xpk/terraform.aws-baseline-infra
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

UPD: clean up

Browse Source
This commit is contained in:
xpk 2023-02-28 16:38:16 +08:00
parent 734b81fc2b
commit c07f02bf9a
Signed by: xpk
GPG Key ID: CD4FF6793F09AB86
83 changed files with 210324 additions and 4080 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -2,6 +2,8 @@
*.backup *.backup
*.tfstate *.tfstate
*.tfstate.lock *.tfstate.lock
**/*.tfstate
**/*.backup
.terraform/ .terraform/
.DS_Store .DS_Store
*.iml *.iml

10
examples/awsbackup/.terraform.lock.hcl Normal file
View File

@ -0,0 +1,10 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/aws" {
version = "3.75.2"
constraints = "~> 3.75.2"
hashes = [
"h1:x0gluX9ZKEmz+JJW3Ut5GgWDFOq/lhs2vkqJ+xt57zs=",
]
}

8
examples/awsbackup/main.tf Normal file
View File

@ -0,0 +1,8 @@
module aws-backup {
source = "../../modules/storage/aws-backup"
aws-org-id = "o-xs063ifz9j"
backup-plan-retention = var.backup-plan-retention
backup-plan-name = "Daily${var.backup-plan-retention}"
default-tags = local.default-tags
}

13
examples/awsbackup/provider.tf Normal file
View File

@ -0,0 +1,13 @@
provider "aws" {
region = var.aws-region
}
terraform {
required_version = "~> 1.2.5"
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.75.2"
}
}
}

9
examples/awsbackup/terraform.tfvars Normal file
View File

@ -0,0 +1,9 @@
aws-region = "ap-east-1"
customer-name = "bea"
environment = "dev"
project = "iac"
application = "terraform"
costcenter = "none"
DynamicAddressGroup = ""
owner = "Rackspace"
backup-plan-retention = 14

26
examples/awsbackup/variables.tf Normal file
View File

@ -0,0 +1,26 @@
variable "aws-region" {}
variable "customer-name" {}
variable "environment" {}
variable "project" {}
variable "application" {}
variable "owner" {}
variable "costcenter" {}
variable "DynamicAddressGroup" {}
locals {
default-tags = {
ServiceProvider = "RackspaceTechnology"
Environment = var.environment
Project = var.project
Application = var.application
TerraformMode = "managed"
BuildDate = formatdate("YYYYMMDD", timestamp())
Owner = var.owner
CostCenter = var.costcenter
DynamicAddressGroup = var.DynamicAddressGroup
}
resource-prefix = "${var.environment}-substr(${var.aws-region},0,2)-${var.customer-name}-${var.project}"
}
variable backup-plan-retention {}

BIN
examples/backup.tar Normal file
View File

Binary file not shown.

32
examples/bea-adc/.terraform.lock.hcl Normal file
View File

@ -0,0 +1,32 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/aws" {
version = "4.46.0"
constraints = ">= 3.25.0, >= 3.75.2"
hashes = [
"h1:EZB4OgvytV38JpWyye9zoMQ0bfT9yB9xSXM5NY3Lrws=",
"zh:1678e6a4bdb3d81a6713adc62ca0fdb8250c584e10c10d1daca72316e9db8df2",
"zh:329903acf86ef6072502736dff4c43c2b50f762a958f76aa924e2d74c7fca1e3",
"zh:33db8131fe0ec7e1d9f30bc9f65c2440e9c1f708d681b6062757a351f1df7ce6",
"zh:3a3b010bc393784c16f4b6cdce7f76db93d5efa323fce4920bfea9e9ba6abe44",
"zh:979e2713a5759a7483a065e149e3cb69db9225326fc0457fa3fc3a48aed0c63f",
"zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
"zh:9efcf0067e16ad53da7504178a05eb2118770b4ae00c193c10ecad4cbfce308e",
"zh:a10655bf1b6376ab7f3e55efadf54dc70f7bd07ca11369557c312095076f9d62",
"zh:b0394dd42cbd2a718a7dd7ae0283f04769aaf8b3d52664e141da59c0171a11ab",
"zh:b958e614c2cf6d9c05a6ad5e94dc5c04b97ebfb84415da068be5a081b5ebbe24",
"zh:ba5069e624210c63ad9e633a8eb0108b21f2322bc4967ba2b82d09168c466888",
"zh:d7dfa597a17186e7f4d741dd7111849f1c0dd6f7ebc983043d8262d2fb37b408",
"zh:e8a641ca2c99f96d64fa2725875e797273984981d3e54772a2823541c44e3cd3",
"zh:f89898b7067c4246293a8007f59f5cfcac7b8dd251d39886c7a53ba596251466",
"zh:fb1e1df1d5cc208e08a850f8e84423bce080f01f5e901791c79df369d3ed52f2",
]
}
provider "registry.terraform.io/hashicorp/random" {
version = "3.4.3"
hashes = [
"h1:xZGZf18JjMS06pFa4NErzANI98qi59SEcBsOcS2P2yQ=",
]
}

1
examples/bea-adc/.terraform/modules/modules.json Normal file
View File

@ -0,0 +1 @@
{"Modules":[{"Key":"vpc-subnets.vpc-ep","Source":"../vpc-endpoints","Dir":"../../modules/networking/vpc-endpoints"},{"Key":"","Source":"","Dir":"."},{"Key":"adconnector","Source":"../../modules/security_identity_compliance/ds-adconnector","Dir":"../../modules/security_identity_compliance/ds-adconnector"},{"Key":"vpc-subnets","Source":"../../modules/networking/vpc_subnets","Dir":"../../modules/networking/vpc_subnets"}]}

1
examples/bea-adc/.terraform/providers/registry.terraform.io/hashicorp/aws/4.46.0/linux_amd64 Symbolic link
View File

@ -0,0 +1 @@
/home/kn/.terraform.d/plugin-cache/registry.terraform.io/hashicorp/aws/4.46.0/linux_amd64

1
examples/bea-adc/.terraform/providers/registry.terraform.io/hashicorp/random/3.4.3/linux_amd64 Symbolic link
View File

@ -0,0 +1 @@
/home/kn/.terraform.d/plugin-cache/registry.terraform.io/hashicorp/random/3.4.3/linux_amd64

7
examples/bea-adc/README.md Normal file
View File

@ -0,0 +1,7 @@
# bea-adc
Module to deploy network resources and ad connector for use with AWS SSO
## Input variables
The variable adc-service-account-password needs to be supplied via environment variable. This prevents terraform
from saving the password in tfstate or in the source code.

15
examples/bea-adc/locals.tf Normal file
View File

@ -0,0 +1,15 @@
data "aws_caller_identity" "this" {}
locals {
default-tags = merge({
ServiceProvider = "None"
Environment = var.environment
Project = var.project
Application = var.application
TerraformMode = "managed"
TerraformDir = trimprefix(path.cwd, "/my/work/xpk-git/")
CreatedBy = data.aws_caller_identity.this.arn
BuildDate = formatdate("YYYYMMDD", timestamp())
})
resource-prefix = "${var.environment}-${var.aws-region-short}-${var.customer-name}-${var.project}"
}

48
examples/bea-adc/main.tf Normal file
View File

@ -0,0 +1,48 @@
module "vpc-subnets" {
source = "../../modules/networking/vpc_subnets"
application = var.application
aws-region = var.aws-region
customer-name = var.customer-name
default-tags = local.default-tags
environment = var.environment
project = var.project
vpc-cidr = var.vpc-cidr
number-of-private-subnets-per-az = var.number-of-private-subnets-per-az
number-of-public-subnets-per-az = var.number-of-public-subnets-per-az
create-nat-gateway = false
enable-flow-log = true
vpcflowlog-retain-days = 90
vpcflowlog-cwl-loggroup-key-arn = ""
create-free-vpc-endpoints = false
}
# S3 flow log needs to be created separately. it's not supported by vpc_subnets module
resource "aws_flow_log" "vpc-log-s3" {
log_destination = var.vpc-flowlog-bucket-arn
log_destination_type = "s3"
traffic_type = "ALL"
vpc_id = module.vpc-subnets.vpc_id
}
/*
After adc is deployed by terraform, the following tasks need to be performed manually.
They cannot be managed by terraform
1. Edit security group created for adconnector. SG name is d-???_controllers
2. Enable client LDAPS communication
3. Setup maintenance notification through SNS
4. Enable SSO application. Setting enable_sso in member account results in error. alias is deliberately not set
*/
module "adconnector" {
source = "../../modules/security_identity_compliance/ds-adconnector"
adc-dns-ips = var.adc-dns-ips
adc-domainname = var.adc-domainname
adc-service-account-password = var.adc-service-account-password
adc-service-account-username = var.adc-service-account-username
adc-size = var.adc-size
adc-subnet-ids = module.vpc-subnets.private-subnet-ids
adc-vpc-id = module.vpc-subnets.vpc_id
default-tags = local.default-tags
}

11
examples/bea-adc/outputs.tf Normal file
View File

@ -0,0 +1,11 @@
output "directory-id" {
value = module.adconnector.directory-id
}
output "security-group-id" {
value = module.adconnector.security-group-id
}
output "customer-dns-ip" {
value = module.adconnector.customer-dns-ip
}

13
examples/bea-adc/provider.tf Normal file
View File

@ -0,0 +1,13 @@
provider "aws" {
region = var.aws-region
}
terraform {
required_version = ">= 1.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 3.25"
}
}
}

