Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-05-15 04:32:15 -04:00
Code Issues Projects Releases Packages Wiki Activity

attestation: add awsSEVSNP as new variant (#1900)

Browse source 
* variant: move into internal/attestation
* attesation: move aws attesation into subfolder nitrotpm
* config: add aws-sev-snp variant
* cli: add tf option to enable AWS SNP

For now the implementations in aws/nitrotpm and aws/snp
are identical. They both contain the aws/nitrotpm impl.
A separate commit will add the actual attestation logic.
This commit is contained in:
Otto Bittner 2023-06-09 15:41:02 +02:00 committed by GitHub
parent 947d0cb20a
commit 8f21972aec
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
110 changed files with 993 additions and 215 deletions
Download patch file Download diff file Expand all files Collapse all files

2
cli/internal/terraform/terraform/aws/main.tf
View file

@ -237,6 +237,7 @@ module "instance_group_control_plane" {
security_groups = [aws_security_group.security_group.id]
subnetwork = module.public_private_subnet.private_subnet_id
iam_instance_profile = var.iam_instance_profile_control_plane
enable_snp = var.enable_snp
tags = merge(
local.tags,
{ Name = local.name },
@ -261,6 +262,7 @@ module "instance_group_worker_nodes" {
target_group_arns = []
security_groups = [aws_security_group.security_group.id]
iam_instance_profile = var.iam_instance_profile_worker_nodes
enable_snp = var.enable_snp
tags = merge(
local.tags,
{ Name = local.name },

5
cli/internal/terraform/terraform/aws/modules/instance_group/main.tf
View file

@ -44,6 +44,11 @@ resource "aws_launch_template" "launch_template" {
image_id, # required. update procedure modifies the image id externally
]
}
# See: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template#cpu-options
cpu_options {
amd_sev_snp = var.enable_snp ? "enabled" : "disabled"
}
}
resource "aws_autoscaling_group" "autoscaling_group" {

6
cli/internal/terraform/terraform/aws/modules/instance_group/variables.tf
View file

@ -62,3 +62,9 @@ variable "tags" {
type = map(string)
description = "The tags to add to the instance group."
}
variable "enable_snp" {
type = bool
default = true
description = "Enable AMD SEV SNP. Setting this to true sets the cpu-option AmdSevSnp to enable."
}

6
cli/internal/terraform/terraform/aws/variables.tf
View file

@ -69,3 +69,9 @@ variable "debug" {
default = false
description = "Enable debug mode. This opens up a debugd port that can be used to deploy a custom bootstrapper."
}
variable "enable_snp" {
type = bool
default = true
description = "Enable AMD SEV SNP. Setting this to true sets the cpu-option AmdSevSnp to enable."
}