update scripts/install.sh to install deps

.gitignore

@@ -36,3 +36,4 @@ terraform.rc
 google-cloud-cli-*
 google-cloud-sdk/
 *.plan
+awscliv2.zip

README.md

@@ -3,25 +3,21 @@ Terraform configuration to setup cloud resources for OpenID Connect (OIDC) on Gi
 
 Configuring cloud resources to utilize Actions on GHES with OIDC can be a lengthy and challenging task due to stringent security demands that necessitate precise configuration. This repository, although not intended for production purposes, includes Terraform configurations necessary for creating resources across the top three enterprise cloud services: Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).
 
-This Terraform configuration is designed to be executed by an individual user, rather than by a Service Account, who is logged into their chosen cloud provider through the corresponding CLI.
+This Terraform configuration is designed to be executed by an individual user, rather than by a Service Account, who is logged into their chosen cloud provider through the corresponding CLI on Linux.
 
 ## Requirements
 
-To utilize this repository, the following are required:
-
-- Terraform (see [installation guide](https://developer.hashicorp.com/terraform/install))
-- A project (or equivalent concept) set up on either Azure, AWS, or Google Cloud for resource creation.
+To utilize this repository, a project (or equivalent concept) set up on (either) Azure, AWS, Google Cloud for resource creation is required.
 
 ## Usage
 
 To deploy the resources, follow these steps:
 
-1. Install the relevant cloud CLI by executing one of the scripts in the `scripts/` directory: `azure-cli.sh`, `aws-cli.sh`, or `gcp-cli.sh`.
-1. Refresh the console profile file (such as `~/.bashrc`) to enable the use of the CLI without requiring the full path.
-1. Initialize the chosen cloud CLI and authenticate with your cloud provider.
+1. Install Terraform and the cloud provider CLIs by executing the `scripts/install.sh` script. If needed, refresh the console profile file (such as `~/.bashrc`) to enable the use of the CLI without requiring the full path.
+1. Initialize the (chosen) cloud CLI(s) and authenticate with your cloud provider(s).
+1. Navigate to the `src` directory.
 1. Run `terraform init` to initialize Terraform and install necessary dependencies.
 1. The default Terraform `backend` is set to `local`, meaning Terraform state is stored locally. This can be altered to any supported backend.
-1. Navigate to the `src` directory.
 1. Change the name of `terraform.tfvars.example` to `terraform.tfvars` and modify the variables to suit your setup. The `terraform.tfvars` file holds the configuration for the Terraform files.
 1. Execute `terraform plan -out=oidc.plan` to prepare for resource creation. This plan is saved in the `oidc.plan` file for the next step.
 1. Use `terraform apply oidc.plan` to initiate the creation of the resources.
@@ -47,6 +43,10 @@ The required resources for Azure are detailed in the `src/azure.tf` file. The co
 
 ### AWS
 
+- create access keys
+- aws cli, run `aws configure`
+
+
 ### Google Cloud
 
 Before initiating resource creation in a Google Cloud project, you should follow these preparatory steps:
@@ -61,3 +61,6 @@ The required resources for Google Cloud are detailed in the `src/gcp.tf` file. T
 ## Improvements
 
 In the future, we could make things better by splitting the settings for different cloud services like Azure, AWS, and Google Cloud into their own separate parts. This would make it easier and more flexible to work with each one on its own. It would help users handle their settings for each cloud service by themselves. This way, if you're just working with one cloud service, things would be smoother.
+
+- Make regions configurable
+- Use random names everywhere?

