diff --git a/.terrahub.yml b/.terrahub.yml index d006c3c..41267c2 100644 --- a/.terrahub.yml +++ b/.terrahub.yml @@ -2,16 +2,20 @@ project: name: demo-terraform-automation-aws code: 7356626c - include: - - '.' - exclude: - - '**/.terraform/*' - - '**/node_modules/*' + include: ['.'] + exclude: ['**/.terraform/*', '**/node_modules/*'] -## terraform config -terraform: - varFile: - - default.tfvars - var: +## template config +template: + locals: account_id: 123456789012 region: us-east-1 + provider: + aws: + region: '${local.region}' + allowed_account_ids: ['${local.account_id}'] + +## terraform config +terraform: + varFile: ['default.tfvars'] + version: 0.11.7 diff --git a/iam_group/.terrahub.yml b/iam_group/.terrahub.yml index d9c5c7c..7ac18ff 100644 --- a/iam_group/.terrahub.yml +++ b/iam_group/.terrahub.yml @@ -1,10 +1,32 @@ ## local config component: name: 'iam_group' - dependsOn: - - '../iam_policy' - -## ci config -ci: - mapping: - - '.' + mapping: ['.'] + dependsOn: ['../iam_policy'] + template: + resource: + aws_iam_group: + iam_group: + name: ${var.iam_group_name} + path: ${var.iam_group_path} + output: + id: + value: ${aws_iam_group.iam_group.id} + thub_id: + value: ${aws_iam_group.iam_group.id} + arn: + value: ${aws_iam_group.iam_group.arn} + name: + value: ${aws_iam_group.iam_group.name} + path: + value: ${aws_iam_group.iam_group.path} + unique_id: + value: ${aws_iam_group.iam_group.unique_id} + variable: + iam_group_name: + type: string + iam_group_path: + type: string + tfvars: + iam_group_name: iam_group + iam_group_path: / diff --git a/iam_group/README.md b/iam_group/README.md deleted file mode 100644 index ece8855..0000000 --- a/iam_group/README.md +++ /dev/null @@ -1,25 +0,0 @@ -# iam_group - -Provides an IAM group. - -## input variables - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -|account_id|The id of AWS account.|string||Yes| -|region|This is the AWS region.|string|us-east-1|Yes| -|iam_group_name|The group's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. group names are not distinguished by case.|string|{{ name }}|No| -|iam_group_path|Path in which to create the group.|string|/|No| -|custom_tags|Custom tags.|map||No| -|default_tags|Default tags.|map|{"ThubName"= "{{ name }}","ThubCode"= "{{ code }}","ThubEnv"= "default","Description" = "Managed by TerraHub"}|No| - -## output parameters - -| Name | Description | Type | -|------|-------------|:----:| -|id|The group's ID.|string| -|thub_id|The group's ID (hotfix for issue hashicorp/terraform#[7982]).|string| -|arn|The ARN assigned by AWS for this group.|string| -|name|The group's name.|string| -|path|The path of the group in IAM.|string| -|unique_id|The unique ID assigned by AWS.|string| diff --git a/iam_group/default.tfvars b/iam_group/default.tfvars deleted file mode 100644 index fe247f1..0000000 --- a/iam_group/default.tfvars +++ /dev/null @@ -1,17 +0,0 @@ -# Specify default values for variables defined in variables.tf - -############ -# provider # -############ -account_id = "123456789012" -region = "us-east-1" - -############# -# top level # -############# -iam_group_name = "iam_group" -iam_group_path = "/" - -########## -# custom # -########## diff --git a/iam_group/main.tf b/iam_group/main.tf deleted file mode 100644 index 2965407..0000000 --- a/iam_group/main.tf +++ /dev/null @@ -1,4 +0,0 @@ -resource "aws_iam_group" "iam_group" { - name = "${var.iam_group_name}" - path = "${var.iam_group_path}" -} diff --git a/iam_group/output.tf b/iam_group/output.tf deleted file mode 100644 index a7f78d9..0000000 --- a/iam_group/output.tf +++ /dev/null @@ -1,25 +0,0 @@ -# Define list of variables to be output - -output "id" { - value = "${aws_iam_group.iam_group.id}" -} - -output "thub_id" { - value = "${aws_iam_group.iam_group.id}" -} - -output "arn" { - value = "${aws_iam_group.iam_group.arn}" -} - -output "name" { - value = "${aws_iam_group.iam_group.name}" -} - -output "path" { - value = "${aws_iam_group.iam_group.path}" -} - -output "unique_id" { - value = "${aws_iam_group.iam_group.unique_id}" -} diff --git a/iam_group/provider.tf b/iam_group/provider.tf deleted file mode 100644 index 4f0919e..0000000 --- a/iam_group/provider.tf +++ /dev/null @@ -1,6 +0,0 @@ -provider "aws" { - version = "~> 1.0" - region = "${var.region}" - - allowed_account_ids = ["${var.account_id}"] -} diff --git a/iam_group/variables.tf b/iam_group/variables.tf deleted file mode 100644 index aff818e..0000000 --- a/iam_group/variables.tf +++ /dev/null @@ -1,23 +0,0 @@ -# Define list of