-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
59 lines (51 loc) · 1.35 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "5.60.0"
}
}
cloud {
organization = "major"
workspaces {
name = "infrastructure"
}
}
}
provider "aws" {
region = "us-east-1"
default_tags {
tags = {
# We will need a real Red Hat appcode later, but this should be okay for now. 😉
AppCode = "CID"
Project = "cloud-image-directory"
ServiceName = "cloud-image-directory"
ServicePhase = "experimental"
ServiceOwner = "cloudx"
}
}
}
# Avoid a warning for providing a variable that is not used.
variable "TFC_AWS_RUN_ROLE_ARN" {
type = string
default = null
}
# Avoid a warning for providing a variable that is not used.
variable "TFC_AWS_PROVIDER_AUTH" {
type = bool
default = false
}
# OpenID provider for GitHub Actions. This allows GitHub Actions to assume roles
# in our AWS account and it can be used by multiple roles.
resource "aws_iam_openid_connect_provider" "github_actions" {
url = "https://token.actions.githubusercontent.com"
# Also known in AWS interfaces as "Audience"
client_id_list = [
"sts.amazonaws.com",
]
thumbprint_list = ["6938fd4d98bab03faadb97b34396831e3780aea1"]
tags = {
Name = "github-actions"
Description = "Allows GitHub Actions to assume roles in this account"
}
}