Merge pull request #8 from cds-snc/backstage_terragrunt_bootstrap_tem…

…plate_cra_udp_dashboard

🥾 Bootstrap Terraform/Terragrunt for cra_udp_dashboard 👢

terragrunt/.checkov.yml

@@ -0,0 +1,2 @@
+skip-check:
+    # Format is in the form of <check_id> # <reason>

terragrunt/Makefile

@@ -0,0 +1,7 @@
+.PHONY: fmt checkov
+fmt:
+	terraform fmt -recursive aws &&\
+	terragrunt hclfmt
+
+checkov:
+	checkov --directory=aws

terragrunt/README.md

@@ -0,0 +1,64 @@
+# Terragrunt structure for AWS
+
+Here's an example of a directory structure for organizing your Terraform and Terragrunt configurations:
+
+    aws/
+    │
+    ├── cloudfront/
+    │   ├── input.tf
+    │   ├── main.tf
+    │   └── output.tf
+    │
+    ├── s3/
+    │   ├── input.tf
+    │   ├── main.tf
+    │   └── output.tf
+    │
+    ├── ecs/
+    │   ├── input.tf
+    │   ├── main.tf
+    │   └── output.tf
+    │
+    ├── rds/
+    │   ├── input.tf
+    │   ├── main.tf
+    │   └── output.tf
+    │
+    ├── terragrunt.hcl
+    └── env/
+        ├── staging/
+        │   ├── cloudfront/
+        │   │   └── terragrunt.hcl
+        │   ├── s3/
+        │   │   └── terragrunt.hcl
+        │   ├── ecs/
+        │   │   └── terragrunt.hcl
+        │   └── rds/
+        │       └── terragrunt.hcl
+        └── production/
+            ├── cloudfront/
+            │   └── terragrunt.hcl
+            ├── s3/
+            │   └── terragrunt.hcl
+            ├── ecs/
+            │   └── terragrunt.hcl
+            └── rds/
+                └── terragrunt.hcl
+
+
+Each AWS service directory contains the following Terraform files:
+
+- `input.tf`: This file defines input variables that are used to parameterize the Terraform configurations. These variables allow you to pass different values for different environments.`:
+- `main.tf`: This file contains the core Terraform code that defines the resources you want to create in AWS.
+- `output.tf`: This file defines output variables that Terraform will return after applying the configuration. Outputs are useful for returning information about the resources created.
+
+Additional files:
+- `env/terragrunt.hcl`: This is the root Terragrunt configuration file. It can define common settings, such as remote state configuration and include common configurations that are shared across all environments and services.
+- Environment-Specific `terragrunt.hcl` Files: Each environment (staging, prod) has its own set of Terragrunt configuration files, organized by service. These files can override variables and settings specific to the environment.
+
+
+### Benefits of This Structure
+- **DRY (Don't Repeat Yourself)**: By using Terragrunt, you can define your infrastructure code once and reuse it across multiple environments with different configurations.
+- **Modularization**: Each service has its own directory, making it easier to manage and understand the configurations for each part of your infrastructure.
+- **Environment Isolation**: Different environments (staging, prod) have their own configurations, ensuring that changes in one environment do not affect others.
+- **Centralized State Management**: Using remote state configuration in the root terragrunt.hcl ensures that the state files are stored in a central location, typically in an S3 bucket, making it easier to manage and share state.

terragrunt/aws/README.md

@@ -0,0 +1,32 @@
+### AWS Service Directories
+
+The directory structure for AWS services organizes Terraform configurations by service:
+
+    aws/
+    │
+    ├── cloudfront/
+    │   ├── input.tf
+    │   ├── main.tf
+    │   └── output.tf
+    │
+    ├── s3/
+    │   ├── input.tf
+    │   ├── main.tf
+    │   └── output.tf
+    │
+    ├── ecs/
+    │   ├── input.tf
+    │   ├── main.tf
+    │   └── output.tf
+    │
+    ├── rds/
+    │   ├── input.tf
+    │   ├── main.tf
+    │   └── output.tf
+    |__
+
+Each directory corresponds to an AWS service and contains the following Terraform files:
+
+- **`input.tf`**: Defines the input variables used to parameterize the Terraform configurations.
+- **`main.tf`**: Contains the core Terraform code that defines the resources to be created in AWS.
+- **`output.tf`**: Defines the output variables that Terraform will return after applying the configuration.

