Refactor to use API instead of Cloudformation

dgoodellrhy · dgoodellrhy · commit e85204954d7b · 2023-01-11T16:00:07.000-05:00
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,11 +1,9 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.31.0
+    rev: v1.77.0
     hooks:
       - id: terraform_docs
         always_run: true
-        args:
-          - --args=--sort-by-required
       - id: terraform_fmt
       - id: terraform_tflint
         alias: terraform_tflint_deep
diff --git a/README.md b/README.md
@@ -96,41 +96,53 @@ This module bridges the gap allowing Terraform to create EC2 Image Builder compo
 
 | Name | Version |
 |------|---------|
-| terraform | >= 0.12.28 |
-| aws | >= 2.44, < 4.0.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.22.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| aws | >= 2.44, < 4.0.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.22.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_imagebuilder_component.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/imagebuilder_component) | resource |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_secretsmanager_secret.ssh_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/secretsmanager_secret) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| component\_version | Version of the component | `string` | n/a | yes |
-| name | name to use for component | `string` | n/a | yes |
-| playbook\_repo | git url for repo where ansible code lives with provisioning playbook and requirements file<br>can append with `-b BRANCH_NAME` to clone a specific branch | `string` | n/a | yes |
-| change\_description | description of changes since last version | `string` | `null` | no |
-| cloudformation\_timeout | How long to wait (in minutes) for CFN to apply before giving up | `number` | `10` | no |
-| data\_uri | Use this to override the component document with one at a particualar URL endpoint | `string` | `null` | no |
-| description | description of component | `string` | `null` | no |
-| kms\_key\_id | KMS key to use for encryption | `string` | `null` | no |
-| platform | platform of component (Linux or Windows) | `string` | `"Linux"` | no |
-| playbook\_dir | directory where playbook and requirements are found (if not root of repo) | `string` | `null` | no |
-| playbook\_file | path to playbook file, relative to `playbook_dir` | `string` | `"provision.yml"` | no |
-| ssh\_key\_secret\_arn | ARN of a secretsmanager secret containing an SSH key (use arn OR name, not both) | `string` | `null` | no |
-| ssh\_key\_secret\_name | Name of a secretsmanager secret containing an SSH key (use arn OR name, not both) | `string` | `null` | no |
-| tags | map of tags to use for CFN stack and component | `map(string)` | `{}` | no |
+| <a name="input_change_description"></a> [change\_description](#input\_change\_description) | description of changes since last version | `string` | `null` | no |
+| <a name="input_component_version"></a> [component\_version](#input\_component\_version) | Version of the component | `string` | n/a | yes |
+| <a name="input_data_uri"></a> [data\_uri](#input\_data\_uri) | Use this to override the component document with one at a particualar URL endpoint | `string` | `null` | no |
+| <a name="input_description"></a> [description](#input\_description) | description of component | `string` | `null` | no |
+| <a name="input_kms_key_id"></a> [kms\_key\_id](#input\_kms\_key\_id) | KMS key to use for encryption | `string` | `null` | no |
+| <a name="input_name"></a> [name](#input\_name) | name to use for component | `string` | n/a | yes |
+| <a name="input_platform"></a> [platform](#input\_platform) | platform of component (Linux or Windows) | `string` | `"Linux"` | no |
+| <a name="input_playbook_dir"></a> [playbook\_dir](#input\_playbook\_dir) | directory where playbook and requirements are found (if not root of repo) | `string` | `null` | no |
+| <a name="input_playbook_file"></a> [playbook\_file](#input\_playbook\_file) | path to playbook file, relative to `playbook_dir` | `string` | `"provision.yml"` | no |
+| <a name="input_playbook_repo"></a> [playbook\_repo](#input\_playbook\_repo) | git url for repo where ansible code lives with provisioning playbook and requirements file<br>can append with `-b BRANCH_NAME` to clone a specific branch | `string` | n/a | yes |
+| <a name="input_ssh_key_secret_arn"></a> [ssh\_key\_secret\_arn](#input\_ssh\_key\_secret\_arn) | ARN of a secretsmanager secret containing an SSH key (use arn OR name, not both) | `string` | `null` | no |
+| <a name="input_ssh_key_secret_name"></a> [ssh\_key\_secret\_name](#input\_ssh\_key\_secret\_name) | Name of a secretsmanager secret containing an SSH key (use arn OR name, not both) | `string` | `null` | no |
+| <a name="input_supported_os_versions"></a> [supported\_os\_versions](#input\_supported\_os\_versions) | A set of operating system versions supported by the component. If the OS information is available, a prefix match is performed against the base image OS version during image recipe creation. | `set(string)` | `null` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | map of tags to use for CFN stack and component | `map(string)` | `{}` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| component\_arn | ARN of the EC2 Image Builder Component |
-| latest\_minor\_version\_arn | ARN of the EC2 Image Builder Component |
-
+| <a name="output_component_arn"></a> [component\_arn](#output\_component\_arn) | ARN of the EC2 Image Builder Component |
+| <a name="output_latest_minor_version_arn"></a> [latest\_minor\_version\_arn](#output\_latest\_minor\_version\_arn) | ARN of the EC2 Image Builder Component |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 ## The Giants underneath this module
diff --git a/main.tf b/main.tf
@@ -29,37 +29,20 @@ data "aws_secretsmanager_secret" "ssh_key" {
   name = var.ssh_key_secret_name
 }
 
