UPD: now requiring terraform 0.14+

2021-01-27 15:17:13 +08:00 · 2021-01-27 15:17:13 +08:00 · 637466fb64
commit 637466fb64
parent 213fc9a9fe
7 changed files with 942 additions and 21 deletions
--- a/layers/security_identity_compliance/cloudtrail_cloudwatchlogs/.terraform.lock.hcl
+++ b/layers/security_identity_compliance/cloudtrail_cloudwatchlogs/.terraform.lock.hcl
@ -0,0 +1,20 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+  version     = "3.25.0"
+  constraints = ">= 3.25.0"
+  hashes = [
+    "h1:9bXU5cFO/2DX8z5whaGMA7wcCalKQJZrBm89AuePuEM=",
+    "zh:2d3c65461bc63ec39bce7b5afdbed9a3b4dd5c2c8ee94616ad1866e24cf9b8f0",
+    "zh:2fb2ea6ccac30b909b603e183433737a30c58ec1f9a6a8b5565f0f051490c07a",
+    "zh:31a5f192c8cf29fb677cd639824f9a685578a2564c6b790517db33ea56229045",
+    "zh:437a12cf9a4d7bc92c9bf14ee7e224d5d3545cbd2154ba113ae82c4bb68edc27",
+    "zh:4bbdc3155a5dea90b2d50adfa460b0759c4dd959efaf7f66b2a0385a53b469b2",
+    "zh:63a8cd523ba31358692a34a06e111d88769576ac6d0e5adad8e0b4ae0a2d8882",
+    "zh:c4301ce86e8cb2c464949bb99e729ffe7b0c55eaf34b82ba526bb5039bca36f3",
+    "zh:c97b84861c6c550b8d2feb12d089660fffbf51dc7d660dcc9d54d4a7b3c2c882",
+    "zh:d6a103570e2d5c387b068fac4b88654dfa21d44ca1bdfa4bc8ab94c88effd71a",
+    "zh:f08cf2faf960a8ca374ac860f37c31c88ed2bab460116ac74678e0591babaac5",
+  ]
+}
--- a/layers/security_identity_compliance/cloudtrail_cloudwatchlogs/provider.tf
+++ b/layers/security_identity_compliance/cloudtrail_cloudwatchlogs/provider.tf
@ -3,10 +3,11 @@ provider "aws" {
 }

 terraform {
-  required_version = "> 0.12, < 0.13"
+  required_version = ">= 0.14"
  required_providers {
-    aws = "~> 3.6.0"
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 3.25"
+    }
  }
 }
-
-data "aws_availability_zones" "current" {}
--- a/layers/security_identity_compliance/cloudtrail_cloudwatchlogs/terraform.tfstate
+++ b/layers/security_identity_compliance/cloudtrail_cloudwatchlogs/terraform.tfstate
@ -1,7 +1,7 @@
 {
  "version": 4,
-  "terraform_version": "0.12.29",
-  "serial": 85,
+  "terraform_version": "0.14.5",
+  "serial": 86,
  "lineage": "26e4bec8-8ad6-a262-52c6-fbcad6b7a499",
  "outputs": {},
  "resources": [
@ -10,7 +10,7 @@
      "mode": "data",
      "type": "aws_caller_identity",
      "name": "this",
-      "provider": "provider.aws",
+      "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
      "instances": [
        {
          "schema_version": 0,
@ -19,7 +19,8 @@
            "arn": "arn:aws:sts::573340405480:assumed-role/Rackspace/racker-ken2-eade1d93",
            "id": "2021-01-26 13:37:52.170204471 +0000 UTC",
            "user_id": "AROAYK7OAJ3UH36WGNMWD:racker-ken2-eade1d93"
-          }
+          },
+          "sensitive_attributes": []
        }
      ]
    },
@ -28,7 +29,7 @@
      "mode": "data",
      "type": "aws_iam_policy_document",
      "name": "cloudtrail_bucket_policy",
-      "provider": "provider.aws",
+      "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
      "instances": [
        {
          "schema_version": 0,
@ -86,7 +87,8 @@
              }
            ],
            "version": "2012-10-17"
-          }
+          },
+          "sensitive_attributes": []
        }
      ]
    },
@ -95,7 +97,7 @@
      "mode": "data",
      "type": "aws_iam_policy_document",
      "name": "key-policy",
-      "provider": "provider.aws",
+      "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
      "instances": [
        {
          "schema_version": 0,
@ -169,7 +171,8 @@
              }
            ],
            "version": "2012-10-17"
-          }
+          },
+          "sensitive_attributes": []
        }
      ]
    },
@ -178,7 +181,7 @@
      "mode": "managed",
      "type": "aws_kms_key",
      "name": "ctbucket-key",
-      "provider": "provider.aws",
+      "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
      "instances": [
        {
          "schema_version": 0,
@ -202,6 +205,7 @@
              "TerraformMode": "managed"
            }
          },
+          "sensitive_attributes": [],
          "private": "bnVsbA=="
        }
      ]
@ -211,7 +215,7 @@
      "mode": "managed",
      "type": "aws_s3_bucket",
      "name": "ct-bucket",
-      "provider": "provider.aws",
+      "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
      "instances": [
        {
          "schema_version": 0,
@ -290,7 +294,8 @@
            "website": [],
            "website_domain": null,
            "website_endpoint": null
-          }
+          },
+          "sensitive_attributes": []
        }
      ]
    }
--- a/layers/security_identity_compliance/cloudtrail_cloudwatchlogs/terraform.tfstate.1611731485.backup