784
examples/bea-adc/terraform.tfstate Normal file
View File

@ -0,0 +1,784 @@
{
"version": 4,
"terraform_version": "1.3.5",
"serial": 108,
"lineage": "5eba630b-18b8-6c2f-5853-88d98c7ecb23",
"outputs": {
"customer-dns-ip": {
"value": [
"10.37.54.214"
],
"type": [
"tuple",
[
"string"
]
]
},
"directory-id": {
"value": "d-c46722ff8d",
"type": "string"
},
"security-group-id": {
"value": "sg-0afbb1f6e8efde66b",
"type": "string"
}
},
"resources": [
{
"mode": "data",
"type": "aws_caller_identity",
"name": "this",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"account_id": "040216112220",
"arn": "arn:aws:iam::040216112220:user/ken2026",
"id": "040216112220",
"user_id": "AIDAQSXIRFROOXYISSIEQ"
},
"sensitive_attributes": []
}
]
},
{
"mode": "data",
"type": "aws_secretsmanager_secret",
"name": "secretmanager",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:secretsmanager:ap-east-1:040216112220:secret:adc-service-account-password-bYmPI5",
"description": "",
"id": "arn:aws:secretsmanager:ap-east-1:040216112220:secret:adc-service-account-password-bYmPI5",
"kms_key_id": "",
"name": "adc-service-account-password",
"policy": "",
"rotation_enabled": false,
"rotation_lambda_arn": "",
"rotation_rules": [],
"tags": {}
},
"sensitive_attributes": []
}
]
},
{
"mode": "data",
"type": "aws_secretsmanager_secret_version",
"name": "adc-service-account-password",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:secretsmanager:ap-east-1:040216112220:secret:adc-service-account-password-bYmPI5",
"id": "arn:aws:secretsmanager:ap-east-1:040216112220:secret:adc-service-account-password-bYmPI5|AWSCURRENT",
"secret_binary": "",
"secret_id": "arn:aws:secretsmanager:ap-east-1:040216112220:secret:adc-service-account-password-bYmPI5",
"secret_string": "{\"password\":\"CyyeooA.MwWVYzmIbtVG\u003cuyLOg\"}",
"version_id": "0ef037d0-d0b3-441e-8931-8d12a8326940",
"version_stage": "AWSCURRENT",
"version_stages": [
"AWSCURRENT"
]
},
"sensitive_attributes": []
}
]
},
{
"module": "module.adconnector",
"mode": "managed",
"type": "aws_directory_service_directory",
"name": "connector",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"access_url": "d-c46722ff8d.awsapps.com",
"alias": "d-c46722ff8d",
"connect_settings": [
{
"availability_zones": [
"ap-east-1a",
"ap-east-1b"
],
"connect_ips": [
"10.37.54.15",
"10.37.54.218"
],
"customer_dns_ips": [
"10.37.54.214"
],
"customer_username": "svc-awssso-adconnector",
"subnet_ids": [
"subnet-0bb56e6f48ead7ab8",
"subnet-0ce4d8183d810dcc2"
],
"vpc_id": "vpc-0d81f835ba4c7c987"
}
],
"description": "ADConnector",
"desired_number_of_domain_controllers": 0,
"dns_ip_addresses": [
"10.37.54.15",
"10.37.54.218"
],
"edition": "",
"enable_sso": false,
"id": "d-c46722ff8d",
"name": "acme.local",
"password": "CyyeooA.MwWVYzmIbtVG\u003cuyLOg",
"security_group_id": "sg-0afbb1f6e8efde66b",
"short_name": "acme",
"size": "Small",
"tags": {
"Application": "sso",
"BuildDate": "20221212",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "preview",
"Project": "sso",
"ServiceProvider": "None",
"TerraformDir": "terraform.aws-baseline-infra/examples/bea-adc",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "sso",
"BuildDate": "20221212",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "preview",
"Project": "sso",
"ServiceProvider": "None",
"TerraformDir": "terraform.aws-baseline-infra/examples/bea-adc",
"TerraformMode": "managed"
},
"timeouts": null,
"type": "ADConnector",
"vpc_settings": []
},
"sensitive_attributes": [
[
{
"type": "get_attr",
"value": "password"
}
]
],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozNjAwMDAwMDAwMDAwLCJkZWxldGUiOjM2MDAwMDAwMDAwMDAsInVwZGF0ZSI6MzYwMDAwMDAwMDAwMH19",
"dependencies": [
"data.aws_caller_identity.this",
"data.aws_secretsmanager_secret.secretmanager",
"data.aws_secretsmanager_secret_version.adc-service-account-password",
"module.vpc-subnets.aws_subnet.private-subnets",
"module.vpc-subnets.aws_vpc.vpc",
"module.vpc-subnets.data.aws_availability_zones.available-az"
]
}
]
},
{
"module": "module.vpc-subnets",
"mode": "data",
"type": "aws_availability_zones",
"name": "available-az",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"all_availability_zones": null,
"exclude_names": null,
"exclude_zone_ids": null,
"filter": null,
"group_names": [
"ap-east-1"
],
"id": "ap-east-1",
"names": [
"ap-east-1a",
"ap-east-1b",
"ap-east-1c"
],
"state": "available",
"timeouts": null,
"zone_ids": [
"ape1-az1",
"ape1-az2",
"ape1-az3"
]
},
"sensitive_attributes": []
}
]
},
{
"module": "module.vpc-subnets",
"mode": "data",
"type": "aws_caller_identity",
"name": "this",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"account_id": "040216112220",
"arn": "arn:aws:iam::040216112220:user/ken2026",
"id": "040216112220",
"user_id": "AIDAQSXIRFROOXYISSIEQ"
},
"sensitive_attributes": []
}
]
},
{
"module": "module.vpc-subnets",
"mode": "managed",
"type": "aws_cloudwatch_log_group",
"name": "vpcflowlog-loggroup",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"arn": "arn:aws:logs:ap-east-1:040216112220:log-group:vpcflowlog/vpc-0d81f835ba4c7c987/20221212063458987800000001",
"id": "vpcflowlog/vpc-0d81f835ba4c7c987/20221212063458987800000001",
"kms_key_id": "",
"name": "vpcflowlog/vpc-0d81f835ba4c7c987/20221212063458987800000001",
"name_prefix": "vpcflowlog/vpc-0d81f835ba4c7c987/",
"retention_in_days": 90,
"skip_destroy": false,
"tags": {
"Application": "sso",
"BuildDate": "20221212",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "preview",
"Project": "sso",
"ServiceProvider": "None",
"TerraformDir": "terraform.aws-baseline-infra/examples/bea-adc",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "sso",
"BuildDate": "20221212",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "preview",
"Project": "sso",
"ServiceProvider": "None",
"TerraformDir": "terraform.aws-baseline-infra/examples/bea-adc",
"TerraformMode": "managed"
}
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"data.aws_caller_identity.this",
"module.vpc-subnets.aws_vpc.vpc"
]
}
]
},
{
"module": "module.vpc-subnets",
"mode": "managed",
"type": "aws_default_security_group",
"name": "default-sg",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 1,
"attributes": {
"arn": "arn:aws:ec2:ap-east-1:040216112220:security-group/sg-09101f3abd257889b",
"description": "default VPC security group",
"egress": [
{
"cidr_blocks": [],
"description": "Allow traffic going to this SG",
"from_port": 0,
"ipv6_cidr_blocks": [],
"prefix_list_ids": [],
"protocol": "-1",
"security_groups": [],
"self": true,
"to_port": 0
}
],
"id": "sg-09101f3abd257889b",
"ingress": [
{
"cidr_blocks": [],
"description": "Allow traffic coming from this SG",
"from_port": 0,
"ipv6_cidr_blocks": [],
"prefix_list_ids": [],
"protocol": "-1",
"security_groups": [],
"self": true,
"to_port": 0
}
],
"name": "default",
"name_prefix": "",
"owner_id": "040216112220",
"revoke_rules_on_delete": false,
"tags": {
"Application": "sso",
"BuildDate": "20221212",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "preview",
"Name": "preview-ap-bea-sso-defaultsg",
"Project": "sso",
"ServiceProvider": "None",
"TerraformDir": "terraform.aws-baseline-infra/examples/bea-adc",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "sso",
"BuildDate": "20221212",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "preview",
"Name": "preview-ap-bea-sso-defaultsg",
"Project": "sso",
"ServiceProvider": "None",
"TerraformDir": "terraform.aws-baseline-infra/examples/bea-adc",
"TerraformMode": "managed"
},
"vpc_id": "vpc-0d81f835ba4c7c987"
},
"sensitive_attributes": [],
"private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
"dependencies": [
"data.aws_caller_identity.this",
"module.vpc-subnets.aws_vpc.vpc"
]
}
]
},
{
"module": "module.vpc-subnets",
"mode": "managed",
"type": "aws_flow_log",
"name": "vpc-flowlog",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"arn": "arn:aws:ec2:ap-east-1:040216112220:vpc-flow-log/fl-02f430d7b36edca16",
"destination_options": [],
"eni_id": null,
"iam_role_arn": "arn:aws:iam::040216112220:role/service/preview-ap-bea-sso-vpcflowlog",
"id": "fl-02f430d7b36edca16",
"log_destination": "arn:aws:logs:ap-east-1:040216112220:log-group:vpcflowlog/vpc-0d81f835ba4c7c987/20221212063458987800000001",
"log_destination_type": "cloud-watch-logs",
"log_format": "${version} ${account-id} ${interface-id} ${srcaddr} ${dstaddr} ${srcport} ${dstport} ${protocol} ${packets} ${bytes} ${start} ${end} ${action} ${log-status}",
"log_group_name": "vpcflowlog/vpc-0d81f835ba4c7c987/20221212063458987800000001",
"max_aggregation_interval": 600,
"subnet_id": null,
"tags": {
"Application": "sso",
"BuildDate": "20221212",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "preview",
"Name": "preview-ap-bea-sso-vpcflowlog",
"Project": "sso",
"ServiceProvider": "None",
"TerraformDir": "terraform.aws-baseline-infra/examples/bea-adc",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "sso",
"BuildDate": "20221212",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "preview",
"Name": "preview-ap-bea-sso-vpcflowlog",
"Project": "sso",
"ServiceProvider": "None",
"TerraformDir": "terraform.aws-baseline-infra/examples/bea-adc",
"TerraformMode": "managed"
},
"traffic_type": "ALL",
"transit_gateway_attachment_id": null,
"transit_gateway_id": null,
"vpc_id": "vpc-0d81f835ba4c7c987"
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"data.aws_caller_identity.this",
"module.vpc-subnets.aws_cloudwatch_log_group.vpcflowlog-loggroup",
"module.vpc-subnets.aws_iam_role.vpcflowlog-role",
"module.vpc-subnets.aws_vpc.vpc"
]
}
]
},
{
"module": "module.vpc-subnets",
"mode": "managed",
"type": "aws_iam_role",
"name": "vpcflowlog-role",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:iam::040216112220:role/service/preview-ap-bea-sso-vpcflowlog",
"assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"vpc-flow-logs.amazonaws.com\"},\"Sid\":\"\"}],\"Version\":\"2012-10-17\"}",
"create_date": "2022-12-12T06:34:48Z",
"description": "",
"force_detach_policies": false,
"id": "preview-ap-bea-sso-vpcflowlog",
"inline_policy": [
{
"name": "preview-ap-bea-sso-vpcflowlog",
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"logs:DescribeLogGroups\",\n \"logs:DescribeLogStreams\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n"
}
],
"managed_policy_arns": [],
"max_session_duration": 3600,
"name": "preview-ap-bea-sso-vpcflowlog",
"name_prefix": "",
"path": "/service/",
"permissions_boundary": null,
"tags": {},
"tags_all": {},
"unique_id": "AROAQSXIRFROBSK2XWEUN"
},
"sensitive_attributes": [],
"private": "bnVsbA=="
}
]
},
{
"module": "module.vpc-subnets",
"mode": "managed",
"type": "aws_iam_role_policy",
"name": "vpcflowlog-role-policy",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "preview-ap-bea-sso-vpcflowlog:preview-ap-bea-sso-vpcflowlog",
"name": "preview-ap-bea-sso-vpcflowlog",
"name_prefix": null,
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"logs:DescribeLogGroups\",\n \"logs:DescribeLogStreams\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"role": "preview-ap-bea-sso-vpcflowlog"
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"module.vpc-subnets.aws_iam_role.vpcflowlog-role"
]
}
]
},
{
"module": "module.vpc-subnets",
"mode": "managed",
"type": "aws_route_table",
"name": "private-route-table",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"arn": "arn:aws:ec2:ap-east-1:040216112220:route-table/rtb-0bdeffdac8e3215f4",
"id": "rtb-0bdeffdac8e3215f4",
"owner_id": "040216112220",
"propagating_vgws": [],
"route": [
{
"carrier_gateway_id": "",
"cidr_block": "0.0.0.0/0",
"core_network_arn": "",
"destination_prefix_list_id": "",
"egress_only_gateway_id": "",
"gateway_id": "igw-060da6481bbc4cedd",
"instance_id": "",
"ipv6_cidr_block": "",
"local_gateway_id": "",
"nat_gateway_id": "",
"network_interface_id": "",
"transit_gateway_id": "",
"vpc_endpoint_id": "",
"vpc_peering_connection_id": ""
}
],
"tags": {
"Application": "sso",
"BuildDate": "20221212",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "preview",
"Name": "preview-ap-bea-sso-privateroutetable",
"Project": "sso",
"ServiceProvider": "None",
"TerraformDir": "terraform.aws-baseline-infra/examples/bea-adc",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "sso",
"BuildDate": "20221212",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "preview",
"Name": "preview-ap-bea-sso-privateroutetable",
"Project": "sso",
"ServiceProvider": "None",
"TerraformDir": "terraform.aws-baseline-infra/examples/bea-adc",
"TerraformMode": "managed"
},
"timeouts": null,
"vpc_id": "vpc-0d81f835ba4c7c987"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsImRlbGV0ZSI6MzAwMDAwMDAwMDAwLCJ1cGRhdGUiOjEyMDAwMDAwMDAwMH19",
"dependencies": [
"data.aws_caller_identity.this",
"module.vpc-subnets.aws_vpc.vpc"
]
}
]
},
{
"module": "module.vpc-subnets",
"mode": "managed",
"type": "aws_route_table_association",
"name": "private_route_association",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"gateway_id": "",
"id": "rtbassoc-067b22e8a44ffa92b",
"route_table_id": "rtb-0bdeffdac8e3215f4",
"subnet_id": "subnet-0bb56e6f48ead7ab8"
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"data.aws_caller_identity.this",
"module.vpc-subnets.aws_route_table.private-route-table",
"module.vpc-subnets.aws_subnet.private-subnets",
"module.vpc-subnets.aws_vpc.vpc",
"module.vpc-subnets.data.aws_availability_zones.available-az"
]
},
{
"index_key": 1,
"schema_version": 0,
"attributes": {
"gateway_id": "",
"id": "rtbassoc-08e5c1bfc024792a9",
"route_table_id": "rtb-0bdeffdac8e3215f4",
"subnet_id": "subnet-0ce4d8183d810dcc2"
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"data.aws_caller_identity.this",
"module.vpc-subnets.aws_route_table.private-route-table",
"module.vpc-subnets.aws_subnet.private-subnets",
"module.vpc-subnets.aws_vpc.vpc",
"module.vpc-subnets.data.aws_availability_zones.available-az"
]
}
]
},
{
"module": "module.vpc-subnets",
"mode": "managed",
"type": "aws_subnet",
"name": "private-subnets",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 1,
"attributes": {
"arn": "arn:aws:ec2:ap-east-1:040216112220:subnet/subnet-0bb56e6f48ead7ab8",
"assign_ipv6_address_on_creation": false,
"availability_zone": "ap-east-1a",
"availability_zone_id": "ape1-az1",
"cidr_block": "10.37.54.0/25",
"customer_owned_ipv4_pool": "",
"enable_dns64": false,
"enable_resource_name_dns_a_record_on_launch": false,
"enable_resource_name_dns_aaaa_record_on_launch": false,
"id": "subnet-0bb56e6f48ead7ab8",
"ipv6_cidr_block": "",
"ipv6_cidr_block_association_id": "",
"ipv6_native": false,
"map_customer_owned_ip_on_launch": false,
"map_public_ip_on_launch": false,
"outpost_arn": "",
"owner_id": "040216112220",
"private_dns_hostname_type_on_launch": "ip-name",
"tags": {
"Application": "sso",
"BuildDate": "20221212",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "preview",
"Name": "preview-ap-bea-sso-private-1a-1",
"Project": "sso",
"ServiceProvider": "None",
"TerraformDir": "terraform.aws-baseline-infra/examples/bea-adc",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "sso",
"BuildDate": "20221212",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "preview",
"Name": "preview-ap-bea-sso-private-1a-1",
"Project": "sso",
"ServiceProvider": "None",
"TerraformDir": "terraform.aws-baseline-infra/examples/bea-adc",
"TerraformMode": "managed"
},
"timeouts": null,
"vpc_id": "vpc-0d81f835ba4c7c987"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9",
"dependencies": [
"data.aws_caller_identity.this",
"module.vpc-subnets.aws_vpc.vpc",
"module.vpc-subnets.data.aws_availability_zones.available-az"
]
},
{
"index_key": 1,
"schema_version": 1,
"attributes": {
"arn": "arn:aws:ec2:ap-east-1:040216112220:subnet/subnet-0ce4d8183d810dcc2",
"assign_ipv6_address_on_creation": false,
"availability_zone": "ap-east-1b",
"availability_zone_id": "ape1-az2",
"cidr_block": "10.37.54.128/25",
"customer_owned_ipv4_pool": "",
"enable_dns64": false,
"enable_resource_name_dns_a_record_on_launch": false,
"enable_resource_name_dns_aaaa_record_on_launch": false,
"id": "subnet-0ce4d8183d810dcc2",
"ipv6_cidr_block": "",
"ipv6_cidr_block_association_id": "",
"ipv6_native": false,
"map_customer_owned_ip_on_launch": false,
"map_public_ip_on_launch": false,
"outpost_arn": "",
"owner_id": "040216112220",
"private_dns_hostname_type_on_launch": "ip-name",
"tags": {
"Application": "sso",
"BuildDate": "20221212",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "preview",
"Name": "preview-ap-bea-sso-private-1b-2",
"Project": "sso",
"ServiceProvider": "None",
"TerraformDir": "terraform.aws-baseline-infra/examples/bea-adc",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "sso",
"BuildDate": "20221212",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "preview",
"Name": "preview-ap-bea-sso-private-1b-2",
"Project": "sso",
"ServiceProvider": "None",
"TerraformDir": "terraform.aws-baseline-infra/examples/bea-adc",
"TerraformMode": "managed"
},
"timeouts": null,
"vpc_id": "vpc-0d81f835ba4c7c987"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9",
"dependencies": [
"data.aws_caller_identity.this",
"module.vpc-subnets.aws_vpc.vpc",
"module.vpc-subnets.data.aws_availability_zones.available-az"
]
}
]
},
{
"module": "module.vpc-subnets",
"mode": "managed",
"type": "aws_vpc",
"name": "vpc",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 1,
"attributes": {
"arn": "arn:aws:ec2:ap-east-1:040216112220:vpc/vpc-0d81f835ba4c7c987",
"assign_generated_ipv6_cidr_block": false,
"cidr_block": "10.37.54.0/24",
"default_network_acl_id": "acl-0de827d3ddc477c49",
"default_route_table_id": "rtb-0424596d3c3a61221",
"default_security_group_id": "sg-09101f3abd257889b",
"dhcp_options_id": "dopt-005007bcb610d7cdc",
"enable_classiclink": false,
"enable_classiclink_dns_support": false,
"enable_dns_hostnames": true,
"enable_dns_support": true,
"enable_network_address_usage_metrics": false,
"id": "vpc-0d81f835ba4c7c987",
"instance_tenancy": "default",
"ipv4_ipam_pool_id": null,
"ipv4_netmask_length": null,
"ipv6_association_id": "",
"ipv6_cidr_block": "",
"ipv6_cidr_block_network_border_group": "",
"ipv6_ipam_pool_id": "",
"ipv6_netmask_length": 0,
"main_route_table_id": "rtb-0424596d3c3a61221",
"owner_id": "040216112220",
"tags": {
"Application": "sso",
"BuildDate": "20221212",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "preview",
"Name": "preview-ap-bea-sso-vpc",
"Project": "sso",
"ServiceProvider": "None",
"TerraformDir": "terraform.aws-baseline-infra/examples/bea-adc",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "sso",
"BuildDate": "20221212",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "preview",
"Name": "preview-ap-bea-sso-vpc",
"Project": "sso",
"ServiceProvider": "None",
"TerraformDir": "terraform.aws-baseline-infra/examples/bea-adc",
"TerraformMode": "managed"
}
},
"sensitive_attributes": [],
"private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
"dependencies": [
"data.aws_caller_identity.this"
],
"create_before_destroy": true
}
]
}
],
"check_results": null
}

