#cloudposse (2024-03)
<http://cloudposse.com/quiz | cloudposse.com/quiz> |
Want to hire Cloud Posse? Take our quiz. <http://cloudposse.com/quiz | cloudposse.com/quiz> |
2024-03-04
2024-03-13
![Enrique avatar](https://secure.gravatar.com/avatar/8fcc228d5530bf4fd2a29e4e76ae0594.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0011-72.png)
Hello Folks!!, related to this repo https://github.com/cloudposse/terraform-spacelift-cloud-infrastructure-automation wondering how do you manage integrations for the stacks created. Those are not referenced in the modules
Terraform module to provision Spacelift resources for cloud infrastructure automation
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
this module is used by these components (terraform root modules) https://github.com/cloudposse/terraform-aws-components/tree/main/modules/spacelift, which create Spacelift worker pools, Spacelift admin stacks (which create regular stacks), and Spacelift policies
Terraform module to provision Spacelift resources for cloud infrastructure automation
![Enrique avatar](https://secure.gravatar.com/avatar/8fcc228d5530bf4fd2a29e4e76ae0594.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0011-72.png)
yeah, thanks, but Im still failing to understand how Cloud Integrations (in my case AWS) are attached to every stack created by the admin-stack
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
if you use private workers, the role to assume is the EC2 profile https://github.com/cloudposse/terraform-aws-components/blob/main/modules/spacelift/worker-pool/iam.tf#L83
resource "aws_iam_instance_profile" "default" {
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
if you use public workers, then you can provide an IAM role to asume to each stack
![Enrique avatar](https://secure.gravatar.com/avatar/8fcc228d5530bf4fd2a29e4e76ae0594.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0011-72.png)
ah, ok, thats the reason, I use the public ones
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
variable "aws_role_arn" {
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
variable "aws_role_arn" {
type = string
description = "ARN of the AWS IAM role to assume and put its temporary credentials in the runtime environment"
default = null
}
variable "aws_role_enabled" {
type = bool
description = "Flag to enable/disable Spacelift to use AWS STS to assume the supplied IAM role and put its temporary credentials in the runtime environment"
default = false
}
![Enrique avatar](https://secure.gravatar.com/avatar/8fcc228d5530bf4fd2a29e4e76ae0594.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0011-72.png)
yeah, make sense now, thanks for the inputs
![Enrique avatar](https://secure.gravatar.com/avatar/8fcc228d5530bf4fd2a29e4e76ae0594.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0011-72.png)
Im using the “new” approach, thats why I was not able to find what I was looking for