feat(fips): add fips amis (#31)

* feat(fips): add fips amis * remove connection test for fips hosts * add comment
newrelic-experimental · Jan 6, 2025 · 9d8a1f4 · 9d8a1f4
1 parent 6ae66ee
commit 9d8a1f4
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 1 deletion.
diff --git a/terraform/otel-ec2/main.tf b/terraform/otel-ec2/main.tf
@@ -26,7 +26,7 @@ module "otels" {
 resource "null_resource" "wait_linux" {
 
   for_each = {for key, val in local.assembled_ec2:
-              key => val if val.platform == "linux"}
+              key => val if val.platform == "linux" && !strcontains(key, "fips")}
 
   provisioner "remote-exec" {
     connection {
@@ -42,6 +42,26 @@ resource "null_resource" "wait_linux" {
   }
 }
 
+# TODO: We need to update this when we can test connectivitly to FIPS hosts
+# resource "null_resource" "wait_linux_fips" {
+
+#   for_each = {for key, val in local.assembled_ec2:
+#               key => val if val.platform == "linux" && strcontains(key, "fips")}
+
+#   provisioner "remote-exec" {
+#     connection {
+#       type        = "ssh"
+#       user        = each.value.username
+#       host        = module.otels[each.key].private_ip
+#       private_key = file(var.pvt_key)
+#     }
+
+#     inline = [
+#       "echo 'connected in FIPS mode'"
+#     ]
+#   }
+# }
+
 resource "null_resource" "wait_windows" {
 
   for_each = {for key, val in local.assembled_ec2:

diff --git a/terraform/otel-ec2/vars.tf b/terraform/otel-ec2/vars.tf
@@ -405,6 +405,19 @@ variable "ec2_otels" {
           "otel_role" = "agent"
         }
       }
+      "amd64:al-2023-fips" = {
+        ami             = "ami-085fa628e46dcb929"
+        subnet          = "subnet-09b64de757828cdd4"
+        security_groups = ["sg-044ef7bc34691164a"]
+        key_name        = "caos-dev-arm"
+        instance_type   = "t3a.small"
+        username        = "ec2-user"
+        python          = "/usr/bin/python3"
+        platform        = "linux"
+        tags            = {
+          "otel_role" = "agent"
+        }
+      }
       "arm64:al-2023" = {
         ami             = "ami-07d16074c2fdf3a19"
         subnet          = "subnet-09b64de757828cdd4"
@@ -418,6 +431,19 @@ variable "ec2_otels" {
           "otel_role" = "agent"
         }
       }
+      "arm64:al-2023-fips" = {
+        ami             = "ami-06014e12b8efb52e2"
+        subnet          = "subnet-09b64de757828cdd4"
+        security_groups = ["sg-044ef7bc34691164a"]
+        key_name        = "caos-dev-arm"
+        instance_type   = "t4g.small"
+        username        = "ec2-user"
+        python          = "/usr/bin/python3"
+        platform        = "linux"
+        tags            = {
+          "otel_role" = "agent"
+        }
+      }
       "amd64:windows_2016" = {
         ami             = "ami-03d46abfa414238dd"
         subnet          = "subnet-09b64de757828cdd4"