Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 13:37:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 91
fleet/infrastructure/loadtesting/terraform/locals.tf
Jorge Falcon 3a112afdb6
Loadtesting - Enable Cloudfront (#31073) 
# Added
- Added kms.tf to support encrypting keys, specifically cloudfront keys.
- Added template/cloudfront.tf.disabled for use in enabling cloudfront.-
Modified ecs-iam.tf to support log-alb.tf, cloudfront.tf policies that
are injected into `local.extra_execution_iam_policies` and `local.iam`.
- Added log-alb.tf to enable logging alb, required by cloudfront.tf.

# Changed
- Modified ecs.tf to support adding of additional secrets from
`local.secrets`.
- Modified firehose.tf to support provider required updates for
deprecated resource configurations.
- Modified init.tf to support `> v5.0` of `hashicorp/aws` provider.
- Modified locals.tf to add `extra_execution_iam_policies`, `iam`,
`software_installers_kms_policy`, `extra_secrets`, secrets, and
`cloudfront_key_basename`, to support cloudfront.
- Modified readme.md with instructions on how to enable cloudfront.tf
- Modified redis.tf to support provider required updates for deprecated
resource configurations
- Modified s3.tf to support kms keys and add kms iam.
- Modified terraform version in .github/workflows/tfvalidate.yml - 1.9.0
-> 1.10.4
2025-07-21 16:41:06 -04:00

56 lines
No EOL
1.8 KiB
HCL
Raw Permalink Blame History

locals {
name = "fleetdm-${terraform.workspace}"
prefix = "fleet-${terraform.workspace}"
extra_execution_iam_policies = concat(
# module.cloudfront-software-installers.extra_execution_iam_policies,
[]
)
iam = {
role = {
name = "${terraform.workspace}-role"
policy_name = "${terraform.workspace}-iam-policy"
}
execution = {
name = "${terraform.workspace}-execution-role"
policy_name = "${terraform.workspace}-iam-policy-execution"
}
}
additional_env_vars = [for k, v in merge({
"FLEET_VULNERABILITIES_DATABASES_PATH" : "/home/fleet"
"FLEET_OSQUERY_ENABLE_ASYNC_HOST_PROCESSING" : "false"
"FLEET_LOGGING_DEBUG" : "true"
"FLEET_LOGGING_TRACING_ENABLED" : "true"
"FLEET_LOGGING_TRACING_TYPE" : "elasticapm"
"ELASTIC_APM_SERVER_URL" : "https://loadtest.fleetdm.com:8200"
"ELASTIC_APM_SERVICE_NAME" : "fleet"
"ELASTIC_APM_ENVIRONMENT" : "${terraform.workspace}"
"ELASTIC_APM_TRANSACTION_SAMPLE_RATE" : "0.004"
"ELASTIC_APM_SERVICE_VERSION" : "${var.tag}-${split(":", data.docker_registry_image.dockerhub.sha256_digest)[1]}"
}, var.fleet_config) : { name = k, value = v }]
# Private Subnets from VPN VPC
vpn_cidr_blocks = [
"10.255.1.0/24",
"10.255.2.0/24",
"10.255.3.0/24",
]
software_installers_kms_policy = [{
sid = "AllowSoftwareInstallersKMSAccess"
actions = [
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:Encrypt*",
"kms:Describe*",
"kms:Decrypt*"
]
resources = [aws_kms_key.software_installers.arn]
effect = "Allow"
}]
extra_secrets = merge(
# module.cloudfront-software-installers.extra_secrets
)
secrets = [for k, v in local.extra_secrets : {
name = k
valueFrom = v
}]
cloudfront_key_basename = "cloudfront"
}
Reference in a new issue View git blame Copy permalink