790
examples/bea-adc/terraform.tfstate.backup Normal file
View File

@ -0,0 +1,790 @@
{
"version": 4,
"terraform_version": "1.3.5",
"serial": 107,
"lineage": "5eba630b-18b8-6c2f-5853-88d98c7ecb23",
"outputs": {
"customer-dns-ip": {
"value": [
"10.37.54.214"
],
"type": [
"tuple",
[
"string"
]
]
},
"directory-id": {
"value": "d-c46722ff8d",
"type": "string"
},
"security-group-id": {
"value": "sg-0afbb1f6e8efde66b",
"type": "string"
}
},
"resources": [
{
"mode": "data",
"type": "aws_caller_identity",
"name": "this",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"account_id": "040216112220",
"arn": "arn:aws:iam::040216112220:user/ken2026",
"id": "040216112220",
"user_id": "AIDAQSXIRFROOXYISSIEQ"
},
"sensitive_attributes": []
}
]
},
{
"mode": "data",
"type": "aws_secretsmanager_secret",
"name": "secretmanager",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:secretsmanager:ap-east-1:040216112220:secret:adc-service-account-password-bYmPI5",
"description": "",
"id": "arn:aws:secretsmanager:ap-east-1:040216112220:secret:adc-service-account-password-bYmPI5",
"kms_key_id": "",
"name": "adc-service-account-password",
"policy": "",
"rotation_enabled": false,
"rotation_lambda_arn": "",
"rotation_rules": [],
"tags": {}
},
"sensitive_attributes": []
}
]
},
{
"mode": "data",
"type": "aws_secretsmanager_secret_version",
"name": "adc-service-account-password",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:secretsmanager:ap-east-1:040216112220:secret:adc-service-account-password-bYmPI5",
"id": "arn:aws:secretsmanager:ap-east-1:040216112220:secret:adc-service-account-password-bYmPI5|AWSCURRENT",
"secret_binary": "",
"secret_id": "arn:aws:secretsmanager:ap-east-1:040216112220:secret:adc-service-account-password-bYmPI5",
"secret_string": "{\"password\":\"CyyeooA.MwWVYzmIbtVG\u003cuyLOg\"}",
"version_id": "0ef037d0-d0b3-441e-8931-8d12a8326940",
"version_stage": "AWSCURRENT",
"version_stages": [
"AWSCURRENT"
]
},
"sensitive_attributes": []
}
]
},
{
"module": "module.adconnector",
"mode": "managed",
"type": "aws_directory_service_directory",
"name": "connector",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"access_url": "d-c46722ff8d.awsapps.com",
"alias": "d-c46722ff8d",
"connect_settings": [
{
"availability_zones": [
"ap-east-1a",
"ap-east-1b"
],
"connect_ips": [
"10.37.54.15",
"10.37.54.218"
],
"customer_dns_ips": [
"10.37.54.214"
],
"customer_username": "svc-awssso-adconnector",
"subnet_ids": [
"subnet-0bb56e6f48ead7ab8",
"subnet-0ce4d8183d810dcc2"
],
"vpc_id": "vpc-0d81f835ba4c7c987"
}
],
"description": "ADConnector",
"desired_number_of_domain_controllers": 0,
"dns_ip_addresses": [
"10.37.54.15",
"10.37.54.218"
],
"edition": "",
"enable_sso": false,
"id": "d-c46722ff8d",
"name": "acme.local",
"password": "CyyeooA.MwWVYzmIbtVG\u003cuyLOg",
"security_group_id": "sg-0afbb1f6e8efde66b",
"short_name": "acme",
"size": "Small",
"tags": {
"Application": "sso",
"BuildDate": "20221212",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "preview",
"Project": "sso",
"ServiceProvider": "None",
"TerraformDir": "terraform.aws-baseline-infra/examples/bea-adc",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "sso",
"BuildDate": "20221212",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "preview",
"Project": "sso",
"ServiceProvider": "None",
"TerraformDir": "terraform.aws-baseline-infra/examples/bea-adc",
"TerraformMode": "managed"
},
"timeouts": null,
"type": "ADConnector",
"vpc_settings": []
},
"sensitive_attributes": [
[
{
"type": "get_attr",
"value": "password"
}
]
],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozNjAwMDAwMDAwMDAwLCJkZWxldGUiOjM2MDAwMDAwMDAwMDAsInVwZGF0ZSI6MzYwMDAwMDAwMDAwMH19",
"dependencies": [
"data.aws_caller_identity.this",
"data.aws_secretsmanager_secret_version.adc-service-account-password",
"module.vpc-subnets.aws_subnet.private-subnets",
"module.vpc-subnets.aws_vpc.vpc",
"module.vpc-subnets.data.aws_availability_zones.available-az"
]
}
]
},
{
"module": "module.vpc-subnets",
"mode": "data",
"type": "aws_availability_zones",
"name": "available-az",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"all_availability_zones": null,
"exclude_names": null,
"exclude_zone_ids": null,
"filter": null,
"group_names": [
"ap-east-1"
],
"id": "ap-east-1",
"names": [
"ap-east-1a",
"ap-east-1b",
"ap-east-1c"
],
"state": "available",
"timeouts": null,
"zone_ids": [
"ape1-az1",
"ape1-az2",
"ape1-az3"
]
},
"sensitive_attributes": []
}
]
},
{
"module": "module.vpc-subnets",
"mode": "data",
"type": "aws_caller_identity",
"name": "this",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"account_id": "040216112220",
"arn": "arn:aws:iam::040216112220:user/ken2026",
"id": "040216112220",
"user_id": "AIDAQSXIRFROOXYISSIEQ"
},
"sensitive_attributes": []
}
]
},
{
"module": "module.vpc-subnets",
"mode": "managed",
"type": "aws_cloudwatch_log_group",
"name": "vpcflowlog-loggroup",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"arn": "arn:aws:logs:ap-east-1:040216112220:log-group:vpcflowlog/vpc-0d81f835ba4c7c987/20221212063458987800000001",
"id": "vpcflowlog/vpc-0d81f835ba4c7c987/20221212063458987800000001",
"kms_key_id": "",
"name": "vpcflowlog/vpc-0d81f835ba4c7c987/20221212063458987800000001",
"name_prefix": "vpcflowlog/vpc-0d81f835ba4c7c987/",
"retention_in_days": 90,
"skip_destroy": false,
"tags": {
"Application": "sso",
"BuildDate": "20221212",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "preview",
"Project": "sso",
"ServiceProvider": "None",
"TerraformDir": "terraform.aws-baseline-infra/examples/bea-adc",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "sso",
"BuildDate": "20221212",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "preview",
"Project": "sso",
"ServiceProvider": "None",
"TerraformDir": "terraform.aws-baseline-infra/examples/bea-adc",
"TerraformMode": "managed"
}
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"data.aws_caller_identity.this",
"module.vpc-subnets.aws_vpc.vpc"
]
}
]
},
{
"module": "module.vpc-subnets",
"mode": "managed",
"type": "aws_default_security_group",
"name": "default-sg",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 1,
"attributes": {
"arn": "arn:aws:ec2:ap-east-1:040216112220:security-group/sg-09101f3abd257889b",
"description": "default VPC security group",
"egress": [
{
"cidr_blocks": [],
"description": "Allow traffic going to this SG",
"from_port": 0,
"ipv6_cidr_blocks": [],
"prefix_list_ids": [],
"protocol": "-1",
"security_groups": [],
"self": true,
"to_port": 0
}
],
"id": "sg-09101f3abd257889b",
"ingress": [
{
"cidr_blocks": [],
"description": "Allow traffic coming from this SG",
"from_port": 0,
"ipv6_cidr_blocks": [],
"prefix_list_ids": [],
"protocol": "-1",
"security_groups": [],
"self": true,
"to_port": 0
}
],
"name": "default",
"name_prefix": "",
"owner_id": "040216112220",
"revoke_rules_on_delete": false,
"tags": {
"Application": "sso",
"BuildDate": "20221212",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "preview",
"Name": "preview-ap-bea-sso-defaultsg",
"Project": "sso",
"ServiceProvider": "None",
"TerraformDir": "terraform.aws-baseline-infra/examples/bea-adc",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "sso",
"BuildDate": "20221212",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "preview",
"Name": "preview-ap-bea-sso-defaultsg",
"Project": "sso",
"ServiceProvider": "None",
"TerraformDir": "terraform.aws-baseline-infra/examples/bea-adc",
"TerraformMode": "managed"
},
"vpc_id": "vpc-0d81f835ba4c7c987"
},
"sensitive_attributes": [],
"private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
"dependencies": [
"data.aws_caller_identity.this",
"module.vpc-subnets.aws_vpc.vpc"
]
}
]
},
{
"module": "module.vpc-subnets",
"mode": "managed",
"type": "aws_flow_log",
"name": "vpc-flowlog",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"arn": "arn:aws:ec2:ap-east-1:040216112220:vpc-flow-log/fl-02f430d7b36edca16",
"destination_options": [],
"eni_id": null,
"iam_role_arn": "arn:aws:iam::040216112220:role/service/preview-ap-bea-sso-vpcflowlog",
"id": "fl-02f430d7b36edca16",
"log_destination": "arn:aws:logs:ap-east-1:040216112220:log-group:vpcflowlog/vpc-0d81f835ba4c7c987/20221212063458987800000001",
"log_destination_type": "cloud-watch-logs",
"log_format": "${version} ${account-id} ${interface-id} ${srcaddr} ${dstaddr} ${srcport} ${dstport} ${protocol} ${packets} ${bytes} ${start} ${end} ${action} ${log-status}",
"log_group_name": "vpcflowlog/vpc-0d81f835ba4c7c987/20221212063458987800000001",
"max_aggregation_interval": 600,
"subnet_id": null,
"tags": {
"Application": "sso",
"BuildDate": "20221212",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "preview",
"Name": "preview-ap-bea-sso-vpcflowlog",
"Project": "sso",
"ServiceProvider": "None",
"TerraformDir": "terraform.aws-baseline-infra/examples/bea-adc",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "sso",
"BuildDate": "20221212",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "preview",
"Name": "preview-ap-bea-sso-vpcflowlog",
"Project": "sso",
"ServiceProvider": "None",
"TerraformDir": "terraform.aws-baseline-infra/examples/bea-adc",
"TerraformMode": "managed"
},
"traffic_type": "ALL",
"transit_gateway_attachment_id": null,
"transit_gateway_id": null,
"vpc_id": "vpc-0d81f835ba4c7c987"
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"data.aws_caller_identity.this",
"module.vpc-subnets.aws_cloudwatch_log_group.vpcflowlog-loggroup",
"module.vpc-subnets.aws_iam_role.vpcflowlog-role",
"module.vpc-subnets.aws_vpc.vpc"
]
}
]
},
{
"module": "module.vpc-subnets",
"mode": "managed",
"type": "aws_iam_role",
"name": "vpcflowlog-role",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:iam::040216112220:role/service/preview-ap-bea-sso-vpcflowlog",
"assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"vpc-flow-logs.amazonaws.com\"},\"Sid\":\"\"}],\"Version\":\"2012-10-17\"}",
"create_date": "2022-12-12T06:34:48Z",
"description": "",
"force_detach_policies": false,
"id": "preview-ap-bea-sso-vpcflowlog",
"inline_policy": [
{
"name": "preview-ap-bea-sso-vpcflowlog",
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"logs:DescribeLogGroups\",\n \"logs:DescribeLogStreams\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n"
}
],
"managed_policy_arns": [],
"max_session_duration": 3600,
"name": "preview-ap-bea-sso-vpcflowlog",
"name_prefix": "",
"path": "/service/",
"permissions_boundary": null,
"tags": {},
"tags_all": {},
"unique_id": "AROAQSXIRFROBSK2XWEUN"
},
"sensitive_attributes": [],
"private": "bnVsbA=="
}
]
},
{
"module": "module.vpc-subnets",
"mode": "managed",
"type": "aws_iam_role_policy",
"name": "vpcflowlog-role-policy",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "preview-ap-bea-sso-vpcflowlog:preview-ap-bea-sso-vpcflowlog",
"name": "preview-ap-bea-sso-vpcflowlog",
"name_prefix": null,
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"logs:DescribeLogGroups\",\n \"logs:DescribeLogStreams\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"role": "preview-ap-bea-sso-vpcflowlog"
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"module.vpc-subnets.aws_iam_role.vpcflowlog-role"
]
}
]
},
{
"module": "module.vpc-subnets",
"mode": "managed",
"type": "aws_route_table",
"name": "private-route-table",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"arn": "arn:aws:ec2:ap-east-1:040216112220:route-table/rtb-0bdeffdac8e3215f4",
"id": "rtb-0bdeffdac8e3215f4",
"owner_id": "040216112220",
"propagating_vgws": [],
"route": [
{
"carrier_gateway_id": "",
"cidr_block": "0.0.0.0/0",
"core_network_arn": "",
"destination_prefix_list_id": "",
"egress_only_gateway_id": "",
"gateway_id": "igw-060da6481bbc4cedd",
"instance_id": "",
"ipv6_cidr_block": "",
"local_gateway_id": "",
"nat_gateway_id": "",
"network_interface_id": "",
"transit_gateway_id": "",
"vpc_endpoint_id": "",
"vpc_peering_connection_id": ""
}
],
"tags": {
"Application": "sso",
"BuildDate": "20221212",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "preview",
"Name": "preview-ap-bea-sso-privateroutetable",
"Project": "sso",
"ServiceProvider": "None",
"TerraformDir": "terraform.aws-baseline-infra/examples/bea-adc",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "sso",
"BuildDate": "20221212",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "preview",
"Name": "preview-ap-bea-sso-privateroutetable",
"Project": "sso",
"ServiceProvider": "None",
"TerraformDir": "terraform.aws-baseline-infra/examples/bea-adc",
"TerraformMode": "managed"
},
"timeouts": null,
"vpc_id": "vpc-0d81f835ba4c7c987"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsImRlbGV0ZSI6MzAwMDAwMDAwMDAwLCJ1cGRhdGUiOjEyMDAwMDAwMDAwMH19",
"dependencies": [
"data.aws_caller_identity.this",
"module.vpc-subnets.aws_vpc.vpc"
]
}
]
},
{
"module": "module.vpc-subnets",
"mode": "managed",
"type": "aws_route_table_association",
"name": "private_route_association",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"gateway_id": "",
"id": "rtbassoc-067b22e8a44ffa92b",
"route_table_id": "rtb-0bdeffdac8e3215f4",
"subnet_id": "subnet-0bb56e6f48ead7ab8"
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"data.aws_caller_identity.this",
"module.vpc-subnets.aws_route_table.private-route-table",
"module.vpc-subnets.aws_subnet.private-subnets",
"module.vpc-subnets.aws_vpc.vpc",
"module.vpc-subnets.data.aws_availability_zones.available-az"
]
},
{
"index_key": 1,
"schema_version": 0,
"attributes": {
"gateway_id": "",
"id": "rtbassoc-08e5c1bfc024792a9",
"route_table_id": "rtb-0bdeffdac8e3215f4",
"subnet_id": "subnet-0ce4d8183d810dcc2"
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"data.aws_caller_identity.this",
"module.vpc-subnets.aws_route_table.private-route-table",
"module.vpc-subnets.aws_subnet.private-subnets",
"module.vpc-subnets.aws_vpc.vpc",
"module.vpc-subnets.data.aws_availability_zones.available-az"
]
}
]
},
{
"module": "module.vpc-subnets",
"mode": "managed",
"type": "aws_subnet",
"name": "private-subnets",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 1,
"attributes": {
"arn": "arn:aws:ec2:ap-east-1:040216112220:subnet/subnet-0bb56e6f48ead7ab8",
"assign_ipv6_address_on_creation": false,
"availability_zone": "ap-east-1a",
"availability_zone_id": "ape1-az1",
"cidr_block": "10.37.54.0/25",
"customer_owned_ipv4_pool": "",
"enable_dns64": false,
"enable_resource_name_dns_a_record_on_launch": false,
"enable_resource_name_dns_aaaa_record_on_launch": false,
"id": "subnet-0bb56e6f48ead7ab8",
"ipv6_cidr_block": "",
"ipv6_cidr_block_association_id": "",
"ipv6_native": false,
"map_customer_owned_ip_on_launch": false,
"map_public_ip_on_launch": false,
"outpost_arn": "",
"owner_id": "040216112220",
"private_dns_hostname_type_on_launch": "ip-name",
"tags": {
"Application": "sso",
"BuildDate": "20221212",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "preview",
"Name": "preview-ap-bea-sso-private-1a-1",
"Project": "sso",
"ServiceProvider": "None",
"TerraformDir": "terraform.aws-baseline-infra/examples/bea-adc",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "sso",
"BuildDate": "20221212",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "preview",
"Name": "preview-ap-bea-sso-private-1a-1",
"Project": "sso",
"ServiceProvider": "None",
"TerraformDir": "terraform.aws-baseline-infra/examples/bea-adc",
"TerraformMode": "managed"
},
"timeouts": null,
"vpc_id": "vpc-0d81f835ba4c7c987"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9",
"dependencies": [
"data.aws_caller_identity.this",
"module.vpc-subnets.aws_vpc.vpc",
"module.vpc-subnets.data.aws_availability_zones.available-az"
]
},
{
"index_key": 1,
"schema_version": 1,
"attributes": {
"arn": "arn:aws:ec2:ap-east-1:040216112220:subnet/subnet-0ce4d8183d810dcc2",
"assign_ipv6_address_on_creation": false,
"availability_zone": "ap-east-1b",
"availability_zone_id": "ape1-az2",
"cidr_block": "10.37.54.128/25",
"customer_owned_ipv4_pool": "",
"enable_dns64": false,
"enable_resource_name_dns_a_record_on_launch": false,
"enable_resource_name_dns_aaaa_record_on_launch": false,
"id": "subnet-0ce4d8183d810dcc2",
"ipv6_cidr_block": "",
"ipv6_cidr_block_association_id": "",
"ipv6_native": false,
"map_customer_owned_ip_on_launch": false,
"map_public_ip_on_launch": false,
"outpost_arn": "",
"owner_id": "040216112220",
"private_dns_hostname_type_on_launch": "ip-name",
"tags": {
"Application": "sso",
"BuildDate": "20221212",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "preview",
"Name": "preview-ap-bea-sso-private-1b-2",
"Project": "sso",
"ServiceProvider": "None",
"TerraformDir": "terraform.aws-baseline-infra/examples/bea-adc",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "sso",
"BuildDate": "20221212",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "preview",
"Name": "preview-ap-bea-sso-private-1b-2",
"Project": "sso",
"ServiceProvider": "None",
"TerraformDir": "terraform.aws-baseline-infra/examples/bea-adc",
"TerraformMode": "managed"
},
"timeouts": null,
"vpc_id": "vpc-0d81f835ba4c7c987"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9",
"dependencies": [
"data.aws_caller_identity.this",
"module.vpc-subnets.aws_vpc.vpc",
"module.vpc-subnets.data.aws_availability_zones.available-az"
]
}
]
},
{
"module": "module.vpc-subnets",
"mode": "managed",
"type": "aws_vpc",
"name": "vpc",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 1,
"attributes": {
"arn": "arn:aws:ec2:ap-east-1:040216112220:vpc/vpc-0d81f835ba4c7c987",
"assign_generated_ipv6_cidr_block": false,
"cidr_block": "10.37.54.0/24",
"default_network_acl_id": "acl-0de827d3ddc477c49",
"default_route_table_id": "rtb-0424596d3c3a61221",
"default_security_group_id": "sg-09101f3abd257889b",
"dhcp_options_id": "dopt-005007bcb610d7cdc",
"enable_classiclink": false,
"enable_classiclink_dns_support": false,
"enable_dns_hostnames": true,
"enable_dns_support": true,
"enable_network_address_usage_metrics": false,
"id": "vpc-0d81f835ba4c7c987",
"instance_tenancy": "default",
"ipv4_ipam_pool_id": null,
"ipv4_netmask_length": null,
"ipv6_association_id": "",
"ipv6_cidr_block": "",
"ipv6_cidr_block_network_border_group": "",
"ipv6_ipam_pool_id": "",
"ipv6_netmask_length": 0,
"main_route_table_id": "rtb-0424596d3c3a61221",
"owner_id": "040216112220",
"tags": {
"Application": "sso",
"BuildDate": "20221212",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "preview",
"Name": "preview-ap-bea-sso-vpc",
"Project": "sso",
"ServiceProvider": "None",
"TerraformDir": "terraform.aws-baseline-infra/examples/bea-adc",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "sso",
"BuildDate": "20221212",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "preview",
"Name": "preview-ap-bea-sso-vpc",
"Project": "sso",
"ServiceProvider": "None",
"TerraformDir": "terraform.aws-baseline-infra/examples/bea-adc",
"TerraformMode": "managed"
}
},
"sensitive_attributes": [],
"private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
"dependencies": [
"data.aws_caller_identity.this"
],
"create_before_destroy": true
}
]
}
],
"check_results": [
{
"object_kind": "resource",
"config_addr": "module.vpc-subnets.module.vpc-ep.data.aws_vpc.this-vpc",
"status": "pass",
"objects": null
}
]
}

15
examples/bea-adc/terraform.tfvars Normal file
View File

@ -0,0 +1,15 @@
aws-region = "ap-east-1"
aws-region-short = "ape1"
customer-name = "bea"
environment = "preview"
project = "sso"
application = "sso"
vpc-cidr = "10.37.54.0/24"
number-of-public-subnets-per-az = 0
number-of-private-subnets-per-az = 1
vpc-flowlog-bucket-arn = "arn:aws:s3:::prd-vpc-flow-logs-894849410890"
adc-domainname = "hkbea.com"
adc-size = "Large"
adc-dns-ips = ["10.135.72.66", "10.135.72.67"]
adc-service-account-username = "AWSSSOPRD"
adc-enable-sso = true

22
examples/bea-adc/variables.tf Normal file
View File

@ -0,0 +1,22 @@
variable "aws-region" {}
variable "aws-region-short" {}
variable "customer-name" {}
variable "environment" {}
variable "project" {}
variable "application" {}
variable "vpc-cidr" {}
variable "number-of-private-subnets-per-az" {}
variable "number-of-public-subnets-per-az" {}
variable vpc-flowlog-bucket-arn {}
variable "adc-domainname" {}
variable "adc-size" {}
variable "adc-dns-ips" {}
variable "adc-service-account-username" {}
variable "adc-service-account-password" {
type = string
sensitive = true
description = "Please supply ad svc account with environment variable (i.e. export TG_VAR_adc-service-account-password=xxx"
default = ""
}
variable "adc-enable-sso" {}

40
examples/bea-mbk-monitoring-moved-to-bea-working-dir/.terraform.lock.hcl Normal file
View File

@ -0,0 +1,40 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/aws" {
version = "4.36.1"
hashes = [
"h1:04NI9x34nwhgghwevSGdsjssqy5zzvMsQg2Qjpmx/n0=",
"zh:19b16047b4f15e9b8538a2b925f1e860463984eed7d9bd78e870f3e884e827a7",
"zh:3c0db06a9a14b05a77f3fe1fc029a5fb153f4966964790ca8e71ecc3427d83f5",
"zh:3c7407a8229005e07bc274cbae6e3a464c441a88810bfc6eceb2414678fd08ae",
"zh:3d96fa82c037fafbd3e7f4edc1de32afb029416650f6e392c39182fc74a9e03a",
"zh:8f4f540c5f63d847c4b802ca84d148bb6275a3b0723deb09bf933a4800bc7209",
"zh:9802cb77472d6bcf24c196ce2ca6d02fac9db91558536325fec85f955b71a8a4",
"zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
"zh:a263352433878c89832c2e38f4fd56cf96ae9969c13b5c710d5ba043cbd95743",
"zh:aca7954a5f458ceb14bf0c04c961c4e1e9706bf3b854a1e90a97d0b20f0fe6d3",
"zh:d78f400332e87a97cce2e080db9d01beb01f38f5402514a6705d6b8167e7730d",
"zh:e14bdc49be1d8b7d2543d5c58078c84b76051085e8e6715a895dcfe6034b6098",
"zh:f2e400b88c8de170bb5027922226da1e9a6614c03f2a6756c15c3b930c2f460c",
]
}
provider "registry.terraform.io/hashicorp/external" {
version = "2.2.2"
hashes = [
"h1:e7RpnZ2PbJEEPnfsg7V0FNwbfSk0/Z3FdrLsXINBmDY=",
"zh:0b84ab0af2e28606e9c0c1289343949339221c3ab126616b831ddb5aaef5f5ca",
"zh:10cf5c9b9524ca2e4302bf02368dc6aac29fb50aeaa6f7758cce9aa36ae87a28",
"zh:56a016ee871c8501acb3f2ee3b51592ad7c3871a1757b098838349b17762ba6b",
"zh:719d6ef39c50e4cffc67aa67d74d195adaf42afcf62beab132dafdb500347d39",
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
"zh:7fbfc4d37435ac2f717b0316f872f558f608596b389b895fcb549f118462d327",
"zh:8ac71408204db606ce63fe8f9aeaf1ddc7751d57d586ec421e62d440c402e955",
"zh:a4cacdb06f114454b6ed0033add28006afa3f65a0ea7a43befe45fc82e6809fb",
"zh:bb5ce3132b52ae32b6cc005bc9f7627b95259b9ffe556de4dad60d47d47f21f0",
"zh:bb60d2976f125ffd232a7ccb4b3f81e7109578b23c9c6179f13a11d125dca82a",
"zh:f9540ecd2e056d6e71b9ea5f5a5cf8f63dd5c25394b9db831083a9d4ea99b372",
"zh:ffd998b55b8a64d4335a090b6956b4bf8855b290f7554dd38db3302de9c41809",
]
}

