Remove dependencies on terraform-aws-account-metadata. Use Terraform vars instead (#8)

Author: aknysh

README.md

@@ -11,7 +11,7 @@ This is a collection of reusable root modules for CloudPosse AWS accounts.
 Use the `terraform-root-modules` Docker image as the base image in the application `Dockerfile`, and copy the modules from `/aws` folder into `/conf` folder
 
 ```dockerfile
-FROM cloudposse/terraform-root-modules:0.1.4 as terraform-root-modules
+FROM cloudposse/terraform-root-modules:0.1.6 as terraform-root-modules
 
 FROM cloudposse/geodesic:0.9.16
 

aws/acm-cloudfront/main.tf

@@ -20,7 +20,7 @@ provider "aws" {
 }
 
 variable "domain_name" {
-  description = "Domain name (E.g. staging.cloudposse.org)"
+  description = "Domain name (E.g. staging.cloudposse.co)"
 }
 
 module "certificate" {

aws/acm-cloudfront/terraform.tfvars.example

@@ -0,0 +1 @@
+domain_name="staging.cloudposse.co"

aws/acm/main.tf

@@ -13,7 +13,7 @@ provider "aws" {
 }
 
 variable "domain_name" {
-  description = "Domain name (E.g. staging.cloudposse.org)"
+  description = "Domain name (E.g. staging.cloudposse.co)"
 }
 
 module "certificate" {

aws/acm/terraform.tfvars.example

@@ -1 +1 @@
-domain_name="foobar.domain.com"
+domain_name="staging.cloudposse.co"

aws/backing-services/aurora-postgres.tf

@@ -39,8 +39,8 @@ variable "POSTGRES_CLUSTER_ENABLED" {
 
 module "aurora_postgres" {
   source             = "git::https://github.com/cloudposse/terraform-aws-rds-cluster.git?ref=tags/0.3.5"
-  namespace          = "${module.identity.namespace}"
-  stage              = "${module.identity.stage}"
+  namespace          = "${var.namespace}"
+  stage              = "${var.stage}"
   name               = "postgres"
   engine             = "aurora-postgresql"
   cluster_family     = "aurora-postgresql9.6"
@@ -51,9 +51,9 @@ module "aurora_postgres" {
   db_name            = "${var.POSTGRES_DB_NAME}"
   db_port            = "5432"
   vpc_id             = "${module.vpc.vpc_id}"
-  availability_zones = ["${module.identity.availability_zones}"]
+  availability_zones = ["${data.aws_availability_zones.available}"]
   subnets            = ["${module.subnets.private_subnet_ids}"]
-  zone_id            = "${module.identity.zone_id}"
+  zone_id            = "${var.zone_id}"
   security_groups    = ["${module.kops_metadata.nodes_security_group_id}"]
   enabled            = "${var.POSTGRES_CLUSTER_ENABLED}"
 }

aws/backing-services/elasticache-redis.tf

@@ -18,10 +18,10 @@ variable "REDIS_CLUSTER_ENABLED" {
 
 module "elasticache_redis" {
   source                       = "git::https://github.com/cloudposse/terraform-aws-elasticache-redis.git?ref=tags/0.4.3"
-  namespace                    = "${module.identity.namespace}"
-  stage                        = "${module.identity.stage}"
+  namespace                    = "${var.namespace}"
+  stage                        = "${var.stage}"
   name                         = "redis"
-  zone_id                      = "${module.identity.zone_id}"
+  zone_id                      = "${var.zone_id}"
   security_groups              = ["${module.kops_metadata.nodes_security_group_id}"]
   vpc_id                       = "${module.vpc.vpc_id}"
   subnets                      = ["${module.subnets.private_subnet_ids}"]
@@ -34,7 +34,7 @@ module "elasticache_redis" {
