forked from thirstydeveloper/terraform-terragrunt-skeleton
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathMakefile
139 lines (126 loc) · 4.55 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
ADMIN_INIT_STACK_NAME := tf-admin-init
STATE_BUCKET_NAME := terraform-skeleton-state
STATE_LOG_BUCKET_NAME := terraform-skeleton-state-logs
LOCK_TABLE_NAME := terraform-skeleton-state-locks
# Use a known profile to ensure account ID is correct
ADMIN_ACCOUNT_ID := $(shell \
aws --profile bti360 sts get-caller-identity | jq -r .Account \
)
DEPLOYMENT_DIRS := $(shell find deployments -name terragrunt.hcl \
-not -path */.terragrunt-cache/* -exec dirname {} \; \
)
CFN := aws cloudformation
CFN_START_DRIFT_DETECTION := $(CFN) detect-stack-drift --stack-name
CFN_STATUS_DRIFT_DETECTION := $(CFN) describe-stack-drift-detection-status \
--stack-drift-detection-id
define wait_cfn_drift_detect_job
@while [[ \
"$$($(CFN_STATUS_DRIFT_DETECTION) $(1) | jq -r .DetectionStatus)" == \
"DETECTION_IN_PROGRESS" \
]]; do \
echo "Detection in progress. Waiting 3 seconds..."; \
sleep 3; \
done
endef
define show_cfn_drift
$(eval DRIFT_ID=$(shell $(CFN_START_DRIFT_DETECTION) $(1) \
| jq -r .StackDriftDetectionId))
$(call wait_cfn_drift_detect_job,${DRIFT_ID})
@$(CFN_STATUS_DRIFT_DETECTION) $(DRIFT_ID) | jq '{ \
DetectionStatus, \
StackDriftStatus, \
DriftedStackResourceCount \
}'
endef
.PHONY: init-admin
init-admin:
aws cloudformation deploy \
--template-file init/admin/init-admin-account.cf.yml \
--stack-name ${ADMIN_INIT_STACK_NAME} \
--capabilities CAPABILITY_NAMED_IAM \
--parameter-overrides \
AdminAccountId=${ADMIN_ACCOUNT_ID} \
StateBucketName=${STATE_BUCKET_NAME} \
StateLogBucketName=${STATE_LOG_BUCKET_NAME} \
LockTableName=${LOCK_TABLE_NAME}
aws cloudformation update-termination-protection \
--stack-name ${ADMIN_INIT_STACK_NAME} \
--enable-termination-protection
.PHONY: check-init-admin-drift
check-init-admin-drift:
$(call show_cfn_drift,${ADMIN_INIT_STACK_NAME})
import-terragrunt-changeset.json:
@aws cloudformation create-change-set \
--stack-name ${ADMIN_INIT_STACK_NAME} \
--change-set-name ${ADMIN_INIT_STACK_NAME}-import-terragrunt \
--change-set-type IMPORT \
--template-body file://init/admin/init-admin-account.cf.yml \
--capabilities CAPABILITY_NAMED_IAM \
--parameters \
ParameterKey=AdminAccountId,UsePreviousValue=True \
ParameterKey=StateBucketName,UsePreviousValue=True \
ParameterKey=StateLogBucketName,UsePreviousValue=True \
ParameterKey=LockTableName,UsePreviousValue=True \
--resources-to-import "[ \
{ \
\"ResourceType\":\"AWS::S3::Bucket\", \
\"LogicalResourceId\":\"TerraformStateBucket\", \
\"ResourceIdentifier\": { \
\"BucketName\": \"${STATE_BUCKET_NAME}\" \
} \
}, \
{ \
\"ResourceType\":\"AWS::S3::Bucket\", \
\"LogicalResourceId\":\"TerraformStateLogBucket\", \
\"ResourceIdentifier\": { \
\"BucketName\": \"${STATE_LOG_BUCKET_NAME}\" \
} \
}, \
{ \
\"ResourceType\":\"AWS::DynamoDB::Table\", \
\"LogicalResourceId\":\"TerraformStateLockTable\", \
\"ResourceIdentifier\": { \
\"TableName\": \"${LOCK_TABLE_NAME}\" \
} \
} \
]" | tee import-terragrunt-changeset.json
.PHONY: prepare-cfn-import-terragrunt
prepare-cfn-import-terragrunt: import-terragrunt-changeset.json
$(eval CHANGE_SET_ID=$(shell jq -r .Id import-terragrunt-changeset.json))
aws cloudformation wait change-set-create-complete \
--change-set-name ${CHANGE_SET_ID} \
--stack-name ${ADMIN_INIT_STACK_NAME}
@aws cloudformation describe-change-set \
--change-set-name ${CHANGE_SET_ID} \
--stack-name ${ADMIN_INIT_STACK_NAME} \
| jq '{ Changes, Status, StatusReason }'
.PHONY: discard-cfn-import-terragrunt
discard-cfn-import-terragrunt: import-terragrunt-changeset.json
$(eval CHANGE_SET_ID=$(shell jq -r .Id import-terragrunt-changeset.json))
aws cloudformation delete-change-set \
--change-set-name ${CHANGE_SET_ID} \
--stack-name ${ADMIN_INIT_STACK_NAME}
@rm import-terragrunt-changeset.json
.PHONY: cfn-import-terragrunt
cfn-import-terragrunt: import-terragrunt-changeset.json
$(eval CHANGE_SET_ID=$(shell jq -r .Id import-terragrunt-changeset.json))
aws cloudformation wait change-set-create-complete \
--change-set-name ${CHANGE_SET_ID} \
--stack-name ${ADMIN_INIT_STACK_NAME}
aws cloudformation execute-change-set \
--change-set-name ${CHANGE_SET_ID} \
--stack-name ${ADMIN_INIT_STACK_NAME}
@rm import-terragrunt-changeset.json
aws cloudformation wait stack-import-complete \
--stack-name ${ADMIN_INIT_STACK_NAME}
$(call show_cfn_drift,${ADMIN_INIT_STACK_NAME})
.PHONY: init-all
init-all:
for d in ${DEPLOYMENT_DIRS}; do \
pushd $$d; \
terragrunt init; \
popd; \
done
.PHONY: clean
clean:
rm import-terragrunt-changeset.json