-resource "aws_cloudformation_stack" "this" {
-  name               = "${var.name}-${uuid()}"
-  on_failure         = "ROLLBACK"
-  timeout_in_minutes = var.cloudformation_timeout
+resource "aws_imagebuilder_component" "this" {
+  name    = var.name
+  version = var.component_version
+
+  change_description    = var.change_description
+  data                  = var.data_uri == null ? local.data : null
+  description           = var.description
+  kms_key_id            = var.kms_key_id
+  platform              = var.platform
+  supported_os_versions = var.supported_os_versions
+  uri                   = var.data_uri
 
   tags = merge(
     var.tags,
     { Name : "${var.name}-stack" }
   )
-
-  template_body = templatefile("${path.module}/cloudformation.yml.tpl", {
-    change_description = var.change_description
-    data               = local.data
-    description        = var.description
-    kms_key_id         = var.kms_key_id
-    name               = var.name
-    platform           = var.platform
-    uri                = var.data_uri
-    version            = var.component_version
-
-    tags = merge(
-      var.tags,
-      { Name : var.name }
-    )
-  })
-
-  lifecycle {
-    create_before_destroy = true
-
-    ignore_changes = [
-      name
-    ]
-  }
 }
diff --git a/outputs.tf b/outputs.tf
@@ -8,18 +8,10 @@ locals {
 
 output "component_arn" {
   description = "ARN of the EC2 Image Builder Component"
-  value       = "arn:aws:imagebuilder:${local.region}:${local.account_id}:component/${lower(var.name)}/${var.component_version}/1"
-
-  depends_on = [
-    aws_cloudformation_stack.this
-  ]
+  value       = aws_imagebuilder_component.this.arn
 }
 
 output "latest_minor_version_arn" {
   description = "ARN of the EC2 Image Builder Component"
   value       = "arn:aws:imagebuilder:${local.region}:${local.account_id}:component/${lower(var.name)}/${local.latest_component_minor_version}"
-
-  depends_on = [
-    aws_cloudformation_stack.this
-  ]
 }
diff --git a/variables.tf b/variables.tf
@@ -4,12 +4,6 @@ variable "change_description" {
   type        = string
 }
 
-variable "cloudformation_timeout" {
-  default     = 10
-  description = "How long to wait (in minutes) for CFN to apply before giving up"
-  type        = number
-}
-
 variable "component_version" {
   description = "Version of the component"
   type        = string
@@ -77,6 +71,12 @@ variable "ssh_key_secret_name" {
   type        = string
 }
 
+variable "supported_os_versions" {
+  default     = null
+  description = "A set of operating system versions supported by the component. If the OS information is available, a prefix match is performed against the base image OS version during image recipe creation."
+  type        = set(string)
+}
+
 variable "tags" {
   default     = {}
   description = "map of tags to use for CFN stack and component"
diff --git a/versions.tf b/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 0.12.28"
+  required_version = ">= 0.14"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws",
-      version = ">= 2.44, < 4.0.0"
+      version = ">= 4.22.0"
     }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -1,10 +1,10 @@`
`1`	`1`	`terraform {`
`2`		`- required_version = ">= 0.12.28"`
	`2`	`+ required_version = ">= 0.14"`
`3`	`3`
`4`	`4`	`required_providers {`
`5`	`5`	`aws = {`
`6`	`6`	`source = "hashicorp/aws",`
`7`		`- version = ">= 2.44, < 4.0.0"`
	`7`	`+ version = ">= 4.22.0"`
`8`	`8`	`}`
`9`	`9`	`}`
`10`	`10`	`}`