search

cnoe-io / backstage-terraform-integrations

4 stars 6 forks source link

[Bug]: The 3 bucket example cannot take the region from the backstage template #25

Open nimakaviani opened 3 months ago

nimakaviani commented 3 months ago

What is your environment, configuration, and command?

I added the tf-controller integration to the ref implementation deployment.

What did you do and What did you see instead?

I used the instructions below to generate the AWS secret:

cat << EOF > ./aws-secrets-tofu.yaml
---
apiVersion: v1
kind: Secret
metadata:
  name: aws-credentials
  namespace: flux-system
type: Opaque
stringData:
  AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID}
  AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY}
  # Add this only if it's required. Optional for IAM roles
  AWS_SESSION_TOKEN: ${AWS_SESSION_TOKEN}
EOF

Additional Information. Logs.

looks like the terraform example for the s3 bucket, uses the OCIRepo under oci://ghcr.io/flux-iac/aws-primitive-modules.

Problem is, this repo assumes that the region is hard coded as part of the credentials provided in the secret which is not common practice with backstage templates. Using the aws-region variable here in the template does not update the region for the deployed bucket and the creation of the bucket fails.

Also, when adding the region to the secret, the terraform modules appears to only accept us-west-1 as the valid option.

We should fix the template such that the terraform template can actually set the region via the backstage form and for this we may need to use a different approach than referencing the OCIRepo