From 637466fb6487372d90bf525077e952172fead5f5 Mon Sep 17 00:00:00 2001 From: xpk Date: Wed, 27 Jan 2021 15:17:13 +0800 Subject: [PATCH] UPD: now requiring terraform 0.14+ --- .../.terraform.lock.hcl | 20 + .../cloudtrail_cloudwatchlogs/provider.tf | 11 +- .../terraform.tfstate | 27 +- .../terraform.tfstate.1611731485.backup | 303 ++++++++++ .../iam_roles/.terraform.lock.hcl | 20 + .../iam_roles/provider.tf | 11 +- .../terraform.tfstate.1611731190.backup | 571 ++++++++++++++++++ 7 files changed, 942 insertions(+), 21 deletions(-) create mode 100644 layers/security_identity_compliance/cloudtrail_cloudwatchlogs/.terraform.lock.hcl create mode 100644 layers/security_identity_compliance/cloudtrail_cloudwatchlogs/terraform.tfstate.1611731485.backup create mode 100644 layers/security_identity_compliance/iam_roles/.terraform.lock.hcl create mode 100644 layers/security_identity_compliance/iam_roles/terraform.tfstate.1611731190.backup diff --git a/layers/security_identity_compliance/cloudtrail_cloudwatchlogs/.terraform.lock.hcl b/layers/security_identity_compliance/cloudtrail_cloudwatchlogs/.terraform.lock.hcl new file mode 100644 index 0000000..eda0e78 --- /dev/null +++ b/layers/security_identity_compliance/cloudtrail_cloudwatchlogs/.terraform.lock.hcl @@ -0,0 +1,20 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "3.25.0" + constraints = ">= 3.25.0" + hashes = [ + "h1:9bXU5cFO/2DX8z5whaGMA7wcCalKQJZrBm89AuePuEM=", + "zh:2d3c65461bc63ec39bce7b5afdbed9a3b4dd5c2c8ee94616ad1866e24cf9b8f0", + "zh:2fb2ea6ccac30b909b603e183433737a30c58ec1f9a6a8b5565f0f051490c07a", + "zh:31a5f192c8cf29fb677cd639824f9a685578a2564c6b790517db33ea56229045", + "zh:437a12cf9a4d7bc92c9bf14ee7e224d5d3545cbd2154ba113ae82c4bb68edc27", + "zh:4bbdc3155a5dea90b2d50adfa460b0759c4dd959efaf7f66b2a0385a53b469b2", + "zh:63a8cd523ba31358692a34a06e111d88769576ac6d0e5adad8e0b4ae0a2d8882", + "zh:c4301ce86e8cb2c464949bb99e729ffe7b0c55eaf34b82ba526bb5039bca36f3", + "zh:c97b84861c6c550b8d2feb12d089660fffbf51dc7d660dcc9d54d4a7b3c2c882", + "zh:d6a103570e2d5c387b068fac4b88654dfa21d44ca1bdfa4bc8ab94c88effd71a", + "zh:f08cf2faf960a8ca374ac860f37c31c88ed2bab460116ac74678e0591babaac5", + ] +} diff --git a/layers/security_identity_compliance/cloudtrail_cloudwatchlogs/provider.tf b/layers/security_identity_compliance/cloudtrail_cloudwatchlogs/provider.tf index 3907b85..4e906ad 100644 --- a/layers/security_identity_compliance/cloudtrail_cloudwatchlogs/provider.tf +++ b/layers/security_identity_compliance/cloudtrail_cloudwatchlogs/provider.tf @@ -3,10 +3,11 @@ provider "aws" { } terraform { - required_version = "> 0.12, < 0.13" + required_version = ">= 0.14" required_providers { - aws = "~> 3.6.0" + aws = { + source = "hashicorp/aws" + version = ">= 3.25" + } } -} - -data "aws_availability_zones" "current" {} \ No newline at end of file +} \ No newline at end of file diff --git a/layers/security_identity_compliance/cloudtrail_cloudwatchlogs/terraform.tfstate b/layers/security_identity_compliance/cloudtrail_cloudwatchlogs/terraform.tfstate index 66a98ff..fa569dd 100644 --- a/layers/security_identity_compliance/cloudtrail_cloudwatchlogs/terraform.tfstate +++ b/layers/security_identity_compliance/cloudtrail_cloudwatchlogs/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, - "terraform_version": "0.12.29", - "serial": 85, + "terraform_version": "0.14.5", + "serial": 86, "lineage": "26e4bec8-8ad6-a262-52c6-fbcad6b7a499", "outputs": {}, "resources": [ @@ -10,7 +10,7 @@ "mode": "data", "type": "aws_caller_identity", "name": "this", - "provider": "provider.aws", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ { "schema_version": 0, @@ -19,7 +19,8 @@ "arn": "arn:aws:sts::573340405480:assumed-role/Rackspace/racker-ken2-eade1d93", "id": "2021-01-26 