   alarm_cpu_threshold_percent  = "75"
   alarm_memory_threshold_bytes = "10000000"
   apply_immediately            = "true"
-  availability_zones           = ["${module.identity.availability_zones}"]
+  availability_zones           = ["${data.aws_availability_zones.available}"]
   automatic_failover           = "false"
   enabled                      = "${var.REDIS_CLUSTER_ENABLED}"
 }

aws/backing-services/main.tf

@@ -4,19 +4,44 @@ terraform {
   backend "s3" {}
 }
 
-variable "aws_assume_role_arn" {}
+variable "aws_assume_role_arn" {
+  type = "string"
+}
+
+variable "namespace" {
+  type        = "string"
+  description = "Namespace (e.g. `cp` or `cloudposse`)"
+}
+
+variable "stage" {
+  type        = "string"
+  description = "Stage (e.g. `prod`, `dev`, `staging`)"
+}
+
+variable "region" {
+  type        = "string"
+  description = "AWS region"
+}
+
+variable "zone_name" {
+  type        = "string"
+  description = "DNS zone name"
+}
+
+variable "zone_id" {
+  type        = "string"
+  description = "DNS zone ID"
+}
+
+data "aws_availability_zones" "available" {}
 
 provider "aws" {
   assume_role {
     role_arn = "${var.aws_assume_role_arn}"
   }
 }
 
-module "identity" {
-  source = "git::[email protected]:cloudposse/terraform-aws-account-metadata.git?ref=init"
-}
-
 module "kops_metadata" {
   source   = "git::https://github.com/cloudposse/terraform-aws-kops-metadata.git?ref=tags/0.1.1"
-  dns_zone = "${module.identity.aws_region}.${module.identity.zone_name}"
+  dns_zone = "${var.region}.${var.zone_name}"
 }

aws/backing-services/terraform.tfvars.example

@@ -0,0 +1,5 @@
+namespace="cp"
+stage="staging"
+region="us-west-2"
+zone_name="us-west-2.cloudposse.co"
+zone_id="XXXXXXXXXXXX"

aws/backing-services/vpc.tf

@@ -4,19 +4,19 @@ locals {
 
 module "vpc" {
   source     = "git::https://github.com/cloudposse/terraform-aws-vpc.git?ref=tags/0.3.3"
-  namespace  = "${module.identity.namespace}"
-  stage      = "${module.identity.stage}"
+  namespace  = "${var.namespace}"
+  stage      = "${var.stage}"
   name       = "${local.name}"
   cidr_block = "10.0.0.0/16"
 }
 
 module "subnets" {
   source              = "git::https://github.com/cloudposse/terraform-aws-dynamic-subnets.git?ref=tags/0.3.4"
-  availability_zones  = ["${module.identity.availability_zones}"]
-  namespace           = "${module.identity.namespace}"
-  stage               = "${module.identity.stage}"
+  availability_zones  = ["${data.aws_availability_zones.available}"]
+  namespace           = "${var.namespace}"
+  stage               = "${var.stage}"
   name                = "${local.name}"
-  region              = "${module.identity.aws_region}"
+  region              = "${var.region}"
   vpc_id              = "${module.vpc.vpc_id}"
   igw_id              = "${module.vpc.igw_id}"
   cidr_block          = "${module.vpc.vpc_cidr_block}"

aws/chamber/chamber-kops.sh

@@ -14,36 +14,36 @@ exit 1
 ## Chart Museum
 chamber write kops CHARTMUSEUM_BASIC_AUTH_USER XXXXXXXXXXXX   # e.g. server
 chamber write kops CHARTMUSEUM_BASIC_AUTH_PASS XXXXXXXXXXXX
-chamber write kops CHARTMUSEUM_HOSTNAME XXXXXXXXXXXX   # e.g. charts.us-west-2.staging.cloudposse.org
-chamber write kops CHARTMUSEUM_INGRESS XXXXXXXXXXXX   # e.g. ingress.us-west-2.staging.cloudposse.org