+++ b/layers/security_identity_compliance/cloudtrail_cloudwatchlogs/terraform.tfstate.1611731485.backup
@ -0,0 +1,303 @@
+{
+  "version": 4,
+  "terraform_version": "0.14.5",
+  "serial": 85,
+  "lineage": "26e4bec8-8ad6-a262-52c6-fbcad6b7a499",
+  "outputs": {},
+  "resources": [
+    {
+      "module": "module.cloudtrail-cwl",
+      "mode": "data",
+      "type": "aws_caller_identity",
+      "name": "this",
+      "provider": "provider[\"registry.terraform.io/-/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "account_id": "573340405480",
+            "arn": "arn:aws:sts::573340405480:assumed-role/Rackspace/racker-ken2-eade1d93",
+            "id": "2021-01-26 13:37:52.170204471 +0000 UTC",
+            "user_id": "AROAYK7OAJ3UH36WGNMWD:racker-ken2-eade1d93"
+          },
+          "sensitive_attributes": []
+        }
+      ]
+    },
+    {
+      "module": "module.cloudtrail-cwl",
+      "mode": "data",
+      "type": "aws_iam_policy_document",
+      "name": "cloudtrail_bucket_policy",
+      "provider": "provider[\"registry.terraform.io/-/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "id": "995859125",
+            "json": "{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Sid\": \"AWSCloudTrailAclCheck\",\n      \"Effect\": \"Allow\",\n      \"Action\": \"s3:GetBucketAcl\",\n      \"Resource\": \"arn:aws:s3:::lab-apne1-kf-lime-ctbucket-573340405480\",\n      \"Principal\": {\n        \"Service\": \"cloudtrail.amazonaws.com\"\n      }\n    },\n    {\n      \"Sid\": \"AWSCloudTrailWrite\",\n      \"Effect\": \"Allow\",\n      \"Action\": \"s3:PutObject\",\n      \"Resource\": \"arn:aws:s3:::lab-apne1-kf-lime-ctbucket-573340405480/*\",\n      \"Principal\": {\n        \"Service\": [\n          \"config.amazonaws.com\",\n          \"cloudtrail.amazonaws.com\"\n        ]\n      }\n    }\n  ]\n}",
+            "override_json": null,
+            "policy_id": null,
+            "source_json": null,
+            "statement": [
+              {
+                "actions": [
+                  "s3:GetBucketAcl"
+                ],
+                "condition": [],
+                "effect": "Allow",
+                "not_actions": [],
+                "not_principals": [],
+                "not_resources": [],
+                "principals": [
+                  {
+                    "identifiers": [
+                      "cloudtrail.amazonaws.com"
+                    ],
+                    "type": "Service"
+                  }
+                ],
+                "resources": [
+                  "arn:aws:s3:::lab-apne1-kf-lime-ctbucket-573340405480"
+                ],
+                "sid": "AWSCloudTrailAclCheck"
+              },
+              {
+                "actions": [
+                  "s3:PutObject"
+                ],
+                "condition": [],
+                "effect": "Allow",
+                "not_actions": [],
+                "not_principals": [],
+                "not_resources": [],
+                "principals": [
+                  {
+                    "identifiers": [
+                      "cloudtrail.amazonaws.com",
+                      "config.amazonaws.com"
+                    ],
+                    "type": "Service"
+                  }
+                ],
+                "resources": [
+                  "arn:aws:s3:::lab-apne1-kf-lime-ctbucket-573340405480/*"
+                ],
+                "sid": "AWSCloudTrailWrite"
+              }
+            ],
+            "version": "2012-10-17"
+          },
+          "sensitive_attributes": []
+        }
+      ]
+    },
+    {
+      "module": "module.cloudtrail-cwl",
+      "mode": "data",
+      "type": "aws_iam_policy_document",
+      "name": "key-policy",
+      "provider": "provider[\"registry.terraform.io/-/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "id": "3662241047",
+            "json": "{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Sid\": \"Key usage by aws services\",\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"kms:ReEncrypt*\",\n        \"kms:GenerateDataKey*\",\n        \"kms:Encrypt\",\n        \"kms:DescribeKey\",\n        \"kms:Decrypt\"\n      ],\n      \"Resource\": \"*\",\n      \"Principal\": {\n        \"Service\": [\n          \"sqs.amazonaws.com\",\n          \"sns.amazonaws.com\",\n          \"s3.amazonaws.com\",\n          \"logs.amazonaws.com\",\n          \"lambda.amazonaws.com\",\n          \"guardduty.amazonaws.com\",\n          \"events.amazonaws.com\",\n          \"eks.amazonaws.com\",\n          \"eks-nodegroup.amazonaws.com\",\n          \"delivery.logs.amazonaws.com\",\n          \"cloudwatch.amazonaws.com\",\n          \"cloudtrail.amazonaws.com\",\n          \"backup.amazonaws.com\",\n          \"autoscaling.amazonaws.com\"\n        ]\n      }\n    },\n    {\n      \"Sid\": \"Key administrator\",\n      \"Effect\": \"Allow\",\n      \"Action\": \"kms:*\",\n      \"Resource\": \"*\",\n      \"Principal\": {\n        \"AWS\": \"573340405480\"\n      }\n    }\n  ]\n}",