1
examples/bea-mbk-monitoring-moved-to-bea-working-dir/.terraform/environment Normal file
View File

@ -0,0 +1 @@
sandbox

1
examples/bea-mbk-monitoring-moved-to-bea-working-dir/.terraform/modules/modules.json Normal file
View File

@ -0,0 +1 @@
{"Modules":[{"Key":"es-domains","Source":"../../modules/util/resource-list","Dir":"../../modules/util/resource-list"},{"Key":"kafka-clusters","Source":"../../modules/util/resource-list","Dir":"../../modules/util/resource-list"},{"Key":"nlb-monitoring","Source":"../../modules/ManagementGovernance/Monitoring.NLB","Dir":"../../modules/ManagementGovernance/Monitoring.NLB"},{"Key":"es-monitoring","Source":"../../modules/ManagementGovernance/Monitoring.OpenSearch","Dir":"../../modules/ManagementGovernance/Monitoring.OpenSearch"},{"Key":"ec2-instances","Source":"../../modules/util/resource-list","Dir":"../../modules/util/resource-list"},{"Key":"nlb-arns","Source":"../../modules/util/resource-list","Dir":"../../modules/util/resource-list"},{"Key":"emr-clusters","Source":"../../modules/util/resource-list","Dir":"../../modules/util/resource-list"},{"Key":"ec2-monitoring","Source":"../../modules/ManagementGovernance/Monitoring.EC2","Dir":"../../modules/ManagementGovernance/Monitoring.EC2"},{"Key":"kafka-monitoring","Source":"../../modules/ManagementGovernance/Monitoring.Kafka","Dir":"../../modules/ManagementGovernance/Monitoring.Kafka"},{"Key":"kafka-monitoring.msk-brokers","Source":"../../util/resource-list","Dir":"../../modules/util/resource-list"},{"Key":"redis-instances","Source":"../../modules/util/resource-list","Dir":"../../modules/util/resource-list"},{"Key":"redis-monitoring","Source":"../../modules/ManagementGovernance/Monitoring.Redis","Dir":"../../modules/ManagementGovernance/Monitoring.Redis"},{"Key":"emr-monitoring","Source":"../../modules/ManagementGovernance/Monitoring.EMR","Dir":"../../modules/ManagementGovernance/Monitoring.EMR"},{"Key":"asg-monitoring","Source":"../../modules/ManagementGovernance/Monitoring.ASG","Dir":"../../modules/ManagementGovernance/Monitoring.ASG"},{"Key":"health-events","Source":"../../modules/ManagementGovernance/Monitoring.EventBridge","Dir":"../../modules/ManagementGovernance/Monitoring.EventBridge"},{"Key":"","Source":"","Dir":"."},{"Key":"nlb-monitoring.nlb-targetgroups","Source":"../../util/resource-list","Dir":"../../modules/util/resource-list"},{"Key":"ngw-monitoring","Source":"../../modules/ManagementGovernance/Monitoring.NGW","Dir":"../../modules/ManagementGovernance/Monitoring.NGW"},{"Key":"rds-instances","Source":"../../modules/util/resource-list","Dir":"../../modules/util/resource-list"},{"Key":"tgw","Source":"../../modules/util/resource-list","Dir":"../../modules/util/resource-list"},{"Key":"asg","Source":"../../modules/util/resource-list","Dir":"../../modules/util/resource-list"},{"Key":"eks-monitoring","Source":"../../modules/ManagementGovernance/Monitoring.EKS","Dir":"../../modules/ManagementGovernance/Monitoring.EKS"},{"Key":"ngw","Source":"../../modules/util/resource-list","Dir":"../../modules/util/resource-list"},{"Key":"rds-monitoring","Source":"../../modules/ManagementGovernance/Monitoring.RDS","Dir":"../../modules/ManagementGovernance/Monitoring.RDS"},{"Key":"tgw-monitoring","Source":"../../modules/ManagementGovernance/Monitoring.TGW","Dir":"../../modules/ManagementGovernance/Monitoring.TGW"}]}

1
examples/bea-mbk-monitoring-moved-to-bea-working-dir/.terraform/providers/registry.terraform.io/hashicorp/aws/4.36.1/linux_amd64 Symbolic link
View File

@ -0,0 +1 @@
/home/kn/.terraform.d/plugin-cache/registry.terraform.io/hashicorp/aws/4.36.1/linux_amd64

1
examples/bea-mbk-monitoring-moved-to-bea-working-dir/.terraform/providers/registry.terraform.io/hashicorp/external/2.2.2/linux_amd64 vendored Symbolic link
View File

@ -0,0 +1 @@
/home/kn/.terraform.d/plugin-cache/registry.terraform.io/hashicorp/external/2.2.2/linux_amd64

3
examples/bea-mbk-monitoring-moved-to-bea-working-dir/README.md Normal file
View File

@ -0,0 +1,3 @@
# Watchman ticketing
When appropriate service block is associated with the accounts, watchman begins to work.
For example: https://encore.rackspace.com/ticketing/account/faws:469238638779/ticket/221025-ord-0000700

37
examples/bea-mbk-monitoring-moved-to-bea-working-dir/dev.tfvars Normal file
View File

@ -0,0 +1,37 @@
aws-region = "ap-east-1"
customer-name = "bea"
environment = "dev"
project = "mbk"
application = "monitoring"
costcenter = "mbk"
DynamicAddressGroup = ""
owner = "bea"
actions-enabled = false
/*
rds-instance-ids = ["whk1-bea-icc-mbk-dev-rds-backup-test",
"whk1-bea-icc-mbk-dev-rds-cms01",
"whk1-bea-icc-mbk-dev-rds-cyb01",
"whk1-bea-icc-mbk-dev-rds-cyb02",
"whk1-bea-icc-mbk-dev-rds-mcp01",
"whk1-bea-icc-mbk-dev-rds-mpaas-a01-uat",
"whk1-bea-icc-mbk-dev-rds-mpaas-a02-uat",
"whk1-bea-icc-mbk-dev-rds-mpaas-a03-uat",
"whk1-bea-icc-mbk-dev-rds-mpaas-b01-uat",
"whk1-bea-icc-mbk-dev-rds-mpaas-b02-uat",
"whk1-bea-icc-mbk-dev-rds-mpaas-b03-uat",
"whk1-bea-icc-mbk-dev-rds-mpaas-b04-uat",
"whk2-bea-icc-mbk-dev-rds-agree-mbk-cyb-dev",
"whk2-bea-icc-mbk-dev-rds-agree-mbk-cyb-sit",
"whk2-bea-icc-mbk-dev-rds-agree-mbk-cyb-uat",
"whk2-bea-icc-mbk-dev-rds-cms-dev",
"whk2-bea-icc-mbk-dev-rds-cms-sit",
"whk2-bea-icc-mbk-dev-rds-cms-uat",
"whk2-bea-icc-mbk-dev-rds-mpaas-a01",
"whk2-bea-icc-mbk-dev-rds-mpaas-a02",
"whk2-bea-icc-mbk-dev-rds-mpaas-a03",
"whk2-bea-icc-mbk-dev-rds-mpaas-b01",
"whk2-bea-icc-mbk-dev-rds-mpaas-b02",
"whk2-bea-icc-mbk-dev-rds-mpaas-b03",
"whk2-bea-icc-mbk-dev-rds-mpaas-b04"]
*/

16
examples/bea-mbk-monitoring-moved-to-bea-working-dir/lixil.tfvars Normal file
View File

@ -0,0 +1,16 @@
aws-region = "ap-southeast-1"
customer-name = "lixil"
environment = "all"
project = "aws"
application = "monitoring"
costcenter = ""
DynamicAddressGroup = ""
owner = "Lixil"
actions-enabled = false
sns-targets = {
alarm-actions-urgent = "arn:aws:sns:ap-southeast-1:728959568254:rackspace-support-urgent"
alarm-actions-emergency = "arn:aws:sns:ap-southeast-1:728959568254:rackspace-support-emergency"
alarm-actions-standard = "arn:aws:sns:ap-southeast-1:728959568254:rackspace-support-standard"
alarm-actions-general = "arn:aws:sns:ap-southeast-1:728959568254:rackspace-support"
}

258
examples/bea-mbk-monitoring-moved-to-bea-working-dir/main.tf Normal file
View File

@ -0,0 +1,258 @@
// detect sns topic arn
locals {
sns-targets = {
alarm-actions-urgent = data.aws_sns_topic.rackspace-support-urgent.arn
alarm-actions-emergency = data.aws_sns_topic.rackspace-support-emergency.arn
alarm-actions-standard = data.aws_sns_topic.rackspace-support-standard.arn
alarm-actions-general = data.aws_sns_topic.rackspace-support.arn
}
}
// Health event monitoring
module "health-events" {
source = "../../modules/ManagementGovernance/Monitoring.EventBridge"
cw-alarm-prefix = local.cw-alarm-prefix
actions-enabled = true
default-tags = local.default-tags
sns-targets = local.sns-targets
}
// RDS monitoring
module "rds-instances" {
source = "../../modules/util/resource-list"
resource-type = "rds"
}
module "rds-monitoring" {
# for_each = toset(var.rds-instance-ids)
cw-alarm-prefix = local.cw-alarm-prefix
for_each = module.rds-instances.result-set
source = "../../modules/ManagementGovernance/Monitoring.RDS"
default-tags = local.default-tags
rds-instance-name = each.value
threshold-CpuUtilization = 90
threshold-FreeableMemory = 512 * 1024 * 1024
threshold-FreeStorageSpace = 5 * 1024 * 1024 * 1024
threshold-DiskQueueDepth = 30
threshold-ReadLatency = 0.03
threshold-WriteLatency = 0.03
actions-enabled = var.actions-enabled
sns-targets = local.sns-targets
}
// Redis monitoring
module "redis-instances" {
source = "../../modules/util/resource-list"
resource-type = "redis"
}
module "redis-monitoring" {
cw-alarm-prefix = local.cw-alarm-prefix
for_each = module.redis-instances.result-set
source = "../../modules/ManagementGovernance/Monitoring.Redis"
default-tags = local.default-tags
redis-cluster-id = each.value
threshold-EngineCPUUtilization = 90
threshold-DatabaseMemoryUsagePercentage = 90
threshold-CacheHitRate = 3
threshold-StringBasedCmdsLatency = 100000 # 1 second
actions-enabled = var.actions-enabled
sns-targets = local.sns-targets
}
// EC2 monitoring
module "ec2-instances" {
source = "../../modules/util/resource-list"
resource-type = "ec2"
}
module "ec2-monitoring" {
cw-alarm-prefix = local.cw-alarm-prefix
for_each = module.ec2-instances.result-set
source = "../../modules/ManagementGovernance/Monitoring.EC2"
default-tags = local.default-tags
ec2-instance-id = each.value
threshold-CPUUtilization = 90
#threshold-mem_free = 100000
threshold-mem_used_percent = 95
#threshold-swap_free = 100000
threshold-swap_used_percent = 70
#threshold-disk_free = 1 * 1000 * 1000 * 1000
threshold-disk_used_percentage = 90
threshold-disk_inodes_free = 10000
threshold-processes_total = 500
threshold-LogicalDiskFreePct = 10
threshold-MemoryCommittedPct = 90
actions-enabled = var.actions-enabled
sns-targets = local.sns-targets
}
// NLB monitoring
module "nlb-arns" {
source = "../../modules/util/resource-list"
resource-type = "nlb"
}
module "nlb-monitoring" {
cw-alarm-prefix = local.cw-alarm-prefix
for_each = module.nlb-arns.result-set
source = "../../modules/ManagementGovernance/Monitoring.NLB"
default-tags = local.default-tags
load-balancer = each.value
threshold-HealthHostCountMin = 1
actions-enabled = var.actions-enabled
sns-targets = local.sns-targets
}
/* disabled for now. all of their ALB returns static http response and with no target group attached
data "external" "alb-arns" {
program = ["bash", "./list-alb.sh"]
}
module "alb-monitoring" {
for_each = toset(split(" ", data.external.alb-arns.result.result))
source = "../../modules/ManagementGovernance/Monitoring.ALB"
default-tags = local.default-tags
load-balancer = each.value
threshold-HealthHostCountMin = 1
}
*/
// EMR monitoring
module "emr-clusters" {
source = "../../modules/util/resource-list"
resource-type = "emr"
}
module "emr-monitoring" {
cw-alarm-prefix = local.cw-alarm-prefix
for_each = module.emr-clusters.result-set
source = "../../modules/ManagementGovernance/Monitoring.EMR"
default-tags = local.default-tags
job-flow-id = split("/", each.value)[1]
threshold-AppsPending = 2
threshold-CapacityRemainingGB = 100
actions-enabled = var.actions-enabled
sns-targets = local.sns-targets
}
// ASG monitoring
module "asg" {
source = "../../modules/util/resource-list"
resource-type = "asg"
}
module "asg-monitoring" {
cw-alarm-prefix = local.cw-alarm-prefix
for_each = module.asg.result-set
source = "../../modules/ManagementGovernance/Monitoring.ASG"
default-tags = local.default-tags
asg-name = each.value
threshold-CPUUtilization = 90
actions-enabled = var.actions-enabled
sns-targets = local.sns-targets
}
// OpenSearch monitoring
module "es-domains" {
source = "../../modules/util/resource-list"
resource-type = "opensearch"
}
module "es-monitoring" {
cw-alarm-prefix = local.cw-alarm-prefix
for_each = module.es-domains.result-set
source = "../../modules/ManagementGovernance/Monitoring.OpenSearch"
default-tags = local.default-tags
domain-name = each.value
threshold-CPUUtilization = 90
threshold-IndexingLatency = 3
threshold-SearchLatency = 3
threshold-ClusterIndexWritesBlocked = 1
threshold-FreeStorageSpace = 5120
threshold-JVMMemoryPressure = 95
threshold-MasterCPUUtilization = 50
threshold-MasterJVMMemoryPressure = 95
threshold-ThreadpoolSearchQueue = 500
threshold-ThreadpoolSearchRejected = 1
threshold-ThreadpoolWriteQueue = 100
threshold-ThreadpoolWriteRejected = 1
actions-enabled = var.actions-enabled
sns-targets = local.sns-targets
}
// MSK monitoring
module "kafka-clusters" {
source = "../../modules/util/resource-list"
resource-type = "kafka"
}
module "kafka-monitoring" {
cw-alarm-prefix = local.cw-alarm-prefix
for_each = module.kafka-clusters.result-set
source = "../../modules/ManagementGovernance/Monitoring.Kafka"
default-tags = local.default-tags
cluster-name = each.value
actions-enabled = var.actions-enabled
sns-targets = local.sns-targets
threshold-ZooKeeperRequestLatencyMsMean = 30
threshold-CpuUserSystem = 60
threshold-HeapMemoryAfterGC = 60
threshold-KafkaDataLogsDiskUsed = 85
}
// transit gateway monitoring
module "tgw" {
source = "../../modules/util/resource-list"
resource-type = "tgw"
}
module "tgw-monitoring" {
cw-alarm-prefix = local.cw-alarm-prefix
for_each = module.tgw.result-set
source = "../../modules/ManagementGovernance/Monitoring.TGW"
default-tags = local.default-tags
tgw-id = each.value
threshold-PacketDropCountNoRoute = 100
actions-enabled = var.actions-enabled
sns-targets = local.sns-targets
}
// NAT Gateway monitoring
module "ngw" {
source = "../../modules/util/resource-list"
resource-type = "ngw"
}
module "ngw-monitoring" {
cw-alarm-prefix = local.cw-alarm-prefix
for_each = module.ngw.result-set
source = "../../modules/ManagementGovernance/Monitoring.NGW"
default-tags = local.default-tags
res-id = each.value
threshold-ErrorPortAllocation = 0
threshold-ConnectionEstablishedCount = 1000
threshold-PacketsDropCount = 10
actions-enabled = var.actions-enabled
sns-targets = local.sns-targets
}
// EKS monitoring
data "aws_eks_clusters" "eks-clusters" {}
module "eks-monitoring" {
cw-alarm-prefix = local.cw-alarm-prefix
for_each = data.aws_eks_clusters.eks-clusters.names
source = "../../modules/ManagementGovernance/Monitoring.EKS"
default-tags = local.default-tags
cluster-name = each.value
eks-namespace = "default"
pod-names = ["depl-nginx", "depl-alpine"]
threshold-pod_cpu_utilization = 85
threshold-pod_memory_utilization = 85
threshold-pod_number_of_container_restarts = 5
actions-enabled = var.actions-enabled
sns-targets = local.sns-targets
}

35
examples/bea-mbk-monitoring-moved-to-bea-working-dir/outputs.tf Normal file
View File

@ -0,0 +1,35 @@
output count-ec2-instances {
value = length(module.ec2-instances.result-set)
}
output count-rds-instances {
value = length(module.rds-instances.result-set)
}
output count-redis-instances {
value = length(module.redis-instances.result-set)
}
output count-nlb-arns {
value = length(module.nlb-arns.result-set)
}
output count-emr-clusters {
value = length(module.emr-clusters.result-set)
}
output count-asg {
value = length(module.asg.result-set)
}
output count-es-domains {
value = length(module.es-domains.result-set)
}
output count-kafka-clusters {
value = length(module.kafka-clusters.result-set)
}
output count-eks-clusters {
value = length(data.aws_eks_clusters.eks-clusters.names)
}

23
examples/bea-mbk-monitoring-moved-to-bea-working-dir/provider.tf Normal file
View File

