Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: refactor image publishing to new AWS ORG #97

Open
wants to merge 16 commits into
base: main
Choose a base branch
from
Open

chore: refactor image publishing to new AWS ORG #97

wants to merge 16 commits into from

Conversation

joelmccoy
Copy link
Collaborator

@joelmccoy joelmccoy commented Feb 20, 2025
edited
Loading

Relates to #96

This PR attempts to refactor the image publishing for this repo to do a couple things:

  1. Publish AMIs to new uds-images accounts (both gov and commercial)
  2. Share AMIs with the entire new AWS Orgs (both gov and commercial)
  3. Explicitly share the AMI with the old AWS CI accounts for backwards compatibility

Before I can kick off the e2e test with the infra, the following github secrets will need to be populated (i can handle this once things look good):

AWS_COMMERCIAL_ORG_ROLE_TO_ASSUME -> needs to be updated to the OIDC role in the uds-images commercial account
AWS_GOVCLOUD_ORG_ROLE_TO_ASSUME -> needs to be updated to the OIDC role in the uds-images govcloud account
AWS_OLD_COMMERCIAL_CI_ACCOUNT_ID -> needs to set to the old commercial ci AWS account id (for sharing)
AWS_OLD_GOVCLOUD_CI_ACCOUNT_ID -> needs to set to the old govcloud ci AWS account id (for sharing)
AWS_COMMERCIAL_ORG_ARN -> needs to be set to the new AWS Commercial Org ARN for sharing across the whole org
AWS_GOVCLOUD_ORG_ARN -> needs to be set to the new AWS Govcloud Org ARN for sharing across the whole org

If all looks good, I will populate these secrets and kick off an e2e test and rerun the build workflows on this PR.

joelmccoy
joelmccoy commented Feb 20, 2025
View reviewed changes
.github/test-infra/rke2-cluster/variables.tf
@@ -1,15 +1,3 @@
variable "vpc_name" {
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

note: removing these in favor of just using the default vpc in the uds-images accounts

tasks/test.yaml
state_bucket="uds-ci-govcloud-us-gov-west-1-tfstate"
vpc_name="uds-ci-govcloud-*"
subnet_name="uds-ci-govcloud-*-public*"
state_bucket="uds-tf-state-20250206161918002400000003"
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

note: this is the new state bucket in the govcloud uds-images account

tasks/test.yaml
state_bucket="uds-aws-ci-commercial-us-west-2-5246-tfstate"
vpc_name="uds-ci-commercial-*"
subnet_name="uds-ci-commercial-*-public*"
state_bucket="uds-tf-state-20250206161747757600000003"
Copy link
Collaborator Author

@joelmccoy joelmccoy Feb 20, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

note: this is the state bucket in the new commercial uds-images account

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@joelmccoy