+            "override_json": null,
+            "policy_id": null,
+            "source_json": null,
+            "statement": [
+              {
+                "actions": [
+                  "kms:Decrypt",
+                  "kms:DescribeKey",
+                  "kms:Encrypt",
+                  "kms:GenerateDataKey*",
+                  "kms:ReEncrypt*"
+                ],
+                "condition": [],
+                "effect": "Allow",
+                "not_actions": [],
+                "not_principals": [],
+                "not_resources": [],
+                "principals": [
+                  {
+                    "identifiers": [
+                      "autoscaling.amazonaws.com",
+                      "backup.amazonaws.com",
+                      "cloudtrail.amazonaws.com",
+                      "cloudwatch.amazonaws.com",
+                      "delivery.logs.amazonaws.com",
+                      "eks-nodegroup.amazonaws.com",
+                      "eks.amazonaws.com",
+                      "events.amazonaws.com",
+                      "guardduty.amazonaws.com",
+                      "lambda.amazonaws.com",
+                      "logs.amazonaws.com",
+                      "s3.amazonaws.com",
+                      "sns.amazonaws.com",
+                      "sqs.amazonaws.com"
+                    ],
+                    "type": "Service"
+                  }
+                ],
+                "resources": [
+                  "*"
+                ],
+                "sid": "Key usage by aws services"
+              },
+              {
+                "actions": [
+                  "kms:*"
+                ],
+                "condition": [],
+                "effect": "Allow",
+                "not_actions": [],
+                "not_principals": [],
+                "not_resources": [],
+                "principals": [
+                  {
+                    "identifiers": [
+                      "573340405480"
+                    ],
+                    "type": "AWS"
+                  }
+                ],
+                "resources": [
+                  "*"
+                ],
+                "sid": "Key administrator"
+              }
+            ],
+            "version": "2012-10-17"
+          },
+          "sensitive_attributes": []
+        }
+      ]
+    },
+    {
+      "module": "module.cloudtrail-cwl",
+      "mode": "managed",
+      "type": "aws_kms_key",
+      "name": "ctbucket-key",
+      "provider": "provider[\"registry.terraform.io/-/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "arn": "arn:aws:kms:ap-northeast-1:573340405480:key/ba826c02-4153-4056-ad75-2614912c6274",
+            "customer_master_key_spec": "SYMMETRIC_DEFAULT",
+            "deletion_window_in_days": 7,
+            "description": "",
+            "enable_key_rotation": false,
+            "id": "ba826c02-4153-4056-ad75-2614912c6274",
+            "is_enabled": true,
+            "key_id": "ba826c02-4153-4056-ad75-2614912c6274",
+            "key_usage": "ENCRYPT_DECRYPT",
+            "policy": "{\"Statement\":[{\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"eks-nodegroup.amazonaws.com\",\"delivery.logs.amazonaws.com\",\"eks.amazonaws.com\",\"events.amazonaws.com\",\"autoscaling.amazonaws.com\",\"logs.amazonaws.com\",\"sqs.amazonaws.com\",\"backup.amazonaws.com\",\"guardduty.amazonaws.com\",\"cloudtrail.amazonaws.com\",\"lambda.amazonaws.com\",\"cloudwatch.amazonaws.com\",\"sns.amazonaws.com\",\"s3.amazonaws.com\"]},\"Resource\":\"*\",\"Sid\":\"Key usage by aws services\"},{\"Action\":\"kms:*\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::573340405480:root\"},\"Resource\":\"*\",\"Sid\":\"Key administrator\"}],\"Version\":\"2012-10-17\"}",
+            "tags": {
+              "Application": "infra",
+              "BuildDate": "20210126",
+              "Environment": "lab",
+              "Project": "lime",
+              "ServiceProvider": "Rackspace",
+              "TerraformMode": "managed"
+            }
+          },
+          "sensitive_attributes": [],
+          "private": "bnVsbA=="
+        }
+      ]
+    },
+    {
+      "module": "module.cloudtrail-cwl",
+      "mode": "managed",
+      "type": "aws_s3_bucket",
+      "name": "ct-bucket",