+chamber write kops CHARTMUSEUM_HOSTNAME XXXXXXXXXXXX   # e.g. charts.us-west-2.staging.cloudposse.co
+chamber write kops CHARTMUSEUM_INGRESS XXXXXXXXXXXX   # e.g. ingress.us-west-2.staging.cloudposse.co
 
 
 ## Chart Repo
 chamber write kops CHART_REPO_STORAGE_AMAZON_BUCKET XXXXXXXXXXXX   # e.g. cp-staging-chart-repo
 chamber write kops CHART_REPO_STORAGE_AMAZON_REGION XXXXXXXXXXXX   # e.g. us-west-2
 chamber write kops CHART_REPO_STORAGE_AWS_IAM_ROLE XXXXXXXXXXXX   # e.g. cp-staging-chart-repo
-chamber write kops CHART_REPO_GATEWAY_HOSTNAME XXXXXXXXXXXX   # e.g. gateway.charts.us-west-2.staging.cloudposse.org
-chamber write kops CHART_REPO_GATEWAY_INGRESS XXXXXXXXXXXX   # e.g. ingress.us-west-2.staging.cloudposse.org
+chamber write kops CHART_REPO_GATEWAY_HOSTNAME XXXXXXXXXXXX   # e.g. gateway.charts.us-west-2.staging.cloudposse.co
+chamber write kops CHART_REPO_GATEWAY_INGRESS XXXXXXXXXXXX   # e.g. ingress.us-west-2.staging.cloudposse.co
 chamber write kops CHART_REPO_GATEWAY_BASIC_AUTH_USER XXXXXXXXXXXX   # e.g. gateway
 chamber write kops CHART_REPO_GATEWAY_BASIC_AUTH_PASS XXXXXXXXXXXX
-chamber write kops CHART_REPO_SERVER_HOSTNAME XXXXXXXXXXXX   # e.g. charts.us-west-2.staging.cloudposse.org
-chamber write kops CHART_REPO_SERVER_INGRESS XXXXXXXXXXXX   # e.g. ingress.us-west-2.staging.cloudposse.org
+chamber write kops CHART_REPO_SERVER_HOSTNAME XXXXXXXXXXXX   # e.g. charts.us-west-2.staging.cloudposse.co
+chamber write kops CHART_REPO_SERVER_INGRESS XXXXXXXXXXXX   # e.g. ingress.us-west-2.staging.cloudposse.co
 chamber write kops CHART_REPO_SERVER_BASIC_AUTH_USER XXXXXXXXXXXX   # e.g. server
 chamber write kops CHART_REPO_SERVER_BASIC_AUTH_PASS XXXXXXXXXXXX
 
 
 ## External DNS
-chamber write kops EXTERNAL_DNS_TXT_OWNER_ID XXXXXXXXXXXX   # e.g. us-west-2.staging.cloudposse.org
+chamber write kops EXTERNAL_DNS_TXT_OWNER_ID XXXXXXXXXXXX   # e.g. us-west-2.staging.cloudposse.co
 chamber write kops EXTERNAL_DNS_TXT_PREFIX XXXXXXXXXXXX   # e.g. 184f3df5-53c6-4071-974b-2d8de32e82c7-
 chamber write kops EXTERNAL_DNS_IAM_ROLE XXXXXXXXXXXX   # e.g. cp-staging-external-dns
 
 
 ## Kube Lego - Automatic Let's Encrypt for Ingress
-chamber write kops KUBE_LEGO_EMAIL XXXXXXXXXXXX   # e.g. awsadmin@cloudposse.org
+chamber write kops KUBE_LEGO_EMAIL XXXXXXXXXXXX   # e.g. awsadmin@cloudposse.co
 
 
 ## NGINX Ingress Controller
-chamber write kops NGINX_INGRESS_HOSTNAME XXXXXXXXXXXX   # e.g. ingress.us-west-2.staging.cloudposse.org
+chamber write kops NGINX_INGRESS_HOSTNAME XXXXXXXXXXXX   # e.g. ingress.us-west-2.staging.cloudposse.co
 
 
 ## prometheus-operator
@@ -62,11 +62,11 @@ chamber write kops KUBE_PROMETHEUS_ALERT_MANAGER_REPLICA_COUNT XXXXXXXXXXXX   #
 chamber write kops KUBE_PROMETHEUS_ALERT_MANAGER_IMAGE_TAG XXXXXXXXXXXX   # e.g. v0.14.0
 chamber write kops KUBE_PROMETHEUS_ALERT_MANAGER_SLACK_WEBHOOK_URL XXXXXXXXXXXX
 chamber write kops KUBE_PROMETHEUS_ALERT_MANAGER_SLACK_CHANNEL XXXXXXXXXXXX
-chamber write kops KUBE_PROMETHEUS_ALERT_MANAGER_HOSTNAME XXXXXXXXXXXX   # e.g. alerts.us-west-2.staging.cloudposse.org
-chamber write kops KUBE_PROMETHEUS_ALERT_MANAGER_INGRESS XXXXXXXXXXXX   # e.g. ingress.us-west-2.staging.cloudposse.org
+chamber write kops KUBE_PROMETHEUS_ALERT_MANAGER_HOSTNAME XXXXXXXXXXXX   # e.g. alerts.us-west-2.staging.cloudposse.co
