diff --git a/data.tf b/data.tf new file mode 100644 index 000000000..25b5e4661 --- /dev/null +++ b/data.tf @@ -0,0 +1,43 @@ +data "aws_caller_identity" "current" {} + +data "aws_partition" "current" {} + +data "aws_region" "current" {} + +data "aws_subnet" "runners" { + id = var.subnet_id +} + +data "aws_availability_zone" "runners" { + name = data.aws_subnet.runners.availability_zone +} + +data "aws_ami" "runner" { + most_recent = "true" + + dynamic "filter" { + for_each = var.runner_ami_filter + content { + name = filter.key + values = filter.value + } + } + + owners = var.runner_ami_owners +} + +data "aws_ami" "docker-machine" { + count = var.runner_worker.type == "docker+machine" ? 1 : 0 + + most_recent = "true" + + dynamic "filter" { + for_each = var.runner_worker_docker_machine_ami_filter + content { + name = filter.key + values = filter.value + } + } + + owners = var.runner_worker_docker_machine_ami_owners +} diff --git a/main.tf b/main.tf index 36db96357..c7ae29e20 100644 --- a/main.tf +++ b/main.tf @@ -1,15 +1,3 @@ -data "aws_caller_identity" "current" {} -data "aws_partition" "current" {} -data "aws_region" "current" {} - -data "aws_subnet" "runners" { - id = var.subnet_id -} - -data "aws_availability_zone" "runners" { - name = data.aws_subnet.runners.availability_zone -} - # Parameter value is managed by the user-data script of the gitlab runner instance resource "aws_ssm_parameter" "runner_registration_token" { name = local.secure_parameter_store_runner_token_key @@ -157,22 +145,6 @@ locals { ) } -data "aws_ami" "docker-machine" { - count = var.runner_worker.type == "docker+machine" ? 1 : 0 - - most_recent = "true" - - dynamic "filter" { - for_each = var.runner_worker_docker_machine_ami_filter - content { - name = filter.key - values = filter.value - } - } - - owners = var.runner_worker_docker_machine_ami_owners -} - # ignores: Autoscaling Groups Supply Tags --> we use a "dynamic" block to create the tags # ignores: Auto Scaling Group With No Associated ELB --> that's simply not true, as the EC2 instance contacts GitLab. So no ELB needed here. # kics-scan ignore-line @@ -240,20 +212,6 @@ resource "aws_autoscaling_schedule" "scale_out" { max_size = try(var.runner_schedule_config["scale_out_max_size"], var.runner_schedule_config["scale_out_count"]) } -data "aws_ami" "runner" { - most_recent = "true" - - dynamic "filter" { - for_each = var.runner_ami_filter - content { - name = filter.key - values = filter.value - } - } - - owners = var.runner_ami_owners -} - resource "aws_launch_template" "gitlab_runner_instance" { # checkov:skip=CKV_AWS_341:Hop limit > 1 needed here in case of Docker builds. Otherwise the token is invalid within Docker. # checkov:skip=CKV_AWS_88:User can decide to add a public IP. diff --git a/modules/terminate-agent-hook/iam.tf b/modules/terminate-agent-hook/iam.tf index 0ce8f3039..47cd87210 100644 --- a/modules/terminate-agent-hook/iam.tf +++ b/modules/terminate-agent-hook/iam.tf @@ -1,5 +1,7 @@ -data "aws_partition" "current" {} data "aws_caller_identity" "this" {} + +data "aws_partition" "current" {} + data "aws_region" "this" {} # ----------------------------------------------------------------------------