+      "provider": "provider[\"registry.terraform.io/-/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "acceleration_status": "",
+            "acl": "private",
+            "arn": "arn:aws:s3:::lab-apne1-kf-lime-ctbucket-573340405480",
+            "bucket": "lab-apne1-kf-lime-ctbucket-573340405480",
+            "bucket_domain_name": "lab-apne1-kf-lime-ctbucket-573340405480.s3.amazonaws.com",
+            "bucket_prefix": null,
+            "bucket_regional_domain_name": "lab-apne1-kf-lime-ctbucket-573340405480.s3.ap-northeast-1.amazonaws.com",
+            "cors_rule": [],
+            "force_destroy": false,
+            "grant": [],
+            "hosted_zone_id": "Z2M4EHUR26P7ZW",
+            "id": "lab-apne1-kf-lime-ctbucket-573340405480",
+            "lifecycle_rule": [
+              {
+                "abort_incomplete_multipart_upload_days": 0,
+                "enabled": false,
+                "expiration": [
+                  {
+                    "date": "",
+                    "days": 90,
+                    "expired_object_delete_marker": false
+                  }
+                ],
+                "id": "tf-s3-lifecycle-20210126114512193400000001",
+                "noncurrent_version_expiration": [],
+                "noncurrent_version_transition": [],
+                "prefix": "",
+                "tags": {},
+                "transition": [
+                  {
+                    "date": "",
+                    "days": 30,
+                    "storage_class": "INTELLIGENT_TIERING"
+                  }
+                ]
+              }
+            ],
+            "logging": [],
+            "object_lock_configuration": [],
+            "policy": "{\"Statement\":[{\"Action\":\"s3:GetBucketAcl\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudtrail.amazonaws.com\"},\"Resource\":\"arn:aws:s3:::lab-apne1-kf-lime-ctbucket-573340405480\",\"Sid\":\"AWSCloudTrailAclCheck\"},{\"Action\":\"s3:PutObject\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"config.amazonaws.com\",\"cloudtrail.amazonaws.com\"]},\"Resource\":\"arn:aws:s3:::lab-apne1-kf-lime-ctbucket-573340405480/*\",\"Sid\":\"AWSCloudTrailWrite\"}],\"Version\":\"2012-10-17\"}",
+            "region": "ap-northeast-1",
+            "replication_configuration": [],
+            "request_payer": "BucketOwner",
+            "server_side_encryption_configuration": [
+              {
+                "rule": [
+                  {
+                    "apply_server_side_encryption_by_default": [
+                      {
+                        "kms_master_key_id": "arn:aws:kms:ap-northeast-1:573340405480:key/ba826c02-4153-4056-ad75-2614912c6274",
+                        "sse_algorithm": "aws:kms"
+                      }
+                    ]
+                  }
+                ]
+              }
+            ],
+            "tags": {
+              "Application": "infra",
+              "BuildDate": "20210126",
+              "Environment": "lab",
+              "Project": "lime",
+              "ServiceProvider": "Rackspace",
+              "TerraformMode": "managed"
+            },
+            "versioning": [
+              {
+                "enabled": false,
+                "mfa_delete": false
+              }
+            ],
+            "website": [],
+            "website_domain": null,
+            "website_endpoint": null
+          },
+          "sensitive_attributes": []
+        }
+      ]
+    }
+  ]
+}
--- a/layers/security_identity_compliance/iam_roles/.terraform.lock.hcl
+++ b/layers/security_identity_compliance/iam_roles/.terraform.lock.hcl
@ -0,0 +1,20 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+  version     = "3.25.0"
+  constraints = ">= 3.25.0"
+  hashes = [
+    "h1:9bXU5cFO/2DX8z5whaGMA7wcCalKQJZrBm89AuePuEM=",
+    "zh:2d3c65461bc63ec39bce7b5afdbed9a3b4dd5c2c8ee94616ad1866e24cf9b8f0",
+    "zh:2fb2ea6ccac30b909b603e183433737a30c58ec1f9a6a8b5565f0f051490c07a",
+    "zh:31a5f192c8cf29fb677cd639824f9a685578a2564c6b790517db33ea56229045",
+    "zh:437a12cf9a4d7bc92c9bf14ee7e224d5d3545cbd2154ba113ae82c4bb68edc27",
+    "zh:4bbdc3155a5dea90b2d50adfa460b0759c4dd959efaf7f66b2a0385a53b469b2",
+    "zh:63a8cd523ba31358692a34a06e111d88769576ac6d0e5adad8e0b4ae0a2d8882",
+    "zh:c4301ce86e8cb2c464949bb99e729ffe7b0c55eaf34b82ba526bb5039bca36f3",
+    "zh:c97b84861c6c550b8d2feb12d089660fffbf51dc7d660dcc9d54d4a7b3c2c882",
+    "zh:d6a103570e2d5c387b068fac4b88654dfa21d44ca1bdfa4bc8ab94c88effd71a",
+    "zh:f08cf2faf960a8ca374ac860f37c31c88ed2bab460116ac74678e0591babaac5",
+  ]
+}
--- a/layers/security_identity_compliance/iam_roles/provider.tf
+++ b/layers/security_identity_compliance/iam_roles/provider.tf
@ -3,10 +3,11 @@ provider "aws" {