+chamber write kops KUBE_PROMETHEUS_ALERT_MANAGER_INGRESS XXXXXXXXXXXX   # e.g. ingress.us-west-2.staging.cloudposse.co
 chamber write kops KUBE_PROMETHEUS_ALERT_MANAGER_SECRET_NAME XXXXXXXXXXXX   # e.g. alertmanager-general-tls
 chamber write kops KUBE_PROMETHEUS_REPLICA_COUNT XXXXXXXXXXXX   # e.g. 4
 chamber write kops KUBE_PROMETHEUS_IMAGE_TAG XXXXXXXXXXXX   # e.g. v2.2.1
-chamber write kops KUBE_PROMETHEUS_HOSTNAME XXXXXXXXXXXX   # e.g. prometheus.us-west-2.staging.cloudposse.org
-chamber write kops KUBE_PROMETHEUS_INGRESS XXXXXXXXXXXX   # e.g. ingress.us-west-2.staging.cloudposse.org
+chamber write kops KUBE_PROMETHEUS_HOSTNAME XXXXXXXXXXXX   # e.g. prometheus.us-west-2.staging.cloudposse.co
+chamber write kops KUBE_PROMETHEUS_INGRESS XXXXXXXXXXXX   # e.g. ingress.us-west-2.staging.cloudposse.co
 chamber write kops KUBE_PROMETHEUS_SECRET_NAME XXXXXXXXXXXX   # e.g. prometheus-general-tls

aws/chamber/kms-key.tf

@@ -1,7 +1,7 @@
 module "chamber_kms_key" {
   source      = "git::https://github.com/cloudposse/terraform-aws-kms-key.git?ref=tags/0.1.0"
-  namespace   = "${module.identity.namespace}"
-  stage       = "${module.identity.stage}"
+  namespace   = "${var.namespace}"
+  stage       = "${var.stage}"
   name        = "chamber"
   description = "KMS key for chamber"
 }

aws/chamber/main.tf

@@ -4,14 +4,32 @@ terraform {
   backend "s3" {}
 }
 
-variable "aws_assume_role_arn" {}
+variable "aws_assume_role_arn" {
+  type = "string"
+}
+
+variable "namespace" {
+  type        = "string"
+  description = "Namespace (e.g. `cp` or `cloudposse`)"
+}
+
+variable "stage" {
+  type        = "string"
+  description = "Stage (e.g. `prod`, `dev`, `staging`)"
+}
+
+variable "region" {
+  type        = "string"
+  description = "AWS region"
+}
+
+variable "account_id" {
+  type        = "string"
+  description = "AWS account ID"
+}
 
 provider "aws" {
   assume_role {
     role_arn = "${var.aws_assume_role_arn}"
   }
 }
-
-module "identity" {
-  source = "git::[email protected]:cloudposse/terraform-aws-account-metadata.git?ref=init"
-}

aws/chamber/terraform.tfvars.example

@@ -0,0 +1,4 @@
+namespace="cp"
+stage="staging"
+region="us-west-2"
+account_id="XXXXXXXXXXXX"

aws/chamber/user.tf

@@ -2,12 +2,12 @@
 # https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-access.html
 module "chamber_user" {
   source        = "git::https://github.com/cloudposse/terraform-aws-iam-chamber-user.git?ref=tags/0.1.4"
-  namespace     = "${module.identity.namespace}"
-  stage         = "${module.identity.stage}"
+  namespace     = "${var.namespace}"
+  stage         = "${var.stage}"
   name          = "chamber"
   attributes    = ["codefresh"]
   kms_key_arn   = "${module.chamber_kms_key.key_arn}"
-  ssm_resources = ["${format("arn:aws:ssm:%s:%s:parameter/kops/*", module.identity.aws_region, module.identity.account_id)}"]
+  ssm_resources = ["${format("arn:aws:ssm:%s:%s:parameter/kops/*", var.region, var.account_id)}"]
 }
 
 output "chamber_user_name" {

aws/dns/terraform.tfvars.example

@@ -1 +1 @@
-domain_name="staging.cloudposse.org"
+domain_name="staging.cloudposse.co"

aws/docs/main.tf

@@ -12,6 +12,26 @@ variable "domain_name" {
   type = "string"
 }
 
+variable "namespace" {
+  type        = "string"
