Merge pull request #2 from rhythmictech/private-default

smiller171 · web-flow · commit 0e0687f6c6c7 · 2020-06-02T18:11:01.000-04:00
[ENG-897] make private by default, allow public
diff --git a/cloudformation.yml.tpl b/cloudformation.yml.tpl
@@ -9,17 +9,20 @@ Resources:
       Distributions:
         %{~ for region in regions ~}
         - AmiDistributionConfiguration:
-            Name: '${name} - AmiCopyConfiguration - {{ imagebuilder:buildDate }}'
+            Name: '${name} - ${region} - AmiCopyConfiguration - {{ imagebuilder:buildDate }}'
             %{~ if description != null ~}
             Description: ${description}
             %{~ endif ~}
             AmiTags:
               ${ indent(14, chomp(yamlencode(tags))) }
-            %{~ if shared_account_ids != null ~}
             LaunchPermissionConfiguration:
+              %{~ if public == false ~}
               UserIds:
-                ${ indent(14, chomp(yamlencode(shared_account_ids))) }
-            %{~ endif ~}
+                ${ indent(16, chomp(yamlencode(shared_account_ids))) }
+              %{~ else ~}
+              UserGroups:
+                - all
+              %{~ endif ~}
           %{~ if license_config_arns != null ~}
           LicenseConfigurationArns:
             ${ indent(12, chomp(yamlencode(license_config_arns)))}
diff --git a/main.tf b/main.tf
@@ -93,6 +93,7 @@ resource "aws_cloudformation_stack" "this" {
     log_bucket           = var.log_bucket
     log_prefix           = var.log_prefix
     name                 = var.name
+    public               = var.public
     recipe_arn           = var.recipe_arn
     regions              = var.regions
     schedule             = var.schedule
diff --git a/variables.tf b/variables.tf
@@ -57,6 +57,12 @@ variable "name" {
   type        = string
 }
 
+variable "public" {
+  default     = false
+  description = "Whether resulting AMI should be public"
+  type        = bool
+}
+
 variable "recipe_arn" {
   description = "ARN of the recipe to use. Must change with Recipe version"
   type        = string
@@ -91,7 +97,7 @@ variable "security_group_ids" {
 }
 
 variable "shared_account_ids" {
-  default     = null
+  default     = []
   description = "AWS accounts to share AMIs with. If this is left null AMIs will be public"
   type        = list(string)
 }

Original file line number	Diff line number	Diff line change
`@@ -57,6 +57,12 @@ variable "name" {`
`57`	`57`	`type = string`
`58`	`58`	`}`
`59`	`59`
	`60`	`+variable "public" {`
	`61`	`+ default = false`
	`62`	`+ description = "Whether resulting AMI should be public"`
	`63`	`+ type = bool`
	`64`	`+}`
	`65`	`+`
`60`	`66`	`variable "recipe_arn" {`
`61`	`67`	`description = "ARN of the recipe to use. Must change with Recipe version"`
`62`	`68`	`type = string`
`@@ -91,7 +97,7 @@ variable "security_group_ids" {`
`91`	`97`	`}`
`92`	`98`
`93`	`99`	`variable "shared_account_ids" {`
`94`		`- default = null`
	`100`	`+ default = []`
`95`	`101`	`description = "AWS accounts to share AMIs with. If this is left null AMIs will be public"`
`96`	`102`	`type = list(string)`
`97`	`103`	`}`