 }

 terraform {
-  required_version = "> 0.12, < 0.13"
+  required_version = ">= 0.14"
  required_providers {
-    aws = ">= 3.25.0"
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 3.25"
+    }
  }
 }
-
-data "aws_availability_zones" "current" {}
--- a/layers/security_identity_compliance/iam_roles/terraform.tfstate.1611731190.backup
+++ b/layers/security_identity_compliance/iam_roles/terraform.tfstate.1611731190.backup
@ -0,0 +1,571 @@
+{
+  "version": 4,
+  "terraform_version": "0.14.5",
+  "serial": 135,
+  "lineage": "3c5c117a-331a-4831-2612-b5fd42dfd51f",
+  "outputs": {},
+  "resources": [
+    {
+      "mode": "data",
+      "type": "aws_availability_zones",
+      "name": "current",
+      "provider": "provider[\"registry.terraform.io/-/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "all_availability_zones": null,
+            "exclude_names": null,
+            "exclude_zone_ids": null,
+            "filter": null,
+            "group_names": [
+              "ap-northeast-1"
+            ],
+            "id": "ap-northeast-1",
+            "names": [
+              "ap-northeast-1a",
+              "ap-northeast-1c",
+              "ap-northeast-1d"
+            ],
+            "state": null,
+            "zone_ids": [
+              "apne1-az4",
+              "apne1-az1",
+              "apne1-az2"
+            ]
+          },
+          "sensitive_attributes": []
+        }
+      ]
+    },
+    {
+      "mode": "data",
+      "type": "aws_caller_identity",
+      "name": "this",
+      "provider": "provider[\"registry.terraform.io/-/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "account_id": "573340405480",
+            "arn": "arn:aws:sts::573340405480:assumed-role/Rackspace/racker-ken2-eade1d93",
+            "id": "573340405480",
+            "user_id": "AROAYK7OAJ3UH36WGNMWD:racker-ken2-eade1d93"
+          },
+          "sensitive_attributes": []
+        }
+      ]
+    },
+    {
+      "module": "module.iam-module",
+      "mode": "data",
+      "type": "aws_caller_identity",
+      "name": "this",
+      "provider": "provider[\"registry.terraform.io/-/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "account_id": "573340405480",
+            "arn": "arn:aws:sts::573340405480:assumed-role/Rackspace/racker-ken2-eade1d93",
+            "id": "573340405480",
+            "user_id": "AROAYK7OAJ3UH36WGNMWD:racker-ken2-eade1d93"
+          },
+          "sensitive_attributes": []
+        }
+      ]
+    },
+    {
+      "module": "module.iam-module",
+      "mode": "data",
+      "type": "aws_iam_policy_document",
+      "name": "assume-role-policy",
+      "provider": "provider[\"registry.terraform.io/-/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "id": "3026106514",
+            "json": "{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Sid\": \"AllowMyAccount\",\n      \"Effect\": \"Allow\",\n      \"Action\": \"sts:AssumeRole\",\n      \"Principal\": {\n        \"AWS\": \"573340405480\"\n      }\n    }\n  ]\n}",
+            "override_json": null,
+            "policy_id": null,
+            "source_json": null,
+            "statement": [
+              {
+                "actions": [
+                  "sts:AssumeRole"
+                ],
+                "condition": [],
+                "effect": "Allow",
+                "not_actions": [],
+                "not_principals": [],
+                "not_resources": [],
+                "principals": [
+                  {
+                    "identifiers": [
+                      "573340405480"
+                    ],
+                    "type": "AWS"
+                  }
+                ],
+                "resources": [],
+                "sid": "AllowMyAccount"
+              }
+            ],
+            "version": "2012-10-17"
+          },
+          "sensitive_attributes": []
+        }
+      ]
+    },
+    {
+      "module": "module.iam-module",
+      "mode": "managed",
+      "type": "aws_accessanalyzer_analyzer",
+      "name": "iam-aa",
+      "provider": "provider[\"registry.terraform.io/-/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "analyzer_name": "IAMAcecssAnalyzer",
+            "arn": "arn:aws:access-analyzer:ap-northeast-1:573340405480:analyzer/IAMAcecssAnalyzer",
+            "id": "IAMAcecssAnalyzer",
+            "tags": {
+              "Application": "infra",
+              "BuildDate": "20210127",
+              "Environment": "lab",
+              "Project": "lime",
+              "ServiceProvider": "Rackspace",
+              "TerraformMode": "managed"
+            },
+            "type": "ACCOUNT"
+          },
+          "sensitive_attributes": [],
