First Pass: Deployment to LZ0 using GitHub actions

.github/workflows/deploy-dev-resources.yaml

@@ -0,0 +1,144 @@
+---
+name: "Deploy Dev (LZ0) Resources"
+
+on:
+  push:
+    branches: [dev]
+
+# permission can be added at job level or workflow level
+permissions:
+  id-token: write
+  contents: read    # This is required for actions/checkout@v2
+
+jobs:
+  DeployMgmtAccountResources:
+    runs-on: ubuntu-latest
+    environment: dev
+
+    env:
+      AWS_REGION: "ca-central-1"
+      TF_VAR_ops_account_id: ${{ secrets.TF_VAR_OPS_ACCOUNT_ID }}
+      TF_VAR_mgmt_account_phase1_bucket_suffix: ${{ secrets.TF_VAR_MGMT_ACCOUNT_PHASE1_BUCKET_SUFFIX }}
+
+    steps:
+      - name: Git clone the repository
+        uses: actions/checkout@v2
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          role-to-assume: ${{ secrets.MGMT_TFRB_ROLE_TO_ASSUME }}
+          role-session-name: GitHubOidcBillingUtilitySession
+          aws-region: ${{ env.AWS_REGION }}
+
+      # Ref for Teffaform Versions: https://releases.hashicorp.com/terraform/
+      - uses: hashicorp/setup-terraform@v2
+        with:
+          terraform_version: 1.0.11
+
+      - name: Terraform Init
+        id: init
+        run: |
+          cd ./management-account-terraform-resources
+          terraform init -input=false -force-copy \
+            -backend-config="bucket=${{ secrets.MGMT_TFRB_S3_BUCKET_NAME }}" \
+            -backend-config="key=terraform-octk-aws-sea-billing-reports/management-account-terraform-resources.tfstate" \
+            -backend-config="dynamodb_table=${{ secrets.MGMT_TFRB_DYNAMODB_TABLE_NAME }}" \
+            -backend-config="region=${{ env.AWS_REGION }}"
+
+      - name: Terraform Fmt
+        id: fmt
+        run: |
+          cd ./management-account-terraform-resources
+          terraform fmt
+        continue-on-error: true
+
+      - name: Terraform Validate
+        id: validate
+        run: |
+          cd ./management-account-terraform-resources
+          terraform validate
+#
+      - name: Terraform Plan
+        id: plan
+        run: |
+          cd ./management-account-terraform-resources
+          terraform plan
+
+      - name: Terraform Apply
+        id: apply
+        run: |
+          cd ./management-account-terraform-resources
+          terraform apply -auto-approve
+#
+#      - name: Terraform Destroy
+#        id: destroy
+#        run: |
+#          cd ./management-account-terraform-resources
+#          terraform destroy -auto-approve
+
+  DeployOpsAccountResources:
+    needs: [DeployMgmtAccountResources]
+    runs-on: ubuntu-latest
+    environment: dev
+
+    env:
+      AWS_REGION: "ca-central-1"
+      TF_VAR_lz_mgmt_account_id: ${{ secrets.TF_VAR_MGMT_ACCOUNT_ID }}
+
+    steps:
+      - name: Git clone the repository
+        uses: actions/checkout@v2
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          role-to-assume: ${{ secrets.OPS_TFRB_ROLE_TO_ASSUME }}
+          role-session-name: GitHubOidcBillingUtilitySession
+          aws-region: ${{ env.AWS_REGION }}
+
+      # Ref for Teffaform Versions: https://releases.hashicorp.com/terraform/
+      - uses: hashicorp/setup-terraform@v1
+        with:
+          terraform_version: 1.0.11
+
+      - name: Terraform Init
+        id: init
+        run: |
+          cd ./operations-account-terraform-resources
+          terraform init -input=false -force-copy \
+            -backend-config="bucket=${{ secrets.OPS_TFRB_S3_BUCKET_NAME }}" \
+            -backend-config="key=terraform-octk-aws-sea-billing-reports/operations-account-terraform-resources.tfstate" \
+            -backend-config="dynamodb_table=${{ secrets.OPS_TFRB_DYNAMODB_TABLE_NAME }}" \
+            -backend-config="region=${{ env.AWS_REGION }}"
+
+      - name: Terraform Fmt
+        id: fmt
+        run: |
+          cd ./operations-account-terraform-resources
+          terraform fmt
+        continue-on-error: true
+
+      - name: Terraform Validate
+        id: validate
+        run: |
+          cd ./operations-account-terraform-resources
+          terraform validate
+
+      - name: Terraform Plan
+        id: plan
+        run: |
+          cd ./operations-account-terraform-resources
+          terraform plan
+
+      - name: Terraform Apply
+        id: apply
+        run: |
+          cd ./operations-account-terraform-resources
+          terraform apply -auto-approve
+#
+#      - name: Terraform Destroy
+#        id: destroy
+#        run: |
+#          cd ./operations-account-terraform-resources
+#          terraform destroy -auto-approve

