username" {
   type    = string
   default = "IAM user name for the CD user. Used to create ECS deployment policy."
@@ -89,11 +94,17 @@ variable "docker_image" {
   type = string
 }
 
+
 variable "ecs_cluster_id" {
   description = "ID for ECS Cluster"
   type        = string
 }
 
+variable "ecs_instance_role_arn" {
+  description = "The ARN of the role that will be passed to ECS and ECR as the instance role."
+  type        = string
+}
+
 variable "ecsServiceRole_arn" {
   description = "ARN for ECS Service Role"
   type        = string

terraform/050-pw-manager/main.tf

@@ -222,6 +222,16 @@ resource "aws_iam_policy" "cd" {
   })
 }
 
+module "ecr" {
+  source                = "github.com/silinternational/terraform-modules//aws/ecr?ref=8.13.2"
+  repo_name             = "${var.idp_name}/pw-api"
+  ecsInstanceRole_arn   = var.ecs_instance_role_arn
+  ecsServiceRole_arn    = var.ecsServiceRole_arn
+  cd_user_arn           = var.cd_principal_arn
+  image_retention_count = 10
+  image_retention_tags  = ["latest"]
+}
+
 /*
  * AWS data
  */

terraform/050-pw-manager/variables.tf

@@ -74,6 +74,11 @@ variable "auth_saml_spPrivateKey" {
   type        = string
 }
 
+variable "cd_principal_arn" {
+  description = "The ARN of the user or role that will push images to ECR for this service."
+  type        = string
+}
+
 variable "cduser_username" {
   type    = string
   default = "IAM user name for the CD user. Used to create ECS deployment policy."
@@ -128,6 +133,11 @@ variable "ecs_cluster_id" {
   type        = string
 }
 
+variable "ecs_instance_role_arn" {
+  description = "The ARN of the role that will be passed to ECS and ECR as the instance role."
+  type        = string
+}
+
 variable "ecsServiceRole_arn" {
   description = "ARN for ECS Service Role"
   type        = string

terraform/060-simplesamlphp/main.tf

@@ -215,6 +215,16 @@ resource "aws_iam_policy" "cd" {
   })
 }
 
+module "ecr_simplesamlphp" {
+  source                = "github.com/silinternational/terraform-modules//aws/ecr?ref=8.13.2"
+  repo_name             = "${var.idp_name}/simplesamlphp"
+  ecsInstanceRole_arn   = var.ecs_instance_role_arn
+  ecsServiceRole_arn    = var.ecsServiceRole_arn
+  cd_user_arn           = var.cd_principal_arn
+  image_retention_count = 10
+  image_retention_tags  = ["latest"]
+}
+
 /*
  * AWS data
  */

terraform/060-simplesamlphp/variables.tf

@@ -250,3 +250,13 @@ variable "ssl_ca_base64" {
   type        = string
   default     = ""
 }
+
+variable "cd_principal_arn" {
+  description = "The ARN of the user or role that will push images to ECR for this service."
+  type        = string
+}
+
+variable "ecs_instance_role_arn" {
+  description = "The ARN of the role that will be passed to ECS and ECR as the instance role."
+  type        = string
+}

test/040-id-broker.tf

@@ -6,6 +6,7 @@ module "broker" {
   abandoned_user_deactivate_instructions_url = ""
   app_env                                    = ""
   app_name                                   = ""
+  cd_principal_arn                           = ""
   cloudflare_domain                          = ""
   cloudwatch_log_group_name                  = ""
   contingent_user_duration                   = ""
@@ -16,6 +17,7 @@ module "broker" {
   docker_image                               = ""
   ecsServiceRole_arn                         = ""
   ecs_cluster_id                             = ""
+  ecs_instance_role_arn                      = ""
   email_repeat_delay_days                    = 1
   email_signature                            = ""
   event_schedule                             = ""

test/050-pw-manager.tf

@@ -13,6 +13,7 @@ module "pw" {
   auth_saml_signRequest               = true
   auth_saml_spCertificate             = ""
   auth_saml_spPrivateKey              = ""
+  cd_principal_arn                    = ""
   cloudflare_domain                   = ""
   cloudwatch_log_group_name           = ""
   code_length                         = 1
@@ -23,6 +24,7 @@ module "pw" {
   docker_image                        = ""
   ecsServiceRole_arn                  = ""
   ecs_cluster_id                      = ""
+  ecs_instance_role_arn               = ""
   email_signature                     = ""
   extra_hosts                         = ""
   help_center_url                     = ""

test/060-simplesamlphp.tf

@@ -8,7 +8,7 @@ module "ssp" {
   analytics_id                = ""
   app_env                     = ""
   app_name                    = ""
-  cduser_username             = ""
+  cd_principal_arn            = ""
   cloudflare_domain           = ""
   cloudwatch_log_group_name   = ""
   cpu                         = 1
@@ -18,6 +18,7 @@ module "ssp" {
   docker_image                = ""
   ecsServiceRole_arn          = ""
   ecs_cluster_id              = ""
+  ecs_instance_role_arn       = ""
   enable_debug                = true
   help_center_url             = ""
   hub_mode                    = true