add Atlantis deployment (#77)

* add Atlantis configuration file * add Atlantis deployment * set default Terraform version for Atlantis * set apply requirements for Atlantis * add atlantis folder to managed projects
2025-11-01 19:37:57 +00:00 · 2021-01-22 12:54:32 +01:00
parent a03702af37
commit 0ec7ded9c3
6 changed files with 140 additions and 1 deletions
--- a/atlantis.yaml
+++ b/atlantis.yaml
@@ -0,0 +1,10 @@
+version: 3
+projects:
+- name: cloudsdk_cicd
+  dir: terraform/wifi-289708231103/cloudsdk_cicd
+- name: dns
+  dir: terraform/wifi-289708231103/dns
+- name: tip-wifi-vpn
+  dir: terraform/wifi-289708231103/tip-wifi-vpn
+- name: atlantis
+  dir: terraform/wifi-289708231103/atlantis
--- a/terraform/wifi-289708231103/atlantis/atlantis.json
+++ b/terraform/wifi-289708231103/atlantis/atlantis.json
@@ -0,0 +1,8 @@
+{
+    "repos": [
+        {
+            "id": "/.*/",
+            "apply_requirements": ["approved", "mergeable"]
+        }
+    ]
+}
--- a/terraform/wifi-289708231103/atlantis/main.tf
+++ b/terraform/wifi-289708231103/atlantis/main.tf
@@ -0,0 +1,75 @@
+terraform {
+  backend "s3" {
+    region         = "us-east-1"
+    bucket         = "tip-wifi-tfstate"
+    key            = "atlantis"
+    dynamodb_table = "terraform-state-lock"
+    encrypt        = true
+  }
+}
+
+provider "aws" {
+  region = var.aws_region
+}
+
+data "terraform_remote_state" "route_53" {
+  backend = "s3"
+
+  config = {
+    region         = "us-east-1"
+    bucket         = "tip-wifi-tfstate"
+    key            = "dns"
+    dynamodb_table = "terraform-state-lock"
+    encrypt        = true
+  }
+}
+
+module "atlantis" {
+  source  = "terraform-aws-modules/atlantis/aws"
+  version = "~> 2.0"
+
+  name = "atlantis"
+
+  cidr            = "10.20.0.0/16"
+  azs             = ["${var.aws_region}a", "${var.aws_region}b"]
+  private_subnets = ["10.20.1.0/24", "10.20.2.0/24"]
+  public_subnets  = ["10.20.101.0/24", "10.20.102.0/24"]
+
+  route53_zone_name = trimsuffix(data.terraform_remote_state.route_53.outputs.zone_name, ".")
+
+  atlantis_github_user       = var.atlantis_github_user
+  atlantis_github_user_token = var.atlantis_github_user_token
+  atlantis_repo_whitelist    = var.repo_whitelist
+
+  policies_arn = var.atlantis_policy_arns
+
+  ecs_fargate_spot = true
+
+  tags = {
+    "ManagedBy" = "terraform"
+  }
+
+  custom_environment_variables = [
+    {
+      name  = "ATLANTIS_DEFAULT_TF_VERSION"
+      value = var.default_terraform_version
+    },
+    {
+      name  = "ATLANTIS_REPO_CONFIG_JSON"
+      value = file("atlantis.json")
+    }
+  ]
+
+}
+
+module "github_repository_webhook" {
+  source = "terraform-aws-modules/atlantis/aws//modules/github-repository-webhook"
+
+  github_organization = var.atlantis_github_organization
+  github_token        = var.atlantis_github_user_token
+
+  atlantis_allowed_repo_names = var.repo_names
+
+  webhook_url    = module.atlantis.atlantis_url_events
+  webhook_secret = module.atlantis.webhook_secret
+}
--- a/terraform/wifi-289708231103/atlantis/outputs.tf
+++ b/terraform/wifi-289708231103/atlantis/outputs.tf
@@ -0,0 +1,3 @@
+output "atlantis_url" {
+  value = module.atlantis.atlantis_url
+}
--- a/terraform/wifi-289708231103/atlantis/variables.tf
+++ b/terraform/wifi-289708231103/atlantis/variables.tf
@@ -0,0 +1,39 @@
+variable "aws_region" {
+  description = "AWS region to deploy Atlantis to"
+  type        = string
+}
+
+variable "atlantis_github_user" {
+  description = "Github user that will be used by Atlantis"
+  type        = string
+}
+
+variable "atlantis_github_organization" {
+  description = "Github Organization that Atlantis will use to create the webhooks"
+  type        = string
+}
+
+variable "atlantis_github_user_token" {
+  description = "PAT for Github user that will be used by Atlantis"
+  type        = string
+}
+
+variable "repo_whitelist" {
+  description = "List of repos that Atlantis is allowed to work with"
+  type        = list(string)
+}
+
+variable "repo_names" {
+  description = "List of repos that will be configured to work with Atlantis"
+  type        = list(string)
+}
+
+variable "atlantis_policy_arns" {
+  description = "List of ARNs of policies that will be attached to Atlantis"
+  type        = list(string)
+}
+
+variable "default_terraform_version" {
+  description = "Default Terraform version that Atlantis will use, see https://www.runatlantis.io/docs/terraform-versions.html#via-atlantis-yaml"
+  type        = string
+}
--- a/terraform/wifi-289708231103/dns/main.tf
+++ b/terraform/wifi-289708231103/dns/main.tf
@@ -10,7 +10,7 @@ provider "aws" {
 }

 terraform {
-  required_version = ">= 0.12.2"
+  required_version = ">= 0.12.2, < 0.14"

  backend "s3" {
    region         = "us-east-1"
@@ -55,6 +55,10 @@ output "zone_id" {
  value = aws_route53_zone.main.zone_id
 }

+output "zone_name" {
+  value = aws_route53_zone.main.name
+}
+
 output "certificate_arn" {
  value = module.acm.this_acm_certificate_arn
 }