rebase

Author: Dobroslav Slavenskoj

.github/workflows/digger-plan.yml

@@ -19,11 +19,15 @@ jobs:
         uses: diggerhq/digger@v0.2.0
         with:
           setup-aws: true
-          aws-role-to-assume: arn:aws:sts::${{ secrets.AccountID }}:assumed-role/${{secrets.RoleName}}/${{FunctionName}}
+          
+          #Uncomment below line if using OIDC
+          #aws-role-to-assume: arn:aws:sts::{secrets.AccountID}:assumed-role/{secrets.RoleName}/{FunctionName}
+         
+          #Comment the following two lines out if using OIDC. 
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          ##End comment block
           aws-region: us-east-1
         env:
           GITHUB_CONTEXT: ${{ toJson(github) }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          LOCK_PROVIDER: aws
-          AWS_STORAGE_BUCKET: 'digger-lock-prod'
-    

.gitignore

@@ -2,7 +2,7 @@ gcp_key.json
 
 # Local .terraform directories
 **/.terraform/*
-
+.terraform 
 # .tfstate files
 *.tfstate
 *.tfstate.*

README.md

@@ -1 +1,17 @@
 # quickstart-actions-aws
+
+This is the repository for a sample quickstart action with digger. 
+
+# backend
+this folder will provision (most) of the backend required. 
+Main.tf provisions the following resources. 
+
+1. The Backend state bucket for terraform to store state in
+2. The required DynamoDB table for Digger to store locks. 
+
+# prod
+This is a sample terraform prod code that will (if given the chance) spin up a vpc + an EC2 instance, and required security groups. 
+The instance is locked down to not be accessible from outside the network. 
+
+# .github/workflows
+Contains digger-plan.yml with two different potential ways of authenticating against an AWS account. Please review the main digger documentation on details as to which scheme to use. 

backend/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "3.0.0"  # Use an appropriate version
+      version = "5.23.1"  
     }
   }
 }
@@ -18,8 +18,24 @@ resource "random_string" "bucket_prefix" {
 
 resource "aws_s3_bucket" "default" {
   bucket = "${random_string.bucket_prefix.result}-bucket-tfstate"
-  acl    = "private"  # You can adjust the ACL as needed
-  versioning {
-    enabled = true
+}
+
+resource "aws_s3_bucket_versioning" "versioning_example" {
+  bucket = aws_s3_bucket.default.id
+  versioning_configuration {
+    status = "Enabled"
   }
 }
+
+resource "aws_s3_bucket_acl" "example" {
+  bucket = aws_s3_bucket.default.id
+  acl    = "private"
+}
+
+
+resource "aws_dynamodb_table" "DiggerDynamoDBLockTable" {
+  name             = "DiggerDynamoDBLockTable"
+  billing_mode     = "PAY_PER_REQUEST"
+  stream_enabled   = true
+  stream_view_type = "NEW_AND_OLD_IMAGES"
+}