terragrunt/env/README.md

@@ -0,0 +1,50 @@
+# Environment Configuration
+
+This directory contains the environment-specific Terragrunt configurations for managing AWS infrastructure. Each subdirectory corresponds to a different environment (e.g. `staging`, `prod`) and contains the necessary Terragrunt configuration files for each AWS service.
+
+## Directory Structure
+
+    └── env/
+    ├── staging/
+    │   ├── cloudfront/
+    │   │   └── terragrunt.hcl
+    │   ├── s3/
+    │   │   └── terragrunt.hcl
+    │   ├── ecs/
+    │   │   └── terragrunt.hcl
+    │   └── rds/
+    │       └── terragrunt.hcl
+    └── production/
+        ├── cloudfront/
+        │   └── terragrunt.hcl
+        ├── s3/
+        │   └── terragrunt.hcl
+        ├── ecs/
+        │   └── terragrunt.hcl
+        └── rds/
+            └── terragrunt.hcl
+
+### `terragrunt.hcl`
+
+Each `terragrunt.hcl` file contains the configuration for deploying the corresponding service in that specific environment. This file includes settings and inputs unique to the environment, such as region, environment name, and any other environment-specific variables.
+
+#### Example Configuration
+
+Here are example contents of the `terragrunt.hcl` files for the `staging` environment for the S3 service:
+
+#### Staging Environment
+
+**File**: `env/staging/s3/terragrunt.hcl`
+```
+    terraform {
+        source = "../../../aws//s3"
+    }
+    
+    include {
+        path = find_in_parent_folders()
+    }
+```
+
+This configuration includes:
+- `include` block to inherit common settings from the parent terragrunt.hcl.
+- `terraform` block to specify the source path for the Terraform configuration.

terragrunt/env/common/common_variables.tf

@@ -0,0 +1,39 @@
+variable "account_id" {
+  description = "(Required) The account ID to perform actions on."
+  type        = string
+}
+
+variable "cbs_satellite_bucket_name" {
+  description = "(Required) Name of the Cloud Based Sensor S3 satellite bucket"
+  type        = string
+}
+
+variable "env" {
+  description = "The current running environment"
+  type        = string
+}
+
+variable "product_name" {
+  description = "The name of the product you are deploying."
+  type        = string
+}
+
+variable "domain" {
+  description = "The domain name to deploy to"
+  type        = string
+}
+
+variable "region" {
+  description = "The current AWS region"
+  type        = string
+}
+
+variable "billing_code" {
+  description = "The billing code to tag our resources with"
+  type        = string
+}
+
+variable "billing_tag_value" {
+  description = "The value we use to track billing"
+  type        = string
+}

terragrunt/env/common/provider.tf

@@ -0,0 +1,19 @@
+terraform {
+    required_providers {
+      aws = {
+        source  = "hashicorp/aws"
+        version = "~> 5.39"
+      }
+    }
+  }
+
+  provider "aws" {
+    region              = "ca-central-1" 
+    allowed_account_ids = [ var.accout_id ]
+  }
+
+  provider "aws" {
+    alias               = "us-east-1"
+    region              = "us-east-1"
+    allowed_account_ids = [ var.account_id ]
+  }

terragrunt/env/production/env_vars.hcl

@@ -0,0 +1,9 @@
+inputs = {
+    account_id        = "211125499457" 
+    env               = "production"
+    product_name      = "cra_upd_dashboard" 
+    cost_center_code  = "cra-upd-dashboard" 
+    billing_code      = "CostCentre" 
+    billing_tag_value = "CraUpdDashboard" 
+    domain            = "cra-arc.cdssandbox.xyz"
+  }

terragrunt/env/staging/env_vars.hcl

@@ -0,0 +1,9 @@
+inputs = {
+    account_id        = "211125499457" 
+    env               = "staging"
+    product_name      = "cra_upd_dashboard" 
+    cost_center_code  = "cra-upd-dashboard" 
+    billing_code      = "CostCentre" 
+    billing_tag_value = "CraUpdDashboard" 
+    domain            = "cra-arc.staging.cdssandbox.xyz"
+  }

terragrunt/env/terragrunt.hcl

@@ -0,0 +1,46 @@
+  locals {
+    vars = read_terragrunt_config("../env_vars.hcl")
+  }
+
+  # DO NOT CHANGE ANYTHING BELOW HERE UNLESS YOU KNOW WHAT YOU ARE DOING
+
+  inputs = {
+    product_name                 = "${local.vars.inputs.product_name}" 
+    account_id                   = "${local.vars.inputs.account_id}"
+    domain                       = "${local.vars.inputs.domain}"
+    env                          = "${local.vars.inputs.env}"
+    region                       = "ca-central-1"
+    billing_code                 = "${local.vars.inputs.cost_center_code}"
+    billing_tag_value            = "${local.vars.inputs.billing_tag_value}"
+    cbs_satellite_bucket_name    = "cbs-satellite-${local.vars.inputs.account_id}"
+  }
+
+  generate "provider" {
+    path      = "provider.tf"
+    if_exists = "overwrite"
+    contents  = file("./common/provider.tf")
+
+  }
+
+  generate "common_variables" {
+    path      = "common_variables.tf"
+    if_exists = "overwrite"
+    contents  = file("./common/common_variables.tf")
+  }
+
+  remote_state {
+    backend = "s3"
+    generate = {
+      path      = "backend.tf"
+      if_exists = "overwrite_terragrunt"
+    }
+    config = {
+      encrypt             = true
+      bucket              = "${local.vars.inputs.cost_center_code}-tf"
+      dynamodb_table      = "terraform-state-lock-dynamo"
+      region              = "ca-central-1"
+      key                 = "${path_relative_to_include()}/terraform.tfstate"
+      s3_bucket_tags      = { CostCentre : local.vars.inputs.cost_center_code }
+      dynamodb_table_tags = { CostCentre : local.vars.inputs.cost_center_code }
+    }
+  }