variables to be used in main.tf - -############ -# provider # -############ -variable "account_id" { - description = "Allowed AWS account ID, to prevent you from mistakenly using an incorrect one (and potentially end up destroying a live environment)." -} - -variable "region" { - description = "This is the AWS region." -} - -############# -# top level # -############# -variable "iam_group_name" { - description = "he group's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. Group names are not distinguished by case." -} - -variable "iam_group_path" { - description = "Path in which to create the group." -} diff --git a/iam_policy/.terrahub.yml b/iam_policy/.terrahub.yml index 1166961..55909da 100644 --- a/iam_policy/.terrahub.yml +++ b/iam_policy/.terrahub.yml @@ -1,10 +1,53 @@ ## local config component: name: 'iam_policy' - dependsOn: - - '../iam_role' - -## ci config -ci: - mapping: - - '.' + mapping: ['.'] + dependsOn: ['../iam_role'] + template: + data: + aws_iam_policy_document: + iam_policy: + statement: + - sid: ${var.iam_policy_sid} + actions: ${split(",",var.iam_policy_actions)} + resources: ${split(",",var.iam_policy_resources)} + resource: + aws_iam_policy: + iam_policy: + description: ${var.iam_policy_description} + name: ${var.iam_policy_name} + path: ${var.iam_policy_path} + policy: ${data.aws_iam_policy_document.iam_policy.json} + output: + id: + value: ${aws_iam_policy.iam_policy.id} + thub_id: + value: ${aws_iam_policy.iam_policy.id} + arn: + value: ${aws_iam_policy.iam_policy.arn} + name: + value: ${aws_iam_policy.iam_policy.name} + path: + value: ${aws_iam_policy.iam_policy.path} + policy: + value: ${aws_iam_policy.iam_policy.policy} + variable: + iam_policy_name: + type: string + iam_policy_description: + type: string + iam_policy_path: + type: string + iam_policy_sid: + type: string + iam_policy_actions: + type: string + iam_policy_resources: + type: string + tfvars: + iam_policy_actions: lambda:* + iam_policy_description: Managed by TerraHub + iam_policy_name: iam_policy + iam_policy_path: / + iam_policy_resources: '*' + iam_policy_sid: default diff --git a/iam_policy/README.md b/iam_policy/README.md deleted file mode 100644 index 59225bb..0000000 --- a/iam_policy/README.md +++ /dev/null @@ -1,27 +0,0 @@ -# aws_iam_policy - -Create an IAM policy. - -## input variables - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -|account_id|The id of AWS account.|string||Yes| -|region|This is the AWS region.|string|us-east-1|Yes| -|iam_policy_name|The name of policy.|string||Yes| -|iam_policy_path|The path of policy.|string|/|No| -|iam_policy_sid|The sid of policy.|string|default|No| -|iam_policy_actions|A list of actions, separate with ','.|string|lambda:*|No| -|iam_policy_resources|A list of resources, separate with ','.|string|*|No| - - -## output parameters - -| Name | Description | Type | -|------|-------------|:----:| -|id|The policy's ID.|int| -|thub_id|The policy's ID (hotfix for issue hashicorp/terraform#[7982]).|int| -|arn|The ARN assigned by AWS to this policy.|string| -|name|The name of the policy.|int| -|path|The path of the policy.|int| -|policy|The policy of the policy.|int| diff --git a/iam_policy/data.tf b/iam_policy/data.tf deleted file mode 100644 index 960befb..0000000 --- a/iam_policy/data.tf +++ /dev/null @@ -1,7 +0,0 @@ -data "aws_iam_policy_document" "iam_policy" { - statement { - sid = "${var.iam_policy_sid}" - actions = "${split(",",var.iam_policy_actions)}" - resources = "${split(",",var.iam_policy_resources)}" - } -} diff --git a/iam_policy/default.tfvars b/iam_policy/default.tfvars deleted file mode 100644 index f525c8a..0000000 --- a/iam_policy/default.tfvars +++ /dev/null @@ -1,21 +0,0 @@ -# Specify default values for variables defined in variables.tf - -############ -# provider # -############ -account_id = "123456789012" -region = "us-east-1" - -############## -# iam policy # -############## -iam_policy_name = "iam_policy" -iam_policy_description = "Managed by TerraHub" -iam_policy_path = "/" -iam_policy_sid = "default" -iam_policy_actions = "lambda:*" -iam_policy_resources = "*" - -########## -# custom # -########## diff --git a/iam_policy/main.tf b/iam_policy/main.tf deleted file mode 100644 index 0406bfb..0000000 --- a/iam_policy/main.tf +++ /dev/null @@ -1,6 +0,0 @@ -resource "aws_iam_policy" "iam_policy" { - name = "${var.iam_policy_name}" - description = "${var.iam_policy_description}" - path = "${var.iam_policy_path}" - policy = "${data.aws_iam_policy_document.iam_policy.json}" -} diff --git a/iam_policy/output.tf b/iam_policy/output.tf deleted file mode 100644 index 47d62c1..0000000 --- a/iam_policy/output.tf +++ /dev/null @@ -1,25 +0,0 @@ -# Define list of variables to be output - -output "id" { - value = "${aws_iam_policy.iam_policy.id}" -} - -output "thub_id" { - value = "${aws_iam_policy.iam_policy.id}" -} - -output "arn" { - value = "${aws_iam_policy.iam_policy.arn}" -} - -output "name" { - value = "${aws_iam_policy.iam_policy.name}" -} - -output "path" { - value = "${aws_iam_policy.iam_policy.path}" -} - -output "policy" { - value = "${aws_iam_policy.iam_policy.policy}" -} diff --git a/iam_policy/provider.tf b/iam_policy/provider.tf deleted file mode 100644 index 4f0919e..0000000 --- a/iam_policy/provider.tf +++ /dev/null @@ -1,6 +0,0 @@ -provider "aws" { - version = "~> 1.0" - region = "${var.region}" - - allowed_account_ids = ["${var.account_id}"] -} diff --git a/iam_policy/variables.tf b/iam_policy/variables.tf deleted file mode 100644 index 492e1a2..0000000 --- a/iam_policy/variables.tf +++ /dev/null @@ -1,45 +0,0 @@ -# Define list of variables to be used in main.tf - -############ -# provider # -############ -variable "account_id" { - description = "Allowed AWS account ID, to prevent you from mistakenly using an incorrect one (and potentially end up destroying a live environment)." -} - -variable "region" { - description = "This is the AWS region." -} - -############### -# iam policy # -############### -variable "iam_policy_name" { - description = "The name of policy." - type = "string" -} - -variable "iam_policy_description" { - description = "The description of policy." - type = "string" -} - -variable "iam_policy_path" { - description = "The path of policy." - type = "string" -} - -variable "iam_policy_sid" { - description = "The sid of policy." - type = "string" -} - -variable "iam_policy_actions" { - description = "A list of actions, separate with ','." - type = "string" -} - -variable "iam_policy_resources" { - description = "A list of resources, separate with ','." - type = "string" -} diff --git a/iam_role/.terrahub.yml b/iam_role/.terrahub.yml index 9fcd838..268c6c8 100644 --- a/iam_role/.terrahub.yml +++ b/iam_role/.terrahub.yml @@ -1,8 +1,63 @@ ## local config component: name: 'iam_role' - -## ci config -ci: - mapping: - - '.' + mapping: ['.'] + template: + data: + aws_iam_policy_document: + iam_role: + statement: + - sid: ${var.iam_role_policy_sid} + actions: ${var.iam_role_policy_actions} + effect: ${var.iam_role_policy_effect} + principals: + identifiers: ${var.iam_role_policy_principals_identifiers} + type: ${var.iam_role_policy_principals_type} + resource: + aws_iam_role: + iam_role: + assume_role_policy: ${data.aws_iam_policy_document.iam_role.json} + description: ${var.iam_role_description} + force_detach_policies: ${var.iam_role_force_detach_policies} + name: ${var.iam_role_name} + path: ${var.iam_role_path} + output: + arn: + value: ${aws_iam_role.iam_role.arn} + create_date: + value: ${aws_iam_role.iam_role.create_date} + unique_id: + value: ${aws_iam_role.iam_role.unique_id} + name: + value: ${aws_iam_role.iam_role.name} + description: + value: ${aws_iam_role.iam_role.description} + variable: + iam_role_name: + type: string + iam_role_description: + type: string + iam_role_path: + type: string + iam_role_force_detach_policies: + type: string + iam_role_policy_sid: + type: string + iam_role_policy_actions: + type: list + iam_role_policy_effect: + type: string + iam_role_policy_principals_type: + type: string + iam_role_policy_principals_identifiers: + type: list + tfvars: + iam_role_description: Managed by TerraHub + iam_role_force_detach_policies: false + iam_role_name: iam_role + iam_role_path: / + iam_role_policy_actions: [sts:AssumeRole] + iam_role_policy_effect: Allow + iam_role_policy_principals_identifiers: [lambda.amazonaws.com] + iam_role_policy_principals_type: Service + iam_role_policy_sid: "1" diff --git a/iam_role/README.md b/iam_role/README.md deleted file mode 100644 index f6af3e8..0000000 --- a/iam_role/README.md +++ /dev/null @@ -1,29 +0,0 @@ -# aws_iam_role - -Create an IAM role. - -## input variables - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -|account_id|The id of AWS account.|string||Yes| -|region|This is the AWS region.|string|us-east-1|Yes| -|iam_role_name|The name of the role. If omitted, Terraform will assign a random, unique name.|string||No| -|iam_role_force_detach_policies|Specifies to force detaching any policies the role has before destroying it. Defaults to false.