diff options
author | pmikus <pmikus@cisco.com> | 2021-05-18 13:30:08 +0000 |
---|---|---|
committer | Peter Mikus <pmikus@cisco.com> | 2021-08-09 11:51:31 +0000 |
commit | 73440ab332c51eb11405767d320bc496d9ebdbe7 (patch) | |
tree | 003e06b7ab75c311009516a9872e77fdb00e47a8 /fdio.infra.terraform/2n_aws_c5n/deploy | |
parent | bbfe9b5ba82a3998687909a833c2646bccbb6aa6 (diff) |
Infra: Vault
Signed-off-by: pmikus <pmikus@cisco.com>
Change-Id: Ia6e728f98d20144c3771405b32933a77fe15b19b
Diffstat (limited to 'fdio.infra.terraform/2n_aws_c5n/deploy')
4 files changed, 32 insertions, 13 deletions
diff --git a/fdio.infra.terraform/2n_aws_c5n/deploy/main.tf b/fdio.infra.terraform/2n_aws_c5n/deploy/main.tf index b9d6f188bb..95464fa177 100644 --- a/fdio.infra.terraform/2n_aws_c5n/deploy/main.tf +++ b/fdio.infra.terraform/2n_aws_c5n/deploy/main.tf @@ -1,11 +1,12 @@ -provider "aws" { - region = var.region +data "vault_aws_access_credentials" "creds" { + backend = "${var.vault-name}-path" + role = "${var.vault-name}-role" } resource "aws_vpc" "CSITVPC" { cidr_block = var.vpc_cidr_mgmt - tags = { + tags = { "Name" = "${var.resources_name_prefix}_${var.testbed_name}-vpc" "Environment" = var.environment_name } diff --git a/fdio.infra.terraform/2n_aws_c5n/deploy/providers.tf b/fdio.infra.terraform/2n_aws_c5n/deploy/providers.tf new file mode 100644 index 0000000000..a74ebb2455 --- /dev/null +++ b/fdio.infra.terraform/2n_aws_c5n/deploy/providers.tf @@ -0,0 +1,11 @@ +provider "aws" { + region = var.region + access_key = data.vault_aws_access_credentials.creds.access_key + secret_key = data.vault_aws_access_credentials.creds.secret_key +} + +provider "vault" { + address = "http://10.30.51.28:8200" + skip_tls_verify = true + token = "s.4z5PsufFwV3sHbCzK9Y2Cojd" +}
\ No newline at end of file diff --git a/fdio.infra.terraform/2n_aws_c5n/deploy/variables.tf b/fdio.infra.terraform/2n_aws_c5n/deploy/variables.tf index ca974709cd..429c5040de 100644 --- a/fdio.infra.terraform/2n_aws_c5n/deploy/variables.tf +++ b/fdio.infra.terraform/2n_aws_c5n/deploy/variables.tf @@ -3,6 +3,10 @@ variable "region" { type = string } +variable "vault-name" { + default = "dynamic-aws-creds-vault-admin" +} + variable "ami_image" { description = "AWS AMI image name" type = string diff --git a/fdio.infra.terraform/2n_aws_c5n/deploy/versions.tf b/fdio.infra.terraform/2n_aws_c5n/deploy/versions.tf index 8017bb9dc3..05fa5502b5 100644 --- a/fdio.infra.terraform/2n_aws_c5n/deploy/versions.tf +++ b/fdio.infra.terraform/2n_aws_c5n/deploy/versions.tf @@ -1,17 +1,20 @@ terraform { required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.32.0" + aws = { + source = "hashicorp/aws" + version = "~> 3.32.0" } - null = { - source = "hashicorp/null" - version = "~> 3.0.0" + null = { + source = "hashicorp/null" + version = "~> 3.0.0" } - tls = { - source = "hashicorp/tls" - version = "~> 3.0.0" + tls = { + source = "hashicorp/tls" + version = "~> 3.0.0" + } + vault = { + version = ">=2.22.1" } } - required_version = ">= 0.13" + required_version = ">= 1.0.3" } |