+          "private": "bnVsbA=="
+        }
+      ]
+    },
+    {
+      "module": "module.iam-module",
+      "mode": "managed",
+      "type": "aws_iam_account_password_policy",
+      "name": "password-policy1",
+      "provider": "provider[\"registry.terraform.io/-/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "allow_users_to_change_password": true,
+            "expire_passwords": true,
+            "hard_expiry": true,
+            "id": "iam-account-password-policy",
+            "max_password_age": 90,
+            "minimum_password_length": 14,
+            "password_reuse_prevention": 24,
+            "require_lowercase_characters": true,
+            "require_numbers": true,
+            "require_symbols": true,
+            "require_uppercase_characters": true
+          },
+          "sensitive_attributes": [],
+          "private": "bnVsbA=="
+        }
+      ]
+    },
+    {
+      "module": "module.iam-module",
+      "mode": "managed",
+      "type": "aws_iam_policy",
+      "name": "CloudHealth-Policy",
+      "provider": "provider[\"registry.terraform.io/-/aws\"]",
+      "instances": []
+    },
+    {
+      "module": "module.iam-module",
+      "mode": "managed",
+      "type": "aws_iam_role",
+      "name": "administrator-role",
+      "provider": "provider[\"registry.terraform.io/-/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "arn": "arn:aws:iam::573340405480:role/kf/lab-awsadmin",
+            "assume_role_policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"AllowMyAccount\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::573340405480:root\"},\"Action\":\"sts:AssumeRole\"}]}",
+            "create_date": "2021-01-27T03:38:50Z",
+            "description": "",
+            "force_detach_policies": false,
+            "id": "lab-awsadmin",
+            "max_session_duration": 7200,
+            "name": "lab-awsadmin",
+            "name_prefix": null,
+            "path": "/kf/",
+            "permissions_boundary": null,
+            "tags": {
+              "Application": "infra",
+              "BuildDate": "20210127",
+              "Environment": "lab",
+              "Project": "lime",
+              "ServiceProvider": "Rackspace",
+              "TerraformMode": "managed"
+            },
+            "unique_id": "AROAYK7OAJ3UFBJP5CDV6"
+          },
+          "sensitive_attributes": [],
+          "private": "bnVsbA=="
+        }
+      ]
+    },
+    {
+      "module": "module.iam-module",
+      "mode": "managed",
+      "type": "aws_iam_role",
+      "name": "billing-role",
+      "provider": "provider[\"registry.terraform.io/-/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "arn": "arn:aws:iam::573340405480:role/kf/lab-billing",
+            "assume_role_policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"AllowMyAccount\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::573340405480:root\"},\"Action\":\"sts:AssumeRole\"}]}",
+            "create_date": "2021-01-27T03:38:50Z",
+            "description": "",
+            "force_detach_policies": false,
+            "id": "lab-billing",
+            "max_session_duration": 3600,
+            "name": "lab-billing",
+            "name_prefix": null,
+            "path": "/kf/",
+            "permissions_boundary": null,
+            "tags": {
+              "Application": "infra",
+              "BuildDate": "20210127",
+              "Environment": "lab",
+              "Project": "lime",
+              "ServiceProvider": "Rackspace",
+              "TerraformMode": "managed"
+            },
+            "unique_id": "AROAYK7OAJ3UHBSE2LATM"
+          },
+          "sensitive_attributes": [],
+          "private": "bnVsbA=="
+        }
+      ]
+    },
+    {
+      "module": "module.iam-module",
+      "mode": "managed",
+      "type": "aws_iam_role",
+      "name": "cloudhealth-role",
+      "provider": "provider[\"registry.terraform.io/-/aws\"]",
+      "instances": []
+    },
+    {
+      "module": "module.iam-module",
+      "mode": "managed",
+      "type": "aws_iam_role",
+      "name": "dba-role",
+      "provider": "provider[\"registry.terraform.io/-/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "arn": "arn:aws:iam::573340405480:role/kf/lab-dba",
+            "assume_role_policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"AllowMyAccount\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::573340405480:root\"},\"Action\":\"sts:AssumeRole\"}]}",
+            "create_date": "2021-01-27T03:38:50Z",
+            "description": "",
+            "force_detach_policies": false,
+            "id": "lab-dba",
+            "max_session_duration": 7200,
