Initial version 0.0.1 (#29)

Terraform Cloud Agent on Amazon ECS cluster
* Feature : bring your own ECS cluster
* Feature : single execution mode
* Feature : Fargate Spot

Author: wellsiau-aws

.config/.checkov.yml

@@ -1,15 +1,13 @@
 download-external-modules: False
 evaluate-variables: true
-file:
-- 'tf.json'
+directory:
+- ./
 framework:
-- terraform_plan
+- terraform
 skip-check:
 - CKV2_GCP*
 - CKV_AZURE*
 - CKV2_AZURE*
-repo-root-for-plan-enrichment:
-- '.'
 summary-position: bottom
 output: 'cli'
 compact: True

.config/functional_tests/post-entrypoint-helpers.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 ## NOTE: this script runs at the end of functional test
-## Use this to load any configurations after the functional test 
+## Use this to load any configurations after the functional test
 ## TIPS: avoid modifying the .project_automation/functional_test/entrypoint.sh
 ## migrate any customization you did on entrypoint.sh to this helper script
 echo "Executing Post-Entrypoint Helpers"

.config/functional_tests/pre-entrypoint-helpers.sh

@@ -1,6 +1,20 @@
 #!/bin/bash
 ## NOTE: this script runs at the start of functional test
-## use this to load any configuration before the functional test 
+## use this to load any configuration before the functional test
 ## TIPS: avoid modifying the .project_automation/functional_test/entrypoint.sh
 ## migrate any customization you did on entrypoint.sh to this helper script
-echo "Executing Pre-Entrypoint Helpers"
+echo "Executing Pre-Entrypoint Helpers"
+
+#********** TFC Env Vars *************
+echo "Load env vars"
+export AWS_DEFAULT_REGION=us-west-2
+export TFE_TOKEN=`aws secretsmanager get-secret-value --secret-id abp/hcp/token | jq -r ".SecretString"`
+
+#********** Get tfvars from SSM *************
+echo "Get *.tfvars from SSM parameter"
+aws ssm get-parameter \
+  --name "/abp/hcp/functional/terraform_test.tfvars" \
+  --with-decryption \
+  --query "Parameter.Value" \
+  --output "text" \
+  --region "us-west-2" > ./tests/terraform.auto.tfvars

.config/static_tests/post-entrypoint-helpers.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 ## NOTE: this script runs at the end of static test
-## Use this to load any configurations after the static test 
+## Use this to load any configurations after the static test
 ## TIPS: avoid modifying the .project_automation/static_test/entrypoint.sh
 ## migrate any customization you did on entrypoint.sh to this helper script
 echo "Executing Post-Entrypoint Helpers"

.config/static_tests/pre-entrypoint-helpers.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 ## NOTE: this script runs at the start of static test
-## use this to load any configuration before the static test 
+## use this to load any configuration before the static test
 ## TIPS: avoid modifying the .project_automation/static_test/entrypoint.sh
 ## migrate any customization you did on entrypoint.sh to this helper script
 echo "Executing Pre-Entrypoint Helpers"

.gitignore

@@ -4,6 +4,7 @@ plan.out.json
 
 # Local .terraform directories
 **/.terraform/*
+**/.terraform
 
 # .tfstate files
 *.tfstate

.header.md

@@ -1,7 +1,20 @@
-# Terraform Module Project
+# Terraform Cloud Agent on Amazon ECS
 
-:no_entry_sign: Do not edit this readme.md file. To learn how to change this content and work with this repository, refer to CONTRIBUTING.md
+This solution creates self-hosted HashiCorp Cloud Platform (HCP) Terraform agent on Amazon ECS cluster. HCP Terraform allows you to manage isolated, private, or on-premises infrastructure using self-hosted HCP Terraform agents. The agent polls HCP Terraform or HCP Terraform Enterprise for any changes to your configuration and executes the changes locally, so you do not need to allow public ingress traffic to your resources. Agents allow you to control infrastructure in private environments without modifying your network perimeter.
 
-## Readme Content
+## Architecture
 
-This file will contain any instructional information about this module.
+![Terraform Cloud Agent on Amazon ECS architecture](/assets/architecture.png)
+
+## Prerequisites
+
+To use this module you need to have the following:
+
+1. [HashiCorp Cloud Platform (HCP) Terraform](https://www.hashicorp.com/products/terraform) subscription
+2. Terraform API token with permission to create Terraform agent pool
+3. AWS account and credentials to provision resources as mentioned below.
+4. VPC with private subnets
+
+## Getting Started
+
+Please refer to the [examples](./examples/basic) on how to get started.

