apr-1985

## oidc.yml
name: Terraform Plan
on:
  push
env:
  AWS_REGION : "eu-west-1"
# permission can be added at job level or workflow level
permissions:
      id-token: write   # This is required for requesting the JWT through OIDC
      contents: read    # This is required for actions/checkout
jobs:

## main.tf
# Get the latest TLS cert from GitHub to authenticate their requests
data "tls_certificate" "github" {
  url = "https://token.actions.githubusercontent.com/.well-known/openid-configuration"
}

# Create the OIDC Provider in the AWS Account
resource "aws_iam_openid_connect_provider" "github_actions" {
  url             = "https://token.actions.githubusercontent.com"
  client_id_list  = ["sts.amazonaws.com"]
  thumbprint_list = [data.tls_certificate.github.certificates[0].sha1_fingerprint]

## step_summary.yaml
name: Python Testing

on: [push]

jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        python-version: ["3.10"]

## lambda.py
import logging
import os
import requests


# Logging
logger = logging.getLogger()
logger.setLevel(logging.INFO)

aws_session_token = os.environ.get('AWS_SESSION_TOKEN')

## iam.tf
resource "aws_iam_role" "ssm_lambda_exec" {
  name = "parameter_layer_test-lambda-exec"

  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {

## lambda.tf
resource "aws_lambda_function" "parameter_layer_test" {
  filename         = "${path.module}/lambda_function_payload.zip"
  function_name    = "parameter_layer_test"
  role             = aws_iam_role.ssm_lambda_exec.arn
  handler          = "parameter_layer_test.lambda_handler"
  runtime          = "python3.9"
  source_code_hash = filebase64sha256("${path.module}/lambda_function_payload.zip")
  memory_size      = 256
  timeout          = 900
  layers           = ["arn:aws:lambda:eu-west-1:015030872274:layer:AWS-Parameters-and-Secrets-Lambda-Extension:2", ]

## terraform.tf
resource "artifactory_remote_docker_repository" "docker-remote" {
  key                                   = "docker-remote"
  url                                   = "https://registry-1.docker.io/"
  repo_layout_ref                       = "simple-default"
  block_pushing_schema1                 = false
  enable_token_authentication           = true
  retrieval_cache_period_seconds        = 7200
  username                              = "DOCKER_USER"
  password                              = "PASSWORD"
  unused_artifacts_cleanup_period_hours = 36

## artifactory-yaml.yml
remoteRepositories:
  docker-remote:
    type: docker
    url: https://registry-1.docker.io/
    repoLayout: simple-default
    blockPushingSchema1: false
    enableTokenAuthentication: true
    retrievalCachePeriodSecs: 7200
    username: "DOCKER_USER"
    password: "PASSWORD"

## terraform.tfvars
# Gross
lambdas = {
  my_lambda_1 = {
    lambda_name       = "my_lambda_1",
    lambda_entrypoint = "my_lambda_1.lambda_handler",
    timeout           = 900,
    lambda_runtime    = "python3.7",
    lambda_memory_size = 256
  }
  my_lambda_2 = {

## terraform.tfvars
lambdas = {
  my_lambda_1 = {
    lambda_name       = "my_lambda_1",
    lambda_entrypoint = "my_lambda_1.lambda_handler",
  }
  my_lambda_2 = {
    lambda_name       = "my_lambda_2",
    lambda_entrypoint = "my_lambda_2.lambda_handler",
  }
  my_lambda_3 = {
	name: Terraform Plan
	on:
	push
	env:
	AWS_REGION : "eu-west-1"
	# permission can be added at job level or workflow level
	permissions:
	id-token: write # This is required for requesting the JWT through OIDC
	contents: read # This is required for actions/checkout
	jobs:
	# Get the latest TLS cert from GitHub to authenticate their requests
	data "tls_certificate" "github" {
	url = "https://token.actions.githubusercontent.com/.well-known/openid-configuration"
	}

	# Create the OIDC Provider in the AWS Account
	resource "aws_iam_openid_connect_provider" "github_actions" {
	url = "https://token.actions.githubusercontent.com"
	client_id_list = ["sts.amazonaws.com"]
	thumbprint_list = [data.tls_certificate.github.certificates[0].sha1_fingerprint]
	name: Python Testing

	on: [push]

	jobs:
	build:
	runs-on: ubuntu-latest
	strategy:
	matrix:
	python-version: ["3.10"]
	import logging
	import os
	import requests


	# Logging
	logger = logging.getLogger()
	logger.setLevel(logging.INFO)

	aws_session_token = os.environ.get('AWS_SESSION_TOKEN')
	resource "aws_iam_role" "ssm_lambda_exec" {
	name = "parameter_layer_test-lambda-exec"

	assume_role_policy = <<EOF
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Action": "sts:AssumeRole",
	"Principal": {
	resource "aws_lambda_function" "parameter_layer_test" {
	filename = "${path.module}/lambda_function_payload.zip"
	function_name = "parameter_layer_test"
	role = aws_iam_role.ssm_lambda_exec.arn
	handler = "parameter_layer_test.lambda_handler"
	runtime = "python3.9"
	source_code_hash = filebase64sha256("${path.module}/lambda_function_payload.zip")
	memory_size = 256
	timeout = 900
	layers = ["arn:aws:lambda:eu-west-1:015030872274:layer:AWS-Parameters-and-Secrets-Lambda-Extension:2", ]
	resource "artifactory_remote_docker_repository" "docker-remote" {
	key = "docker-remote"
	url = "https://registry-1.docker.io/"
	repo_layout_ref = "simple-default"
	block_pushing_schema1 = false
	enable_token_authentication = true
	retrieval_cache_period_seconds = 7200
	username = "DOCKER_USER"
	password = "PASSWORD"
	unused_artifacts_cleanup_period_hours = 36
	remoteRepositories:
	docker-remote:
	type: docker
	url: https://registry-1.docker.io/
	repoLayout: simple-default
	blockPushingSchema1: false
	enableTokenAuthentication: true
	retrievalCachePeriodSecs: 7200
	username: "DOCKER_USER"
	password: "PASSWORD"
	# Gross
	lambdas = {
	my_lambda_1 = {
	lambda_name = "my_lambda_1",
	lambda_entrypoint = "my_lambda_1.lambda_handler",
	timeout = 900,
	lambda_runtime = "python3.7",
	lambda_memory_size = 256
	}
	my_lambda_2 = {