Create CDPS ECRs in Multiple Regions

cabutlermit · cabutlermit · commit 08e97370286b · 2025-05-08T20:28:29.000-04:00
Why these changes are being introduced: We need the `s3-bagit-validator` container in ECR Repositories in us-east-1 and us-west-2. How this addresses that need: * Add an additional AWS Provider alias for us-west-2 * Create a new file for the us-west-2 ECR Repository for s3-bagit-validator * Rename the old cdps ECR file to clarify where the resources are getting created * Add a us-west-2 module call for the s3-bagit-validator ECR creation Side effects of this change: None Relevant ticket(s): * https://mitlibraries.atlassian.net/browse/IR-238
diff --git a/README.md b/README.md
@@ -161,6 +161,7 @@ This is a core infrastructure repository that defines infrastructure related to
 | ecr\_carbon | ./modules/ecr | n/a |
 | ecr\_cdps\_curt | ./modules/ecr | n/a |
 | ecr\_cdps\_s3\_bagit\_validator | ./modules/ecr | n/a |
+| ecr\_cdps\_s3\_bagit\_validator\_west | ./modules/ecr | n/a |
 | ecr\_creditcardslips | ./modules/ecr | n/a |
 | ecr\_dsc | ./modules/ecr | n/a |
 | ecr\_dss | ./modules/ecr | n/a |
diff --git a/cdps_ecrs_default_east.tf b/cdps_ecrs_default_east.tf
diff --git a/cdps_ecrs_west.tf b/cdps_ecrs_west.tf
@@ -0,0 +1,66 @@
+##############################################################################
+# s3-bagit-validator for the CDPS project in the us-west-2 region
+# We use the same locals block as the _default
+
+module "ecr_cdps_s3_bagit_validator_west" {
+  source = "./modules/ecr"
+  providers = {
+    aws = aws.west-2
+  }
+  repo_name         = "s3-bagit-validator"
+  login_policy_arn  = aws_iam_policy.login.arn
+  oidc_arn          = data.aws_ssm_parameter.oidc_arn.value
+  environment       = var.environment
+  tfoutput_ssm_path = var.tfoutput_ssm_path
+  tags = {
+    app-repo = "s3-bagit-validator"
+  }
+}
+
+# ## For s3-bagit-validator application repo and ECR repository
+# # Outputs in dev
+# output "s3_bagit_validator_dev_build_workflow_west" {
+#   value = var.environment == "prod" || var.environment == "stage" ? null : templatefile("${path.module}/files/dev-build.tpl", {
+#     region   = var.aws_region
+#     role     = module.ecr_cdps_s3_bagit_validator_west.gha_role
+#     ecr      = module.ecr_cdps_s3_bagit_validator_west.repository_name
+#     function = local.ecr_cdps_s3_bagit_validator_function_name
+#     }
+#   )
+#   description = "Full contents of the dev-build.yml for the s3-bagit-validator repo to deploy in us-west-2"
+# }
+# output "s3_bagit_validator_makefile_west" {
+#   value = var.environment == "prod" || var.environment == "stage" ? null : templatefile("${path.module}/files/makefile.tpl", {
+#     ecr_name = module.ecr_cdps_s3_bagit_validator_west.repository_name
+#     ecr_url  = module.ecr_cdps_s3_bagit_validator_west.repository_url
+#     function = local.ecr_cdps_s3_bagit_validator_function_name
+#     }
+#   )
+#   description = "Full contents of the Makefile for the s3-bagit-validator repo (allows devs to push to Dev account only)"
+# }
+
+# # Outputs in stage
+# output "s3_bagit_validator_stage_build_workflow_west" {
+#   value = var.environment == "prod" || var.environment == "dev" ? null : templatefile("${path.module}/files/stage-build.tpl", {
+#     region   = var.aws_region
+#     role     = module.ecr_cdps_s3_bagit_validator_west.gha_role
+#     ecr      = module.ecr_cdps_s3_bagit_validator_west.repository_name
+#     function = local.ecr_cdps_s3_bagit_validator_function_name
+#     }
+#   )
+#   description = "Full contents of the stage-build.yml for the s3-bagit-validator repo to deploy in us-west-2"
+# }
+
+# # Outputs after promotion to prod
+# output "s3_bagit_validator_prod_promote_workflow_west" {
+#   value = var.environment == "stage" || var.environment == "dev" ? null : templatefile("${path.module}/files/prod-promote.tpl", {
+#     region     = var.aws_region
+#     role_stage = "${module.ecr_cdps_s3_bagit_validator_west.repo_name}-gha-stage"
+#     role_prod  = "${module.ecr_cdps_s3_bagit_validator_west.repo_name}-gha-prod"
+#     ecr_stage  = "${module.ecr_cdps_s3_bagit_validator_west.repo_name}-stage"
+#     ecr_prod   = "${module.ecr_cdps_s3_bagit_validator_west.repo_name}-prod"
+#     function   = local.ecr_cdps_s3_bagit_validator_function_name
+#     }
+#   )
+#   description = "Full contents of the prod-promote.yml for the s3-bagit-validator repo to deploy in us-west-2"
+# }
diff --git a/providers.tf b/providers.tf
@@ -24,3 +24,20 @@ provider "aws" {
     }
   }
 }
+
+# NEed additional region for multi-region containers
+provider "aws" {
+  alias  = "west-2"
+  region = "us-west-2"
+  default_tags {
+    tags = {
+      project-id   = local.project_id == null ? null : "${local.project_id}"
+      app-id       = var.name
+      environment  = var.environment
+      ou           = var.ou
+      terraform    = "true"
+      infra-repo   = "mitlib-tf-${var.ou}-${var.name}"
+      contains-pii = "false"
+    }
+  }
+}
