This simple child module comprises data sources, outputs, and some modest logic to encourage adoption of DASG's emerging, platform-wide standards for use in CDAP-customer terraform modules. The resources that are referenced by terraform data source in this module are managed by the CMS Hybrid Cloud team and/or the CDAP team.
NOTE Ensure changes made to local.static_tags that are relevant to both this module and the standards module remain synchronized.
This module is suitable for CDAP-customer usage in greenfield environments only.
This child module is opinionated and makes various assumptions about the environment in which it operates in order to balance a maximum value with limited complexity. The key assumptions are focused on the existence of resources that managed externally from customer infrastructure-as-code repositories, such as account-level and vpc-level resources, provided by the CMS Hybrid Cloud and CDAP teams.
module "platform" {
# Ensure `ref` in the following line is pinned to something static
# e.g. a known branch, commit hash, or tag from **this repository**
source = "github.com/CMSgov/cdap//terraform/modules/platform?ref=<hash|tag|branch>"
providers = { aws = aws, aws.secondary = aws.secondary }
app = "ab2d"
env = "dev"
root_module = "https://github.com/CMSgov/ab2d/tree/main/ops/services/20-microservices"
service = "microservices"
ssm_root_map = {
common = "/ab2d/${local.parent_env}/common"
core = "/ab2d/${local.parent_env}/core"
}
}
## Configure aws providers with the default tags from the platform module
provider "aws" {
region = "us-east-1"
default_tags {
tags = module.platform.default_tags
}
}
provider "aws" {
alias = "secondary"
region = "us-west-2"
default_tags {
tags = module.platform.default_tags
}
}| Name | Version |
|---|---|
| aws | ~>5 |
| aws.secondary | ~>5 |
| Name | Version |
|---|---|
| aws | ~>5 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| app | The short name for the delivery team or ADO. | string |
n/a | yes |
| env | The solution's environment name. | string |
n/a | yes |
| root_module | The full URL to the terraform module root at issue for this infrastructure | string |
n/a | yes |
| service | Service or terraservice name. | string |
n/a | yes |
| additional_tags | Additional tags to merge into final default_tags output | map(string) |
{} |
no |
| ssm_root_map | Map of SSM parameter hierarchy roots or path prefixes for use in an SSM Parameters By Path data source | map(any) |
{} |
no |
No modules.
| Name | Type |
|---|---|
| aws_caller_identity.this | data source |
| aws_iam_policy.permissions_boundary | data source |
| aws_iam_role.this | data source |
| aws_kms_alias.primary | data source |
| aws_kms_alias.secondary | data source |
| aws_nat_gateway.this | data source |
| aws_nat_gateways.this | data source |
| aws_region.primary | data source |
| aws_region.secondary | data source |
| aws_s3_bucket.access_logs | data source |
| aws_security_group.this | data source |
| aws_security_groups.this | data source |
| aws_ssm_parameter.platform_cidr | data source |
| aws_ssm_parameters_by_path.ssm | data source |
| aws_subnet.private | data source |
| aws_subnet.public | data source |
| aws_subnets.private | data source |
| aws_subnets.public | data source |
| aws_vpc.this | data source |
| Name | Description |
|---|---|
| account_id | Deprecated. Use aws_caller_identity.account_id. The AWS account ID associated with the current caller identity |
| app | The short name for the delivery team or ADO. |
| aws_caller_identity | The current data.aws_caller_identity object. |
| default_tags | Map of tags for use in AWS provider block default_tags. Merges collection of standard tags with optional, user-specificed additional_tags |
| env | The solution's application environment name. |
| iam_defaults | Map of default permissions boundary and IAM resources path. |
| is_ephemeral_env | Returns true when environment is _ephemeral_, false when _established_ |
| kion_roles | Map of common kion/cloudtamer aws_iam_role data sources, keyed by name. |
| kms_alias_primary | Primary KMS Key Alias Data Source |
| kms_alias_secondary | Secondary KMS Key Alias Data Source |
| logging_bucket | The designated access log bucket aws_s3_bucket data source for the current environment |
| nat_gateways | Map of current VPC available aws_nat_gateway data sources, keyed by id. |
| network_access_logs_bucket | Standardized CMS Hybrid Cloud Providued Network Access Logs bucket Name |
| parent_env | The solution's source environment. For established environments this is equal to the environment's name |
| platform_cidr | The CIDR-range for the CDAP-managed VPC for CI and other administrative functions. |
| primary_region | The primary data.aws_region object from the current caller identity |
| private_subnets | Map of current VPC private aws_subnet data sources, keyed by subnet_id |
| public_subnets | Map of current VPC public aws_subnet data sources, keyed by id |
| sdlc_env | The SDLC (production vs non-production) environment. |
| secondary_region | The secondary data.aws_region object associated with the secondary region. |
| security_groups | Map of current VPC's common aws_security_group data sources, keyed by name |
| service | The name of the current service or terraservice. |
| ssm | SSM parameter resources available based on the var.ssm_root_map input variable. |
| vpc_id | The current environment VPC ID value |