Merge pull request #83 from dduportal/feat/ci.jenkins.io/allow-winrm-…

…ec2-agents

feat(ci.jenkins.io) allow WinRM and CIFs over TCP from controller to private agent subnets + disable Network ACLs

ci.jenkins.io.tf

@@ -130,6 +130,13 @@ resource "aws_instance" "ci_jenkins_io" {
   )
 }
 
+## SSH Key used to access EC2 Agents (private key stored encrypted in SOPS)
+resource "aws_key_pair" "deployer" {
+  key_name   = "deployer-key"
+  public_key = trimspace(element(split("#", compact(split("\n", file("./ec2_agents_authorized_keys")))[0]), 0))
+  tags       = local.common_tags
+}
+
 ### DNS Zone delegated from Azure DNS (jenkins-infra/azure-net)
 # `updatecli` maintains sync between the 2 repositories using the infra reports (see outputs.tf)
 resource "aws_route53_zone" "aws_ci_jenkins_io" {

eks-cijenkinsio-agents-2.tf

@@ -175,7 +175,7 @@ module "cijenkinsio_agents_2" {
 }
 
 module "cijenkinsio_agents_2_autoscaler_irsa_role" {
-  source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
+  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
   version = "5.52.2"
 
   role_name                        = "${module.cijenkinsio_agents_2.cluster_name}-cluster-autoscaler"
@@ -194,7 +194,7 @@ module "cijenkinsio_agents_2_autoscaler_irsa_role" {
 }
 
 module "cijenkinsio_agents_2_ebscsi_irsa_role" {
-  source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
+  source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
   version = "5.52.2"
 
   role_name             = "${module.cijenkinsio_agents_2.cluster_name}-ebs-csi"