@ -0,0 +1,23 @@
provider "aws" {
region = var.aws-region
#assume_role {
# role_arn = "arn:aws:iam::671675473339:role/pam-iacdeploy-mbk-uat"
# session_name = "terraform-cli"
#}
}
terraform {
required_version = ">= 1.3.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 3.75.2"
}
}
#backend "s3" {
# bucket = "whk1-bea-sys-ss-uat-tfgen2-state1"
# key = "terraform_state/Workload/bea-icc-mbk/terraform.tfstate"
# region = "ap-east-1"
# dynamodb_table = "whk1-bea-sys-ss-uat-tfgen2-lock"
# encrypt = true
#}
}

9
examples/bea-mbk-monitoring-moved-to-bea-working-dir/sandbox.tfvars Normal file
View File

@ -0,0 +1,9 @@
aws-region = "ap-east-1"
customer-name = "ken2026"
environment = "prod"
project = "beabast"
application = "monitoring"
costcenter = ""
DynamicAddressGroup = ""
owner = "Rackspace"
actions-enabled = false

15
examples/bea-mbk-monitoring-moved-to-bea-working-dir/sns-ds.tf Normal file
View File

@ -0,0 +1,15 @@
data "aws_sns_topic" "rackspace-support" {
name = "rackspace-support"
}
data "aws_sns_topic" "rackspace-support-standard" {
name = "rackspace-support-standard"
}
data "aws_sns_topic" "rackspace-support-urgent" {
name = "rackspace-support-urgent"
}
data "aws_sns_topic" "rackspace-support-emergency" {
name = "rackspace-support-emergency"
}

42
examples/bea-mbk-monitoring-moved-to-bea-working-dir/terraform.tfstate Normal file
View File

@ -0,0 +1,42 @@
{
"version": 4,
"terraform_version": "1.3.0",
"serial": 46367,
"lineage": "c937bcb4-8eaa-e954-7b2d-957982594f26",
"outputs": {
"count-asg": {
"value": 4,
"type": "number"
},
"count-ec2-instances": {
"value": 24,
"type": "number"
},
"count-emr-clusters": {
"value": 0,
"type": "number"
},
"count-es-domains": {
"value": 1,
"type": "number"
},
"count-kafka-clusters": {
"value": 0,
"type": "number"
},
"count-nlb-arns": {
"value": 77,
"type": "number"
},
"count-rds-instances": {
"value": 12,
"type": "number"
},
"count-redis-instances": {
"value": 24,
"type": "number"
}
},
"resources": [],
"check_results": []
}

17465
examples/bea-mbk-monitoring-moved-to-bea-working-dir/terraform.tfstate.d/dev/terraform.tfstate Normal file
View File

File diff suppressed because it is too large Load Diff

17649
examples/bea-mbk-monitoring-moved-to-bea-working-dir/terraform.tfstate.d/dev/terraform.tfstate.backup Normal file
View File

File diff suppressed because it is too large Load Diff

23283
examples/bea-mbk-monitoring-moved-to-bea-working-dir/terraform.tfstate.d/lixil/terraform.tfstate Normal file
View File

File diff suppressed because it is too large Load Diff

23283
examples/bea-mbk-monitoring-moved-to-bea-working-dir/terraform.tfstate.d/lixil/terraform.tfstate.backup Normal file
View File

File diff suppressed because it is too large Load Diff

4694
examples/bea-mbk-monitoring-moved-to-bea-working-dir/terraform.tfstate.d/sandbox/terraform.tfstate Normal file
View File

File diff suppressed because it is too large Load Diff

4688
examples/bea-mbk-monitoring-moved-to-bea-working-dir/terraform.tfstate.d/sandbox/terraform.tfstate.backup Normal file
View File

File diff suppressed because it is too large Load Diff

56922
examples/bea-mbk-monitoring-moved-to-bea-working-dir/terraform.tfstate.d/uat/terraform.tfstate Normal file
View File

File diff suppressed because one or more lines are too long

56922
examples/bea-mbk-monitoring-moved-to-bea-working-dir/terraform.tfstate.d/uat/terraform.tfstate.backup Normal file
View File

File diff suppressed because one or more lines are too long

11
examples/bea-mbk-monitoring-moved-to-bea-working-dir/uat.tfvars Normal file
View File

@ -0,0 +1,11 @@
aws-region = "ap-east-1"
customer-name = "bea"
environment = "uat"
project = "mbk"
application = "monitoring"
costcenter = "mbk"
DynamicAddressGroup = ""
owner = "bea"
actions-enabled = false

31
examples/bea-mbk-monitoring-moved-to-bea-working-dir/variables.tf Normal file
View File

@ -0,0 +1,31 @@
variable "aws-region" {}
variable "customer-name" {}
variable "environment" {}
variable "project" {}
variable "application" {}
variable "owner" {}
variable "costcenter" {}
variable "DynamicAddressGroup" {}
variable actions-enabled {}
data "aws_caller_identity" "this" {}
locals {
cw-alarm-prefix = "${upper(var.project)}-${upper(var.environment)}"
default-tags = {
ServiceProvider = "RackspaceTechnology"
Environment = var.environment
Project = var.project
Application = var.application
TerraformMode = "managed"
LastModified = formatdate("YYYYMMDD", timestamp())
ModifiedBy = data.aws_caller_identity.this.arn
Owner = var.owner
CostCenter = var.costcenter
DynamicAddressGroup = var.DynamicAddressGroup
}
resource-prefix = "${var.environment}-substr(${var.aws-region},0,2)-${var.customer-name}-${var.project}"
}

25
examples/bea-sso-preview/.terraform.lock.hcl Normal file
View File

@ -0,0 +1,25 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/aws" {
version = "4.45.0"
constraints = ">= 3.25.0"
hashes = [
"h1:J/XjRsEJIpxi+mczXQfnH3nvfACv3LRDtrthQJCIibY=",
"zh:22da03786f25658a000d1bcc28c780816a97e7e8a1f59fff6eee7d452830e95e",
"zh:2543be56eee0491eb0c79ca1c901dcbf71da26625961fe719f088263fef062f4",
"zh:31a1da1e3beedfd88c3c152ab505bdcf330427f26b75835885526f7bb75c4857",
"zh:4409afe50f225659d5f378fe9303a45052953a1219f7f1acc82b69d07528b7ba",
"zh:4dadec3b783f10d2f8eef3dab5e817baae9c932a7967d45fe3d77fcbcbdaa438",
"zh:55be80d6e24828dcb0db7a0226fb275415c1c0ad63dd2f33b76f3ac0cd64e6a6",
"zh:560bba29efb7dbe0bfcc937369d88817aa31a8d18aa25395b1afe2576cb04495",
"zh:6caacc202e83438ff63d5d96733e283f44e349668d96c6b1c5c7df463ebf85cc",
"zh:6cabab83a61d5b4ac801c5a5d57556a0e76ec8dc879d28cf777509db5f6a657e",
"zh:96c4528bf9c16edb8841b68479ec51c499ed7fa680462fa28caeab3fc168bb43",
"zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
"zh:cdc0b47ff840d708fbf75abfe86d23dc7f1dffdd233a771822a17b5c637f4769",
"zh:d9a9583e82776d1ebb6cf6c3d47acc2b302f8778f470ceffe7579dc794eb1feb",
"zh:e9367ca9f6f6418a23cdf8d01f29dd0c4f614e78499f52a767a422e4c334b915",
"zh:f6d355a2fb3bcebb597f68bbca4fa2aaa364efd29240236c582375e219d77656",
]
}

1
examples/bea-sso-preview/.terraform/modules/modules.json Normal file
View File

@ -0,0 +1 @@
{"Modules":[{"Key":"","Source":"","Dir":"."},{"Key":"sso","Source":"../../modules/security_identity_compliance/sso-permissionsets","Dir":"../../modules/security_identity_compliance/sso-permissionsets"}]}

1
examples/bea-sso-preview/.terraform/providers/registry.terraform.io/hashicorp/aws/4.45.0/linux_amd64 Symbolic link
View File

@ -0,0 +1 @@
/home/kn/.terraform.d/plugin-cache/registry.terraform.io/hashicorp/aws/4.45.0/linux_amd64

15
examples/bea-sso-preview/locals.tf Normal file
View File

@ -0,0 +1,15 @@
data "aws_caller_identity" "this" {}
locals {
default-tags = merge({
ServiceProvider = "None"
Environment = var.environment
Project = var.project
Application = var.application
TerraformMode = "managed"
TerraformDir = trimprefix(path.cwd, "/my/work/xpk-git/")
CreatedBy = data.aws_caller_identity.this.arn
BuildDate = formatdate("YYYYMMDD", timestamp())
})
resource-prefix = "${var.environment}-${var.aws-region-short}-${var.customer-name}-${var.project}"
}

28
examples/bea-sso-preview/main.tf Normal file
View File

@ -0,0 +1,28 @@
module sso {
source = "../../modules/security_identity_compliance/sso-permissionsets"
for_each = { for item in local.items : item.name => item }
default-tags = local.default-tags
pset-name = each.value.name
pset-desc = each.value.desc
pset-managed-policy-arn = each.value.mpolicy
pset-session-duration = each.value.session
}
locals {
csv_data = <<-CSV
name,desc,mpolicy,session
ViewOnly,View only access,arn:aws:iam::aws:policy/job-function/ViewOnlyAccess,PT4H
ReadOnly,Read only access,arn:aws:iam::aws:policy/ReadOnlyAccess,PT4H
FullAccess,Full admin access,arn:aws:iam::aws:policy/AdministratorAccess,PT4H
NetworkAdmin,Network admin access,arn:aws:iam::aws:policy/job-function/NetworkAdministrator,PT4H
DatabaseAdmin,Database admin access,arn:aws:iam::aws:policy/job-function/DatabaseAdministrator,PT4H
BillingAdmin,Billing admin access,arn:aws:iam::aws:policy/job-function/Billing,PT4H
SecurityAudit,Security admin access,arn:aws:iam::aws:policy/SecurityAudit,PT4H
PowerUser,Full access excluding IAM,arn:aws:iam::aws:policy/PowerUserAccess,PT4H
CSV
items = csvdecode(local.csv_data)
}

13
examples/bea-sso-preview/provider.tf Normal file
View File

@ -0,0 +1,13 @@
provider "aws" {
region = var.aws-region
}
terraform {
required_version = ">= 1.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 3.25"
}
}
}

64
examples/bea-sso-preview/sso-users.tf Normal file
View File

@ -0,0 +1,64 @@
data "aws_ssoadmin_instances" "sso1" {}
locals {
csv_data2 = <<-CSV
username,email,lastName,firstName
user1,user1@acme.local,Doe,John
user2,user2@acme.local,Smith,Jane
CSV
users = csvdecode(local.csv_data2)
}
resource "aws_identitystore_user" "sso-user" {
for_each = { for item in local.users : item.username => item }
identity_store_id = tolist(data.aws_ssoadmin_instances.sso1.identity_store_ids)[0]
display_name = "${each.value.firstName} ${each.value.lastName}"
user_name = each.value.username
nickname = each.value.username
emails {
primary = true
value = each.value.email
}
name {
family_name = each.value.lastName
given_name = each.value.firstName
}
}
resource "aws_identitystore_group" "sso-group" {
identity_store_id = tolist(data.aws_ssoadmin_instances.sso1.identity_store_ids)[0]
display_name = "Viewers"
description = "Users with view permission"
}
resource "aws_identitystore_group_membership" "sso-group-membership" {
for_each = aws_identitystore_user.sso-user
identity_store_id = tolist(data.aws_ssoadmin_instances.sso1.identity_store_ids)[0]
group_id = aws_identitystore_group.sso-group.group_id
member_id = each.value.user_id
}
locals {
csv_data3 = <<-CSV
seq,groupName,permission,accountId
1,Viewers,ViewOnly,865184416664
2,Viewers,ViewOnly,572802010687
CSV
accounts = csvdecode(local.csv_data3)
}
resource "aws_ssoadmin_account_assignment" "pset-assignment" {
for_each = { for item in local.accounts : item.seq => item }
instance_arn = tolist(data.aws_ssoadmin_instances.sso1.arns)[0]
permission_set_arn = module.sso[each.value.permission].pset-arn
principal_id = aws_identitystore_group.sso-group.group_id
principal_type = "GROUP"
target_id = each.value.accountId
target_type = "AWS_ACCOUNT"
}

9
examples/bea-sso-preview/terraform.tfstate Normal file
View File

@ -0,0 +1,9 @@
{
"version": 4,
"terraform_version": "1.3.5",
"serial": 66,
"lineage": "b72dc65d-13d0-2661-89b8-fa46cc9e8bbd",
"outputs": {},
"resources": [],
"check_results": null
}

1033
examples/bea-sso-preview/terraform.tfstate.backup Normal file
View File

File diff suppressed because it is too large Load Diff

7
examples/bea-sso-preview/terraform.tfvars Normal file
View File

@ -0,0 +1,7 @@
aws-region = "ap-east-1"
aws-region-short = "ape1"
customer-name = "bea"
environment = "preview"
project = "security"
application = "sso"

6
examples/bea-sso-preview/variables.tf Normal file
View File

@ -0,0 +1,6 @@
variable "aws-region" {}
variable "aws-region-short" {}
variable "customer-name" {}
variable "environment" {}
variable "project" {}
variable "application" {}

39
examples/deployer.ec2/main.tf Normal file
View File

@ -0,0 +1,39 @@
module "deployer-ec2" {
source = "../../modules/compute/ec2"
additional_tags = { "Backup" : "None" }
# ami-id = "ami-072e4595d41025d94"
ami-id = data.aws_ami.ami-lookup.id
default-tags = local.default-tags
ebs-encrypted = true
asso-eip = false
instance-name = "rackspace-deployer-ec2-test"
instance-type = "t3.micro"
key-name = "whk1-ec2-key-555344966285"
asso-public-ip = false
root-volume-size = 15
security-groups = ["sg-03282995027b7a9fc"]
subnet-id = "subnet-07e4392828a70b1f9"
instance-profile = "TerraformRole"
}
data "aws_ami" "ami-lookup" {
most_recent = true
filter {
name = "name"
values = ["CIS Amazon Linux 2 Kernel 5.10*"]
}
filter {
name = "virtualization-type"
values = ["hvm"]
}
filter {
name = "architecture"
values = ["x86_64"]
}
owners = ["211372476111"] # CIS
}

8
examples/deployer.ec2/terraform.tfvars Normal file
View File

@ -0,0 +1,8 @@
aws-region = "ap-southeast-1"
customer-name = "bea"
environment = "dev"
project = "iac"
application = "terraform"
CostCenter = "none"
DynamicAddressGroup = ""
Owner = "Rackspace"

25
examples/deployer.ec2/variables.tf Normal file
View File

@ -0,0 +1,25 @@
variable "aws-region" {}
variable "customer-name" {}
variable "environment" {}
variable "project" {}
variable "application" {}
variable "owner" {}
variable "costcenter" {}
variable "DynamicAddressGroup" {}
locals {
default-tags = {
ServiceProvider = "RackspaceTechnology"
Environment = var.environment
Project = var.project
Application = var.application
TerraformMode = "managed"
BuildDate = formatdate("YYYYMMDD", timestamp())
Owner = var.owner
CostCenter = var.costcenter
DynamicAddressGroup = var.DynamicAddressGroup
}
resource-prefix = "${var.environment}-substr(${var.aws-region},0,2)-${var.customer-name}-${var.project}"
}