+            "name": "lab-dba",
+            "name_prefix": null,
+            "path": "/kf/",
+            "permissions_boundary": null,
+            "tags": {
+              "Application": "infra",
+              "BuildDate": "20210127",
+              "Environment": "lab",
+              "Project": "lime",
+              "ServiceProvider": "Rackspace",
+              "TerraformMode": "managed"
+            },
+            "unique_id": "AROAYK7OAJ3UNCLWYSSEV"
+          },
+          "sensitive_attributes": [],
+          "private": "bnVsbA=="
+        }
+      ]
+    },
+    {
+      "module": "module.iam-module",
+      "mode": "managed",
+      "type": "aws_iam_role",
+      "name": "developer-role",
+      "provider": "provider[\"registry.terraform.io/-/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "arn": "arn:aws:iam::573340405480:role/kf/lab-developer",
+            "assume_role_policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"AllowMyAccount\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::573340405480:root\"},\"Action\":\"sts:AssumeRole\"}]}",
+            "create_date": "2021-01-27T03:38:50Z",
+            "description": "",
+            "force_detach_policies": false,
+            "id": "lab-developer",
+            "max_session_duration": 7200,
+            "name": "lab-developer",
+            "name_prefix": null,
+            "path": "/kf/",
+            "permissions_boundary": null,
+            "tags": {
+              "Application": "infra",
+              "BuildDate": "20210127",
+              "Environment": "lab",
+              "Project": "lime",
+              "ServiceProvider": "Rackspace",
+              "TerraformMode": "managed"
+            },
+            "unique_id": "AROAYK7OAJ3UPSOQR4HNS"
+          },
+          "sensitive_attributes": [],
+          "private": "bnVsbA=="
+        }
+      ]
+    },
+    {
+      "module": "module.iam-module",
+      "mode": "managed",
+      "type": "aws_iam_role",
+      "name": "network-admin-role",
+      "provider": "provider[\"registry.terraform.io/-/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "arn": "arn:aws:iam::573340405480:role/kf/lab-networkadmin",
+            "assume_role_policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"AllowMyAccount\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::573340405480:root\"},\"Action\":\"sts:AssumeRole\"}]}",
+            "create_date": "2021-01-27T03:38:50Z",
+            "description": "",
+            "force_detach_policies": false,
+            "id": "lab-networkadmin",
+            "max_session_duration": 7200,
+            "name": "lab-networkadmin",
+            "name_prefix": null,
+            "path": "/kf/",
+            "permissions_boundary": null,
+            "tags": {
+              "Application": "infra",
+              "BuildDate": "20210127",
+              "Environment": "lab",
+              "Project": "lime",
+              "ServiceProvider": "Rackspace",
+              "TerraformMode": "managed"
+            },
+            "unique_id": "AROAYK7OAJ3UOO7HCXJXZ"
+          },
+          "sensitive_attributes": [],
+          "private": "bnVsbA=="
+        }
+      ]
+    },
+    {
+      "module": "module.iam-module",
+      "mode": "managed",
+      "type": "aws_iam_role",
+      "name": "support-role",
+      "provider": "provider[\"registry.terraform.io/-/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "arn": "arn:aws:iam::573340405480:role/kf/lab-support",
+            "assume_role_policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"AllowMyAccount\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::573340405480:root\"},\"Action\":\"sts:AssumeRole\"}]}",
+            "create_date": "2021-01-27T03:38:50Z",
+            "description": "",
+            "force_detach_policies": false,
+            "id": "lab-support",
+            "max_session_duration": 7200,
+            "name": "lab-support",
+            "name_prefix": null,
+            "path": "/kf/",
+            "permissions_boundary": null,
+            "tags": {
+              "Application": "infra",
+              "BuildDate": "20210127",
+              "Environment": "lab",
+              "Project": "lime",
+              "ServiceProvider": "Rackspace",
+              "TerraformMode": "managed"
+            },
+            "unique_id": "AROAYK7OAJ3UNKOQ5YYSW"
+          },
+          "sensitive_attributes": [],
+          "private": "bnVsbA=="
+        }
+      ]
+    },
+    {
+      "module": "module.iam-module",
+      "mode": "managed",
+      "type": "aws_iam_role_policy_attachment",
+      "name": "administrator-role-policy-attach",