scripts/install.sh

@@ -0,0 +1,34 @@
+#! /bin/bash
+
+# Install Terraform
+sudo apt-get update && sudo apt-get install -y gnupg software-properties-common
+wget -O- https://apt.releases.hashicorp.com/gpg | \
+gpg --dearmor | \
+sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg
+gpg --no-default-keyring \
+--keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg \
+--fingerprint
+echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] \
+https://apt.releases.hashicorp.com $(lsb_release -cs) main" | \
+sudo tee /etc/apt/sources.list.d/hashicorp.list
+sudo apt update
+sudo apt-get install terraform
+
+# Install the Azure CLI
+curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
+
+# Install the AWS CLI
+curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
+unzip awscliv2.zip
+sudo ./aws/install
+
+# Install the Google Cloud CLI
+curl -O https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-cli-455.0.0-linux-x86_64.tar.gz
+tar -xf google-cloud-cli-455.0.0-linux-x86_64.tar.gz
+./google-cloud-sdk/install.sh
+
+# Clean Up
+rm -rf  awscliv2.zip ./aws google-cloud-cli-455.0.0-linux-x86_64.tar.gz
+
+# Refresh bash profile
+source ~/.bashrc

src/aws.tf

@@ -0,0 +1,4 @@
+# S3 Bucket for Actions data
+resource "aws_s3_bucket" "this" {
+  bucket = random_string.unique_name.result
+}

src/azure.tf

@@ -8,17 +8,9 @@ resource "azurerm_resource_group" "this" {
   location = "West Europe"
 }
 
-resource "random_string" "az_storage_account_name" {
-  length  = 24
-  lower   = true
-  numeric = true
-  special = false
-  upper   = false
-}
-
 # Storage Account for Actions data
 resource "azurerm_storage_account" "this" {
-  name                = random_string.az_storage_account_name.result
+  name                = "0b9y8agfccugp9mp3pyuvqc7"
   resource_group_name = azurerm_resource_group.this.name
   location            = azurerm_resource_group.this.location
   account_tier        = "Standard"

src/main.tf

@@ -9,3 +9,11 @@ locals {
   gcp_project_id  = var.GCP_PROJECT_ID
   gcp_service_url = "storage.googleapis.com"
 }
+
+resource "random_string" "unique_name" {
+  length  = 24
+  lower   = true
+  numeric = true
+  special = false
+  upper   = false
+}

src/outputs.tf

@@ -17,6 +17,17 @@ output "azure_blob_endpoint_suffix" {
   value = local.azure_blob_endpoint_suffix
 }
 
+# AWS Configuration for OIDC
+output "aws_s3_bucket" {
+  value = aws_s3_bucket.this.bucket
+}
+output "aws_role" {
+  value = ""
+}
+output "aws_region" {
+  value = ""
+}
+
 # Google Cloud Configuration for OIDC
 output "gcp_service_url" {
   value = "https://${local.gcp_service_url}"

src/provider.tf

@@ -3,7 +3,10 @@ provider "azurerm" {
   subscription_id = local.azure_subscription_id
 }
 provider "azuread" {}
-provider "aws" {}
+provider "aws" {
+  shared_config_files      = ["~/.aws/config"]
+  shared_credentials_files = ["~/.aws/credentials"]
+}
 provider "google" {
   project = local.gcp_project_id
 }

src/terraform.tfvars.example

@@ -1,4 +1,6 @@
-GHES_INSTANCE_NAME  = ""
-GHES_URL       = ""
+GHES_INSTANCE_NAME    = ""
+GHES_URL              = ""
 AZURE_SUBSCRIPTION_ID = ""
-GCP_PROJECT_ID = ""
+AWS_ACCESS_KEY        = ""
+AWS_SECRET_KEY        = ""
+GCP_PROJECT_ID        = ""

src/variables.tf

@@ -1,19 +1,19 @@
-# The hostname of the GHES instance (e.g. my-ghes-instance)
 variable "GHES_INSTANCE_NAME" {
-  type = string
+  type        = string
+  description = "Name of the GHES instance (e.g. my-ghes-instance)"
 }
 
-# The URL of the GHES instance (e.g. my-ghes-instance.com)
 variable "GHES_URL" {
-  type = string
+  type        = string
+  description = "URL of the GHES instance without 'https://' (e.g. my-ghes-instance.com)"
 }
 
-# ID of the Azure subscription to use
 variable "AZURE_SUBSCRIPTION_ID" {
-  type = string
+  type        = string
+  description = "ID of the Azure subscription to use"
 }
 
-# ID of the Google Cloud project to use
 variable "GCP_PROJECT_ID" {
-  type = string
+  type        = string
+  description = "ID of the Google Cloud project to use"
 }