slalom · michalsicak · Aug 19, 2020 · Sep 11, 2020 · Sep 11, 2020 · Sep 11, 2020
diff --git a/.gitignore b/.gitignore
@@ -1,5 +1,5 @@
 # Config file (comment this line to modify the template):
-samples/infra-config.yml
+**/samples/infra-config.yml
 build
 !build/README.md
 
@@ -25,6 +25,7 @@ plan.out.json
 !**/.secrets/*.md
 !**/.secrets/*sample*
 !**/.secrets/*template*
+.vscode/**
 
 # .tfstate files
 *.tfstate
@@ -44,3 +45,4 @@ __pycache__
 .mypy_cache
 **.pyc
 .gitignore
+samples/serverless-data-pipeline
diff --git a/catalog/aws/tableau-server/variables.tf b/catalog/aws/tableau-server/variables.tf
@@ -40,7 +40,8 @@ ports). If not set, this will default to allow incoming connections from
 any IP address (['0.0.0.0/0']). In general, this should be omitted unless the
 site has a VPN or other internal list of IP whitelist ranges.
 EOF
-  default     = ["0.0.0.0/0"]
+  #default of 0.0.0.0/0 was pushed to the app_cidr security group which is flagged by the itsec and removed
+  default = []
 }
 variable "ec2_instance_type" {
   description = "Optional. Overrides the Tableau Server instance type."

diff --git a/catalog/azure/data-lake/main.tf b/catalog/azure/data-lake/main.tf
@@ -18,11 +18,11 @@ module "data_lake_gen1" {
 }
 
 module "data_lake_gen2" {
-  source                   = "../../../components/azure/data-lake/gen-2"
-  count                    = var.data_lake_type == "Gen2" ? 1 : 0
-  name_prefix              = var.name_prefix
-  data_lake_name           = var.data_lake_name
-  data_lake_type           = var.data_lake_type
-  resource_tags            = var.resource_tags
-  storage_account_id       = var.storage_account_id
+  source             = "../../../components/azure/data-lake/gen-2"
+  count              = var.data_lake_type == "Gen2" ? 1 : 0
+  name_prefix        = var.name_prefix
+  data_lake_name     = var.data_lake_name
+  data_lake_type     = var.data_lake_type
+  resource_tags      = var.resource_tags
+  storage_account_id = var.storage_account_id
 }
diff --git a/catalog/azure/resource-group/outputs.tf b/catalog/azure/resource-group/outputs.tf
@@ -1,5 +1,5 @@
 locals {
-   resource_group_name = module.rg.resource_group_name
+  resource_group_name = module.rg.resource_group_name
 }
 
 output "summary" {

diff --git a/catalog/azure/storage-account/outputs.tf b/catalog/azure/storage-account/outputs.tf
@@ -1,6 +1,6 @@
 locals {
-   storage_account_name = module.storage_account.storage_account_name
-   storage_account_id   = module.storage_account.storage_account_id
+  storage_account_name = module.storage_account.storage_account_name
+  storage_account_id   = module.storage_account.storage_account_id
 }
 
 output "summary" {

diff --git a/catalog/azure/storage-account/variables.tf b/catalog/azure/storage-account/variables.tf
@@ -58,13 +58,13 @@ variable "access_tier" {
 }
 
 variable "enable_https_traffic_only" {
-   description = "Boolean flag which forces HTTPS if enabled."
-   type        = bool
-   default     = true
+  description = "Boolean flag which forces HTTPS if enabled."
+  type        = bool
+  default     = true
 }
 
 variable "allow_blob_public_access" {
-   description = "Allow or disallow public access to all Blobs or Containers in the Storage Account."
-   type        = bool
-   default     = false
+  description = "Allow or disallow public access to all Blobs or Containers in the Storage Account."
+  type        = bool
+  default     = false
 }
diff --git a/catalog/azure/storage/outputs.tf b/catalog/azure/storage/outputs.tf
@@ -6,38 +6,38 @@ locals {
 
 output "summary" {
   description = "Summary of resources created by this module."
-  value       = <<EOF
+  value = <<EOF
 
 Storage Summary:
   - Container Name(s):
   ${"\t"}${
-    coalesce(join("\n\t",
-      [
-        for container_name in local.storage_container_names :
-        "${container_name}"
-      ]
-    ), "(none)")
+  coalesce(join("\n\t",
+    [
+      for container_name in local.storage_container_names :
+      "${container_name}"
+    ]
+  ), "(none)")
   }
 
   - Table Name(s):
   ${"\t"}${
-    coalesce(join("\n\t",
-      [
-        for table_name in local.table_storage_names :
-        "${table_name}"
-      ]
-    ), "(none)")
+  coalesce(join("\n\t",
+    [
+      for table_name in local.table_storage_names :
+      "${table_name}"
+    ]
+  ), "(none)")
   }
 
   - Queue Name(s):
   ${"\t"}${
-    coalesce(join("\n\t",
-      [
-        for queue_name in local.queue_storage_names :
-        "${queue_name}"
-      ]
-    ), "(none)")
-  }
+  coalesce(join("\n\t",
+    [
+      for queue_name in local.queue_storage_names :
+      "${queue_name}"
+    ]
+  ), "(none)")
+}
 