+      "provider": "provider[\"registry.terraform.io/-/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "id": "lab-awsadmin-20210127033852322900000006",
+            "policy_arn": "arn:aws:iam::aws:policy/AdministratorAccess",
+            "role": "lab-awsadmin"
+          },
+          "sensitive_attributes": [],
+          "private": "bnVsbA==",
+          "dependencies": [
+            "module.iam-module.aws_iam_role.administrator-role"
+          ]
+        }
+      ]
+    },
+    {
+      "module": "module.iam-module",
+      "mode": "managed",
+      "type": "aws_iam_role_policy_attachment",
+      "name": "billing-role-policy-attach",
+      "provider": "provider[\"registry.terraform.io/-/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "id": "lab-billing-20210127033852353900000008",
+            "policy_arn": "arn:aws:iam::aws:policy/job-function/Billing",
+            "role": "lab-billing"
+          },
+          "sensitive_attributes": [],
+          "private": "bnVsbA==",
+          "dependencies": [
+            "module.iam-module.aws_iam_role.billing-role"
+          ]
+        }
+      ]
+    },
+    {
+      "module": "module.iam-module",
+      "mode": "managed",
+      "type": "aws_iam_role_policy_attachment",
+      "name": "cloudhealth-role-policy-attach",
+      "provider": "provider[\"registry.terraform.io/-/aws\"]",
+      "instances": []
+    },
+    {
+      "module": "module.iam-module",
+      "mode": "managed",
+      "type": "aws_iam_role_policy_attachment",
+      "name": "dba-role-policy-attach",
+      "provider": "provider[\"registry.terraform.io/-/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "id": "lab-dba-20210127033852297600000002",
+            "policy_arn": "arn:aws:iam::aws:policy/job-function/DatabaseAdministrator",
+            "role": "lab-dba"
+          },
+          "sensitive_attributes": [],
+          "private": "bnVsbA==",
+          "dependencies": [
+            "module.iam-module.aws_iam_role.dba-role"
+          ]
+        }
+      ]
+    },
+    {
+      "module": "module.iam-module",
+      "mode": "managed",
+      "type": "aws_iam_role_policy_attachment",
+      "name": "developer-role-policy-attach1",
+      "provider": "provider[\"registry.terraform.io/-/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "id": "lab-developer-20210127033852321100000005",
+            "policy_arn": "arn:aws:iam::aws:policy/PowerUserAccess",
+            "role": "lab-developer"
+          },
+          "sensitive_attributes": [],
+          "private": "bnVsbA==",
+          "dependencies": [
+            "module.iam-module.aws_iam_role.developer-role"
+          ]
+        }
+      ]
+    },
+    {
+      "module": "module.iam-module",
+      "mode": "managed",
+      "type": "aws_iam_role_policy_attachment",
+      "name": "network-admin-role-policy-attach",
+      "provider": "provider[\"registry.terraform.io/-/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "id": "lab-networkadmin-20210127033852339300000007",
+            "policy_arn": "arn:aws:iam::aws:policy/job-function/NetworkAdministrator",
+            "role": "lab-networkadmin"
+          },
+          "sensitive_attributes": [],
+          "private": "bnVsbA==",
+          "dependencies": [
+            "module.iam-module.aws_iam_role.network-admin-role"
+          ]
+        }
+      ]
+    },
+    {
+      "module": "module.iam-module",
+      "mode": "managed",
+      "type": "aws_iam_role_policy_attachment",
+      "name": "support-role-policy-attach1",
+      "provider": "provider[\"registry.terraform.io/-/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "id": "lab-support-20210127033852305900000004",
+            "policy_arn": "arn:aws:iam::aws:policy/job-function/SupportUser",
+            "role": "lab-support"
+          },
+          "sensitive_attributes": [],
+          "private": "bnVsbA==",
+          "dependencies": [
+            "module.iam-module.aws_iam_role.support-role"
+          ]
+        }
+      ]
+    },
+    {
+      "module": "module.iam-module",
+      "mode": "managed",
+      "type": "aws_iam_role_policy_attachment",
+      "name": "support-role-policy-attach2",
+      "provider": "provider[\"registry.terraform.io/-/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "id": "lab-support-20210127033852299700000003",
+            "policy_arn": "arn:aws:iam::aws:policy/ReadOnlyAccess",
+            "role": "lab-support"
+          },
+          "sensitive_attributes": [],
+          "private": "bnVsbA==",
+          "dependencies": [
+            "module.iam-module.aws_iam_role.support-role"
+          ]
+        }
+      ]
+    }
+  ]
+}