Merge pull request #373 from i-dot-ai/EN-501/migrate_key_modules

Use versioned terraform modules (alb, waf, s3, ecs)
i-dot-ai · Sep 10, 2024 · 12602f0 · 12602f0
2 parents e3dc085 + 3c5b7c7
commit 12602f0
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 10 deletions.
diff --git a/infrastructure/ecs.tf b/infrastructure/ecs.tf
@@ -32,7 +32,9 @@ locals {
 }
 
 module "ecs" {
-  source             = "../../i-ai-core-infrastructure//modules/ecs"
+  # checkov:skip=CKV_TF_1: We're using semantic versions instead of commit hash
+  #source            = "../../i-dot-ai-core-terraform-modules//modules/infrastructure/ecs" # For testing local changes
+  source             = "git::https://github.com/i-dot-ai/i-dot-ai-core-terraform-modules.git//modules/infrastructure/ecs?ref=v1.0.0-ecs"
   name               = local.name
   image_tag          = var.image_tag
   ecr_repository_uri = var.ecr_repository_uri
@@ -68,7 +70,9 @@ module "ecs" {
 }
 
 module "worker" {
-  source             = "../../i-ai-core-infrastructure//modules/ecs"
+  # checkov:skip=CKV_TF_1: We're using semantic versions instead of commit hash
+  #source            = "../../i-dot-ai-core-terraform-modules//modules/infrastructure/ecs" # For testing local changes
+  source             = "git::https://github.com/i-dot-ai/i-dot-ai-core-terraform-modules.git//modules/infrastructure/ecs?ref=v1.0.0-ecs"
   name               = "${local.name}-worker"
   image_tag          = var.image_tag
   ecr_repository_uri = var.ecr_repository_uri

diff --git a/infrastructure/load_balancer.tf b/infrastructure/load_balancer.tf
@@ -1,5 +1,7 @@
 module "load_balancer" {
-  source          = "../../i-ai-core-infrastructure/modules/load_balancer"
+  # checkov:skip=CKV_TF_1: We're using semantic versions instead of commit hash
+  #source         = "../../i-dot-ai-core-terraform-modules//modules/infrastructure/load_balancer" # For testing local changes
+  source          = "git::https://github.com/i-dot-ai/i-dot-ai-core-terraform-modules.git//modules/infrastructure/load_balancer?ref=v1.0.0-load_balancer"
   name            = local.name
   account_id      = var.account_id
   vpc_id          = data.terraform_remote_state.vpc.outputs.vpc_id
@@ -10,7 +12,9 @@ module "load_balancer" {
 }
 
 module "waf" {
-  source         = "../../i-ai-core-infrastructure/modules/waf"
+  # checkov:skip=CKV_TF_1: We're using semantic versions instead of commit hash
+  #source        = "../../i-dot-ai-core-terraform-modules//modules/infrastructure/waf" # For testing local changes
+  source         = "git::https://github.com/i-dot-ai/i-dot-ai-core-terraform-modules.git//modules/infrastructure/waf?ref=v1.0.0-waf"
   name           = local.name
   ip_set         = concat(var.internal_ips, var.developer_ips, var.external_ips)
   scope          = var.scope

diff --git a/infrastructure/s3.tf b/infrastructure/s3.tf
@@ -1,9 +1,11 @@
 module "app_bucket" {
   # checkov:skip=CKV_SECRET_4:Skip secret check as these have to be used within the Github Action
-  name           = "${local.name}-data"
-  source         = "../../i-ai-core-infrastructure//modules/s3"
-  state_bucket   = var.state_bucket
-  log_bucket     = data.terraform_remote_state.platform.outputs.log_bucket
-  kms_key        = data.terraform_remote_state.platform.outputs.kms_key_arn
-  source_ips     = concat(var.internal_ips, var.developer_ips)
+  # checkov:skip=CKV_TF_1: We're using semantic versions instead of commit hash
+  #source      = "../../i-dot-ai-core-terraform-modules//modules/infrastructure/s3" # For testing local changes
+  source       = "git::https://github.com/i-dot-ai/i-dot-ai-core-terraform-modules.git//modules/infrastructure/s3?ref=v1.0.0-s3"
+  name         = "${local.name}-data"
+  state_bucket = var.state_bucket
+  log_bucket   = data.terraform_remote_state.platform.outputs.log_bucket
+  kms_key      = data.terraform_remote_state.platform.outputs.kms_key_arn
+  source_ips   = concat(var.internal_ips, var.developer_ips)
 }