fix tags

.gitignore

@@ -1 +1,211 @@
-.vscode
+.vscode
+# ignored files
+*~
+
+# temporary files which can be created if a process still has a handle open of a deleted file
+.fuse_hidden*
+
+# KDE directory preferences
+.directory
+
+# Linux trash folder which might appear on any partition or disk
+.Trash-*
+
+# .nfs files are created when an open file is removed but is still being accessed
+.nfs*
+### Eclipse template
+
+.metadata
+bin/
+tmp/
+*.tmp
+*.bak
+*.swp
+*~.nib
+local.properties
+.settings/
+.loadpath
+.recommenders
+
+# External tool builders
+.externalToolBuilders/
+
+# Locally stored "Eclipse launch configurations"
+*.launch
+
+# PyDev specific (Python IDE for Eclipse)
+*.pydevproject
+
+# CDT-specific (C/C++ Development Tooling)
+.cproject
+
+# Java annotation processor (APT)
+.factorypath
+
+# PDT-specific (PHP Development Tools)
+.buildpath
+
+# sbteclipse plugin
+.target
+
+# Tern plugin
+.tern-project
+
+# TeXlipse plugin
+.texlipse
+
+# STS (Spring Tool Suite)
+.springBeans
+
+# Code Recommenders
+.recommenders/
+
+# Scala IDE specific (Scala & Java development for Eclipse)
+.cache-main
+.scala_dependencies
+.worksheet
+### Windows template
+# Windows thumbnail cache files
+Thumbs.db
+ehthumbs.db
+ehthumbs_vista.db
+
+# Dump file
+*.stackdump
+
+# Folder config file
+[Dd]esktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Windows Installer files
+*.cab
+*.msi
+*.msm
+*.msp
+
+# Windows shortcuts
+*.lnk
+### Ansible template
+*.retry
+### macOS template
+# General
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+### Archives template
+# It's better to unpack these files and commit the raw source because
+# git has its own built in compression methods.
+*.7z
+*.jar
+*.rar
+*.zip
+*.gz
+*.tgz
+*.bzip
+*.bz2
+*.xz
+*.lzma
+*.cab
+
+# Packing-only formats
+*.iso
+*.tar
+
+# Package management formats
+*.dmg
+*.xpi
+*.gem
+*.egg
+*.deb
+*.rpm
+*.msi
+*.msm
+*.msp
+### JetBrains template
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm
+# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
+
+/.idea/
+# User-specific stuff:
+.idea/**/workspace.xml
+.idea/**/tasks.xml
+.idea/dictionaries
+
+# Sensitive or high-churn files:
+.idea/**/dataSources/
+.idea/**/dataSources.ids
+.idea/**/dataSources.xml
+.idea/**/dataSources.local.xml
+.idea/**/sqlDataSources.xml
+.idea/**/dynamic.xml
+.idea/**/uiDesigner.xml
+
+# Gradle:
+.idea/**/gradle.xml
+.idea/**/libraries
+
+# CMake
+cmake-build-debug/
+
+# Mongo Explorer plugin:
+.idea/**/mongoSettings.xml
+
+## File-based project format:
+*.iws
+
+## Plugin-specific files:
+
+# IntelliJ
+out/
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+# User-specific stuff:
+.idea/*
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Cursive Clojure plugin
+.idea/replstate.xml
+
+# TFstste
+*.tfstate*
+
+deployment/_logs/ansible-log.json
+deployment/_logs/ansible-log.log
+deployment/_logs/facts/*
+deployment/_logs/retry/*
+_app/*
+ansible-log.json
+.terraform
+terraform.tfstate
+
+*.tfstate
+*.tfstate.backup
+*.iml
+*.terraform.lock.hcl
+*.lock.hcl