1078
examples/eks-lab-ip6/eks/terraform.tfstate
View File

File diff suppressed because it is too large Load Diff

1078
examples/eks-lab-ip6/eks/terraform.tfstate.backup
View File

File diff suppressed because it is too large Load Diff

966
examples/eks-lab-ip6/network/terraform.tfstate
View File

@ -1,966 +0,0 @@
{
"version": 4,
"terraform_version": "1.3.7",
"serial": 107,
"lineage": "65963b11-e76c-9a8d-95d5-827c62984fca",
"outputs": {
"private-subnet-ids": {
"value": [
"subnet-0a9f75c427054ca39",
"subnet-03837a4f086fe607a"
],
"type": [
"tuple",
[
"string",
"string"
]
]
},
"public-subnet-ids": {
"value": [
"subnet-0836e26b02828e6b7",
"subnet-0269d50d924f5c3ad"
],
"type": [
"tuple",
[
"string",
"string"
]
]
},
"vpc-cidr": {
"value": "192.168.123.0/24",
"type": "string"
},
"vpc-cidr6": {
"value": "2406:da14:ece:ed00::/56",
"type": "string"
},
"vpc-id": {
"value": "vpc-051d8405604cd730d",
"type": "string"
}
},
"resources": [
{
"mode": "data",
"type": "aws_availability_zones",
"name": "azs",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"all_availability_zones": null,
"exclude_names": null,
"exclude_zone_ids": null,
"filter": null,
"group_names": [
"ap-northeast-1"
],
"id": "ap-northeast-1",
"names": [
"ap-northeast-1a",
"ap-northeast-1c",
"ap-northeast-1d"
],
"state": "available",
"timeouts": null,
"zone_ids": [
"apne1-az4",
"apne1-az1",
"apne1-az2"
]
},
"sensitive_attributes": []
}
]
},
{
"mode": "data",
"type": "aws_caller_identity",
"name": "this",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"account_id": "040216112220",
"arn": "arn:aws:iam::040216112220:user/ken2026",
"id": "040216112220",
"user_id": "AIDAQSXIRFROOXYISSIEQ"
},
"sensitive_attributes": []
}
]
},
{
"mode": "managed",
"type": "aws_eip",
"name": "ngw-ip",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"address": null,
"allocation_id": "eipalloc-0f20fcbac83515afe",
"associate_with_private_ip": null,
"association_id": "eipassoc-078c7da22f4bbb437",
"carrier_ip": "",
"customer_owned_ip": "",
"customer_owned_ipv4_pool": "",
"domain": "vpc",
"id": "eipalloc-0f20fcbac83515afe",
"instance": "",
"network_border_group": "ap-northeast-1",
"network_interface": "eni-05bcb407c70c05922",
"private_dns": "ip-192-168-123-165.ap-northeast-1.compute.internal",
"private_ip": "192.168.123.165",
"public_dns": "ec2-35-72-134-157.ap-northeast-1.compute.amazonaws.com",
"public_ip": "35.72.134.157",
"public_ipv4_pool": "amazon",
"tags": {},
"tags_all": {},
"timeouts": null,
"vpc": true
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjoxODAwMDAwMDAwMDAsInJlYWQiOjkwMDAwMDAwMDAwMCwidXBkYXRlIjozMDAwMDAwMDAwMDB9fQ=="
}
]
},
{
"mode": "managed",
"type": "aws_internet_gateway",
"name": "igw",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:ec2:ap-northeast-1:040216112220:internet-gateway/igw-0aa724367074ec9ed",
"id": "igw-0aa724367074ec9ed",
"owner_id": "040216112220",
"tags": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-igw",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-igw",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
},
"timeouts": null,
"vpc_id": "vpc-051d8405604cd730d"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19",
"dependencies": [
"aws_vpc.vpc1",
"data.aws_caller_identity.this"
]
}
]
},
{
"mode": "managed",
"type": "aws_nat_gateway",
"name": "ngw",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"allocation_id": "eipalloc-0f20fcbac83515afe",
"connectivity_type": "public",
"id": "nat-0e71f2f627b948b71",
"network_interface_id": "eni-05bcb407c70c05922",
"private_ip": "192.168.123.165",
"public_ip": "35.72.134.157",
"subnet_id": "subnet-0836e26b02828e6b7",
"tags": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-ngw",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-ngw",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
}
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"aws_eip.ngw-ip",
"aws_subnet.public-subnets",
"aws_vpc.vpc1",
"data.aws_availability_zones.azs",
"data.aws_caller_identity.this"
]
}
]
},
{
"mode": "managed",
"type": "aws_route_table",
"name": "private-rtb",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:ec2:ap-northeast-1:040216112220:route-table/rtb-07c6f2df276e905ad",
"id": "rtb-07c6f2df276e905ad",
"owner_id": "040216112220",
"propagating_vgws": [],
"route": [
{
"carrier_gateway_id": "",
"cidr_block": "0.0.0.0/0",
"core_network_arn": "",
"destination_prefix_list_id": "",
"egress_only_gateway_id": "",
"gateway_id": "nat-0e71f2f627b948b71",
"instance_id": "",
"ipv6_cidr_block": "",
"local_gateway_id": "",
"nat_gateway_id": "",
"network_interface_id": "",
"transit_gateway_id": "",
"vpc_endpoint_id": "",
"vpc_peering_connection_id": ""
}
],
"tags": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-private-rtb",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-private-rtb",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
},
"timeouts": null,
"vpc_id": "vpc-051d8405604cd730d"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsImRlbGV0ZSI6MzAwMDAwMDAwMDAwLCJ1cGRhdGUiOjEyMDAwMDAwMDAwMH19",
"dependencies": [
"aws_eip.ngw-ip",
"aws_nat_gateway.ngw",
"aws_subnet.public-subnets",
"aws_vpc.vpc1",
"data.aws_availability_zones.azs",
"data.aws_caller_identity.this"
]
}
]
},
{
"mode": "managed",
"type": "aws_route_table",
"name": "public-rtb",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:ec2:ap-northeast-1:040216112220:route-table/rtb-034d9f535055a4176",
"id": "rtb-034d9f535055a4176",
"owner_id": "040216112220",
"propagating_vgws": [],
"route": [
{
"carrier_gateway_id": "",
"cidr_block": "0.0.0.0/0",
"core_network_arn": "",
"destination_prefix_list_id": "",
"egress_only_gateway_id": "",
"gateway_id": "igw-0aa724367074ec9ed",
"instance_id": "",
"ipv6_cidr_block": "",
"local_gateway_id": "",
"nat_gateway_id": "",
"network_interface_id": "",
"transit_gateway_id": "",
"vpc_endpoint_id": "",
"vpc_peering_connection_id": ""
}
],
"tags": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-public-rtb",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-public-rtb",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
},
"timeouts": null,
"vpc_id": "vpc-051d8405604cd730d"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsImRlbGV0ZSI6MzAwMDAwMDAwMDAwLCJ1cGRhdGUiOjEyMDAwMDAwMDAwMH19",
"dependencies": [
"aws_internet_gateway.igw",
"aws_vpc.vpc1",
"data.aws_caller_identity.this"
]
}
]
},
{
"mode": "managed",
"type": "aws_route_table_association",
"name": "private-rtb-asso",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"gateway_id": "",
"id": "rtbassoc-0dfc003a6278c114e",
"route_table_id": "rtb-07c6f2df276e905ad",
"subnet_id": "subnet-0a9f75c427054ca39"
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"aws_eip.ngw-ip",
"aws_nat_gateway.ngw",
"aws_route_table.private-rtb",
"aws_subnet.private-subnets",
"aws_subnet.public-subnets",
"aws_vpc.vpc1",
"data.aws_availability_zones.azs",
"data.aws_caller_identity.this"
]
},
{
"index_key": 1,
"schema_version": 0,
"attributes": {
"gateway_id": "",
"id": "rtbassoc-09392b94bd7f431e0",
"route_table_id": "rtb-07c6f2df276e905ad",
"subnet_id": "subnet-03837a4f086fe607a"
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"aws_eip.ngw-ip",
"aws_nat_gateway.ngw",
"aws_route_table.private-rtb",
"aws_subnet.private-subnets",
"aws_subnet.public-subnets",
"aws_vpc.vpc1",
"data.aws_availability_zones.azs",
"data.aws_caller_identity.this"
]
}
]
},
{
"mode": "managed",
"type": "aws_route_table_association",
"name": "public-rtb-asso",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"gateway_id": "",
"id": "rtbassoc-09ae17e308831a882",
"route_table_id": "rtb-034d9f535055a4176",
"subnet_id": "subnet-0836e26b02828e6b7"
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"aws_internet_gateway.igw",
"aws_route_table.public-rtb",
"aws_subnet.public-subnets",
"aws_vpc.vpc1",
"data.aws_availability_zones.azs",
"data.aws_caller_identity.this"
]
},
{
"index_key": 1,
"schema_version": 0,
"attributes": {
"gateway_id": "",
"id": "rtbassoc-07044aba885edbae2",
"route_table_id": "rtb-034d9f535055a4176",
"subnet_id": "subnet-0269d50d924f5c3ad"
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"aws_internet_gateway.igw",
"aws_route_table.public-rtb",
"aws_subnet.public-subnets",
"aws_vpc.vpc1",
"data.aws_availability_zones.azs",
"data.aws_caller_identity.this"
]
}
]
},
{
"mode": "managed",
"type": "aws_security_group",
"name": "generic-ep-sg",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 1,
"attributes": {
"arn": "arn:aws:ec2:ap-northeast-1:040216112220:security-group/sg-0158a37b2b0205723",
"description": "HttpsAccessToVpcEndpoints",
"egress": [
{
"cidr_blocks": [
"0.0.0.0/0"
],
"description": "",
"from_port": 0,
"ipv6_cidr_blocks": [
"::/0"
],
"prefix_list_ids": [],
"protocol": "-1",
"security_groups": [],
"self": false,
"to_port": 0
}
],
"id": "sg-0158a37b2b0205723",
"ingress": [
{
"cidr_blocks": [
"192.168.123.0/24"
],
"description": "TLS from VPC",
"from_port": 443,
"ipv6_cidr_blocks": [],
"prefix_list_ids": [],
"protocol": "tcp",
"security_groups": [],
"self": false,
"to_port": 443
},
{
"cidr_blocks": [],
"description": "TLS from VPC",
"from_port": 443,
"ipv6_cidr_blocks": [
"2406:da14:ece:ed00::/56"
],
"prefix_list_ids": [],
"protocol": "tcp",
"security_groups": [],
"self": false,
"to_port": 443
}
],
"name": "HttpsAccessToVpcEndpoints",
"name_prefix": "",
"owner_id": "040216112220",
"revoke_rules_on_delete": false,
"tags": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "VpcEpAccess",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "VpcEpAccess",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
},
"timeouts": null,
"vpc_id": "vpc-051d8405604cd730d"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6OTAwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIxIn0=",
"dependencies": [
"aws_vpc.vpc1",
"data.aws_caller_identity.this"
]
}
]
},
{
"mode": "managed",
"type": "aws_subnet",
"name": "private-subnets",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 1,
"attributes": {
"arn": "arn:aws:ec2:ap-northeast-1:040216112220:subnet/subnet-0a9f75c427054ca39",
"assign_ipv6_address_on_creation": true,
"availability_zone": "ap-northeast-1a",
"availability_zone_id": "apne1-az4",
"cidr_block": "192.168.123.0/26",
"customer_owned_ipv4_pool": "",
"enable_dns64": false,
"enable_resource_name_dns_a_record_on_launch": true,
"enable_resource_name_dns_aaaa_record_on_launch": false,
"id": "subnet-0a9f75c427054ca39",
"ipv6_cidr_block": "2406:da14:ece:ed00::/64",
"ipv6_cidr_block_association_id": "subnet-cidr-assoc-00cad72145ee3a291",
"ipv6_native": false,
"map_customer_owned_ip_on_launch": false,
"map_public_ip_on_launch": false,
"outpost_arn": "",
"owner_id": "040216112220",
"private_dns_hostname_type_on_launch": "ip-name",
"tags": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-private-ap-northeast-1a",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed",
"kubernetes.io/role/internal-elb": "1"
},
"tags_all": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-private-ap-northeast-1a",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed",
"kubernetes.io/role/internal-elb": "1"
},
"timeouts": null,
"vpc_id": "vpc-051d8405604cd730d"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9",
"dependencies": [
"aws_vpc.vpc1",
"data.aws_availability_zones.azs",
"data.aws_caller_identity.this"
]
},
{
"index_key": 1,
"schema_version": 1,
"attributes": {
"arn": "arn:aws:ec2:ap-northeast-1:040216112220:subnet/subnet-03837a4f086fe607a",
"assign_ipv6_address_on_creation": true,
"availability_zone": "ap-northeast-1c",
"availability_zone_id": "apne1-az1",
"cidr_block": "192.168.123.64/26",
"customer_owned_ipv4_pool": "",
"enable_dns64": false,
"enable_resource_name_dns_a_record_on_launch": true,
"enable_resource_name_dns_aaaa_record_on_launch": false,
"id": "subnet-03837a4f086fe607a",
"ipv6_cidr_block": "2406:da14:ece:ed01::/64",
"ipv6_cidr_block_association_id": "subnet-cidr-assoc-07dded145177dd88e",
"ipv6_native": false,
"map_customer_owned_ip_on_launch": false,
"map_public_ip_on_launch": false,
"outpost_arn": "",
"owner_id": "040216112220",
"private_dns_hostname_type_on_launch": "ip-name",
"tags": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-private-ap-northeast-1c",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed",
"kubernetes.io/role/internal-elb": "1"
},
"tags_all": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-private-ap-northeast-1c",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed",
"kubernetes.io/role/internal-elb": "1"
},
"timeouts": null,
"vpc_id": "vpc-051d8405604cd730d"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9",
"dependencies": [
"aws_vpc.vpc1",
"data.aws_availability_zones.azs",
"data.aws_caller_identity.this"
]
}
]
},
{
"mode": "managed",
"type": "aws_subnet",
"name": "public-subnets",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 1,
"attributes": {
"arn": "arn:aws:ec2:ap-northeast-1:040216112220:subnet/subnet-0836e26b02828e6b7",
"assign_ipv6_address_on_creation": true,
"availability_zone": "ap-northeast-1a",
"availability_zone_id": "apne1-az4",
"cidr_block": "192.168.123.128/26",
"customer_owned_ipv4_pool": "",
"enable_dns64": false,
"enable_resource_name_dns_a_record_on_launch": true,
"enable_resource_name_dns_aaaa_record_on_launch": false,
"id": "subnet-0836e26b02828e6b7",
"ipv6_cidr_block": "2406:da14:ece:ed02::/64",
"ipv6_cidr_block_association_id": "subnet-cidr-assoc-0aab88c4cbb3f46a6",
"ipv6_native": false,
"map_customer_owned_ip_on_launch": false,
"map_public_ip_on_launch": false,
"outpost_arn": "",
"owner_id": "040216112220",
"private_dns_hostname_type_on_launch": "ip-name",
"tags": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-public-ap-northeast-1a",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed",
"kubernetes.io/role/elb": "1"
},
"tags_all": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-public-ap-northeast-1a",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed",
"kubernetes.io/role/elb": "1"
},
"timeouts": null,
"vpc_id": "vpc-051d8405604cd730d"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9",
"dependencies": [
"aws_vpc.vpc1",
"data.aws_availability_zones.azs",
"data.aws_caller_identity.this"
]
},
{
"index_key": 1,
"schema_version": 1,
"attributes": {
"arn": "arn:aws:ec2:ap-northeast-1:040216112220:subnet/subnet-0269d50d924f5c3ad",
"assign_ipv6_address_on_creation": true,
"availability_zone": "ap-northeast-1c",
"availability_zone_id": "apne1-az1",
"cidr_block": "192.168.123.192/26",
"customer_owned_ipv4_pool": "",
"enable_dns64": false,
"enable_resource_name_dns_a_record_on_launch": true,
"enable_resource_name_dns_aaaa_record_on_launch": false,
"id": "subnet-0269d50d924f5c3ad",
"ipv6_cidr_block": "2406:da14:ece:ed03::/64",
"ipv6_cidr_block_association_id": "subnet-cidr-assoc-0eff3d18663a8bb79",
"ipv6_native": false,
"map_customer_owned_ip_on_launch": false,
"map_public_ip_on_launch": false,
"outpost_arn": "",
"owner_id": "040216112220",
"private_dns_hostname_type_on_launch": "ip-name",
"tags": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-public-ap-northeast-1c",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed",
"kubernetes.io/role/elb": "1"
},
"tags_all": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-public-ap-northeast-1c",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed",
"kubernetes.io/role/elb": "1"
},
"timeouts": null,
"vpc_id": "vpc-051d8405604cd730d"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9",
"dependencies": [
"aws_vpc.vpc1",
"data.aws_availability_zones.azs",
"data.aws_caller_identity.this"
]
}
]
},
{
"mode": "managed",
"type": "aws_vpc",
"name": "vpc1",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 1,
"attributes": {
"arn": "arn:aws:ec2:ap-northeast-1:040216112220:vpc/vpc-051d8405604cd730d",
"assign_generated_ipv6_cidr_block": true,
"cidr_block": "192.168.123.0/24",
"default_network_acl_id": "acl-0260219cc561ae7f6",
"default_route_table_id": "rtb-08e8cbe49390375f5",
"default_security_group_id": "sg-0b56a9c27e73084bb",
"dhcp_options_id": "dopt-090c9f839527a4c07",
"enable_classiclink": false,
"enable_classiclink_dns_support": false,
"enable_dns_hostnames": true,
"enable_dns_support": true,
"enable_network_address_usage_metrics": false,
"id": "vpc-051d8405604cd730d",
"instance_tenancy": "default",
"ipv4_ipam_pool_id": null,
"ipv4_netmask_length": null,
"ipv6_association_id": "vpc-cidr-assoc-00a8c007b42a44f67",
"ipv6_cidr_block": "2406:da14:ece:ed00::/56",
"ipv6_cidr_block_network_border_group": "ap-northeast-1",
"ipv6_ipam_pool_id": "",
"ipv6_netmask_length": 0,
"main_route_table_id": "rtb-08e8cbe49390375f5",
"owner_id": "040216112220",
"tags": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-vpc1",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-vpc1",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
}
},
"sensitive_attributes": [],
"private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
"dependencies": [
"data.aws_caller_identity.this"
]
}
]
},
{
"mode": "managed",
"type": "aws_vpc_endpoint",
"name": "eks-vpcep",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:ec2:ap-northeast-1:040216112220:vpc-endpoint/vpce-0a37185de88ad0767",
"auto_accept": null,
"cidr_blocks": [],
"dns_entry": [
{
"dns_name": "vpce-0a37185de88ad0767-dyxcih00.eks.ap-northeast-1.vpce.amazonaws.com",
"hosted_zone_id": "Z2E726K9Y6RL4W"
},
{
"dns_name": "vpce-0a37185de88ad0767-dyxcih00-ap-northeast-1c.eks.ap-northeast-1.vpce.amazonaws.com",
"hosted_zone_id": "Z2E726K9Y6RL4W"
},
{
"dns_name": "vpce-0a37185de88ad0767-dyxcih00-ap-northeast-1a.eks.ap-northeast-1.vpce.amazonaws.com",
"hosted_zone_id": "Z2E726K9Y6RL4W"
},
{
"dns_name": "eks.ap-northeast-1.amazonaws.com",
"hosted_zone_id": "Z0423227199F7H6UENLXS"
}
],
"dns_options": [
{
"dns_record_ip_type": "ipv4"
}
],
"id": "vpce-0a37185de88ad0767",
"ip_address_type": "ipv4",
"network_interface_ids": [
"eni-04a27c78fb4bc730f",
"eni-08f40839bc1aeebde"
],
"owner_id": "040216112220",
"policy": "{\"Statement\":[{\"Action\":\"*\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"*\"}]}",
"prefix_list_id": null,
"private_dns_enabled": true,
"requester_managed": false,
"route_table_ids": [],
"security_group_ids": [
"sg-0158a37b2b0205723"
],
"service_name": "com.amazonaws.ap-northeast-1.eks",
"state": "available",
"subnet_ids": [
"subnet-03837a4f086fe607a",
"subnet-0a9f75c427054ca39"
],
"tags": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-vpcep-eks",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-vpcep-eks",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
},
"timeouts": null,
"vpc_endpoint_type": "Interface",
"vpc_id": "vpc-051d8405604cd730d"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19",
"dependencies": [
"aws_security_group.generic-ep-sg",
"aws_subnet.private-subnets",
"aws_subnet.public-subnets",
"aws_vpc.vpc1",
"data.aws_availability_zones.azs",
"data.aws_caller_identity.this"
]
}
]
}
],
"check_results": null
}

