-
Notifications
You must be signed in to change notification settings - Fork 1
/
wayfinder-cloudaccess.tf
61 lines (52 loc) · 2.57 KB
/
wayfinder-cloudaccess.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
module "wayfinder_cloudaccess" {
count = var.enable_wf_cloudaccess && (var.enable_wf_dnszonemanager || var.enable_wf_costestimates) ? 1 : 0
source = "./modules/cloudaccess"
resource_suffix = var.wayfinder_instance_id
wayfinder_identity_aws_role_arn = module.wayfinder_irsa_role.iam_role_arn
enable_dns_zone_manager = var.enable_wf_dnszonemanager
enable_cloud_info = var.enable_wf_costestimates
tags = local.tags
}
resource "kubectl_manifest" "wayfinder_cloud_identity_main" {
count = var.enable_k8s_resources && var.enable_wf_cloudaccess ? 1 : 0
depends_on = [helm_release.wayfinder]
yaml_body = templatefile("${path.module}/manifests/wayfinder-cloud-identity.yml.tpl", {
name = "cloudidentity-aws"
description = "Wayfinder's AWS IRSA identity configured at install"
role_arn = module.wayfinder_irsa_role.iam_role_arn
})
}
resource "kubectl_manifest" "wayfinder_aws_cloudinfo_cloudaccessconfig" {
count = var.enable_k8s_resources && var.enable_wf_cloudaccess && var.enable_wf_costestimates ? 1 : 0
depends_on = [
helm_release.wayfinder,
kubectl_manifest.wayfinder_cloud_identity_main,
]
yaml_body = templatefile("${path.module}/manifests/wayfinder-aws-cloudaccessconfig.yml.tpl", {
account_id = data.aws_caller_identity.current.account_id
description = "Used for cost data retrieval in order to provide infrastructure cost estimates."
identity = "cloudidentity-aws"
name = "aws-cloudinfo"
permission = "CloudInfo"
region = data.aws_region.current.name
role_arn = module.wayfinder_cloudaccess[0].cloud_info_role_arns.aws
type = "CostsEstimates"
})
}
resource "kubectl_manifest" "wayfinder_aws_dnszonemanager_cloudaccessconfig" {
count = var.enable_k8s_resources && var.enable_wf_cloudaccess && var.enable_wf_dnszonemanager ? 1 : 0
depends_on = [
helm_release.wayfinder,
kubectl_manifest.wayfinder_cloud_identity_main,
]
yaml_body = templatefile("${path.module}/manifests/wayfinder-aws-cloudaccessconfig.yml.tpl", {
account_id = data.aws_caller_identity.current.account_id
description = "Used for managing a top-level domain, so that Wayfinder can create sub domains within it that are delegated to workspace clusters."
identity = "cloudidentity-aws"
name = "aws-dnsmanagement"
permission = "DNSZoneManager"
region = data.aws_region.current.name
role_arn = module.wayfinder_cloudaccess[0].dns_zone_manager_role_arns.aws
type = "DNSZoneManagement"
})
}