feat: updated to provide bring your own token option (#27)

* feat: updated to provide bring your own token option * fix: re-run docs
aws-ia · Jun 3, 2024 · 24e3539 · 24e3539
1 parent 3ffa50e
commit 24e3539
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -69,11 +69,14 @@ This file will contain any instructional information about this module.
 | <a name="input_cloudwatch_log_group_retention"></a> [cloudwatch\_log\_group\_retention](#input\_cloudwatch\_log\_group\_retention) | The number of days to retain logs in the CloudWatch log group. | `number` | `7` | no |
 | <a name="input_create_cloudwatch_log_group"></a> [create\_cloudwatch\_log\_group](#input\_create\_cloudwatch\_log\_group) | The name of the CloudWatch log group where agent logs will be sent. | `bool` | `true` | no |
 | <a name="input_create_ecs_cluster"></a> [create\_ecs\_cluster](#input\_create\_ecs\_cluster) | Whether to create a new ECS cluster for the agent. | `bool` | `true` | no |
+| <a name="input_create_tfe_agent_pool"></a> [create\_tfe\_agent\_pool](#input\_create\_tfe\_agent\_pool) | Option to omit agent pool/token creation | `bool` | `true` | no |
 | <a name="input_ecs_cluster_arn"></a> [ecs\_cluster\_arn](#input\_ecs\_cluster\_arn) | ARN of the ECS cluster where the agent will be deployed. | `string` | `"arn:aws:ecs:us-west-2:000000000000:cluster/ecs-basic"` | no |
 | <a name="input_extra_env_vars"></a> [extra\_env\_vars](#input\_extra\_env\_vars) | Extra environment variables to pass to the agent container. | <pre>list(object({<br>    name  = string<br>    value = string<br>  }))</pre> | `[]` | no |
 | <a name="input_hcp_terraform_address"></a> [hcp\_terraform\_address](#input\_hcp\_terraform\_address) | The HTTPS address of the HCP Terraform or HCP Terraform enterprise instance. | `string` | `"https://app.terraform.io"` | no |
 | <a name="input_num_agents"></a> [num\_agents](#input\_num\_agents) | The number of agent containers to run. | `number` | `1` | no |
 | <a name="input_task_policy_arns"></a> [task\_policy\_arns](#input\_task\_policy\_arns) | ARN(s) of IAM policies to attach to the agent task. Determines what actions the agent can take without requiring additional AWS credentials. | `list(string)` | `[]` | no |
+| <a name="input_tfe_agent_pool_name"></a> [tfe\_agent\_pool\_name](#input\_tfe\_agent\_pool\_name) | Terraform agent pool name to be used when agent creation is omitted | `string` | `""` | no |
+| <a name="input_tfe_agent_token"></a> [tfe\_agent\_token](#input\_tfe\_agent\_token) | Terraform agent token to be used when agent creation is omitted | `string` | `""` | no |
 | <a name="input_use_spot_instances"></a> [use\_spot\_instances](#input\_use\_spot\_instances) | Whether to use Fargate Spot instances. | `bool` | `false` | no |
 
 ## Outputs

diff --git a/main.tf b/main.tf
@@ -1,20 +1,22 @@
 data "aws_region" "current" {}
 
 resource "tfe_agent_pool" "ecs_agent_pool" {
+  count        = var.create_tfe_agent_pool ? 1 : 0
   name         = "${var.name}-agent-pool"
   organization = var.hcp_terraform_org_name
 }
 
 resource "tfe_agent_token" "ecs_agent_token" {
-  agent_pool_id = tfe_agent_pool.ecs_agent_pool.id
+  count         = var.create_tfe_agent_pool ? 1 : 0
+  agent_pool_id = tfe_agent_pool.ecs_agent_pool[0].id
   description   = "${var.name}-agent-token"
 }
 
 resource "aws_ssm_parameter" "agent_token" {
   name        = "/hcp-tf-token/${var.hcp_terraform_org_name}/${var.name}"
   description = "HCP Terraform agent token"
   type        = "SecureString"
-  value       = tfe_agent_token.ecs_agent_token.token
+  value       = var.create_tfe_agent_pool ? tfe_agent_token.ecs_agent_token[0].token : var.tfe_agent_token
 }
 
 resource "aws_cloudwatch_log_group" "cloudwatch" {

diff --git a/outputs.tf b/outputs.tf
@@ -1,11 +1,11 @@
 output "agent_pool_name" {
   description = "Name of the HCP Terraform agent pool."
-  value       = tfe_agent_pool.ecs_agent_pool.name
+  value       = try(tfe_agent_pool.ecs_agent_pool[0].name, var.tfe_agent_pool_name)
 }
 
 output "agent_pool_id" {
   description = "ID of the HCP Terraform agent pool."
-  value       = tfe_agent_pool.ecs_agent_pool.id
+  value       = try(tfe_agent_pool.ecs_agent_pool[0].id, null)
 }
 
 output "ecs_service_arn" {

diff --git a/variables.tf b/variables.tf
@@ -162,3 +162,22 @@ variable "task_policy_arns" {
   description = "ARN(s) of IAM policies to attach to the agent task. Determines what actions the agent can take without requiring additional AWS credentials."
   default     = []
 }
+
+variable "create_tfe_agent_pool" {
+  type        = bool
+  default     = true
+  description = "Option to omit agent pool/token creation"
+}
+
+variable "tfe_agent_token" {
+  type        = string
+  default     = ""
+  description = "Terraform agent token to be used when agent creation is omitted"
+  sensitive   = true
+}
+
+variable "tfe_agent_pool_name" {
+  type        = string
+  default     = ""
+  description = "Terraform agent pool name to be used when agent creation is omitted"
+}