13:37:52.170204471 +0000 UTC", "user_id": "AROAYK7OAJ3UH36WGNMWD:racker-ken2-eade1d93" - } + }, + "sensitive_attributes": [] } ] }, @@ -28,7 +29,7 @@ "mode": "data", "type": "aws_iam_policy_document", "name": "cloudtrail_bucket_policy", - "provider": "provider.aws", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ { "schema_version": 0, @@ -86,7 +87,8 @@ } ], "version": "2012-10-17" - } + }, + "sensitive_attributes": [] } ] }, @@ -95,7 +97,7 @@ "mode": "data", "type": "aws_iam_policy_document", "name": "key-policy", - "provider": "provider.aws", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ { "schema_version": 0, @@ -169,7 +171,8 @@ } ], "version": "2012-10-17" - } + }, + "sensitive_attributes": [] } ] }, @@ -178,7 +181,7 @@ "mode": "managed", "type": "aws_kms_key", "name": "ctbucket-key", - "provider": "provider.aws", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ { "schema_version": 0, @@ -202,6 +205,7 @@ "TerraformMode": "managed" } }, + "sensitive_attributes": [], "private": "bnVsbA==" } ] @@ -211,7 +215,7 @@ "mode": "managed", "type": "aws_s3_bucket", "name": "ct-bucket", - "provider": "provider.aws", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", "instances": [ { "schema_version": 0, @@ -290,7 +294,8 @@ "website": [], "website_domain": null, "website_endpoint": null - } + }, + "sensitive_attributes": [] } ] } diff --git a/layers/security_identity_compliance/cloudtrail_cloudwatchlogs/terraform.tfstate.1611731485.backup b/layers/security_identity_compliance/cloudtrail_cloudwatchlogs/terraform.tfstate.1611731485.backup new file mode 100644 index 0000000..66d2981 --- /dev/null +++ b/layers/security_identity_compliance/cloudtrail_cloudwatchlogs/terraform.tfstate.1611731485.backup @@ -0,0 +1,303 @@ +{ + "version": 4, + "terraform_version": "0.14.5", + "serial": 85, + "lineage": "26e4bec8-8ad6-a262-52c6-fbcad6b7a499", + "outputs": {}, + "resources": [ + { + "module": "module.cloudtrail-cwl", + "mode": "data", + "type": "aws_caller_identity", + "name": "this", + "provider": "provider[\"registry.terraform.io/-/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "account_id": "573340405480", + "arn": "arn:aws:sts::573340405480:assumed-role/Rackspace/racker-ken2-eade1d93", + "id": "2021-01-26 13:37:52.170204471 +0000 UTC", + "user_id": "AROAYK7OAJ3UH36WGNMWD:racker-ken2-eade1d93" + }, + "sensitive_attributes": [] + } + ] + }, + { + "module": "module.cloudtrail-cwl", + "mode": "data", + "type": "aws_iam_policy_document", + "name": "cloudtrail_bucket_policy", + "provider": "provider[\"registry.terraform.io/-/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "995859125", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"AWSCloudTrailAclCheck\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetBucketAcl\",\n \"Resource\": \"arn:aws:s3:::lab-apne1-kf-lime-ctbucket-573340405480\",\n \"Principal\": {\n \"Service\": \"cloudtrail.amazonaws.com\"\n }\n },\n {\n \"Sid\": \"AWSCloudTrailWrite\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:PutObject\",\n \"Resource\": \"arn:aws:s3:::lab-apne1-kf-lime-ctbucket-573340405480/*\",\n \"Principal\": {\n \"Service\": [\n \"config.amazonaws.com\",\n \"cloudtrail.amazonaws.com\"\n ]\n }\n }\n ]\n}", + "override_json": null, + "policy_id": null, + "source_json": null, + "statement": [ + { + "actions": [ + "s3:GetBucketAcl" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [ + { + "identifiers": [ + "cloudtrail.amazonaws.com" + ], + "type": "Service" + } + ], + "resources": [ + "arn:aws:s3:::lab-apne1-kf-lime-ctbucket-573340405480" + ], + "sid": "AWSCloudTrailAclCheck" + }, + { + "actions": [ + "s3:PutObject" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [ + { + "identifiers": [ + "cloudtrail.amazonaws.com", + "config.amazonaws.com" + ], + "type": "Service" + } + ], + "resources": [ + "arn:aws:s3:::lab-apne1-kf-lime-ctbucket-573340405480/*" + ], + "sid": "AWSCloudTrailWrite" + } + ], + "version": "2012-10-17" + }, + "sensitive_attributes": [] + } + ] + }, + { + "module": "module.cloudtrail-cwl", + "mode": "data", + "type": "aws_iam_policy_document", + "name": "key-policy", + "provider": "provider[\"registry.terraform.io/-/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "3662241047", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"Key usage by aws services\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kms:ReEncrypt*\",\n \"kms:GenerateDataKey*\",\n \"kms:Encrypt\",\n \"kms:DescribeKey\",\n \"kms:Decrypt\"\n ],\n \"Resource\": \"*\",\n \"Principal\": {\n \"Service\": [\n \"sqs.amazonaws.com\",\n \"sns.amazonaws.com\",\n \"s3.amazonaws.com\",\n \"logs.amazonaws.com\",\n \"lambda.amazonaws.com\",\n \"guardduty.amazonaws.com\",\n \"events.amazonaws.com\",\n \"eks.amazonaws.com\",\n \"eks-nodegroup.amazonaws.com\",\n \"delivery.logs.amazonaws.com\",\n \"cloudwatch.amazonaws.com\",\n \"cloudtrail.amazonaws.com\",\n \"backup.amazonaws.com\",\n \"autoscaling.amazonaws.com\"\n ]\n }\n },\n {\n \"Sid\": \"Key administrator\",\n \"Effect\": \"Allow\",\n \"Action\": \"kms:*\",\n \"Resource\": \"*\",\n \"Principal\": {\n \"AWS\": \"573340405480\"\n }\n }\n ]\n}", + "override_json": null, + "policy_id": null, + "source_json": null, + "statement": [ + { + "actions": [ + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [ + { + "identifiers": [ + "autoscaling.amazonaws.com", + "backup.amazonaws.com", + "cloudtrail.amazonaws.com", + "cloudwatch.amazonaws.com", + "delivery.logs.amazonaws.com", + "eks-nodegroup.amazonaws.com", + "eks.amazonaws.com", + "events.amazonaws.com", + "guardduty.amazonaws.com", + "lambda.amazonaws.com", + "logs.amazonaws.com", + "s3.amazonaws.com", + "sns.amazonaws.com", + "sqs.amazonaws.com" + ], + "type": "Service" + } + ], + "resources": [ + "*" + ], + "sid": "Key usage by aws services" + }, + { + "actions": [ + "kms:*" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [ + { + "identifiers": [ + "573340405480" + ], + "type": "AWS" + } + ], + "resources": [ + "*" + ], + "sid": "Key administrator" + } + ], + "version": "2012-10-17" + }, + "sensitive_attributes": [] + } + ] + }, + { + "module": "module.cloudtrail-cwl", + "mode": "managed", + "type": "aws_kms_key", + "name": "ctbucket-key", + "provider": "provider[\"registry.terraform.io/-/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:kms:ap-northeast-1:573340405480:key/ba826c02-4153-4056-ad75-2614912c6274", + "customer_master_key_spec": "SYMMETRIC_DEFAULT", + "deletion_window_in_days": 7, + "description": "", + "enable_key_rotation": false, + "id": "ba826c02-4153-4056-ad75-2614912c6274", + "is_enabled": true, + "key_id": "ba826c02-4153-4056-ad75-2614912c6274", + "key_usage": "ENCRYPT_DECRYPT", + "policy": "{\"Statement\":[{\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"eks-nodegroup.amazonaws.com\",\"delivery.logs.amazonaws.com\",\"eks.amazonaws.com\",\"events.amazonaws.com\",\"autoscaling.amazonaws.com\",\"logs.amazonaws.com\",\"sqs.amazonaws.com\",\"backup.amazonaws.com\",\"guardduty.amazonaws.com\",\"cloudtrail.amazonaws.com\",\"lambda.amazonaws.com\",\"cloudwatch.amazonaws.com\",\"sns.amazonaws.com\",\"s3.amazonaws.com\"]},\"Resource\":\"*\",\"Sid\":\"Key usage by aws services\"},{\"Action\":\"kms:*\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::573340405480:root\"},\"Resource\":\"*\",\"Sid\":\"Key