Create separate resources for ARM64 and x86-64 AMIs and launch permis…

…sions Co-authored-by: Nick <[email protected]>
cisagov · Jul 11, 2024 · 65c36ca · 65c36ca
1 parent c08398b
commit 65c36ca
Show file tree

Hide file tree

Showing 3 changed files with 62 additions and 18 deletions.
diff --git a/terraform-post-packer/main.tf b/terraform-post-packer/main.tf
@@ -24,23 +24,18 @@ locals {
   account_name_regex  = format("^env[[:digit:]]+ \\(%s\\)$", local.images_account_type)
 }
 
-# The IDs of all cisagov/skeleton-packer AMIs
-data "aws_ami_ids" "historical_amis" {
+# The IDs of all ARM64 cisagov/skeleton-packer AMIs
+data "aws_ami_ids" "historical_amis_arm64" {
   owners = [data.aws_caller_identity.images.account_id]
 
   filter {
-    name = "architecture"
-    values = [
-      "arm64",
-      "x86_64",
-    ]
+    name   = "architecture"
+    values = ["arm64"]
   }
 
   filter {
-    name = "name"
-    values = [
-      "example-hvm-*-*-ebs",
-    ]
+    name   = "name"
+    values = ["example-hvm-*-arm64-ebs"]
   }
 
   filter {
@@ -54,12 +49,56 @@ data "aws_ami_ids" "historical_amis" {
   }
 }
 
-# Assign launch permissions to the AMI
-module "ami_launch_permission" {
+# Assign launch permissions to the ARM64 AMIs
+module "ami_launch_permission_arm64" {
   # Really we only want the var.recent_ami_count most recent AMIs, but
   # we have to cover the case where there are fewer than that many
   # AMIs in existence.  Hence the min()/length() tomfoolery.
-  for_each = toset(slice(data.aws_ami_ids.historical_amis.ids, 0, min(var.recent_ami_count, length(data.aws_ami_ids.historical_amis.ids))))
+  for_each = toset(slice(data.aws_ami_ids.historical_amis_arm64.ids, 0, min(var.recent_ami_count, length(data.aws_ami_ids.historical_amis_arm64.ids))))
+
+  source = "github.com/cisagov/ami-launch-permission-tf-module"
+
+  providers = {
+    aws        = aws
+    aws.master = aws.master
+  }
+
+  account_name_regex   = local.account_name_regex
+  ami_id               = each.value
+  extraorg_account_ids = var.extraorg_account_ids
+}
+
+# The IDs of all x86-64 cisagov/skeleton-packer AMIs
+data "aws_ami_ids" "historical_amis_x86_64" {
+  owners = [data.aws_caller_identity.images.account_id]
+
+  filter {
+    name   = "architecture"
+    values = ["x86_64"]
+  }
+
+  filter {
+    name   = "name"
+    values = ["example-hvm-*-x86_64-ebs"]
+  }
+
+  filter {
+    name   = "root-device-type"
+    values = ["ebs"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+}
+
+# Assign launch permissions to the x86-64 AMIs
+module "ami_launch_permission_x86_64" {
+  # Really we only want the var.recent_ami_count most recent AMIs, but
+  # we have to cover the case where there are fewer than that many
+  # AMIs in existence.  Hence the min()/length() tomfoolery.
+  for_each = toset(slice(data.aws_ami_ids.historical_amis_x86_64.ids, 0, min(var.recent_ami_count, length(data.aws_ami_ids.historical_amis_x86_64.ids))))
 
   source = "github.com/cisagov/ami-launch-permission-tf-module"
 

diff --git a/terraform-post-packer/outputs.tf b/terraform-post-packer/outputs.tf
@@ -1,4 +1,9 @@
-output "launch_permissions" {
-  value       = module.ami_launch_permission
-  description = "The cisagov/ami-launch-permission-tf-module for each AMI to which launch permission is being granted."
+output "launch_permissions_arm64" {
+  value       = module.ami_launch_permission_arm64
+  description = "The cisagov/ami-launch-permission-tf-module for each ARM64 AMI to which launch permission is being granted."
+}
+
+output "launch_permissions_x86_64" {
+  value       = module.ami_launch_permission_x86_64
+  description = "The cisagov/ami-launch-permission-tf-module for each x86_64 AMI to which launch permission is being granted."
 }
diff --git a/terraform-post-packer/variables.tf b/terraform-post-packer/variables.tf
@@ -12,6 +12,6 @@ variable "extraorg_account_ids" {
 
 variable "recent_ami_count" {
   default     = 12
-  description = "The number of most-recent AMIs for which to grant launch permission (e.g. \"3\").  If this variable is set to three, for example, then accounts will be granted permission to launch the three most recent AMIs (or all most recent AMIs, if there are only one or two of them in existence)."
+  description = "The number of most-recent AMIs (per architecture) for which to grant launch permission (e.g. \"3\").  If this variable is set to three, for example, then accounts will be granted permission to launch the three most recent AMIs (or all most recent AMIs, if there are only one or two of them in existence)."
   type        = number
 }