feat: do you really need backend replication pt 2

morganrowse · Apr 12, 2023 · b7001c0 · b7001c0
1 parent c30755a
commit b7001c0
Show file tree

Hide file tree

Showing 9 changed files with 2 additions and 45 deletions.
diff --git a/main.tf b/main.tf
@@ -53,11 +53,9 @@ module "aft_account_request_framework" {
 module "aft_backend" {
   providers = {
     aws.primary_region   = aws.aft_management
-    aws.secondary_region = aws.tf_backend_secondary_region
   }
   source           = "./modules/aft-backend"
   primary_region   = var.ct_home_region
-  secondary_region = var.tf_backend_secondary_region
 }
 
 module "aft_code_repositories" {
@@ -235,7 +233,6 @@ module "aft_ssm_parameters" {
   account_request_repo_name                                   = var.account_request_repo_name
   vcs_provider                                                = var.vcs_provider
   aft_config_backend_primary_region                           = var.ct_home_region
-  aft_config_backend_secondary_region                         = var.tf_backend_secondary_region
   aft_framework_repo_url                                      = var.aft_framework_repo_url
   aft_framework_repo_git_ref                                  = local.aft_framework_repo_git_ref
   terraform_token                                             = var.terraform_token

diff --git a/modules/aft-backend/variables.tf b/modules/aft-backend/variables.tf
@@ -4,7 +4,3 @@
 variable "primary_region" {
   type = string
 }
-
-variable "secondary_region" {
-  type = string
-}
diff --git a/modules/aft-backend/versions.tf b/modules/aft-backend/versions.tf
@@ -8,7 +8,7 @@ terraform {
     aws = {
       source                = "hashicorp/aws"
       version               = ">= 4.9.0"
-      configuration_aliases = [aws.primary_region, aws.secondary_region]
+      configuration_aliases = [aws.primary_region]
     }
   }
 }
diff --git a/modules/aft-ssm-parameters/ssm.tf b/modules/aft-ssm-parameters/ssm.tf
@@ -241,12 +241,6 @@ resource "aws_ssm_parameter" "aft_config_backend_primary_region" {
   value = var.aft_config_backend_primary_region
 }
 
-resource "aws_ssm_parameter" "aft_config_backend_secondary_region" {
-  name  = "/aft/config/oss-backend/secondary-region"
-  type  = "String"
-  value = var.aft_config_backend_secondary_region
-}
-
 resource "aws_ssm_parameter" "aft_config_backend_kms_key_id" {
   name  = "/aft/config/oss-backend/kms-key-id"
   type  = "String"

diff --git a/modules/aft-ssm-parameters/variables.tf b/modules/aft-ssm-parameters/variables.tf
@@ -174,10 +174,6 @@ variable "aft_config_backend_primary_region" {
   type = string
 }
 
-variable "aft_config_backend_secondary_region" {
-  type = string
-}
-
 variable "aft_config_backend_kms_key_id" {
   type = string
 }

diff --git a/outputs.tf b/outputs.tf
@@ -110,10 +110,6 @@ output "terraform_distribution" {
   value = var.terraform_distribution
 }
 
-output "tf_backend_secondary_region" {
-  value = var.tf_backend_secondary_region
-}
-
 output "terraform_org_name" {
   value = var.terraform_org_name
 }

diff --git a/providers.tf b/providers.tf
@@ -25,19 +25,6 @@ provider "aws" {
     }
   }
 }
-provider "aws" {
-  alias  = "tf_backend_secondary_region"
-  region = var.tf_backend_secondary_region
-  assume_role {
-    role_arn     = "arn:${data.aws_partition.current.partition}:iam::${var.aft_management_account_id}:role/AWSControlTowerExecution"
-    session_name = local.aft_session_name
-  }
-  default_tags {
-    tags = {
-      managed_by = "AFT"
-    }
-  }
-}
 provider "aws" {
   alias  = "audit"
   region = var.ct_home_region

diff --git a/variables.tf b/variables.tf
@@ -288,15 +288,6 @@ variable "terraform_distribution" {
   }
 }
 
-variable "tf_backend_secondary_region" {
-  type        = string
-  description = "AFT creates a backend for state tracking for its own state as well as OSS cases. The backend's primary region is the same as the AFT region, but this defines the secondary region to replicate to."
-  validation {
-    condition     = can(regex("(us(-gov)?|ap|ca|cn|eu|sa)-(central|(north|south)?(east|west)?)-\\d", var.tf_backend_secondary_region))
-    error_message = "Variable var: tf_backend_secondary_region is not valid."
-  }
-}
-
 # Non-OSS Variables
 variable "terraform_token" {
   type        = string

diff --git a/versions.tf b/versions.tf
@@ -8,7 +8,7 @@ terraform {
     aws = {
       source                = "hashicorp/aws"
       version               = ">= 4.9.0, < 5.0.0"
-      configuration_aliases = [aws.ct_management, aws.log_archive, aws.audit, aws.aft_management, aws.tf_backend_secondary_region]
+      configuration_aliases = [aws.ct_management, aws.log_archive, aws.audit, aws.aft_management]
     }
   }
 }