administrator\"}],\"Version\":\"2012-10-17\"}", + "tags": { + "Application": "infra", + "BuildDate": "20210126", + "Environment": "lab", + "Project": "lime", + "ServiceProvider": "Rackspace", + "TerraformMode": "managed" + } + }, + "sensitive_attributes": [], + "private": "bnVsbA==" + } + ] + }, + { + "module": "module.cloudtrail-cwl", + "mode": "managed", + "type": "aws_s3_bucket", + "name": "ct-bucket", + "provider": "provider[\"registry.terraform.io/-/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "acceleration_status": "", + "acl": "private", + "arn": "arn:aws:s3:::lab-apne1-kf-lime-ctbucket-573340405480", + "bucket": "lab-apne1-kf-lime-ctbucket-573340405480", + "bucket_domain_name": "lab-apne1-kf-lime-ctbucket-573340405480.s3.amazonaws.com", + "bucket_prefix": null, + "bucket_regional_domain_name": "lab-apne1-kf-lime-ctbucket-573340405480.s3.ap-northeast-1.amazonaws.com", + "cors_rule": [], + "force_destroy": false, + "grant": [], + "hosted_zone_id": "Z2M4EHUR26P7ZW", + "id": "lab-apne1-kf-lime-ctbucket-573340405480", + "lifecycle_rule": [ + { + "abort_incomplete_multipart_upload_days": 0, + "enabled": false, + "expiration": [ + { + "date": "", + "days": 90, + "expired_object_delete_marker": false + } + ], + "id": "tf-s3-lifecycle-20210126114512193400000001", + "noncurrent_version_expiration": [], + "noncurrent_version_transition": [], + "prefix": "", + "tags": {}, + "transition": [ + { + "date": "", + "days": 30, + "storage_class": "INTELLIGENT_TIERING" + } + ] + } + ], + "logging": [], + "object_lock_configuration": [], + "policy": "{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::lab-apne1-kf-lime-ctbucket-573340405480\",\"Sid\":\"AWSCloudTrailAclCheck\"},{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"config.amazonaws.com\",\"cloudtrail.amazonaws.com\"]},\"Resource\":\"arn:aws:s3:::lab-apne1-kf-lime-ctbucket-573340405480/*\",\"Sid\":\"AWSCloudTrailWrite\"}],\"Version\":\"2012-10-17\"}", + "region": "ap-northeast-1", + "replication_configuration": [], + "request_payer": "BucketOwner", + "server_side_encryption_configuration": [ + { + "rule": [ + { + "apply_server_side_encryption_by_default": [ + { + "kms_master_key_id": "arn:aws:kms:ap-northeast-1:573340405480:key/ba826c02-4153-4056-ad75-2614912c6274", + "sse_algorithm": "aws:kms" + } + ] + } + ] + } + ], + "tags": { + "Application": "infra", + "BuildDate": "20210126", + "Environment": "lab", + "Project": "lime", + "ServiceProvider": "Rackspace", + "TerraformMode": "managed" + }, + "versioning": [ + { + "enabled": false, + "mfa_delete": false + } + ], + "website": [], + "website_domain": null, + "website_endpoint": null + }, + "sensitive_attributes": [] + } + ] + } + ] +} diff --git a/layers/security_identity_compliance/iam_roles/.terraform.lock.hcl b/layers/security_identity_compliance/iam_roles/.terraform.lock.hcl new file mode 100644 index 0000000..eda0e78 --- /dev/null +++ b/layers/security_identity_compliance/iam_roles/.terraform.lock.hcl @@ -0,0 +1,20 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "3.25.0" + constraints = ">= 3.25.0" + hashes = [ + "h1:9bXU5cFO/2DX8z5whaGMA7wcCalKQJZrBm89AuePuEM=", + "zh:2d3c65461bc63ec39bce7b5afdbed9a3b4dd5c2c8ee94616ad1866e24cf9b8f0", + "zh:2fb2ea6ccac30b909b603e183433737a30c58ec1f9a6a8b5565f0f051490c07a", + "zh:31a5f192c8cf29fb677cd639824f9a685578a2564c6b790517db33ea56229045", + "zh:437a12cf9a4d7bc92c9bf14ee7e224d5d3545cbd2154ba113ae82c4bb68edc27", + "zh:4bbdc3155a5dea90b2d50adfa460b0759c4dd959efaf7f66b2a0385a53b469b2", + "zh:63a8cd523ba31358692a34a06e111d88769576ac6d0e5adad8e0b4ae0a2d8882", + "zh:c4301ce86e8cb2c464949bb99e729ffe7b0c55eaf34b82ba526bb5039bca36f3", + "zh:c97b84861c6c550b8d2feb12d089660fffbf51dc7d660dcc9d54d4a7b3c2c882", + "zh:d6a103570e2d5c387b068fac4b88654dfa21d44ca1bdfa4bc8ab94c88effd71a", + "zh:f08cf2faf960a8ca374ac860f37c31c88ed2bab460116ac74678e0591babaac5", + ] +} diff --git a/layers/security_identity_compliance/iam_roles/provider.tf b/layers/security_identity_compliance/iam_roles/provider.tf index 42906bf..4e906ad 100644 --- a/layers/security_identity_compliance/iam_roles/provider.tf +++ b/layers/security_identity_compliance/iam_roles/provider.tf @@ -3,10 +3,11 @@ provider "aws" { } terraform { - required_version = "> 0.12, < 0.13" + required_version = ">= 0.14" required_providers { - aws = ">= 3.25.0" + aws = { + source = "hashicorp/aws" + version = ">= 3.25" + } } -} - -data "aws_availability_zones" "current" {} \ No newline at end of file +} \ No newline at end of file diff --git a/layers/security_identity_compliance/iam_roles/terraform.tfstate.1611731190.backup b/layers/security_identity_compliance/iam_roles/terraform.tfstate.1611731190.backup new file mode 100644 index 0000000..71ee1b4 --- /dev/null +++ b/layers/security_identity_compliance/iam_roles/terraform.tfstate.1611731190.backup @@ -0,0 +1,571 @@ +{ + "version": 4, + "terraform_version": "0.14.5", + "serial": 135, + "lineage": "3c5c117a-331a-4831-2612-b5fd42dfd51f", + "outputs": {}, + "resources": [ + { + "mode": "data", + "type": "aws_availability_zones", + "name": "current", + "provider": "provider[\"registry.terraform.io/-/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "all_availability_zones": null, + "exclude_names": null, + "exclude_zone_ids": null, + "filter": null, + "group_names": [ + "ap-northeast-1" + ], + "id": "ap-northeast-1", + "names": [ + "ap-northeast-1a", + "ap-northeast-1c", + "ap-northeast-1d" + ], + "state": null, + "zone_ids": [ + "apne1-az4", + "apne1-az1", + "apne1-az2" + ] + }, + "sensitive_attributes": [] + } + ] + }, + { + "mode": "data", + "type": "aws_caller_identity", + "name": "this", + "provider": "provider[\"registry.terraform.io/-/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "account_id": "573340405480", + "arn": "arn:aws:sts::573340405480:assumed-role/Rackspace/racker-ken2-eade1d93", + "id": "573340405480", + "user_id": "AROAYK7OAJ3UH36WGNMWD:racker-ken2-eade1d93" + }, + "sensitive_attributes": [] + } + ] + }, + { + "module": "module.iam-module", + "mode": "data", + "type": "aws_caller_identity", + "name": "this", + "provider": "provider[\"registry.terraform.io/-/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "account_id": "573340405480", + "arn": "arn:aws:sts::573340405480:assumed-role/Rackspace/racker-ken2-eade1d93", + "id": "573340405480", + "user_id": "AROAYK7OAJ3UH36WGNMWD:racker-ken2-eade1d93" + }, + "sensitive_attributes": [] + } + ] + }, + { + "module": "module.iam-module", + "mode": "data", + "type": "aws_iam_policy_document", + "name": "assume-role-policy", + "provider": "provider[\"registry.terraform.io/-/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "3026106514", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"AllowMyAccount\",\n \"Effect\": \"Allow\",\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"AWS\": \"573340405480\"\n }\n }\n ]\n}", + "override_json": null, + "policy_id": null, + "source_json": null, + "statement": [ + { + "actions": [ + "sts:AssumeRole" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [ + { + "identifiers": [ + "573340405480" + ], + "type": "AWS" + } + ], + "resources": [], + "sid": "AllowMyAccount" + } + ], + "version": "2012-10-17" + }, + "sensitive_attributes": [] + } + ] + }, + { + "module": "module.iam-module", + "mode": "managed", + "type": "aws_accessanalyzer_analyzer", + "name": "iam-aa", + "provider": "provider[\"registry.terraform.io/-/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "analyzer_name": "IAMAcecssAnalyzer", + "arn": "arn:aws:access-analyzer:ap-northeast-1:573340405480:analyzer/IAMAcecssAnalyzer", + "id": "IAMAcecssAnalyzer", + "tags": { + "Application": "infra", + "BuildDate": "20210127", + "Environment": "lab", + "Project": "lime", + "ServiceProvider": "Rackspace", + "TerraformMode": "managed" + }, + "type": "ACCOUNT" + }, + "sensitive_attributes": [], + "private": "bnVsbA==" + } + ] + }, + { + "module": "module.iam-module", + "mode": "managed", + "type": "aws_iam_account_password_policy", + "name": "password-policy1", + "provider": "provider[\"registry.terraform.io/-/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "allow_users_to_change_password": true, + "expire_passwords": true, + "hard_expiry": true, + "id": "iam-account-password-policy", + "max_password_age": 90, + "minimum_password_length": 14, + "password_reuse_prevention": 24, + "require_lowercase_characters": true, + "require_numbers": true, + "require_symbols": true, + "require_uppercase_characters": true + }, + "sensitive_attributes": [], + "private": "bnVsbA==" + } + ] + }, + { + "module": "module.iam-module", + "mode": "managed", + "type": "aws_iam_policy", + "name": "CloudHealth-Policy", + "provider": "provider[\"registry.terraform.io/-/aws\"]", + "instances": [] + }, + { + "module": "module.iam-module", + "mode": "managed", + "type": "aws_iam_role", + "name": "administrator-role", + "provider": "provider[\"registry.terraform.io/-/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::573340405480:role/kf/lab-awsadmin", + "assume_role_policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"AllowMyAccount\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::573340405480:root\"},\"Action\":\"sts:AssumeRole\"}]}", + "create_date": "2021-01-27T03:38:50Z", + "description": "", + "force_detach_policies": false, + "id": "lab-awsadmin", + "max_session_duration": 7200, + "name": "lab-awsadmin", + "name_prefix": null, + "path": "/kf/", + "permissions_boundary": null, + "tags": { + "Application": "infra", + "BuildDate": "20210127", + "Environment": "lab", + "Project": "lime", + "ServiceProvider": "Rackspace", + "TerraformMode": "managed" + }, + "unique_id": "AROAYK7OAJ3UFBJP5CDV6" + }, + "sensitive_attributes": [], + "private": "bnVsbA==" + } + ] + }, + { + "module": "module.iam-module", + "mode": "managed", + "type": "aws_iam_role", + "name": "billing-role", + "provider": "provider[\"registry.terraform.io/-/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::573340405480:role/kf/lab-billing", + "assume_role_policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"AllowMyAccount\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::573340405480:root\"},\"Action\":\"sts:AssumeRole\"}]}", + "create_date": "2021-01-27T03:38:50Z", + "description": "", + "force_detach_policies": false, + "id": "lab-billing", + "max_session_duration": 3600, + "name": "lab-billing", + "name_prefix": null, + "path": "/kf/", + "permissions_boundary": null, + "tags": { + "Application": "infra", + "BuildDate": "20210127", + "Environment": "lab", + "Project": "lime", + "ServiceProvider": "Rackspace", + "TerraformMode": "managed" + }, + "unique_id": "AROAYK7OAJ3UHBSE2LATM" + }, + "sensitive_attributes": [], + "private": "bnVsbA==" + } + ] + }, + { + "module": "module.iam-module", + "mode": "managed", + "type": "aws_iam_role", + "name": "cloudhealth-role", + "provider": "provider[\"registry.terraform.io/-/aws\"]", + "instances": [] + }, + { + "module": "module.iam-module", + "mode": "managed", + "type": "aws_iam_role", + "name": "dba-role", + "provider": "provider[\"registry.terraform.io/-/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::573340405480:role/kf/lab-dba", + "assume_role_policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"AllowMyAccount\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::573340405480:root\"},\"Action\":\"sts:AssumeRole\"}]}", + "create_date": "2021-01-27T03:38:50Z", + "description": "", + "force_detach_policies": false, + "id": "lab-dba", + "max_session_duration": 