|string|false|No| -|iam_role_description|The description of the role.|string|[]|No| -|iam_role_policy_sid|An ID for the policy statement.|string|1|No| -|iam_role_policy_actions|A list of actions that this statement either allows or denies.|list|[]|No| -|iam_role_policy_effect|Either Allow or Deny, to specify whether this statement allows or denies the given actions.|string|Allow|No| -|iam_role_policy_principals_type|The type of principal. For AWS accounts this is AWS.|string|AWS|No| -|iam_role_policy_principals_identifiers|List of identifiers for principals. When type is AWS, these are IAM user or role ARNs.|list|[]|No| - - -## output parameters - -| Name | Description | Type | -|------|-------------|:----:| -|arn|The Amazon Resource Name (ARN) specifying the role.|string| -|create_date|The creation date of the IAM role.|string| -|unique_id|The stable and unique string identifying the role.|string| -|name|The name of the role.|string| -|description|The description of the role.|string| diff --git a/iam_role/data.tf b/iam_role/data.tf deleted file mode 100644 index 7c7f440..0000000 --- a/iam_role/data.tf +++ /dev/null @@ -1,11 +0,0 @@ -data "aws_iam_policy_document" "iam_role" { - statement { - sid = "${var.iam_role_policy_sid}" - actions = "${var.iam_role_policy_actions}" - principals = { - type = "${var.iam_role_policy_principals_type}" - identifiers = "${var.iam_role_policy_principals_identifiers}" - } - effect = "${var.iam_role_policy_effect}" - } -} diff --git a/iam_role/default.tfvars b/iam_role/default.tfvars deleted file mode 100644 index 5439734..0000000 --- a/iam_role/default.tfvars +++ /dev/null @@ -1,28 +0,0 @@ -# Specify default values for variables defined in variables.tf - -############ -# provider # -############ -account_id = "123456789012" -region = "us-east-1" - -############ -# iam role # -############ -iam_role_name = "iam_role" -iam_role_description = "Managed by TerraHub" -iam_role_path = "/" -iam_role_force_detach_policies = false - -############## -# iam policy # -############## -iam_role_policy_sid = "1" -iam_role_policy_actions = ["sts:AssumeRole"] -iam_role_policy_effect = "Allow" -iam_role_policy_principals_type = "Service" -iam_role_policy_principals_identifiers = ["lambda.amazonaws.com"] - -########## -# custom # -########## diff --git a/iam_role/main.tf b/iam_role/main.tf deleted file mode 100644 index 99170a6..0000000 --- a/iam_role/main.tf +++ /dev/null @@ -1,7 +0,0 @@ -resource "aws_iam_role" "iam_role" { - name = "${var.iam_role_name}" - description = "${var.iam_role_description}" - path = "${var.iam_role_path}" - force_detach_policies = "${var.iam_role_force_detach_policies}" - assume_role_policy = "${data.aws_iam_policy_document.iam_role.json}" -} diff --git a/iam_role/output.tf b/iam_role/output.tf deleted file mode 100644 index 5a25e0d..0000000 --- a/iam_role/output.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Define list of variables to be output - -output "arn" { - value = "${aws_iam_role.iam_role.arn}" -} - -output "create_date" { - value = "${aws_iam_role.iam_role.create_date}" -} - -output "unique_id" { - value = "${aws_iam_role.iam_role.unique_id}" -} - -output "name" { - value = "${aws_iam_role.iam_role.name}" -} - -output "description" { - value = "${aws_iam_role.iam_role.description}" -} diff --git a/iam_role/provider.tf b/iam_role/provider.tf deleted file mode 100644 index 4f0919e..0000000 --- a/iam_role/provider.tf +++ /dev/null @@ -1,6 +0,0 @@ -provider "aws" { - version = "~> 1.0" - region = "${var.region}" - - allowed_account_ids = ["${var.account_id}"] -} diff --git a/iam_role/variables.tf b/iam_role/variables.tf deleted file mode 100644 index c718794..0000000 --- a/iam_role/variables.tf +++ /dev/null @@ -1,63 +0,0 @@ -# Define list of variables to be used in main.tf - -############ -# provider # -############ -variable "account_id" { - description = "Allowed AWS account ID, to prevent you from mistakenly using an incorrect one (and potentially end up destroying a live environment)." -} - -variable "region" { - description = "This is the AWS region." -} - -############ -# iam role # -############ -variable "iam_role_name" { - description = "The name of the role. If omitted, Terraform will assign a random, unique name." - type = "string" -} - -variable "iam_role_description" { - description = "The description of the role." - type = "string" -} - -variable "iam_role_path" { - description = "The path of the role." - type = "string" -} - -variable "iam_role_force_detach_policies" { - description = "Specifies to force detaching any policies the role has before destroying it. Defaults to false." - type = "string" -} - -############## -# iam policy # -############## -variable "iam_role_policy_sid" { - description = "An ID for the policy statement." - type = "string" -} - -variable "iam_role_policy_actions" { - description = "A list of actions that this statement either allows or denies." - type = "list" -} - -variable "iam_role_policy_effect" { - description = "Either Allow or Deny, to specify whether this statement allows or denies the given actions." - type = "string" -} - -variable "iam_role_policy_principals_type" { - description = "The type of principal. For AWS accounts this is AWS." - type = "string" -} - -variable "iam_role_policy_principals_identifiers" { - description = "List of identifiers for principals. When type is AWS, these are IAM user or role ARNs." - type = "list" -} diff --git a/iam_role_policy_attachment_to_group/.terrahub.yml b/iam_role_policy_attachment_to_group/.terrahub.yml index f87d117..25d51d8 100644 --- a/iam_role_policy_attachment_to_group/.terrahub.yml +++ b/iam_role_policy_attachment_to_group/.terrahub.yml @@ -1,10 +1,19 @@ ## local config component: name: 'iam_role_policy_attachment_to_group' - dependsOn: - - '../iam_group' - -## ci config -ci: - mapping: - - '.' + mapping: ['.'] + dependsOn: ['../iam_group'] + template: + resource: + aws_iam_group_policy_attachment: + iam_role_policy_attachment_to_group: + group: ${var.iam_group_name} + policy_arn: arn:aws:iam::${local.account_id}:policy/${var.iam_policy_name} {} + variable: + iam_group_name: + type: string + iam_policy_name: + type: string + tfvars: + iam_group_name: iam_role_policy_attachment_to_group + iam_policy_name: iam_role_policy_attachment_to_group diff --git a/iam_role_policy_attachment_to_group/README.md b/iam_role_policy_attachment_to_group/README.md deleted file mode 100644 index 1550c63..0000000 --- a/iam_role_policy_attachment_to_group/README.md +++ /dev/null @@ -1,12 +0,0 @@ -# aws_iam_group_policy_attachment - -Attaches a Managed IAM Policy to an IAM group - -## input variables - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -|account_id|The id of AWS account.|string||Yes| -|region|This is the AWS region.|string|us-east-1|Yes| -|iam_group_name|The name of the group.|string||Yes| -|iam_policy_name|The name of policy.|string||Yes| diff --git a/iam_role_policy_attachment_to_group/default.tfvars b/iam_role_policy_attachment_to_group/default.tfvars deleted file mode 100644 index 32585b1..0000000 --- a/iam_role_policy_attachment_to_group/default.tfvars +++ /dev/null @@ -1,21 +0,0 @@ -# Specify default values for variables defined in variables.tf - -############ -# provider # -############ -account_id = "123456789012" -region = "us-east-1" - -############# -# iam group # -############# -iam_group_name = "iam_role_policy_attachment_to_group" - -############## -# iam policy # -############## -iam_policy_name = "iam_role_policy_attachment_to_group" - -########## -# custom # -########## diff --git a/iam_role_policy_attachment_to_group/main.tf b/iam_role_policy_attachment_to_group/main.tf deleted file mode 100644 index 98b2846..0000000 --- a/iam_role_policy_attachment_to_group/main.tf +++ /dev/null @@ -1,4 +0,0 @@ -resource "aws_iam_group_policy_attachment" "iam_role_policy_attachment_to_group" { - group = "${var.iam_group_name}" - policy_arn = "arn:aws:iam::${var.account_id}:policy/${var.iam_policy_name}" -} \ No newline at end of file diff --git a/iam_role_policy_attachment_to_group/output.tf b/iam_role_policy_attachment_to_group/output.tf deleted file mode 100644 index 2092360..0000000 --- a/iam_role_policy_attachment_to_group/output.tf +++ /dev/null @@ -1 +0,0 @@ -# Define list of variables to be output \ No newline at end of file diff --git a/iam_role_policy_attachment_to_group/provider.tf b/iam_role_policy_attachment_to_group/provider.tf deleted file mode 100644 index 4f0919e..0000000 --- a/iam_role_policy_attachment_to_group/provider.tf +++ /dev/null @@ -1,6 +0,0 @@ -provider "aws" { - version = "~> 1.0" - region = "${var.region}" - - allowed_account_ids = ["${var.account_id}"] -} diff --git a/iam_role_policy_attachment_to_group/variables.tf b/iam_role_policy_attachment_to_group/variables.tf deleted file mode 100644 index a97c3f9..0000000 --- a/iam_role_policy_attachment_to_group/variables.tf +++ /dev/null @@ -1,28 +0,0 @@ -# Define list of variables to be used in main.tf - -############ -# provider # -############ -variable "account_id" { - description = "Allowed AWS account ID, to prevent you from mistakenly using an incorrect one (and potentially end up destroying a live environment)." -} - -variable "region" { - description = "This is the AWS region." -} - -############ -# iam role # -############ -variable "iam_group_name" { - description = "The name of the group." - type = "string" -} - -############## -# iam policy # -############## -variable "iam_policy_name" { - description = "The name of policy" - type = "string" -} diff --git a/iam_role_policy_attachment_to_role/.terrahub.yml b/iam_role_policy_attachment_to_role/.terrahub.yml index e72507a..2057278 100644 --- a/iam_role_policy_attachment_to_role/.terrahub.yml +++ b/iam_role_policy_attachment_to_role/.terrahub.yml @@ -1,10 +1,19 @@ ## local config component: name: 'iam_role_policy_attachment_to_role' - dependsOn: - - '../iam_policy' - -## ci config -ci: - mapping: - - '.' + mapping: ['.'] + dependsOn: ['../iam_policy'] + template: + resource: + aws_iam_role_policy_attachment: + iam_role_policy_attachment_to_role: + policy_arn: arn:aws:iam::${local.account_id}:policy/${var.iam_policy_name} + role: ${var.iam_role_name} {} + variable: + iam_role_name: + type: string + iam_policy_name: + type: string + tfvars: + iam_policy_name: iam_role_policy_attachment_to_role + iam_role_name: iam_role_policy_attachment_to_role diff --git a/iam_role_policy_attachment_to_role/README.md b/iam_role_policy_attachment_to_role/README.md deleted file mode 100644 index 3277fe5..0000000 --- a/iam_role_policy_attachment_to_role/README.md +++ /dev/null @@ -1,12 +0,0 @@ -# aws_iam_role_policy_attachment - -Create an IAM role policy attachment. - -## input variables - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -|account_id|The id of AWS account.|string||Yes| -|region|This is the AWS region.|string|us-east-1|Yes| -|iam_role_name|The name of the role.|string||Yes| -|iam_policy_name|The name of policy.|string||Yes| diff --git a/iam_role_policy_attachment_to_role/default.tfvars b/iam_role_policy_attachment_to_role/default.tfvars deleted file mode 100644 index b5549e9..0000000 --- a/iam_role_policy_attachment_to_role/default.tfvars +++ /dev/null @@ -1,21 +0,0 @@ -# Specify default values for variables defined in variables.tf - -############ -# provider # -############ -account_id = "123456789012" -region = "us-east-1" - -############ -# iam role # -############ -iam_role_name = "iam_role_policy_attachment_to_role" - -############## -# iam policy # -############## -iam_policy_name = "iam_role_policy_attachment_to_role" - -########## -# custom # -########## diff --git a/iam_role_policy_attachment_to_role/main.tf b/iam_role_policy_attachment_to_role/main.tf deleted file mode 100644 index 24a4f20..0000000 --- a/iam_role_policy_attachment_to_role/main.tf +++ /dev/null @@ -1,4 +0,0 @@ -resource "aws_iam_role_policy_attachment" "iam_role_policy_attachment_to_role" { - role = "${var.iam_role_name}" - policy_arn = "arn:aws:iam::${var.account_id}:policy/${var.iam_policy_name}" -} diff --git a/iam_role_policy_attachment_to_role/output.tf b/iam_role_policy_attachment_to_role/output.tf deleted file mode 100644 index f29dac5..0000000 --- a/iam_role_policy_attachment_to_role/output.tf +++ /dev/null @@ -1 +0,0 @@ -# Define list of variables to be output diff --git a/iam_role_policy_attachment_to_role/provider.tf b/iam_role_policy_attachment_to_role/provider.tf deleted file mode 100644 index 4f0919e..0000000 --- a/iam_role_policy_attachment_to_role/provider.tf +++ /dev/null @@ -1,6 +0,0 @@ -provider "aws" { - version = "~> 1.0" - region = "${var.region}" - - allowed_account_ids = ["${var.account_id}"] -} diff --git a/iam_role_policy_attachment_to_role/variables.tf b/iam_role_policy_attachment_to_role/variables.tf deleted file mode 100644 index 4f05085..0000000 --- a/iam_role_policy_attachment_to_role/variables.tf +++ /dev/null @@ -1,28 +0,0 @@ -# Define list of variables to be used in main.tf - -############ -# provider # -############ -variable "account_id" { - description = "Allowed AWS account ID, to prevent you from mistakenly using an incorrect one (and potentially end up destroying a live environment)." -} - -variable "region" { - description = "This is the AWS region." -} - -############ -# iam role # -############ -variable "iam_role_name" { - description = "The name of the role." - type = "string" -} - -############## -# iam policy # -############## -variable "iam_policy_name" { - description = "The name of