Merge branch 'develop' into feature/db-pw-sensitive

silinternational · Dec 5, 2024 · 1c5a26c · 1c5a26c
2 parents 70aba15 + 285d126
commit 1c5a26c
Show file tree

Hide file tree

Showing 16 changed files with 560 additions and 271 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1 @@
+* @silinternational/tf-devs
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -0,0 +1,21 @@
+paste_backlog_issue_link_here
+
+---
+
+### Added
+- 
+
+### Changed
+-
+
+### Deprecated
+-
+
+### Removed
+-
+
+### Fixed
+- 
+
+### Security
+-
diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
@@ -0,0 +1,12 @@
+name: Terraform
+
+on:
+  push:
+    branches: [ '**' ]
+
+jobs:
+  build:
+    uses: silinternational/workflows/.github/workflows/terraform.yml@main
+    with:
+      # validate with the earliest version allowed by required_version in versions.tf
+      terraform-version: '~> 1.1'
diff --git a/.gitignore b/.gitignore
@@ -3,3 +3,4 @@
 *.tfstate.backup
 .terraform/
 tfc-remote.tf
+*.tfvars
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
diff --git a/README.md b/README.md
@@ -0,0 +1,33 @@
+# idp-hub-terraform
+
+This is a Terraform root module defining a SimpleSAMLphp "hub". It is based on
+[ssp-base](https://github.com/silinternational/ssp-base) which utilizes several custom SimpleSAMLphp
+modules, providing a menu of Identity Provider (IdP) choices for a user to choose from. The hub acts
+as an IdP to a number of Service Providers (SP) and as a SP to the chosen IDP. 
+
+This root module creates and manages:
+
+- VPC (Virtual Private Cloud)
+- ASG (Autoscaling Group)
+- ALB (Application Load Balancer)
+- ECS (Elastic Container Service) Cluster
+- CD (Continuous Deployment) IAM user
+- RDS (Relational Database Service) MariaDB database for session storage
+- Cloudwatch log group and optional dashboard
+- ECR (Elastic Container Registry) with optional replication policy
+- Optional Cloudflare DNS record
+- Cloudtrail logging (audit logs)
+
+## Using Terraform CLI
+
+This repository includes a `cloud.tf` file to connect to the Terraform Cloud workspace that uses this repository.
+That allows for using the Terraform CLI to do plan-only runs, i.e. `terraform plan`. To begin with, you would need
+to run `terraform init` after cloning this repository. You will also need to supply provider credentials,
+which can be provided in environment variables. To make this more convenient and less susceptible to unsafe handling
+of credentials, you can use the included `op.env` file to automatically pull in the credentials from 1Password.
+
+## Using 1Password CLI
+
+1. Install the [1Password CLI](https://developer.1password.com/docs/cli/get-started#install).
+2. Run `op signin` and enter your 1Password password when prompted.
+3. Prefix any Terraform command with `op run --env-file=op.env`, e.g. `op run --env-file=op.env terraform plan` 
diff --git a/cloud.tf b/cloud.tf
@@ -0,0 +1,8 @@
+terraform {
+  cloud {
+    organization = "gtis"
+    workspaces {
+      tags = ["app:idp-hub"]
+    }
+  }
+}