bitbucket.tf

@@ -1,7 +1,7 @@
 module "bitbucket" {
   for_each = var.bitbucket
 
-  source = "github.com/opszero/terraform-aws-bitbucket-oidc"
+  source = "github.com/opszero/terraform-aws-bitbucket-oidc?ref=v1.0.0"
 
   workspace_name = each.value.workspace_name
   workspace_uuid = each.value.workspace_uuid

github.tf

@@ -1,7 +1,7 @@
 module "oidc-github" {
   for_each = var.github
 
-  source = "github.com/opszero/terraform-aws-oidc-github"
+  source = "github.com/opszero/terraform-aws-oidc-github?ref=v1.0.0"
 
   github_repositories = each.value.repos
 

gitlab.tf

@@ -1,8 +1,7 @@
 module "aws_oidc_gitlab" {
 
   for_each = var.gitlab
-  source   = "github.com/abhiyerra/terraform-aws-oidc-gitlab"
-
+  source = "github.com/opszero/terraform-aws-oidc-gitlab?ref=v1.0.0"
 
   attach_admin_policy  = false
   create_oidc_provider = true

groups.tf

@@ -1,8 +1,7 @@
 module "iam_group_with_policies" {
   for_each = var.groups
 
-  source  = "terraform-aws-modules/iam/aws//modules/iam-group-with-policies"
-  version = "~> 6"
+  source  = "./iam-group-with-policies"
 
   name = each.key
 

iam-group-with-policies/main.tf

@@ -0,0 +1,64 @@
+locals {
+  group_name = var.create_group ? aws_iam_group.this[0].id : var.name
+}
+
+resource "aws_iam_group" "this" {
+  count = var.create_group ? 1 : 0
+
+  name = var.name
+  path = var.path
+}
+
+resource "aws_iam_group_membership" "this" {
+  count = length(var.group_users) > 0 ? 1 : 0
+
+  group = local.group_name
+  name  = var.name
+  users = var.group_users
+}
+
+################################
+# IAM group policy attachements
+################################
+resource "aws_iam_group_policy_attachment" "iam_self_management" {
+  count = var.attach_iam_self_management_policy ? 1 : 0
+
+  group      = local.group_name
+  policy_arn = aws_iam_policy.iam_self_management[0].arn
+}
+
+resource "aws_iam_group_policy_attachment" "custom_arns" {
+  count = length(var.custom_group_policy_arns)
+
+  group      = local.group_name
+  policy_arn = element(var.custom_group_policy_arns, count.index)
+}
+
+resource "aws_iam_group_policy_attachment" "custom" {
+  count = length(var.custom_group_policies)
+
+  group      = local.group_name
+  policy_arn = element(aws_iam_policy.custom[*].arn, count.index)
+}
+
+###############
+# IAM policies
+###############
+resource "aws_iam_policy" "iam_self_management" {
+  count = var.attach_iam_self_management_policy ? 1 : 0
+
+  name_prefix = var.iam_self_management_policy_name_prefix
+  policy      = data.aws_iam_policy_document.iam_self_management.json
+
+  tags = var.tags
+}
+
+resource "aws_iam_policy" "custom" {
+  count = length(var.custom_group_policies)
+
+  name        = var.custom_group_policies[count.index]["name"]
+  policy      = var.custom_group_policies[count.index]["policy"]
+  description = lookup(var.custom_group_policies[count.index], "description", null)
+
+  tags = var.tags
+}

iam-group-with-policies/outputs.tf

@@ -0,0 +1,19 @@
+output "aws_account_id" {
+  description = "IAM AWS account id"
+  value       = local.aws_account_id
+}
+
+output "group_arn" {
+  description = "IAM group arn"
+  value       = try(aws_iam_group.this[0].arn, "")
+}
+
+output "group_users" {
+  description = "List of IAM users in IAM group"
+  value       = flatten(aws_iam_group_membership.this[*].users)
+}
+
+output "group_name" {
+  description = "IAM group name"
+  value       = try(aws_iam_group.this[0].name, var.name)
+}