An easy to understand, opinionated terraform composable module for AWS βοΈ.
This module encapsulate a set of modules that configure, and provision accounts-related resources on AWS.
The documentation is automatically generated by terraform-docs, and it's available in the module's README.md file.
| Module | Status | Description |
|---|---|---|
aws-accounts |
Stable β | Create or many AWS accounts, within AWS Organizations. |
aws-iam-groups |
Stable β | Create AWS IAM groups |
aws-iam-system-user |
Stable β | Create an non-human user, for automation/system purposes. |
aws-iam-group-permissions |
Stable β | Create IAM Group policies, and required attachments |
aws-iam-users |
Stable β | Create AWS IAM (human) users |
aws-iam-role |
Stable β | Create an IAM role, with complex options like attached IAM policies, and others |
aws-iam-policy |
Stable β | Create an IAM policy, with complex options and allow to export its json document, or the object if applicable. |
aws-iam-policy-attacher |
Stable β | Module that wraps the attachment functionality. It's intended to be used in order to attach multiple IAM policies to several IAM roles. |
- Allows to create one or many AWS accounts.
- Allows to set organizational units for these accounts, or attach them directly into the root AWS Org.
- Allow us to create one or many IAM groups
- Handle specific paths, with optional attributes.
Check the example recipes π₯ here
- Add support for SCP.
The module's relevant components, structure and "skeleton" is described below:
βββ README.md
βββ TaskFile.yml
βββ docs
βΒ Β βββ contribution_guidelines.md
βββ examples
βΒ Β βββ README.md
βΒ Β βββ TaskFile.yml
βΒ Β βββ default
βΒ Β βββ basic
βΒ Β βββ README.md
βΒ Β βββ config
βΒ Β βΒ Β βββ fixtures.tfvars
βΒ Β βββ main.tf
βΒ Β βββ providers.tf
βΒ Β βββ variables.tf
βΒ Β βββ versions.tf
βββ modules
βΒ Β βββ TaskFile.yml
βΒ Β βββ default
βΒ Β βββ README.md
βΒ Β βββ data.tf
βΒ Β βββ locals.tf
βΒ Β βββ main.tf
βΒ Β βββ outputs.tf
βΒ Β βββ variables.tf
βΒ Β βββ versions.tf
βββ pre-commit-config-githubactions.yaml
βββ tests
βββ README.md
βββ TaskFile.yml
βββ default
βββ integration
βΒ Β βββ default_basic_integration_test.go
βΒ Β βββ go.mod
βΒ Β βββ go.sum
βΒ Β βββ target
βΒ Β βββ basic
βΒ Β βββ main.tf
βββ unit
βββ default_basic_unit_test.go
βββ go.mod
βββ go.sum
βββ target
βββ basic
βββ main.tfWhere:
- β‘οΈModules: refers to the actual module's directory. Where the
.tffiles reside. Eachsubdirectoryis a module. - β‘οΈExamples: refers to the examples directory, where the examples recipes lives. These are also used for testing the infrastructure using Terratest. For its specific documentation, query this link
- β‘οΈTests: refers to the tests directory, where the tests recipes lives. These are also used for testing the infrastructure using Terratest. For its specific documentation, query this link
Some tools that this repo uses:
- π§° Terraform β strongly recommended the latest versions
- π§° Go β justified mostly for Terratest
- π§° TaskFile β for the automation of the tasks.
NOTE: For automation during the development process, I use precommit, which is a framework for managing and maintaining multi-language pre-commit hooks. It's a great tool, and I highly recommend it. All the hooks required are installed by this script. It's recommended though to run it through the TaskFile task
pre-commit-init.
To initialize your pre-commit configuration, and ensure all the hooks are installed, run the following command:
task pre-commit-initTo run these hooks against all the files, you can use the following Task command:
task pre-commitFor sure you've seen that in the main Taskfile, there's a task called gen-env-aws. That task aims to generate a proper .env.<env>.aws dotEnv file which is used by the TaskFile.yml tasks. If you have a proper AWS credentials file, you can run the following command:
task gen-env-awsIn simple terms, that tasks (which runs a shell script) scan your pre-existing AWS profiles, and generate the .env.<env>.aws file for you. When it's generated, running a task that wraps a terraform command, will use the generated .env.<env>.aws file to set the proper AWS credentials. For example:
# dev refers to the environment selected, which's how the file is also named. E.g.: env.dev.aws
ENV=dev task module-planRun unit tests (wrapping Terratest):
# If you want to list the available tasks.
task list
# Run the unit tests.
task test-unitRun integration tests β if exists (wrapping Terratest):
# If you want to list the available tasks.
task list
# Run the unit tests.
task test-integrationRun all the configured pre-commit hooks (forcing them to run on all files):
task pre-commitRun a vanilla terraform plan over the example/basic (recipe) example:
# No arguments are required, since it's using its defaults: example as the module's name, and basic as its recipe's name.
task recipe-planSee the detailed documentation here.
This Module follows the principles of Semantic Versioning (SemVer).
Given a version number MAJOR.MINOR.PATCH, we increment the:
MAJORversion when we make incompatible changes,MINORversion when we add functionality in a backwards compatible manner, andPATCHversion when we make backwards compatible bug fixes.
- Backwards compatibility in versions
0.0.zis not guaranteed whenzis increased. (Initial development) - Backwards compatibility in versions
0.y.zis not guaranteed whenyis increased. (Pre-release)
Contributions are always encouraged and welcome! β€οΈ. For the process of accepting changes, please refer to the CONTRIBUTING.md file, and for a more detailed explanation, please refer to this guideline here.
This module is licensed under the Apache License Version 2.0, January 2004. Please see LICENSE for full details.
made/with β€οΈ π€