958
examples/eks-lab-ip6/network/terraform.tfstate.backup
View File

@ -1,958 +0,0 @@
{
"version": 4,
"terraform_version": "1.3.7",
"serial": 103,
"lineage": "65963b11-e76c-9a8d-95d5-827c62984fca",
"outputs": {
"private-subnet-ids": {
"value": [
"subnet-0a9f75c427054ca39",
"subnet-03837a4f086fe607a"
],
"type": [
"tuple",
[
"string",
"string"
]
]
},
"public-subnet-ids": {
"value": [
"subnet-0836e26b02828e6b7",
"subnet-0269d50d924f5c3ad"
],
"type": [
"tuple",
[
"string",
"string"
]
]
},
"vpc-cidr": {
"value": "192.168.123.0/24",
"type": "string"
},
"vpc-cidr6": {
"value": "2406:da14:ece:ed00::/56",
"type": "string"
},
"vpc-id": {
"value": "vpc-051d8405604cd730d",
"type": "string"
}
},
"resources": [
{
"mode": "data",
"type": "aws_availability_zones",
"name": "azs",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"all_availability_zones": null,
"exclude_names": null,
"exclude_zone_ids": null,
"filter": null,
"group_names": [
"ap-northeast-1"
],
"id": "ap-northeast-1",
"names": [
"ap-northeast-1a",
"ap-northeast-1c",
"ap-northeast-1d"
],
"state": "available",
"timeouts": null,
"zone_ids": [
"apne1-az4",
"apne1-az1",
"apne1-az2"
]
},
"sensitive_attributes": []
}
]
},
{
"mode": "data",
"type": "aws_caller_identity",
"name": "this",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"account_id": "040216112220",
"arn": "arn:aws:iam::040216112220:user/ken2026",
"id": "040216112220",
"user_id": "AIDAQSXIRFROOXYISSIEQ"
},
"sensitive_attributes": []
}
]
},
{
"mode": "managed",
"type": "aws_eip",
"name": "ngw-ip",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"address": null,
"allocation_id": "eipalloc-0f20fcbac83515afe",
"associate_with_private_ip": null,
"association_id": "eipassoc-078c7da22f4bbb437",
"carrier_ip": "",
"customer_owned_ip": "",
"customer_owned_ipv4_pool": "",
"domain": "vpc",
"id": "eipalloc-0f20fcbac83515afe",
"instance": "",
"network_border_group": "ap-northeast-1",
"network_interface": "eni-05bcb407c70c05922",
"private_dns": "ip-192-168-123-165.ap-northeast-1.compute.internal",
"private_ip": "192.168.123.165",
"public_dns": "ec2-35-72-134-157.ap-northeast-1.compute.amazonaws.com",
"public_ip": "35.72.134.157",
"public_ipv4_pool": "amazon",
"tags": {},
"tags_all": {},
"timeouts": null,
"vpc": true
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjoxODAwMDAwMDAwMDAsInJlYWQiOjkwMDAwMDAwMDAwMCwidXBkYXRlIjozMDAwMDAwMDAwMDB9fQ=="
}
]
},
{
"mode": "managed",
"type": "aws_internet_gateway",
"name": "igw",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:ec2:ap-northeast-1:040216112220:internet-gateway/igw-0aa724367074ec9ed",
"id": "igw-0aa724367074ec9ed",
"owner_id": "040216112220",
"tags": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-igw",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-igw",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
},
"timeouts": null,
"vpc_id": "vpc-051d8405604cd730d"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19",
"dependencies": [
"aws_vpc.vpc1",
"data.aws_caller_identity.this"
]
}
]
},
{
"mode": "managed",
"type": "aws_nat_gateway",
"name": "ngw",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"allocation_id": "eipalloc-0f20fcbac83515afe",
"connectivity_type": "public",
"id": "nat-0e71f2f627b948b71",
"network_interface_id": "eni-05bcb407c70c05922",
"private_ip": "192.168.123.165",
"public_ip": "35.72.134.157",
"subnet_id": "subnet-0836e26b02828e6b7",
"tags": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-ngw",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-ngw",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
}
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"aws_eip.ngw-ip",
"aws_subnet.public-subnets",
"aws_vpc.vpc1",
"data.aws_availability_zones.azs",
"data.aws_caller_identity.this"
]
}
]
},
{
"mode": "managed",
"type": "aws_route_table",
"name": "private-rtb",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:ec2:ap-northeast-1:040216112220:route-table/rtb-07c6f2df276e905ad",
"id": "rtb-07c6f2df276e905ad",
"owner_id": "040216112220",
"propagating_vgws": [],
"route": [
{
"carrier_gateway_id": "",
"cidr_block": "0.0.0.0/0",
"core_network_arn": "",
"destination_prefix_list_id": "",
"egress_only_gateway_id": "",
"gateway_id": "nat-0e71f2f627b948b71",
"instance_id": "",
"ipv6_cidr_block": "",
"local_gateway_id": "",
"nat_gateway_id": "",
"network_interface_id": "",
"transit_gateway_id": "",
"vpc_endpoint_id": "",
"vpc_peering_connection_id": ""
}
],
"tags": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-private-rtb",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-private-rtb",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
},
"timeouts": null,
"vpc_id": "vpc-051d8405604cd730d"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsImRlbGV0ZSI6MzAwMDAwMDAwMDAwLCJ1cGRhdGUiOjEyMDAwMDAwMDAwMH19",
"dependencies": [
"aws_eip.ngw-ip",
"aws_nat_gateway.ngw",
"aws_subnet.public-subnets",
"aws_vpc.vpc1",
"data.aws_availability_zones.azs",
"data.aws_caller_identity.this"
]
}
]
},
{
"mode": "managed",
"type": "aws_route_table",
"name": "public-rtb",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:ec2:ap-northeast-1:040216112220:route-table/rtb-034d9f535055a4176",
"id": "rtb-034d9f535055a4176",
"owner_id": "040216112220",
"propagating_vgws": [],
"route": [
{
"carrier_gateway_id": "",
"cidr_block": "0.0.0.0/0",
"core_network_arn": "",
"destination_prefix_list_id": "",
"egress_only_gateway_id": "",
"gateway_id": "igw-0aa724367074ec9ed",
"instance_id": "",
"ipv6_cidr_block": "",
"local_gateway_id": "",
"nat_gateway_id": "",
"network_interface_id": "",
"transit_gateway_id": "",
"vpc_endpoint_id": "",
"vpc_peering_connection_id": ""
}
],
"tags": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-public-rtb",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-public-rtb",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
},
"timeouts": null,
"vpc_id": "vpc-051d8405604cd730d"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsImRlbGV0ZSI6MzAwMDAwMDAwMDAwLCJ1cGRhdGUiOjEyMDAwMDAwMDAwMH19",
"dependencies": [
"aws_internet_gateway.igw",
"aws_vpc.vpc1",
"data.aws_caller_identity.this"
]
}
]
},
{
"mode": "managed",
"type": "aws_route_table_association",
"name": "private-rtb-asso",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"gateway_id": "",
"id": "rtbassoc-0dfc003a6278c114e",
"route_table_id": "rtb-07c6f2df276e905ad",
"subnet_id": "subnet-0a9f75c427054ca39"
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"aws_eip.ngw-ip",
"aws_nat_gateway.ngw",
"aws_route_table.private-rtb",
"aws_subnet.private-subnets",
"aws_subnet.public-subnets",
"aws_vpc.vpc1",
"data.aws_availability_zones.azs",
"data.aws_caller_identity.this"
]
},
{
"index_key": 1,
"schema_version": 0,
"attributes": {
"gateway_id": "",
"id": "rtbassoc-09392b94bd7f431e0",
"route_table_id": "rtb-07c6f2df276e905ad",
"subnet_id": "subnet-03837a4f086fe607a"
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"aws_eip.ngw-ip",
"aws_nat_gateway.ngw",
"aws_route_table.private-rtb",
"aws_subnet.private-subnets",
"aws_subnet.public-subnets",
"aws_vpc.vpc1",
"data.aws_availability_zones.azs",
"data.aws_caller_identity.this"
]
}
]
},
{
"mode": "managed",
"type": "aws_route_table_association",
"name": "public-rtb-asso",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"gateway_id": "",
"id": "rtbassoc-09ae17e308831a882",
"route_table_id": "rtb-034d9f535055a4176",
"subnet_id": "subnet-0836e26b02828e6b7"
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"aws_internet_gateway.igw",
"aws_route_table.public-rtb",
"aws_subnet.public-subnets",
"aws_vpc.vpc1",
"data.aws_availability_zones.azs",
"data.aws_caller_identity.this"
]
},
{
"index_key": 1,
"schema_version": 0,
"attributes": {
"gateway_id": "",
"id": "rtbassoc-07044aba885edbae2",
"route_table_id": "rtb-034d9f535055a4176",
"subnet_id": "subnet-0269d50d924f5c3ad"
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"aws_internet_gateway.igw",
"aws_route_table.public-rtb",
"aws_subnet.public-subnets",
"aws_vpc.vpc1",
"data.aws_availability_zones.azs",
"data.aws_caller_identity.this"
]
}
]
},
{
"mode": "managed",
"type": "aws_security_group",
"name": "generic-ep-sg",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 1,
"attributes": {
"arn": "arn:aws:ec2:ap-northeast-1:040216112220:security-group/sg-0158a37b2b0205723",
"description": "HttpsAccessToVpcEndpoints",
"egress": [
{
"cidr_blocks": [
"0.0.0.0/0"
],
"description": "",
"from_port": 0,
"ipv6_cidr_blocks": [
"::/0"
],
"prefix_list_ids": [],
"protocol": "-1",
"security_groups": [],
"self": false,
"to_port": 0
}
],
"id": "sg-0158a37b2b0205723",
"ingress": [
{
"cidr_blocks": [
"192.168.123.0/24"
],
"description": "TLS from VPC",
"from_port": 443,
"ipv6_cidr_blocks": [],
"prefix_list_ids": [],
"protocol": "tcp",
"security_groups": [],
"self": false,
"to_port": 443
},
{
"cidr_blocks": [],
"description": "TLS from VPC",
"from_port": 443,
"ipv6_cidr_blocks": [
"2406:da14:ece:ed00::/56"
],
"prefix_list_ids": [],
"protocol": "tcp",
"security_groups": [],
"self": false,
"to_port": 443
}
],
"name": "HttpsAccessToVpcEndpoints",
"name_prefix": "",
"owner_id": "040216112220",
"revoke_rules_on_delete": false,
"tags": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "VpcEpAccess",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "VpcEpAccess",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
},
"timeouts": null,
"vpc_id": "vpc-051d8405604cd730d"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6OTAwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIxIn0=",
"dependencies": [
"aws_vpc.vpc1",
"data.aws_caller_identity.this"
]
}
]
},
{
"mode": "managed",
"type": "aws_subnet",
"name": "private-subnets",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 1,
"attributes": {
"arn": "arn:aws:ec2:ap-northeast-1:040216112220:subnet/subnet-0a9f75c427054ca39",
"assign_ipv6_address_on_creation": true,
"availability_zone": "ap-northeast-1a",
"availability_zone_id": "apne1-az4",
"cidr_block": "192.168.123.0/26",
"customer_owned_ipv4_pool": "",
"enable_dns64": false,
"enable_resource_name_dns_a_record_on_launch": true,
"enable_resource_name_dns_aaaa_record_on_launch": false,
"id": "subnet-0a9f75c427054ca39",
"ipv6_cidr_block": "2406:da14:ece:ed00::/64",
"ipv6_cidr_block_association_id": "subnet-cidr-assoc-00cad72145ee3a291",
"ipv6_native": false,
"map_customer_owned_ip_on_launch": false,
"map_public_ip_on_launch": false,
"outpost_arn": "",
"owner_id": "040216112220",
"private_dns_hostname_type_on_launch": "ip-name",
"tags": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-private-ap-northeast-1a",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-private-ap-northeast-1a",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
},
"timeouts": null,
"vpc_id": "vpc-051d8405604cd730d"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9",
"dependencies": [
"aws_vpc.vpc1",
"data.aws_availability_zones.azs",
"data.aws_caller_identity.this"
]
},
{
"index_key": 1,
"schema_version": 1,
"attributes": {
"arn": "arn:aws:ec2:ap-northeast-1:040216112220:subnet/subnet-03837a4f086fe607a",
"assign_ipv6_address_on_creation": true,
"availability_zone": "ap-northeast-1c",
"availability_zone_id": "apne1-az1",
"cidr_block": "192.168.123.64/26",
"customer_owned_ipv4_pool": "",
"enable_dns64": false,
"enable_resource_name_dns_a_record_on_launch": true,
"enable_resource_name_dns_aaaa_record_on_launch": false,
"id": "subnet-03837a4f086fe607a",
"ipv6_cidr_block": "2406:da14:ece:ed01::/64",
"ipv6_cidr_block_association_id": "subnet-cidr-assoc-07dded145177dd88e",
"ipv6_native": false,
"map_customer_owned_ip_on_launch": false,
"map_public_ip_on_launch": false,
"outpost_arn": "",
"owner_id": "040216112220",
"private_dns_hostname_type_on_launch": "ip-name",
"tags": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-private-ap-northeast-1c",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-private-ap-northeast-1c",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
},
"timeouts": null,
"vpc_id": "vpc-051d8405604cd730d"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9",
"dependencies": [
"aws_vpc.vpc1",
"data.aws_availability_zones.azs",
"data.aws_caller_identity.this"
]
}
]
},
{
"mode": "managed",
"type": "aws_subnet",
"name": "public-subnets",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 1,
"attributes": {
"arn": "arn:aws:ec2:ap-northeast-1:040216112220:subnet/subnet-0836e26b02828e6b7",
"assign_ipv6_address_on_creation": true,
"availability_zone": "ap-northeast-1a",
"availability_zone_id": "apne1-az4",
"cidr_block": "192.168.123.128/26",
"customer_owned_ipv4_pool": "",
"enable_dns64": false,
"enable_resource_name_dns_a_record_on_launch": true,
"enable_resource_name_dns_aaaa_record_on_launch": false,
"id": "subnet-0836e26b02828e6b7",
"ipv6_cidr_block": "2406:da14:ece:ed02::/64",
"ipv6_cidr_block_association_id": "subnet-cidr-assoc-0aab88c4cbb3f46a6",
"ipv6_native": false,
"map_customer_owned_ip_on_launch": false,
"map_public_ip_on_launch": false,
"outpost_arn": "",
"owner_id": "040216112220",
"private_dns_hostname_type_on_launch": "ip-name",
"tags": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-public-ap-northeast-1a",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-public-ap-northeast-1a",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
},
"timeouts": null,
"vpc_id": "vpc-051d8405604cd730d"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9",
"dependencies": [
"aws_vpc.vpc1",
"data.aws_availability_zones.azs",
"data.aws_caller_identity.this"
]
},
{
"index_key": 1,
"schema_version": 1,
"attributes": {
"arn": "arn:aws:ec2:ap-northeast-1:040216112220:subnet/subnet-0269d50d924f5c3ad",
"assign_ipv6_address_on_creation": true,
"availability_zone": "ap-northeast-1c",
"availability_zone_id": "apne1-az1",
"cidr_block": "192.168.123.192/26",
"customer_owned_ipv4_pool": "",
"enable_dns64": false,
"enable_resource_name_dns_a_record_on_launch": true,
"enable_resource_name_dns_aaaa_record_on_launch": false,
"id": "subnet-0269d50d924f5c3ad",
"ipv6_cidr_block": "2406:da14:ece:ed03::/64",
"ipv6_cidr_block_association_id": "subnet-cidr-assoc-0eff3d18663a8bb79",
"ipv6_native": false,
"map_customer_owned_ip_on_launch": false,
"map_public_ip_on_launch": false,
"outpost_arn": "",
"owner_id": "040216112220",
"private_dns_hostname_type_on_launch": "ip-name",
"tags": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-public-ap-northeast-1c",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-public-ap-northeast-1c",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
},
"timeouts": null,
"vpc_id": "vpc-051d8405604cd730d"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9",
"dependencies": [
"aws_vpc.vpc1",
"data.aws_availability_zones.azs",
"data.aws_caller_identity.this"
]
}
]
},
{
"mode": "managed",
"type": "aws_vpc",
"name": "vpc1",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 1,
"attributes": {
"arn": "arn:aws:ec2:ap-northeast-1:040216112220:vpc/vpc-051d8405604cd730d",
"assign_generated_ipv6_cidr_block": true,
"cidr_block": "192.168.123.0/24",
"default_network_acl_id": "acl-0260219cc561ae7f6",
"default_route_table_id": "rtb-08e8cbe49390375f5",
"default_security_group_id": "sg-0b56a9c27e73084bb",
"dhcp_options_id": "dopt-090c9f839527a4c07",
"enable_classiclink": false,
"enable_classiclink_dns_support": false,
"enable_dns_hostnames": true,
"enable_dns_support": true,
"enable_network_address_usage_metrics": false,
"id": "vpc-051d8405604cd730d",
"instance_tenancy": "default",
"ipv4_ipam_pool_id": null,
"ipv4_netmask_length": null,
"ipv6_association_id": "vpc-cidr-assoc-00a8c007b42a44f67",
"ipv6_cidr_block": "2406:da14:ece:ed00::/56",
"ipv6_cidr_block_network_border_group": "ap-northeast-1",
"ipv6_ipam_pool_id": "",
"ipv6_netmask_length": 0,
"main_route_table_id": "rtb-08e8cbe49390375f5",
"owner_id": "040216112220",
"tags": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-vpc1",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-vpc1",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
}
},
"sensitive_attributes": [],
"private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
"dependencies": [
"data.aws_caller_identity.this"
]
}
]
},
{
"mode": "managed",
"type": "aws_vpc_endpoint",
"name": "eks-vpcep",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:ec2:ap-northeast-1:040216112220:vpc-endpoint/vpce-0a37185de88ad0767",
"auto_accept": null,
"cidr_blocks": [],
"dns_entry": [
{
"dns_name": "vpce-0a37185de88ad0767-dyxcih00.eks.ap-northeast-1.vpce.amazonaws.com",
"hosted_zone_id": "Z2E726K9Y6RL4W"
},
{
"dns_name": "vpce-0a37185de88ad0767-dyxcih00-ap-northeast-1c.eks.ap-northeast-1.vpce.amazonaws.com",
"hosted_zone_id": "Z2E726K9Y6RL4W"
},
{
"dns_name": "vpce-0a37185de88ad0767-dyxcih00-ap-northeast-1a.eks.ap-northeast-1.vpce.amazonaws.com",
"hosted_zone_id": "Z2E726K9Y6RL4W"
},
{
"dns_name": "eks.ap-northeast-1.amazonaws.com",
"hosted_zone_id": "Z0423227199F7H6UENLXS"
}
],
"dns_options": [
{
"dns_record_ip_type": "ipv4"
}
],
"id": "vpce-0a37185de88ad0767",
"ip_address_type": "ipv4",
"network_interface_ids": [
"eni-04a27c78fb4bc730f",
"eni-08f40839bc1aeebde"
],
"owner_id": "040216112220",
"policy": "{\"Statement\":[{\"Action\":\"*\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"*\"}]}",
"prefix_list_id": null,
"private_dns_enabled": true,
"requester_managed": false,
"route_table_ids": [],
"security_group_ids": [
"sg-0158a37b2b0205723"
],
"service_name": "com.amazonaws.ap-northeast-1.eks",
"state": "available",
"subnet_ids": [
"subnet-03837a4f086fe607a",
"subnet-0a9f75c427054ca39"
],
"tags": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-vpcep-eks",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "eks",
"BuildDate": "20230217",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-apne1-xpk-iac-vpcep-eks",
"Project": "iac",
"ServiceProvider": "None",
"TerraformDir": "eks-lab-ip6/network",
"TerraformMode": "managed"
},
"timeouts": null,
"vpc_endpoint_type": "Interface",
"vpc_id": "vpc-051d8405604cd730d"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19",
"dependencies": [
"aws_security_group.generic-ep-sg",
"aws_subnet.private-subnets",
"aws_subnet.public-subnets",
"aws_vpc.vpc1",
"data.aws_availability_zones.azs",
"data.aws_caller_identity.this"
]
}
]
}
],
"check_results": null
}