policy" - type = "string" -} diff --git a/iam_user/.terrahub.yml b/iam_user/.terrahub.yml index c09a286..ca1fad6 100644 --- a/iam_user/.terrahub.yml +++ b/iam_user/.terrahub.yml @@ -1,10 +1,30 @@ ## local config component: name: 'iam_user' - dependsOn: - - '../iam_group' - -## ci config -ci: - mapping: - - '.' + mapping: ['.'] + dependsOn: ['../iam_group'] + template: + resource: + aws_iam_user: + iam_user: + force_destroy: ${var.iam_user_force_destroy} + name: ${var.iam_user_name} + path: ${var.iam_user_path} + output: + arn: + value: ${aws_iam_user.iam_user.arn} + name: + value: ${aws_iam_user.iam_user.name} + unique_id: + value: ${aws_iam_user.iam_user.unique_id} + variable: + iam_user_name: + type: string + iam_user_path: + type: string + iam_user_force_destroy: + type: string + tfvars: + iam_user_force_destroy: "false" + iam_user_name: iam_user + iam_user_path: / diff --git a/iam_user/README.md b/iam_user/README.md deleted file mode 100644 index 28ffdfd..0000000 --- a/iam_user/README.md +++ /dev/null @@ -1,21 +0,0 @@ -# iam_user - -Provides an IAM user. - -## input variables - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -|account_id|The id of AWS account.|string||Yes| -|region|This is the AWS region.|string|us-east-1|Yes| -|iam_user_name|The user's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. User names are not distinguished by case.|string|{{ name }}|No| -|iam_user_path|Path in which to create the user.|string|/system/|No| -|iam_user_force_destroy|When destroying this user, destroy even if it has non-Terraform-managed IAM access keys, login profile or MFA devices. Without force_destroy a user with non-Terraform-managed access keys and login profile will fail to be destroyed.|boolean|false|No| - -## output parameters - -| Name | Description | Type | -|------|-------------|:----:| -|arn|The ARN assigned by AWS for this user.|string| -|name|The user's name.|string| -|unique_id|The unique ID assigned by AWS.|string| diff --git a/iam_user/default.tfvars b/iam_user/default.tfvars deleted file mode 100644 index e963919..0000000 --- a/iam_user/default.tfvars +++ /dev/null @@ -1,18 +0,0 @@ -# Specify default values for variables defined in variables.tf - -############ -# provider # -############ -account_id = "123456789012" -region = "us-east-1" - -############# -# top level # -############# -iam_user_name = "iam_user" -iam_user_path = "/" -iam_user_force_destroy = "false" - -########## -# custom # -########## diff --git a/iam_user/main.tf b/iam_user/main.tf deleted file mode 100644 index 5a39cd6..0000000 --- a/iam_user/main.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "aws_iam_user" "iam_user" { - name = "${var.iam_user_name}" - path = "${var.iam_user_path}" - force_destroy = "${var.iam_user_force_destroy}" -} diff --git a/iam_user/output.tf b/iam_user/output.tf deleted file mode 100644 index c3000f7..0000000 --- a/iam_user/output.tf +++ /dev/null @@ -1,13 +0,0 @@ -# Define list of variables to be output - -output "arn" { - value = "${aws_iam_user.iam_user.arn}" -} - -output "name" { - value = "${aws_iam_user.iam_user.name}" -} - -output "unique_id" { - value = "${aws_iam_user.iam_user.unique_id}" -} diff --git a/iam_user/provider.tf b/iam_user/provider.tf deleted file mode 100644 index 4f0919e..0000000 --- a/iam_user/provider.tf +++ /dev/null @@ -1,6 +0,0 @@ -provider "aws" { - version = "~> 1.0" - region = "${var.region}" - - allowed_account_ids = ["${var.account_id}"] -} diff --git a/iam_user/variables.tf b/iam_user/variables.tf deleted file mode 100644 index 2c3e960..0000000 --- a/iam_user/variables.tf +++ /dev/null @@ -1,28 +0,0 @@ -# Define list of variables to be used in main.tf - -############ -# provider # -############ -variable "account_id" { - description = "Allowed AWS account ID, to prevent you from mistakenly using an incorrect one (and potentially end up destroying a live environment)." -} - -variable "region" { - description = "This is the AWS region." -} - -############# -# top level # -############# - -variable "iam_user_name" { - description = "The user's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. User names are not distinguished by case." -} - -variable "iam_user_path" { - description = "Path in which to create the user." -} - -variable "iam_user_force_destroy" { - description = "When destroying this user, destroy even if it has non-Terraform-managed IAM access keys, login profile or MFA devices. Without force_destroy a user with non-Terraform-managed access keys and login profile will