From 73440ab332c51eb11405767d320bc496d9ebdbe7 Mon Sep 17 00:00:00 2001 From: pmikus Date: Tue, 18 May 2021 13:30:08 +0000 Subject: Infra: Vault Signed-off-by: pmikus Change-Id: Ia6e728f98d20144c3771405b32933a77fe15b19b --- fdio.infra.terraform/2n_aws_c5n/deploy/main.tf | 7 ++++--- .../2n_aws_c5n/deploy/providers.tf | 11 +++++++++++ .../2n_aws_c5n/deploy/variables.tf | 4 ++++ fdio.infra.terraform/2n_aws_c5n/deploy/versions.tf | 23 ++++++++++++---------- 4 files changed, 32 insertions(+), 13 deletions(-) create mode 100644 fdio.infra.terraform/2n_aws_c5n/deploy/providers.tf (limited to 'fdio.infra.terraform/2n_aws_c5n/deploy') diff --git a/fdio.infra.terraform/2n_aws_c5n/deploy/main.tf b/fdio.infra.terraform/2n_aws_c5n/deploy/main.tf index b9d6f188bb..95464fa177 100644 --- a/fdio.infra.terraform/2n_aws_c5n/deploy/main.tf +++ b/fdio.infra.terraform/2n_aws_c5n/deploy/main.tf @@ -1,11 +1,12 @@ -provider "aws" { - region = var.region +data "vault_aws_access_credentials" "creds" { + backend = "${var.vault-name}-path" + role = "${var.vault-name}-role" } resource "aws_vpc" "CSITVPC" { cidr_block = var.vpc_cidr_mgmt - tags = { + tags = { "Name" = "${var.resources_name_prefix}_${var.testbed_name}-vpc" "Environment" = var.environment_name } diff --git a/fdio.infra.terraform/2n_aws_c5n/deploy/providers.tf b/fdio.infra.terraform/2n_aws_c5n/deploy/providers.tf new file mode 100644 index 0000000000..a74ebb2455 --- /dev/null +++ b/fdio.infra.terraform/2n_aws_c5n/deploy/providers.tf @@ -0,0 +1,11 @@ +provider "aws" { + region = var.region + access_key = data.vault_aws_access_credentials.creds.access_key + secret_key = data.vault_aws_access_credentials.creds.secret_key +} + +provider "vault" { + address = "http://10.30.51.28:8200" + skip_tls_verify = true + token = "s.4z5PsufFwV3sHbCzK9Y2Cojd" +} \ No newline at end of file diff --git a/fdio.infra.terraform/2n_aws_c5n/deploy/variables.tf b/fdio.infra.terraform/2n_aws_c5n/deploy/variables.tf index ca974709cd..429c5040de 100644 --- a/fdio.infra.terraform/2n_aws_c5n/deploy/variables.tf +++ b/fdio.infra.terraform/2n_aws_c5n/deploy/variables.tf @@ -3,6 +3,10 @@ variable "region" { type = string } +variable "vault-name" { + default = "dynamic-aws-creds-vault-admin" +} + variable "ami_image" { description = "AWS AMI image name" type = string diff --git a/fdio.infra.terraform/2n_aws_c5n/deploy/versions.tf b/fdio.infra.terraform/2n_aws_c5n/deploy/versions.tf index 8017bb9dc3..05fa5502b5 100644 --- a/fdio.infra.terraform/2n_aws_c5n/deploy/versions.tf +++ b/fdio.infra.terraform/2n_aws_c5n/deploy/versions.tf @@ -1,17 +1,20 @@ terraform { required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.32.0" + aws = { + source = "hashicorp/aws" + version = "~> 3.32.0" } - null = { - source = "hashicorp/null" - version = "~> 3.0.0" + null = { + source = "hashicorp/null" + version = "~> 3.0.0" } - tls = { - source = "hashicorp/tls" - version = "~> 3.0.0" + tls = { + source = "hashicorp/tls" + version = "~> 3.0.0" + } + vault = { + version = ">=2.22.1" } } - required_version = ">= 0.13" + required_version = ">= 1.0.3" } -- cgit 1.2.3-korg