7200, + "name": "lab-dba", + "name_prefix": null, + "path": "/kf/", + "permissions_boundary": null, + "tags": { + "Application": "infra", + "BuildDate": "20210127", + "Environment": "lab", + "Project": "lime", + "ServiceProvider": "Rackspace", + "TerraformMode": "managed" + }, + "unique_id": "AROAYK7OAJ3UNCLWYSSEV" + }, + "sensitive_attributes": [], + "private": "bnVsbA==" + } + ] + }, + { + "module": "module.iam-module", + "mode": "managed", + "type": "aws_iam_role", + "name": "developer-role", + "provider": "provider[\"registry.terraform.io/-/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::573340405480:role/kf/lab-developer", + "assume_role_policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"AllowMyAccount\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::573340405480:root\"},\"Action\":\"sts:AssumeRole\"}]}", + "create_date": "2021-01-27T03:38:50Z", + "description": "", + "force_detach_policies": false, + "id": "lab-developer", + "max_session_duration": 7200, + "name": "lab-developer", + "name_prefix": null, + "path": "/kf/", + "permissions_boundary": null, + "tags": { + "Application": "infra", + "BuildDate": "20210127", + "Environment": "lab", + "Project": "lime", + "ServiceProvider": "Rackspace", + "TerraformMode": "managed" + }, + "unique_id": "AROAYK7OAJ3UPSOQR4HNS" + }, + "sensitive_attributes": [], + "private": "bnVsbA==" + } + ] + }, + { + "module": "module.iam-module", + "mode": "managed", + "type": "aws_iam_role", + "name": "network-admin-role", + "provider": "provider[\"registry.terraform.io/-/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::573340405480:role/kf/lab-networkadmin", + "assume_role_policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"AllowMyAccount\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::573340405480:root\"},\"Action\":\"sts:AssumeRole\"}]}", + "create_date": "2021-01-27T03:38:50Z", + "description": "", + "force_detach_policies": false, + "id": "lab-networkadmin", + "max_session_duration": 7200, + "name": "lab-networkadmin", + "name_prefix": null, + "path": "/kf/", + "permissions_boundary": null, + "tags": { + "Application": "infra", + "BuildDate": "20210127", + "Environment": "lab", + "Project": "lime", + "ServiceProvider": "Rackspace", + "TerraformMode": "managed" + }, + "unique_id": "AROAYK7OAJ3UOO7HCXJXZ" + }, + "sensitive_attributes": [], + "private": "bnVsbA==" + } + ] + }, + { + "module": "module.iam-module", + "mode": "managed", + "type": "aws_iam_role", + "name": "support-role", + "provider": "provider[\"registry.terraform.io/-/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::573340405480:role/kf/lab-support", + "assume_role_policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"AllowMyAccount\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::573340405480:root\"},\"Action\":\"sts:AssumeRole\"}]}", + "create_date": "2021-01-27T03:38:50Z", + "description": "", + "force_detach_policies": false, + "id": "lab-support", + "max_session_duration": 