.github/workflows/destroy-dev-resources.yaml

@@ -0,0 +1,131 @@
+---
+name: "Destroy Dev (LZ0) Resources"
+
+on:
+  workflow_dispatch:
+
+# permission can be added at job level or workflow level
+permissions:
+  id-token: write
+  contents: read    # This is required for actions/checkout@v2
+
+jobs:
+  DestroyOpsAccountResources:
+    runs-on: ubuntu-latest
+    environment: dev
+
+    env:
+      AWS_REGION: "ca-central-1"
+      TF_VAR_lz_mgmt_account_id: ${{ secrets.TF_VAR_MGMT_ACCOUNT_ID }}
+
+    steps:
+      - name: Git clone the repository
+        uses: actions/checkout@v2
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          role-to-assume: ${{ secrets.OPS_TFRB_ROLE_TO_ASSUME }}
+          role-session-name: GitHubOidcBillingUtilitySession
+          aws-region: ${{ env.AWS_REGION }}
+
+      # Ref for Teffaform Versions: https://releases.hashicorp.com/terraform/
+      - uses: hashicorp/setup-terraform@v1
+        with:
+          terraform_version: 1.0.11
+
+      - name: Terraform Init
+        id: init
+        run: |
+          cd ./operations-account-terraform-resources
+          terraform init -input=false -force-copy \
+            -backend-config="bucket=${{ secrets.OPS_TFRB_S3_BUCKET_NAME }}" \
+            -backend-config="key=terraform-octk-aws-sea-billing-reports/operations-account-terraform-resources.tfstate" \
+            -backend-config="dynamodb_table=${{ secrets.OPS_TFRB_DYNAMODB_TABLE_NAME }}" \
+            -backend-config="region=${{ env.AWS_REGION }}"
+
+      - name: Terraform Fmt
+        id: fmt
+        run: |
+          cd ./operations-account-terraform-resources
+          terraform fmt
+        continue-on-error: true
+
+      - name: Terraform Validate
+        id: validate
+        run: |
+          cd ./operations-account-terraform-resources
+          terraform validate
+
+      - name: Terraform Plan
+        id: plan
+        run: |
+          cd ./operations-account-terraform-resources
+          terraform plan
+#
+#      - name: Terraform Destroy
+#        id: destroy
+#        run: |
+#          cd ./operations-account-terraform-resources
+#          terraform destroy -auto-approve
+
+  DestroyMgmtAccountResources:
+    needs: [DestroyOpsAccountResources]
+    runs-on: ubuntu-latest
+    environment: dev
+
+    env:
+      AWS_REGION: "ca-central-1"
+      TF_VAR_ops_account_id: ${{ secrets.TF_VAR_OPS_ACCOUNT_ID }}
+      TF_VAR_mgmt_account_phase1_bucket_suffix: ${{ secrets.TF_VAR_MGMT_ACCOUNT_PHASE1_BUCKET_SUFFIX }}
+
+    steps:
+      - name: Git clone the repository
+        uses: actions/checkout@v2
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          role-to-assume: ${{ secrets.MGMT_TFRB_ROLE_TO_ASSUME }}
+          role-session-name: GitHubOidcBillingUtilitySession
+          aws-region: ${{ env.AWS_REGION }}
+
+      # Ref for Teffaform Versions: https://releases.hashicorp.com/terraform/
+      - uses: hashicorp/setup-terraform@v2
+        with:
+          terraform_version: 1.0.11
+
+      - name: Terraform Init
+        id: init
+        run: |
+          cd ./management-account-terraform-resources
+          terraform init -input=false -force-copy \
+            -backend-config="bucket=${{ secrets.MGMT_TFRB_S3_BUCKET_NAME }}" \
+            -backend-config="key=terraform-octk-aws-sea-billing-reports/management-account-terraform-resources.tfstate" \
+            -backend-config="dynamodb_table=${{ secrets.MGMT_TFRB_DYNAMODB_TABLE_NAME }}" \
+            -backend-config="region=${{ env.AWS_REGION }}"
+
+      - name: Terraform Fmt
+        id: fmt
+        run: |
+          cd ./management-account-terraform-resources
+          terraform fmt
+        continue-on-error: true
+
+      - name: Terraform Validate
+        id: validate
+        run: |
+          cd ./management-account-terraform-resources
+          terraform validate
+#
+      - name: Terraform Plan
+        id: plan
+        run: |
+          cd ./management-account-terraform-resources
+          terraform plan
+
+#      - name: Terraform Destroy
+#        id: destroy
+#        run: |
+#          cd ./management-account-terraform-resources
+#          terraform destroy -auto-approve

.gitignore

@@ -43,6 +43,9 @@ Thumbs.db
 
 ##### Terraform-specific ignores.
 
+# backend configuration
+**/backend.hcl
+
 # Local .terraform directories
 **/.terraform/*
 
@@ -90,3 +93,5 @@ terraform.rc
 /lib
 /pyenv.cfg
 pyvenv.cfg
+
+.vscode/

Dockerfile

@@ -1,6 +1,7 @@
-
 FROM ubuntu:20.04
-RUN apt-get update && apt-get install -y python3 python3-pip
-COPY ./billing-report-utility .
-RUN pip3 install -r requirements.txt
-ENTRYPOINT python3 billing.py $ARGS
+ARG DEBIAN_FRONTEND=noninteractive
+ENV TZ=America/Vancouver
+RUN apt-get update && apt-get install -y python3 python3-pip awscli
+WORKDIR /app
+COPY ./billing-report-utility/ ./
+RUN pip3 install -r requirements.txt