Commit Graph

15 Commits

Author SHA1 Message Date
Moritz Sanft
b8d991f84c
AB#2577 Implement GCP IAM in terraform (#567)
* AB#2577 Add GCP TF Config & Documentation

[no ci] wip

AB#2577 Add GCP TF config & Docs

* Download lockfile

* Remove IAM input variables from output
2022-11-21 08:43:13 +01:00
Nils Hanke
ade8fa323f Remove case-sensitive duplicate file 2022-11-18 16:07:29 +01:00
renovate[bot]
54ef6d21f4
Update Terraform aws to v4.40.0 (#586)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-18 15:41:02 +01:00
renovate[bot]
86b03bf08e
Update Terraform azurerm to v3.32.0 (#588)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-18 14:57:34 +01:00
Moritz Sanft
dfe7f855cd
AB#2578 Implement Azure IAM in terraform (#562)
* AB#2578 Azure IAM init

* AB#2578 Fixed application owner privileges, added docs

* Add all supported providers to TF lockfile

* Using service principal for role assignment in cluster resource group

Co-authored-by: Malte Poll <mp@edgeless.systems>

* Rephrased header for Azure

Co-authored-by: Malte Poll <mp@edgeless.systems>

* Registry -> Registration typo

Co-authored-by: Malte Poll <mp@edgeless.systems>

* Download lockfile

* File name casing

Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-11-16 20:19:10 +01:00
renovate[bot]
5009de823f
Update Terraform aws to v4.39.0 (#538)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-14 10:35:26 +01:00
Malte Poll
97bb0f4a91
Update terraform lock files to include hashes for all platforms (#499)
- linux_arm64
- linux_amd64
- darwin_arm64
- darwin_amd64
- windows_amd64
2022-11-09 14:23:51 +01:00
Thomas Tendyck
d3150a80ac
add brief instructions to AWS IAM Terraform script (#478)
* add brief instructions to AWS IAM Terraform script

* Update README.md
2022-11-08 18:40:30 +01:00
renovate[bot]
b8acb5e448
Update Terraform aws to v4.38.0 (#464)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-08 18:34:45 +01:00
Fabian Kammel
cf36b85ff9
extend permissions to allow logging (#461)
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-04 14:56:13 +01:00
Fabian Kammel
668b4d000b
document usage of iamlive (#443)
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-04 14:01:23 +01:00
Leonard Cohnen
f7a5f299a0 aws: add needed IAM permission for join service 2022-11-03 16:44:54 +01:00
Leonard Cohnen
d979aeea2d terraform: add necessary IAM permissions for AWS 2022-11-02 23:29:04 +01:00
Malte Poll
52f140a968
Pin terraform provider hashes (#361) 2022-10-25 10:10:46 +02:00
Nils Hanke
04c4cff9f6
AB#2436: Initial support for create/terminate AWS NitroTPM instances
* Add .DS_Store to .gitignore

* Add AWS to config / supported instance types

* Move AWS terraform skeleton to cli/internal/terraform

* Move currently unused IAM to hack/terraform/aws

* Print supported AWS instance types when AWS dev flag is set

* Block everything aTLS related (e.g. init, verify) until AWS attestation is available

* Create/Terminate AWS dev cluster when dev flag is set

* Restrict Nitro instances to NitroTPM supported specifically

* Pin zone for subnets

This is not great for HA, but for now we need to avoid the two subnets
ending up in different zones, causing the load balancer to not be able
to connect to the targets.

Should be replaced later with a better implementation that just uses
multiple subnets within the same region dynamically
based on # of nodes or similar.

* Add AWS/GCP to Terraform TestLoader unit test

* Add uid tag and create log group

Co-authored-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-10-21 12:24:18 +02:00