update oidc branch based on a simplified ecs module

terraform/implementation/ecs/ecs.sh

@@ -143,7 +143,7 @@ else
 fi
 
 if [ "$CI" = false ]; then
-    terraform apply -var-file="$ENVIRONMENT.tfvars"
+    terraform destroy -var-file="$ENVIRONMENT.tfvars"
 else
-    terraform apply -auto-approve -var-file="$ENVIRONMENT.tfvars"
+    terraform destroy -auto-approve -var-file="$ENVIRONMENT.tfvars"
 fi

terraform/implementation/setup/main.tf

@@ -11,6 +11,17 @@ provider "aws" {
   }
 }
 
+# GitHub OIDC for prod
+module "oidc" {
+  source = "../../modules/oidc"
+
+  oidc_github_repo = var.oidc_github_repo
+  owner            = var.owner
+  project          = var.project
+  region           = var.region
+  workspace        = "prod"
+}
+
 resource "random_string" "setup" {
   length  = 8
   special = false
@@ -69,7 +80,7 @@ resource "local_file" "setup_env" {
     BUCKET="${aws_s3_bucket.tfstate.bucket}"
     DYNAMODB_TABLE="${aws_dynamodb_table.tfstate_lock.id}"
     REGION="${var.region}"
-    TERRAFORM_ROLE="${aws_iam_role.github.arn}"
+    TERRAFORM_ROLE="${module.oidc.role.arn}"
   EOT
   filename = ".env"
 }
@@ -79,7 +90,7 @@ resource "local_file" "ecs_env" {
     BUCKET="${aws_s3_bucket.tfstate.bucket}"
     DYNAMODB_TABLE="${aws_dynamodb_table.tfstate_lock.id}"
     REGION="${var.region}"
-    TERRAFORM_ROLE="${aws_iam_role.github.arn}"
+    TERRAFORM_ROLE="${module.oidc.role.arn}"
   EOT
   filename = "../ecs/.env"
 }

terraform/implementation/setup/setup.sh

@@ -52,7 +52,7 @@ if ! grep -q "region" "$WORKSPACE.tfvars"; then
 fi
 
 if ! grep -q "oidc_github_repo" "$WORKSPACE.tfvars"; then
-    read -p "Are you using GitHub for your source control? (y/n): " github_choice
+    read -p "Do you want to setup a GitHub IODC role? (y/n): " github_choice
     if [[ "$github_choice" =~ ^[Yy]$ ]]; then
         read -p "What is the organization/repo value for assume role? ( default=\"\" ): " repo_choice
         repo_choice=${repo_choice:-""}