WIP

infrastructure/modules/services/docker.tf

@@ -1,13 +1,3 @@
-data "aws_ecr_authorization_token" "token" {}
-
-provider "docker" {
-  registry_auth {
-    address  = split("/", var.app_image)[0]
-    username = data.aws_ecr_authorization_token.token.user_name
-    password = data.aws_ecr_authorization_token.token.password
-  }
-}
-
 resource "docker_image" "this" {
   name = "${var.app_image}:latest"
   build {

infrastructure/modules/services/iam.tf

@@ -1,20 +1,17 @@
 resource "aws_iam_role" "this" {
-  name               = var.identifier
-  assume_role_policy = <<EOF
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Action": "sts:AssumeRole",
-      "Principal": {
-        "Service": "lambda.amazonaws.com"
+  name = var.identifier
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Principal = {
+          Service = "lambda.amazonaws.com"
+        }
       },
-      "Effect": "Allow",
-      "Sid": ""
-    }
-  ]
-}
-EOF
+    ]
+  })
 }
 
 resource "aws_iam_role_policy_attachment" "vpc_access_execution_role" {
@@ -25,44 +22,44 @@ resource "aws_iam_role_policy_attachment" "vpc_access_execution_role" {
 resource "aws_iam_policy" "custom_policy" {
   name = var.identifier
 
-  policy = <<EOF
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Effect": "Allow",
-      "Action": "ssm:GetParameters",
-      "Resource": [
-        "${var.freeswitch_event_socket_password_parameter.arn}",
-        "${aws_ssm_parameter.application_master_key.arn}",
-        "${var.db_password_parameter.arn}",
-        "${data.aws_ssm_parameter.region_data.arn}"
-      ]
-    },
-    {
-      "Effect": "Allow",
-      "Action": [
-        "sqs:DeleteMessage",
-        "sqs:ReceiveMessage",
-        "sqs:GetQueueAttributes"
-      ],
-      "Resource": [
-        "${aws_sqs_queue.this.arn}"
-      ]
-    },
-    {
-      "Effect": "Allow",
-      "Action": [
-        "ecs:DescribeContainerInstances",
-        "ec2:DescribeInstances"
-      ],
-      "Resource": [
-        "*"
-      ]
-    }
-  ]
-}
-EOF
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = [
+          "ssm:GetParameters",
+        ]
+        Effect = "Allow"
+        Resource = [
+          var.freeswitch_event_socket_password_parameter.arn,
+          aws_ssm_parameter.application_master_key.arn,
+          var.db_password_parameter.arn,
+          data.aws_ssm_parameter.region_data.arn
+        ]
+      },
+      {
+        Action = [
+          "sqs:DeleteMessage",
+          "sqs:ReceiveMessage",
+          "sqs:GetQueueAttributes"
+        ]
+        Effect = "Allow"
+        Resource = [
+          aws_sqs_queue.this.arn
+        ]
+      },
+      {
+        Action = [
+          "ecs:DescribeContainerInstances",
+          "ec2:DescribeInstances"
+        ]
+        Effect = "Allow"
+        Resource = [
+          "*"
+        ]
+      }
+    ]
+  })
 }
 
 resource "aws_iam_role_policy_attachment" "custom_policy" {

infrastructure/modules/services/versions.tf

@@ -4,5 +4,4 @@ terraform {
       source = "kreuzwerker/docker"
     }
   }
-  required_version = ">= 0.13"
 }

infrastructure/staging/terraform.tf

@@ -16,6 +16,16 @@ provider "aws" {
   alias  = "helium"
 }
 
+data "aws_ecr_authorization_token" "this" {}
+
+provider "docker" {
+  registry_auth {
+    address  = data.aws_ecr_authorization_token.this.proxy_endpoint
+    username = data.aws_ecr_authorization_token.this.user_name
+    password = data.aws_ecr_authorization_token.this.password
+  }
+}
+
 data "terraform_remote_state" "core" {
   backend = "s3"
 

infrastructure/staging/versions.tf

@@ -3,6 +3,8 @@ terraform {
     aws = {
       source = "hashicorp/aws"
     }
+    docker = {
+      source = "kreuzwerker/docker"
+    }
   }
-  required_version = ">= 0.13"
 }