Skip to content

telia-oss/terraform-aws-concourse

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

83 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Concourse CI

workflow

A Terraform module for deploying Concourse CI.

Prerequisites

  1. Use Packer to create an AMI with Concourse (and related tooling installed) installed:
# From the project root, using task:
task ami
  1. Generate key pairs for Concourse:
# Create folder
mkdir -p keys

ssh-keygen -t rsa -f ./keys/tsa_host_key -N ''
ssh-keygen -t rsa -f ./keys/worker_key -N ''
ssh-keygen -t rsa -f ./keys/session_signing_key -N ''

# Authorized workers
cp ./keys/worker_key.pub ./keys/authorized_worker_keys

Required for HTTPS

Route53 hosted zone, domain and ACM certificate.

Required for Github authentication

Github Oauth application, with an encrypted password:

aws kms encrypt \
  --key-id <aws-kms-key-id> \
  --plaintext <github-client-secret> \
  --output text \
  --query CiphertextBlob \
  --profile default

Or you can add it to SSM Parameter store/Secrets Manager and aws-env will populate the environment at runtime:

module "concourse_atc" {
  # ... other configuration

  github_client_id     = "sm:///concourse-deployment/github-oauth-client-id"
  github_client_secret = "sm:///concourse-deployment/github-oauth-client-secret"
}

By default the ATC will have permissions to read secrets from /concourse-deployment/* in secrets manager (in addition to /concourse/* for the secrets backend).

Usage

See example. If you want to learn more about how to use Concourse, check out the official documentation.

Related projects