+  description = "Namespace (e.g. `cp` or `cloudposse`)"
+}
+
+variable "stage" {
+  type        = "string"
+  description = "Stage (e.g. `prod`, `dev`, `staging`)"
+}
+
+variable "region" {
+  type        = "string"
+  description = "AWS region"
+}
+
+variable "account_id" {
+  type        = "string"
+  description = "AWS account ID"
+}
+
 provider "aws" {
   assume_role {
     role_arn = "${var.aws_assume_role_arn}"
@@ -38,28 +58,24 @@ data "aws_acm_certificate" "acm_cloudfront_certificate" {
 locals {
   name          = "docs"
   cdn_domain    = "docs.${var.domain_name}"
-  docs_user_arn = "arn:aws:iam::${module.identity.account_id}:user/${module.identity.namespace}-${module.identity.stage}-${local.name}"
-}
-
-module "identity" {
-  source = "git::[email protected]:cloudposse/terraform-aws-account-metadata.git?ref=init"
+  docs_user_arn = "arn:aws:iam::${var.account_id}:user/${var.namespace}-${var.stage}-${local.name}"
 }
 
 module "docs_user" {
   source    = "git::https://github.com/cloudposse/terraform-aws-iam-system-user.git?ref=tags/0.2.2"
-  namespace = "${module.identity.namespace}"
-  stage     = "${module.identity.stage}"
+  namespace = "${var.namespace}"
+  stage     = "${var.stage}"
   name      = "${local.name}"
 }
 
 module "origin" {
   source               = "git::https://github.com/cloudposse/terraform-aws-s3-website.git?ref=tags/0.5.2"
-  namespace            = "${module.identity.namespace}"
-  stage                = "${module.identity.stage}"
+  namespace            = "${var.namespace}"
+  stage                = "${var.stage}"
   name                 = "${local.name}"
   hostname             = "${local.cdn_domain}"
   parent_zone_name     = "${var.domain_name}"
-  region               = "${module.identity.aws_region}"
+  region               = "${var.region}"
   cors_allowed_headers = ["*"]
   cors_allowed_methods = ["GET"]
   cors_allowed_origins = ["*"]
@@ -84,8 +100,8 @@ module "origin" {
 # CloudFront CDN fronting origin
 module "cdn" {
   source                 = "git::https://github.com/cloudposse/terraform-aws-cloudfront-cdn.git?ref=tags/0.4.0"
-  namespace              = "${module.identity.namespace}"
-  stage                  = "${module.identity.stage}"
+  namespace              = "${var.namespace}"
+  stage                  = "${var.stage}"
   name                   = "${local.name}"
   aliases                = ["${local.cdn_domain}", "docs.cloudposse.com"]
   origin_domain_name     = "${module.origin.s3_bucket_website_endpoint}"

aws/docs/terraform.tfvars.example

@@ -0,0 +1,4 @@
+namespace="cp"
+stage="staging"
+region="us-west-2"
+account_id="XXXXXXXXXXXX"

aws/kops-aws-platform/chart-repo.tf

@@ -1,12 +1,12 @@
 module "kops_chart_repo" {
   source       = "git::https://github.com/cloudposse/terraform-aws-kops-chart-repo.git?ref=tags/0.1.1"
-  namespace    = "${module.identity.namespace}"
-  stage        = "${module.identity.stage}"
+  namespace    = "${var.namespace}"
+  stage        = "${var.stage}"
   name         = "chart-repo"
-  cluster_name = "${module.identity.aws_region}.${module.identity.zone_name}"
+  cluster_name = "${var.region}.${var.zone_name}"
 
   tags = {
-    Cluster = "${module.identity.aws_region}.${module.identity.zone_name}"
+    Cluster = "${var.region}.${var.zone_name}"
   }
 }