.project_automation/functional_tests/entrypoint.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 ## WARNING: DO NOT modify the content of entrypoint.sh
-# Use ./config/functional_tests/pre-entrypoint-helpers.sh or ./config/functional_tests/post-entrypoint-helpers.sh 
+# Use ./config/functional_tests/pre-entrypoint-helpers.sh or ./config/functional_tests/post-entrypoint-helpers.sh
 # to load any customizations or additional configurations
 
 ## NOTE: paths may differ when running in a managed task. To ensure behavior is consistent between
@@ -22,7 +22,7 @@ pre_entrypoint() {
 post_entrypoint() {
     if [ -f ${PROJECT_PATH}/.config/functional_tests/post-entrypoint-helpers.sh ]; then
         echo "Post-entrypoint helper found"
-        source ${PROJECT_PATH}/.config/functional_tests/post-entrypoint-helpers.sh        
+        source ${PROJECT_PATH}/.config/functional_tests/post-entrypoint-helpers.sh
         echo "Post-entrypoint helper loaded"
     else
         echo "Post-entrypoint helper not found - skipped"
@@ -32,12 +32,16 @@ post_entrypoint() {
 #********** Pre-entrypoint helper *************
 pre_entrypoint
 
-#********** Checkov Analysis *************
-echo "Running Checkov Analysis"
-terraform init
-terraform plan -out tf.plan
-terraform show -json tf.plan  > tf.json
-checkov --config-file ${PROJECT_PATH}/.config/checkov.yml
+#********** Functional Test *************
+/bin/bash ${PROJECT_PATH}/.project_automation/functional_tests/functional_tests.sh
+if [ $? -eq 0 ]
+then
+    echo "Functional test completed"
+    EXIT_CODE=0
+else
+    echo "Functional test failed"
+    EXIT_CODE=1
+fi
 
 #********** Post-entrypoint helper *************
 post_entrypoint

.project_automation/functional_tests/functional_tests.sh

@@ -20,7 +20,7 @@ if test -f ${MANDATORY_TEST_PATH}; then
 else
     echo "File ${MANDATORY_TEST_PATH} not found. You must include at least one test run in file ${MANDATORY_TEST_PATH}"
     (exit 1)
-fi 
+fi
 
 if [ $? -eq 0 ]; then
     echo "Terraform Test Successfull"

.project_automation/static_tests/entrypoint.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 ## WARNING: DO NOT modify the content of entrypoint.sh
-# Use ./config/static_tests/pre-entrypoint-helpers.sh or ./config/static_tests/post-entrypoint-helpers.sh 
+# Use ./config/static_tests/pre-entrypoint-helpers.sh or ./config/static_tests/post-entrypoint-helpers.sh
 # to load any customizations or additional configurations
 
 ## NOTE: paths may differ when running in a managed task. To ensure behavior is consistent between
@@ -22,7 +22,7 @@ pre_entrypoint() {
 post_entrypoint() {
     if [ -f ${PROJECT_PATH}/.config/static_tests/post-entrypoint-helpers.sh ]; then
         echo "Post-entrypoint helper found"
-        source ${PROJECT_PATH}/.config/static_tests/post-entrypoint-helpers.sh        
+        source ${PROJECT_PATH}/.config/static_tests/post-entrypoint-helpers.sh
         echo "Post-entrypoint helper loaded"
     else
         echo "Post-entrypoint helper not found - skipped"

CODEOWNERS

@@ -1 +1,4 @@
-* @aws-ia/aws-ia
+gautam.baghel@hashicorp.com
+dan.barr@hashicorp.com
+manuchn@amazon.com
+wellsiau@amazon.com

CONTRIBUTING.md

@@ -8,7 +8,7 @@ For best practices and information on developing with Terraform, see the [I&A Mo
 
 ## Contributing Code
 
-In order to contibute code to this repository, you must submit a *[Pull Request](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request)*. To do so, you must *[fork](https://docs.github.com/en/get-started/quickstart/fork-a-repo)* this repostiory, make your changes in your forked version and submit a *Pull Request*.
+In order to contribute code to this repository, you must submit a *[Pull Request](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request)*. To do so, you must *[fork](https://docs.github.com/en/get-started/quickstart/fork-a-repo)* this repository, make your changes in your forked version and submit a *Pull Request*.
 
 ## Writing Documentation
 
@@ -20,7 +20,7 @@ README.md is automatically generated by pulling in content from other files. For
 
 Pull Requests (PRs) submitted against this repository undergo a series of static and functional checks.
 
-> :exclamation: Note: Failures during funtional or static checks will prevent a pull request from being accepted.
+> :exclamation: Note: Failures during functional or static checks will prevent a pull request from being accepted.
 
 It is a best practice to perform these checks locally prior to submitting a pull request.
 
@@ -32,15 +32,15 @@ It is a best practice to perform these checks locally prior to submitting a pull
 - Checkov
 - Terratest
 
-> :bangbang: The readme.md file will be created after all checks have completed successfuly, it is recommended that you install terraform-docs locally in order to preview your readme.md file prior to publication.
+> :bangbang: The README.md file will be created after all checks have completed successfully, it is recommended that you install terraform-docs locally in order to preview your readme.md file prior to publication.
 
 ## Install the required tools
 
 Prerequisites:
 
 - [Python](https://docs.python.org/3/using/index.html)
 - [Pip](https://pip.pypa.io/en/stable/installation/)
-- [golang](https://go.dev/doc/install) (for macos you can use `brew`)
+- [golang](https://go.dev/doc/install) (for macOS you can use `brew`)
 - [tflint](https://github.com/terraform-linters/tflint)
 - [tfsec](https://aquasecurity.github.io/tfsec/v1.0.11/)
 - [Markdown Lint](https://github.com/markdownlint/markdownlint)