 
 EOF

diff --git a/components/aws/ec2/main.tf b/components/aws/ec2/main.tf
@@ -15,7 +15,7 @@ locals {
   my_ip             = "${chomp(data.http.icanhazip.body)}"
   my_ip_cidr        = "${chomp(data.http.icanhazip.body)}/32"
   admin_cidr        = flatten([local.my_ip_cidr, var.admin_cidr])
-  app_cidr          = length(var.app_cidr) == 0 ? local.admin_cidr : var.app_cidr
+  app_cidr          = flatten([local.admin_cidr, var.app_cidr])
   pricing_regex = chomp(
     <<EOF
 ${var.environment.aws_region}\\\"\\X*${replace(var.instance_type, ".", "\\.")}\\X*prices\\X*USD:\\\"(\\X*)\\\"

diff --git a/components/aws/ec2/variables.tf b/components/aws/ec2/variables.tf
@@ -47,7 +47,7 @@ Optional. The IP address range(s) which should have access to the non-admin port
 connections from any IP address (['0.0.0.0/0']). In general, this should be omitted
 unless the site has a VPN or other internal list of IP whitelist ranges.
 EOF
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 variable "app_ports" {
   description = <<EOF

diff --git a/components/azure/data-lake/gen-1/main.tf b/components/azure/data-lake/gen-1/main.tf
@@ -4,7 +4,7 @@
 */
 
 locals {
-  data_lake_create_flag  = var.data_lake_type == "Gen1" ? 1 : 0
+  data_lake_create_flag = var.data_lake_type == "Gen1" ? 1 : 0
 }
 
 resource "azurerm_data_lake_store" "data_lake_gen1" {

diff --git a/components/azure/data-lake/gen-2/main.tf b/components/azure/data-lake/gen-2/main.tf
@@ -4,12 +4,12 @@
 */
 
 locals {
-  data_lake_create_flag  = var.data_lake_type == "Gen2" ? 1 : 0
+  data_lake_create_flag = var.data_lake_type == "Gen2" ? 1 : 0
 }
 
 resource "azurerm_storage_data_lake_gen2_filesystem" "data_lake_gen2" {
   # count                    = local.data_lake_create_flag
-  name                     = var.data_lake_name
-  storage_account_id       = var.storage_account_id
+  name               = var.data_lake_name
+  storage_account_id = var.storage_account_id
   # properties               = var.resource_tags
 }
diff --git a/components/azure/storage-account/variables.tf b/components/azure/storage-account/variables.tf
@@ -58,15 +58,15 @@ variable "access_tier" {
 }
 
 variable "enable_https_traffic_only" {
-   description = "Boolean flag which forces HTTPS if enabled."
-   type        = bool
-   default     = true
+  description = "Boolean flag which forces HTTPS if enabled."
+  type        = bool
+  default     = true
 }
 
 variable "allow_blob_public_access" {
-   description = "Allow or disallow public access to all Blobs or Containers in the Storage Account."
-   type        = bool
-   default     = false
+  description = "Allow or disallow public access to all Blobs or Containers in the Storage Account."
+  type        = bool
+  default     = false
 }
 
 variable "is_hns_enabled" {

diff --git a/samples/azure/data-lake-gen1-on-azure/00-resource-group.tf b/samples/azure/data-lake-gen1-on-azure/00-resource-group.tf
@@ -38,5 +38,5 @@ module "rg" {
   resource_tags  = local.resource_tags
 
   # CONFIGURE HERE:
-  resource_group_name  = "test"
+  resource_group_name = "test"
 }
diff --git a/samples/azure/data-lake-gen2-on-azure/00-resource-group.tf b/samples/azure/data-lake-gen2-on-azure/00-resource-group.tf
@@ -38,5 +38,5 @@ module "rg" {
   resource_tags  = local.resource_tags
 
   # CONFIGURE HERE:
-  resource_group_name  = "test"
+  resource_group_name = "test"
 }
diff --git a/samples/azure/storage-on-azure/00-resource-group.tf b/samples/azure/storage-on-azure/00-resource-group.tf
@@ -38,5 +38,5 @@ module "rg" {
   resource_tags  = local.resource_tags
 
   # CONFIGURE HERE:
-  resource_group_name  = "test"
+  resource_group_name = "test"
 }
diff --git a/samples/infra-config.yml b/samples/infra-config.yml
@@ -1,4 +1,6 @@
+#for London aws labs account
 aws_region: us-east-1
 project_shortname: TestProject01
 resource_tags:
-  admin_contact: my.admin@sample.com
+  Owner: name.surname@sample.com
+profile: slalom-labs
diff --git a/samples/tableau-on-aws/00_environment.tf b/samples/tableau-on-aws/00_environment.tf
@@ -20,14 +20,17 @@ locals {
   project_shortname = local.config["project_shortname"]
   aws_region        = local.config["aws_region"]
   name_prefix       = "${local.project_shortname}-"
-  resource_tags     = merge(local.config["resource_tags"], { project = local.project_shortname })
+  #added for non-default credentials profiles
+  aws_profile   = local.config["profile"]
+  resource_tags = merge(local.config["resource_tags"], { project = local.project_shortname })
 }
 
 provider "aws" {
   version                 = "~> 3.0"
   region                  = local.aws_region
   shared_credentials_file = local.aws_credentials_file
-  profile                 = "default"
+  #using the profile name from the local variables
+  profile = local.aws_profile
 }
 
 output "env_summary" { value = module.env.summary }
@@ -37,6 +40,7 @@ module "env" {
   aws_region           = local.aws_region
   aws_credentials_file = local.aws_credentials_file
   resource_tags        = local.resource_tags
+  aws_profile          = local.aws_profile
 }
 
 resource "null_resource" "secrets_folder_protection" {