terraform-modules
terraform-modules copied to clipboard
dsaidgovsg
Reusable Terraform modules
Remove previous workaround since now permissions_boundary_arn is [supported](https://registry.terraform.io/providers/hashicorp/vault/3.8.0/docs/resources/aws_secret_backend_role#permissions_boundary_arn). Since the attribute is optional, setting the default to null will cause terraform to [omit it](https://www.terraform.io/language/functions/defaults), same as the previous behaviour.
The workflow release-drafter.yml is referencing action toolmantim/release-drafter using references v5.2.0. However this reference is missing the commit [70eb821099dbcd875c2cba75dad4332d3cf5544d](https://github.com/toolmantim/release-drafter/commits/70eb821099dbcd875c2cba75dad4332d3cf5544d) which may contain fix to the some vulnerability. The vulnerability fix that...
The current packer commands use ansible 2.7 syntax, however, we should upgrade to ansible 2.9 which is officially compatible with python 3.8, to avoid issues like this: https://github.com/ansible/ansible/issues/63973
- [x] Nomad - [ ] Consul
We run pretty elaborate scripts in the `user_data` portions of the EC2 instances. We need some way to detect if these scripts have failed. Probabilities: - https://www.uvd.co.uk/blog/create-health-check-aws-user-data-script - https://stackoverflow.com/questions/11245356/how-to-check-user-data-status-while-launching-the-instance-in-aws Idea:...
This is wrt https://github.com/GovTechSG/terraform-modules/pull/201 We currently repeat the actions five times to support five relabel actions. Write some Ansible Dictionary merging loop to allow us to simply define the number...
https://github.com/metacloud/molecule Consider tox for testing. Example: https://github.com/cloudalchemy/ansible-prometheus/blob/master/tox.ini
This refers to Vault's `stdout` and `stderr`. Currently configured by `supervisord` to log to files. No way to ask Vault to log to syslog. Might be related to https://github.com/hashicorp/terraform-aws-vault/issues/73
https://docs.fluentd.org/v1.0/articles/in_forward#how-to-enable-tls-mutual-authentication Use Vault as a CA.
- [ ] Use Vault Agent for AWS Auth - [ ] Test out AWS secrets engine configuration with the changes in the AWS secrets engine changes (https://github.com/terraform-providers/terraform-provider-vault/pull/194)