fail to be destroyed." -} diff --git a/iam_user_group_membership/.terrahub.yml b/iam_user_group_membership/.terrahub.yml index 5813730..b3ce779 100644 --- a/iam_user_group_membership/.terrahub.yml +++ b/iam_user_group_membership/.terrahub.yml @@ -1,10 +1,25 @@ ## local config component: name: 'iam_user_group_membership' - dependsOn: - - '../iam_user' - -## ci config -ci: - mapping: - - '.' + mapping: ['.'] + dependsOn: ['../iam_user'] + template: + resource: + aws_iam_user_group_membership: + iam_user_group_membership: + groups: + ${var.iam_groups_name} + user: ${var.iam_user_name} + output: + user: + value: ${aws_iam_user_group_membership.iam_user_group_membership.user} + groups: + value: ${aws_iam_user_group_membership.iam_user_group_membership.groups} + variable: + iam_user_name: + type: string + iam_groups_name: + type: list + tfvars: + iam_groups_name: [iam_user_group_membership] + iam_user_name: iam_user_group_membership diff --git a/iam_user_group_membership/README.md b/iam_user_group_membership/README.md deleted file mode 100644 index 854a340..0000000 --- a/iam_user_group_membership/README.md +++ /dev/null @@ -1,21 +0,0 @@ -# aws_iam_user_group_membership - -Provides a resource for adding an IAM User to IAM Groups. This resource can be used multiple times with the same user for non-overlapping groups. - -To exclusively manage the users in a group, see the aws_iam_group_membership resource. - -## input variables - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -|account_id|The id of AWS account.|string||Yes| -|region|This is the AWS region.|string|us-east-1|Yes| -|iam_user_name|The name of the IAM User to add to groups.|string||Yes| -|iam_groups_name|A list of IAM Groups to add the user to.|list||Yes| - -## output parameters - -| Name | Description | Type | -|------|-------------|:----:| -|user|The name of the IAM User.|string| -|groups|The list of IAM Groups.|list| diff --git a/iam_user_group_membership/default.tfvars b/iam_user_group_membership/default.tfvars deleted file mode 100644 index f13f4ab..0000000 --- a/iam_user_group_membership/default.tfvars +++ /dev/null @@ -1,21 +0,0 @@ -# Specify default values for variables defined in variables.tf - -############ -# provider # -############ -account_id = "123456789012" -region = "us-east-1" - -############# -# iam group # -############# -iam_user_name = "iam_user_group_membership" - -############## -# iam policy # -############## -iam_groups_name = ["iam_user_group_membership"] - -########## -# custom # -########## diff --git a/iam_user_group_membership/main.tf b/iam_user_group_membership/main.tf deleted file mode 100644 index ac89ca3..0000000 --- a/iam_user_group_membership/main.tf +++ /dev/null @@ -1,6 +0,0 @@ -resource "aws_iam_user_group_membership" "iam_user_group_membership" { - user = "${var.iam_user_name}" - groups = [ - "${var.iam_groups_name}" - ] -} diff --git a/iam_user_group_membership/output.tf b/iam_user_group_membership/output.tf deleted file mode 100644 index f77dd51..0000000 --- a/iam_user_group_membership/output.tf +++ /dev/null @@ -1,9 +0,0 @@ -# Define list of variables to be output - -output "user" { - value = "${aws_iam_user_group_membership.iam_user_group_membership.user}" -} - -output "groups" { - value = "${aws_iam_user_group_membership.iam_user_group_membership.groups}" -} diff --git a/iam_user_group_membership/provider.tf b/iam_user_group_membership/provider.tf deleted file mode 100644 index 4f0919e..0000000 --- a/iam_user_group_membership/provider.tf +++ /dev/null @@ -1,6 +0,0 @@ -provider "aws" { - version = "~> 1.0" - region = "${var.region}" - - allowed_account_ids = ["${var.account_id}"] -} diff --git a/iam_user_group_membership/variables.tf b/iam_user_group_membership/variables.tf deleted file mode 100644 index 479f982..0000000 --- a/iam_user_group_membership/variables.tf +++ /dev/null @@ -1,28 +0,0 @@ -# Define list of variables to be used in main.tf - -############ -# provider # -############ -variable "account_id" { - description = "Allowed AWS account ID, to prevent you from mistakenly using an incorrect one (and potentially end up destroying a live environment)." -} - -variable "region" { - description = "This is the AWS region." -} - -############ -# iam user # -############ -variable "iam_user_name" { - description = "The name of the IAM User to add to groups." - type = "string" -} - -############## -# iam groups # -############## -variable "iam_groups_name" { - description = "A list of IAM Groups to add the user to." - type = "list" -}