From e9d1240e0d591cd567a1cdeac373f4c9fb91bc06 Mon Sep 17 00:00:00 2001
From: sleep <abde.arrahman.dk@gmail.com>
Date: Thu, 9 Jan 2025 09:26:59 +0100
Subject: [PATCH] Added SQS support to ArmoniK

---
 infrastructure/quick-deploy/aws/armonik.tf |  8 ++++++--
 infrastructure/quick-deploy/aws/storage.tf | 18 ++++++++++++++++++
 2 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/infrastructure/quick-deploy/aws/armonik.tf b/infrastructure/quick-deploy/aws/armonik.tf
index b77ff7a0b..95ff1fda4 100644
--- a/infrastructure/quick-deploy/aws/armonik.tf
+++ b/infrastructure/quick-deploy/aws/armonik.tf
@@ -26,6 +26,7 @@ module "armonik" {
       pod_configuration     = null
     }
     }, v, {
+    service_account_name = "armonikserviceaccount"
     polling_agent = merge(v.polling_agent, {
       image = local.ecr_images["${v.polling_agent.image}:${try(coalesce(v.polling_agent.tag), "")}"].name
       tag   = local.ecr_images["${v.polling_agent.image}:${try(coalesce(v.polling_agent.tag), "")}"].tag
@@ -36,8 +37,9 @@ module "armonik" {
     })]
   }) }
   control_plane = merge(var.control_plane, {
-    image = local.ecr_images["${var.control_plane.image}:${try(coalesce(var.control_plane.tag), "")}"].name
-    tag   = local.ecr_images["${var.control_plane.image}:${try(coalesce(var.control_plane.tag), "")}"].tag
+    image                = local.ecr_images["${var.control_plane.image}:${try(coalesce(var.control_plane.tag), "")}"].name
+    tag                  = local.ecr_images["${var.control_plane.image}:${try(coalesce(var.control_plane.tag), "")}"].tag
+    service_account_name = "armonikserviceaccount"
   })
   admin_gui = merge(var.admin_gui, {
     image = local.ecr_images["${var.admin_gui.image}:${try(coalesce(var.admin_gui.tag), "")}"].name
@@ -76,4 +78,6 @@ module "armonik" {
     image = local.ecr_images["${var.pod_deletion_cost.image}:${try(coalesce(var.pod_deletion_cost.tag), "")}"].image
     tag   = local.ecr_images["${var.pod_deletion_cost.image}:${try(coalesce(var.pod_deletion_cost.tag), "")}"].tag
   })
+
+  depends_on = [module.aws_service_account]
 }
diff --git a/infrastructure/quick-deploy/aws/storage.tf b/infrastructure/quick-deploy/aws/storage.tf
index aacf072ac..e28be80cc 100644
--- a/infrastructure/quick-deploy/aws/storage.tf
+++ b/infrastructure/quick-deploy/aws/storage.tf
@@ -17,6 +17,7 @@ module "s3_fs" {
   sse_algorithm                         = can(coalesce(var.kms_key)) ? var.s3_fs.sse_algorithm : "aws:kms"
   ownership                             = var.s3_fs.ownership
   versioning                            = var.s3_fs.versioning
+  role_name                             = module.aws_service_account.service_account_iam_role_name
 }
 
 # Shared storage
@@ -143,6 +144,15 @@ module "mq" {
   kms_key_id              = local.kms_key
 }
 
+module "aws_service_account" {
+  namespace         = local.namespace
+  source            = "./generated/infra-modules/service-account/aws"
+  prefix            = local.prefix
+  name              = "armonikserviceaccount"
+  oidc_provider_arn = module.eks.aws_eks_module.oidc_provider_arn
+  oidc_issuer_url   = module.eks.aws_eks_module.cluster_oidc_issuer_url
+}
+
 # MongoDB
 module "mongodb" {
   count     = can(coalesce(var.mongodb_sharding)) ? 0 : 1
@@ -277,6 +287,14 @@ module "mongodb_efs_persistent_volume" {
   tags                            = local.tags
 }
 
+
+resource "aws_iam_policy_attachment" "armonik_decrypt_object" {
+  name       = "storage-s3-encrypt-decrypt-armonik"
+  roles      = [module.aws_service_account.service_account_iam_role_name]
+  policy_arn = aws_iam_policy.decrypt_object.arn
+}
+
+
 # Decrypt objects in S3
 data "aws_iam_policy_document" "decrypt_object" {
   statement {