7200, + "name": "lab-support", + "name_prefix": null, + "path": "/kf/", + "permissions_boundary": null, + "tags": { + "Application": "infra", + "BuildDate": "20210127", + "Environment": "lab", + "Project": "lime", + "ServiceProvider": "Rackspace", + "TerraformMode": "managed" + }, + "unique_id": "AROAYK7OAJ3UNKOQ5YYSW" + }, + "sensitive_attributes": [], + "private": "bnVsbA==" + } + ] + }, + { + "module": "module.iam-module", + "mode": "managed", + "type": "aws_iam_role_policy_attachment", + "name": "administrator-role-policy-attach", + "provider": "provider[\"registry.terraform.io/-/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "lab-awsadmin-20210127033852322900000006", + "policy_arn": "arn:aws:iam::aws:policy/AdministratorAccess", + "role": "lab-awsadmin" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "module.iam-module.aws_iam_role.administrator-role" + ] + } + ] + }, + { + "module": "module.iam-module", + "mode": "managed", + "type": "aws_iam_role_policy_attachment", + "name": "billing-role-policy-attach", + "provider": "provider[\"registry.terraform.io/-/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "lab-billing-20210127033852353900000008", + "policy_arn": "arn:aws:iam::aws:policy/job-function/Billing", + "role": "lab-billing" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "module.iam-module.aws_iam_role.billing-role" + ] + } + ] + }, + { + "module": "module.iam-module", + "mode": "managed", + "type": "aws_iam_role_policy_attachment", + "name": "cloudhealth-role-policy-attach", + "provider": "provider[\"registry.terraform.io/-/aws\"]", + "instances": [] + }, + { + "module": "module.iam-module", + "mode": "managed", + "type": "aws_iam_role_policy_attachment", + "name": "dba-role-policy-attach", + "provider": "provider[\"registry.terraform.io/-/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "lab-dba-20210127033852297600000002", + "policy_arn": "arn:aws:iam::aws:policy/job-function/DatabaseAdministrator", + "role": "lab-dba" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "module.iam-module.aws_iam_role.dba-role" + ] + } + ] + }, + { + "module": "module.iam-module", + "mode": "managed", + "type": "aws_iam_role_policy_attachment", + "name": "developer-role-policy-attach1", + "provider": "provider[\"registry.terraform.io/-/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "lab-developer-20210127033852321100000005", + "policy_arn": "arn:aws:iam::aws:policy/PowerUserAccess", + "role": "lab-developer" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "module.iam-module.aws_iam_role.developer-role" + ] + } + ] + }, + { + "module": "module.iam-module", + "mode": "managed", + "type": "aws_iam_role_policy_attachment", + "name": "network-admin-role-policy-attach", + "provider": "provider[\"registry.terraform.io/-/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "lab-networkadmin-20210127033852339300000007", + "policy_arn": "arn:aws:iam::aws:policy/job-function/NetworkAdministrator", + "role": "lab-networkadmin" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "module.iam-module.aws_iam_role.network-admin-role" + ] + } + ] + }, + { + "module": "module.iam-module", + "mode": "managed", + "type": "aws_iam_role_policy_attachment", + "name": "support-role-policy-attach1", + "provider": "provider[\"registry.terraform.io/-/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "lab-support-20210127033852305900000004", + "policy_arn": "arn:aws:iam::aws:policy/job-function/SupportUser", + "role": "lab-support" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "module.iam-module.aws_iam_role.support-role" + ] + } + ] + }, + { + "module": "module.iam-module", + "mode": "managed", + "type": "aws_iam_role_policy_attachment", + "name": "support-role-policy-attach2", + "provider": "provider[\"registry.terraform.io/-/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "lab-support-20210127033852299700000003", + "policy_arn": "arn:aws:iam::aws:policy/ReadOnlyAccess", + "role": "lab-support" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "module.iam-module.aws_iam_role.support-role" + ] + } + ] + } + ] +}