by Daniel Rivera
This project deploys a few AWS resources to validate the Terraform-compliance framework, thre scenarios have been defined:
- Tag validation: validate that the whole resources created with the terraform code have the following tags with the respective value: | tags | value | | Owner | DanielR | | Environment | develop |
- S3 encryption validation: validate if the s3 buckets created has encryption enabled using KMS
- Secret Manager validation: validate if the retention policy for secret manager is equal to 10.
There are general steps that you must follow to launch the resources.
Before launching a resource you need to have in mind the following:
-
Install terraform, use Terraform v1.0.9, you can download it here https://releases.hashicorp.com/terraform/1.0.9/
-
python
-
Install Terraform compliance framework, you can check the documentation here https://terraform-compliance.com/pages/installation/
-
Configure the AWS credentials into your laptop(for Linux ~/.aws/credentials), you need to use the following format:
[PROFILE_NAME] aws_access_key_id = Replace_for_correct_Access_Key aws_secret_access_key = Replace_for_correct_Secret_Key
If you have more AWS profiles feel free to add them.
-
Docker, you can check the documentation here https://docs.docker.com/engine/install/
1. Clone the repository
2. Run terraform init command
terraform init
3. run terraform plan
terraform plan -var region="SPECIFY_AN_AWS_REGION" -var profile_name="A_PROFILE_NAME_CREATE_STEP_BEFORE" -var environment="A_CUSTOME_NAME_FOR_ENV" -out=plan.out
note This command will create a file named plan.out that contains the plan for the resources to create.
4. Validate if the plan gather the compliance rules defined
terraform-compliance -f compliance/ -p plan.out