Evert Daniel Romero Garrido
744c5d1413
- Agrega aws_iam_openid_connect_provider y roles IAM para DEV/PROD - Actualiza bitbucket-pipelines.yml para usar OIDC en steps 03, 05, 07 - Crea script helper scripts/aws-oidc-setup.sh - Agrega provider tls en terraform/provider.tf - Documenta el flujo completo en docs/14-oidc-bitbucket-aws.md Elimina la dependencia de AWS_ACCESS_KEY_ID y AWS_SECRET_ACCESS_KEY estáticos en el pipeline, permitiendo autenticación sin credenciales de larga vida via AssumeRoleWithWebIdentity. Refs: cuenta DEV 668889063715, PROD 523761210517
71 lines
1.6 KiB
Terraform
71 lines
1.6 KiB
Terraform
# ===============================================================================================================
|
|
# provider.tf - Configuración del proveedor AWS para proyectosacc
|
|
# Descripción:
|
|
# Define la región y versiones del provider AWS para Terraform.
|
|
#
|
|
# Uso:
|
|
# terraform init
|
|
#
|
|
# Autor: Área de Tecnología y Desarrollo - CCsoft
|
|
# ===============================================================================================================
|
|
|
|
terraform {
|
|
required_version = ">= 1.5.0"
|
|
|
|
required_providers {
|
|
aws = {
|
|
source = "hashicorp/aws"
|
|
version = ">= 5.94.0"
|
|
}
|
|
tls = {
|
|
source = "hashicorp/tls"
|
|
version = ">= 4.0.0"
|
|
}
|
|
}
|
|
}
|
|
|
|
provider "aws" {
|
|
region = var.aws_region
|
|
|
|
default_tags {
|
|
tags = {
|
|
Project = var.project_name
|
|
ManagedBy = "terraform"
|
|
Environment = var.environment
|
|
}
|
|
}
|
|
}
|
|
|
|
# Provider exclusivo para ACM en us-east-1 (requerido por CloudFront)
|
|
provider "aws" {
|
|
alias = "us_east_1"
|
|
region = "us-east-1"
|
|
|
|
default_tags {
|
|
tags = {
|
|
Project = var.project_name
|
|
ManagedBy = "terraform"
|
|
Environment = var.environment
|
|
}
|
|
}
|
|
}
|
|
|
|
# Provider para Route 53 en cuenta cross-account (262270938827)
|
|
# Solo se usa en PROD mediante count condicional en los recursos de Route 53.
|
|
provider "aws" {
|
|
alias = "route53"
|
|
region = "us-east-1"
|
|
|
|
assume_role {
|
|
role_arn = "arn:aws:iam::262270938827:role/Route53ProyectosaccCrossAccountRole"
|
|
}
|
|
|
|
default_tags {
|
|
tags = {
|
|
Project = var.project_name
|
|
ManagedBy = "terraform"
|
|
Environment = var.environment
|
|
}
|
|
}
|
|
}
|