restructure folders to serperate IAM from services

README.md

@@ -27,4 +27,8 @@ Replace the URL in the middle with the proper endpoint of your database and repl
 
 10. Go to the apprunner folder (`cd ../apprunner`)
 
-11. Run `tofu init` and then `tofu apply` to set up the App Runner services
+11. Run `tofu init` and then `tofu apply` to set up the App Runner IAM
+
+12. Go to the service sub-folder (`cd /service`)
+
+13. Run 'tofu init' and then 'tofu apply' to set up the App Runner services

apprunner/03_iam.tf

@@ -0,0 +1,47 @@
+resource "aws_iam_role" "apprunner_role" {
+  name = "apprunner-access-role"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Effect = "Allow",
+        Principal = {
+          Service = "build.apprunner.amazonaws.com"
+        },
+        Action = "sts:AssumeRole"
+      },
+    ]
+  })
+}
+
+
+resource "aws_iam_policy" "ecr_access_policy" {
+  name = "apprunner-ecr-access-policy"
+
+  policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Effect = "Allow",
+        Action = [
+          "ecr:GetDownloadUrlForLayer",
+          "ecr:BatchGetImage",
+          "ecr:BatchCheckLayerAvailability"
+        ],
+        Resource = "*"
+      },
+      {
+        Effect   = "Allow",
+        Action   = "ecr:GetAuthorizationToken",
+        Resource = "*"
+      }
+    ]
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "apprunner_ecr_policy_attach" {
+  role       = aws_iam_role.apprunner_role.name
+  policy_arn = aws_iam_policy.ecr_access_policy.arn
+}
+

apprunner/service/01_provider.tf

@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "5.62.0"
+    }
+  }
+}
+
+provider "aws" {
+  region = "us-east-1"
+}

apprunner/service/02_applicationlist.tf

@@ -0,0 +1,22 @@
+variable "applications" {
+  type    = list(string)
+  default = ["announcements"]
+}
+
+variable "environments" {
+  type    = list(string)
+  default = ["dev", "qa", "prod"]
+}
+
+locals {
+  app_env_combinations = [
+    for app in var.applications : [
+      for env in var.environments : {
+        app = app
+        env = env
+      }
+    ]
+  ]
+
+  app_env_list = flatten(local.app_env_combinations)
+}

apprunner/03_apprunner.tf → apprunner/service/03_apprunner.tf

@@ -31,53 +31,6 @@ resource "aws_apprunner_service" "app_services" {
 
 }
 
-resource "aws_iam_role" "apprunner_role" {
-  name = "apprunner-access-role"
-
-  assume_role_policy = jsonencode({
-    Version = "2012-10-17",
-    Statement = [
-      {
-        Effect = "Allow",
-        Principal = {
-          Service = "build.apprunner.amazonaws.com"
-        },
-        Action = "sts:AssumeRole"
-      },
-    ]
-  })
-}
-
-
-resource "aws_iam_policy" "ecr_access_policy" {
-  name = "apprunner-ecr-access-policy"
-
-  policy = jsonencode({
-    Version = "2012-10-17",
-    Statement = [
-      {
-        Effect = "Allow",
-        Action = [
-          "ecr:GetDownloadUrlForLayer",
-          "ecr:BatchGetImage",
-          "ecr:BatchCheckLayerAvailability"
-        ],
-        Resource = "*"
-      },
-      {
-        Effect   = "Allow",
-        Action   = "ecr:GetAuthorizationToken",
-        Resource = "*"
-      }
-    ]
-  })
-}
-
-resource "aws_iam_role_policy_attachment" "apprunner_ecr_policy_attach" {
-  role       = aws_iam_role.apprunner_role.name
-  policy_arn = aws_iam_policy.ecr_access_policy.arn
-}
-
 resource "aws_apprunner_auto_scaling_configuration_version" "app_scaling" {
   auto_scaling_configuration_name = "app-scaling-config"
 

apprunner/terraform.tfstate

@@ -0,0 +1,9 @@
+{
+  "version": 4,
+  "terraform_version": "1.7.2",
+  "serial": 5,
+  "lineage": "8ebc2ad4-09a6-559d-169e-e7f1af71737f",
+  "outputs": {},
+  "resources": [],
+  "check_results": null
+}