9
examples/external-data-source/.terraform.lock.hcl Normal file
View File

@ -0,0 +1,9 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/external" {
version = "2.2.2"
hashes = [
"h1:e7RpnZ2PbJEEPnfsg7V0FNwbfSk0/Z3FdrLsXINBmDY=",
]
}

1
examples/external-data-source/.terraform/providers/registry.terraform.io/hashicorp/external/2.2.2/linux_amd64 vendored Symbolic link
View File

@ -0,0 +1 @@
/home/kn/.terraform.d/plugin-cache/registry.terraform.io/hashicorp/external/2.2.2/linux_amd64

3
examples/external-data-source/list-rds-instances.sh Executable file
View File

@ -0,0 +1,3 @@
#!/bin/bash
RESULTS=$(aws rds describe-db-instances --query 'DBInstances[*].DBInstanceIdentifier' --output text | xargs)
jq -n --arg result "$RESULTS" '{"result":$result}'

7
examples/external-data-source/main.tf Normal file
View File

@ -0,0 +1,7 @@
data external rds-instances {
program = ["bash", "./list-rds-instances.sh"]
}
output rds-instances {
value = split(" ", data.external.rds-instances.result.result)
}

40
examples/iam.user/.terraform.lock.hcl Normal file
View File

@ -0,0 +1,40 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/aws" {
version = "4.30.0"
hashes = [
"h1:BFfhRf8my/aa0+YOSJv0xfjLQkToF475TJTMhTZfYec=",
"zh:08213f3ba960621448754211f148730edb59194919ee476b0231b769a5355028",
"zh:29c90d6f8bdae0e1469417ade28fa79c74c2af49593c1e2f24f07bacbca9e2c9",
"zh:5c6e9fab64ad68de6cd4ec6cbb20b0f75ba1e51a8efaeda3fe65419f096a06cb",
"zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
"zh:9bf42718580e8c5097227df34e1bfa0a10a23eac9f527d97c2819c163087b402",
"zh:9f87e42e0f3d145fb0ad4aaff7ddded5720a64f9303956b33bd274c6dd05c05b",
"zh:bf0519ed9615bc408b72a0aebe1cc075d4c2042325590ba13dd264cd264907ea",
"zh:c3ac9e1cbd0935614f5a3c9cdb4cf9c6a1045937fe38e61da7c5c0fb7a069870",
"zh:d0c184476ada38c50acc068214ed1252b4fcf80b6be900fc1aed32cbb49f8ff6",
"zh:d4987dc7b7a69ea58f2b3ff0ea4ffc1b61a97881dbb8583c9fcf9444b753a6c2",
"zh:e8037376c81aeb98d8286dc19fba7f8eb053444d4b9484ea6a922382cffc1a85",
"zh:ecdabb44b48addc8483bca7bd683614a347367ae950ca8b6a6880679f5c12abd",
]
}
provider "registry.terraform.io/hashicorp/random" {
version = "3.4.3"
hashes = [
"h1:xZGZf18JjMS06pFa4NErzANI98qi59SEcBsOcS2P2yQ=",
"zh:41c53ba47085d8261590990f8633c8906696fa0a3c4b384ff6a7ecbf84339752",
"zh:59d98081c4475f2ad77d881c4412c5129c56214892f490adf11c7e7a5a47de9b",
"zh:686ad1ee40b812b9e016317e7f34c0d63ef837e084dea4a1f578f64a6314ad53",
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
"zh:84103eae7251384c0d995f5a257c72b0096605048f757b749b7b62107a5dccb3",
"zh:8ee974b110adb78c7cd18aae82b2729e5124d8f115d484215fd5199451053de5",
"zh:9dd4561e3c847e45de603f17fa0c01ae14cae8c4b7b4e6423c9ef3904b308dda",
"zh:bb07bb3c2c0296beba0beec629ebc6474c70732387477a65966483b5efabdbc6",
"zh:e891339e96c9e5a888727b45b2e1bb3fcbdfe0fd7c5b4396e4695459b38c8cb1",
"zh:ea4739860c24dfeaac6c100b2a2e357106a89d18751f7693f3c31ecf6a996f8d",
"zh:f0c76ac303fd0ab59146c39bc121c5d7d86f878e9a69294e29444d4c653786f8",
"zh:f143a9a5af42b38fed328a161279906759ff39ac428ebcfe55606e05e1518b93",
]
}

1
examples/iam.user/.terraform/modules/modules.json Normal file
View File

@ -0,0 +1 @@
{"Modules":[{"Key":"iam-group2","Source":"../../modules/security_identity_compliance/iam-group","Dir":"../../modules/security_identity_compliance/iam-group"},{"Key":"","Source":"","Dir":"."},{"Key":"iam-user1","Source":"../../modules/security_identity_compliance/iam-user","Dir":"../../modules/security_identity_compliance/iam-user"},{"Key":"iam-user2","Source":"../../modules/security_identity_compliance/iam-user","Dir":"../../modules/security_identity_compliance/iam-user"},{"Key":"iam-group","Source":"../../modules/security_identity_compliance/iam-group","Dir":"../../modules/security_identity_compliance/iam-group"},{"Key":"iam-user","Source":"../../modules/security_identity_compliance/iam-user","Dir":"../../modules/security_identity_compliance/iam-user"}]}

1
examples/iam.user/.terraform/providers/registry.terraform.io/hashicorp/aws/4.30.0/linux_amd64 Symbolic link
View File

@ -0,0 +1 @@
/home/kn/.terraform.d/plugin-cache/registry.terraform.io/hashicorp/aws/4.30.0/linux_amd64

1
examples/iam.user/.terraform/providers/registry.terraform.io/hashicorp/random/3.4.3/linux_amd64 Symbolic link
View File

@ -0,0 +1 @@
/home/kn/.terraform.d/plugin-cache/registry.terraform.io/hashicorp/random/3.4.3/linux_amd64

80
examples/iam.user/main.tf Normal file
View File

@ -0,0 +1,80 @@
module iam-group {
source = "../../modules/security_identity_compliance/iam-group"
default-tags = local.default-tags
iam-group-name = "ViewOnlyUsers001"
iam-group-policy = ""
iam-group-policy-name = ""
managed-policy-arns = ["arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"]
}
module iam-group2 {
source = "../../modules/security_identity_compliance/iam-group"
default-tags = local.default-tags
iam-group-name = "ViewOnlyAndS3Admin001"
iam-group-policy = data.aws_iam_policy_document.user-policy.json
iam-group-policy-name = "S3AdminPermissions"
managed-policy-arns = ["arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"]
}
module iam-user1 {
source = "../../modules/security_identity_compliance/iam-user"
default-tags = local.default-tags
iam-user-name = "UserNoGroup001"
create-access-key = true
create-password = true
pgp-key = var.pgp-key
managed-policy-arns = ["arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"]
}
module iam-user2 {
source = "../../modules/security_identity_compliance/iam-user"
default-tags = local.default-tags
iam-user-name = "UserInGroup001"
iam-user-policy = data.aws_iam_policy_document.user-policy.json
iam-user-policy-name = "S3AdminPermissions"
create-access-key = false
create-password = false
managed-policy-arns = ["arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"]
add-to-groups = [module.iam-group.iam-group-name]
}
data aws_iam_policy_document user-policy {
statement {
sid = "s3admin"
actions = [
"s3:*"
]
effect = "Allow"
resources = ["*"]
}
}
output iam-user1-arn {
value = module.iam-user1.iam-user-arn
}
output iam-user2-arn {
value = module.iam-user2.iam-user-arn
}
output iam-user1-access-key {
value = module.iam-user1.iam-user-access-key
}
output iam-user1-access-key-pgp {
value = module.iam-user1.iam-user-access-key-pgp
}
output iam-user1-secret-key-pgp {
value = module.iam-user1.iam-user-secret-key-pgp
}
output iam-user1-pass-pgp {
value = module.iam-user1.iam-user-pass-pgp
}

9
examples/iam.user/terraform.tfstate Normal file
View File

@ -0,0 +1,9 @@
{
"version": 4,
"terraform_version": "1.3.0",
"serial": 555,
"lineage": "58d5957c-dfb9-d1c5-b9ce-a14815d46bcd",
"outputs": {},
"resources": [],
"check_results": []
}

723
examples/iam.user/terraform.tfstate.backup Normal file
View File

@ -0,0 +1,723 @@
{
"version": 4,
"terraform_version": "1.3.0",
"serial": 532,
"lineage": "58d5957c-dfb9-d1c5-b9ce-a14815d46bcd",
"outputs": {
"iam-user1-access-key": {
"value": "none",
"type": "string"
},
"iam-user1-access-key-pgp": {
"value": "AKIAQSXIRFROOWPOZRPO",
"type": "string"
},
"iam-user1-arn": {
"value": "arn:aws:iam::040216112220:user/UserNoGroup001",
"type": "string"
},
"iam-user1-pass-pgp": {
"value": "wcDMA3pyazT9EturAQwA5OJsNQi0NQgktGsNbZNAzkZy/g7+GH+n76KqS1xvuvLVJnbQJ9z+53cPEFWmAAzfr3DsT5MjoFrLtJBA2LG9a6dnQZ+Doy3tn/UTqvp+Ttn1UN8Ky8m6rJHHWnN16+uNEaOl75JJuC9P+v+azdG8Q5XOcS2WD85XAR3NRx4F6lYld5DOKVLkrJP05NGUgRgnnwCcUAz/GPZhhTNwDciBD45AN0Ukm9z7uEeRA21vtJFjvZgP/zPqM4DJ0oA/0F0Kgqmfut/XygPhe3AR5cLJW2w0jdlQP0UaXw5pobEsgBbgQLg4kNlxuG/ay08IbkXQ6p3TpGzybgWgTQjGTEtu8A72ZBZuPyRRtMTsArRB4tSK6wXTh95SaVWzEgi5p/k2qmuRN55BVNg17yFQ6posisP+gNt8RdOFcdDG0vtzglJ0OrNMxB6gv/CS8jWnPLcfqoYentYyfKVjeHuSWk5GMlX8ZYWjdXwYtMXmvNrvAdzICuGXW9uAj3r/4sA52rbx0kUBbhA/F3KyZ7/s32JqKCiMt6rcY47TuwObU27e4gprRCyKewMxtanBDbTROtusaNztQym1CRV8TQTx6OzqqpAYzKc+3YY=",
"type": "string"
},
"iam-user1-secret-key-pgp": {
"value": "wcDMA3pyazT9EturAQv/fzPM5sSUgbBqwqVq+eK/F7JR1oDrxCvYslGf0Ro8ofyeTvpmnDGg3oCTKuGAZiVBydMpwyqAKQ7gzF6ZD4wSJgxOqPcHQcdMyxfkTXnotV1B3UlTnvJ81xIzXAjDiSyCO1kPUBESu/LFPMriVOBEY63NsPO2qbASD+WK4b3eTaGQ1O+/kIcH18v0CmcKm4i1V5ByGw9oSEGXNK2msw9/GoqCOm5Mwoyhcw5YabhEiTSiaWTAUHzukgH5UDxqm4QSDJSg1yHK06G1zuIXTV5UpY5HUwOf8odayuRk45omx9BSo+x00WqFyCq2rVKAy2A5o4ntl8X94r3LIw9g98m7HOT7qsgxJjmCjCqGwbEsFi2GXX9P3Q2MPQwCfGH/5M10Xfd3r+I1SCD+LG15r8qSaWAkt6vUETI4Uyoc5le50QL66peH7z6Cke0WXt8V9C3NpBOvyMGclyBeQxn27Xs2YJYWwNmlMvK9yxdqJ1e5GygF1wBSpJf4c6zcwUpEXw5w0lkBFNada/j5e4gwZzblkELFyNTBFDfDpTgIhs51kiVsrRRxZP5bQk6Qt9VOD7TUA8VZRoctNmOcTOvkOOPI8YBm6wGxdnbqWt26qVWdg5OBsJ/+0eVeLGZpPg==",
"type": "string"
},
"iam-user2-arn": {
"value": "arn:aws:iam::040216112220:user/UserInGroup001",
"type": "string"
}
},
"resources": [
{
"mode": "data",
"type": "aws_iam_policy_document",
"name": "user-policy",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "2424462252",
"json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"s3admin\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:*\",\n \"Resource\": \"*\"\n }\n ]\n}",
"override_json": null,
"override_policy_documents": null,
"policy_id": null,
"source_json": null,
"source_policy_documents": null,
"statement": [
{
"actions": [
"s3:*"
],
"condition": [],
"effect": "Allow",
"not_actions": [],
"not_principals": [],
"not_resources": [],
"principals": [],
"resources": [
"*"
],
"sid": "s3admin"
}
],
"version": "2012-10-17"
},
"sensitive_attributes": []
}
]
},
{
"module": "module.iam-group",
"mode": "managed",
"type": "aws_iam_group",
"name": "iam-group",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:iam::040216112220:group/ViewOnlyUsers001",
"id": "ViewOnlyUsers001",
"name": "ViewOnlyUsers001",
"path": "/",
"unique_id": "AGPAQSXIRFRONRTCXF5F2"
},
"sensitive_attributes": [],
"private": "bnVsbA=="
}
]
},
{
"module": "module.iam-group",
"mode": "managed",
"type": "aws_iam_group_policy_attachment",
"name": "iam-group-managed-policies",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"group": "ViewOnlyUsers001",
"id": "ViewOnlyUsers001-20221020005608298800000002",
"policy_arn": "arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"module.iam-group.aws_iam_group.iam-group"
]
}
]
},
{
"module": "module.iam-group2",
"mode": "managed",
"type": "aws_iam_group",
"name": "iam-group",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:iam::040216112220:group/ViewOnlyAndS3Admin001",
"id": "ViewOnlyAndS3Admin001",
"name": "ViewOnlyAndS3Admin001",
"path": "/",
"unique_id": "AGPAQSXIRFROL2K54KHPT"
},
"sensitive_attributes": [],
"private": "bnVsbA=="
}
]
},
{
"module": "module.iam-group2",
"mode": "managed",
"type": "aws_iam_group_policy",
"name": "iam-group-policy-new-group",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"group": "ViewOnlyAndS3Admin001",
"id": "ViewOnlyAndS3Admin001:S3AdminPermissions",
"name": "S3AdminPermissions",
"name_prefix": null,
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"s3admin\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:*\",\n \"Resource\": \"*\"\n }\n ]\n}"
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"data.aws_iam_policy_document.user-policy",
"module.iam-group2.aws_iam_group.iam-group"
]
}
]
},
{
"module": "module.iam-group2",
"mode": "managed",
"type": "aws_iam_group_policy_attachment",
"name": "iam-group-managed-policies",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"group": "ViewOnlyAndS3Admin001",
"id": "ViewOnlyAndS3Admin001-20221020005608292300000001",
"policy_arn": "arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"module.iam-group2.aws_iam_group.iam-group"
]
}
]
},
{
"module": "module.iam-user1",
"mode": "data",
"type": "aws_iam_policy_document",
"name": "user-policy",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "2600426768",
"json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"ManageOwnCredentials\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"iam:ResyncMFADevice\",\n \"iam:ListVirtualMFA*\",\n \"iam:ListMFA*\",\n \"iam:ListAccessKey\",\n \"iam:EnableMFADevice\",\n \"iam:DeleteAccessKey\",\n \"iam:CreateVirtualMFADevice\",\n \"iam:CreateAccessKey\",\n \"iam:ChangePassword\"\n ],\n \"Resource\": \"arn:aws:iam::account-id:user/UserNoGroup001\"\n }\n ]\n}",
"override_json": null,
"override_policy_documents": null,
"policy_id": null,
"source_json": null,
"source_policy_documents": null,
"statement": [
{
"actions": [
"iam:ChangePassword",
"iam:CreateAccessKey",
"iam:CreateVirtualMFADevice",
"iam:DeleteAccessKey",
"iam:EnableMFADevice",
"iam:ListAccessKey",
"iam:ListMFA*",
"iam:ListVirtualMFA*",
"iam:ResyncMFADevice"
],
"condition": [],
"effect": "Allow",
"not_actions": [],
"not_principals": [],
"not_resources": [],
"principals": [],
"resources": [
"arn:aws:iam::account-id:user/UserNoGroup001"
],
"sid": "ManageOwnCredentials"
}
],
"version": "2012-10-17"
},
"sensitive_attributes": []
}
]
},
{
"module": "module.iam-user1",
"mode": "managed",
"type": "aws_iam_access_key",
"name": "iam-user-access-key-pgp",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"create_date": "2022-10-20T00:56:08Z",
"encrypted_secret": "wcDMA3pyazT9EturAQv/fzPM5sSUgbBqwqVq+eK/F7JR1oDrxCvYslGf0Ro8ofyeTvpmnDGg3oCTKuGAZiVBydMpwyqAKQ7gzF6ZD4wSJgxOqPcHQcdMyxfkTXnotV1B3UlTnvJ81xIzXAjDiSyCO1kPUBESu/LFPMriVOBEY63NsPO2qbASD+WK4b3eTaGQ1O+/kIcH18v0CmcKm4i1V5ByGw9oSEGXNK2msw9/GoqCOm5Mwoyhcw5YabhEiTSiaWTAUHzukgH5UDxqm4QSDJSg1yHK06G1zuIXTV5UpY5HUwOf8odayuRk45omx9BSo+x00WqFyCq2rVKAy2A5o4ntl8X94r3LIw9g98m7HOT7qsgxJjmCjCqGwbEsFi2GXX9P3Q2MPQwCfGH/5M10Xfd3r+I1SCD+LG15r8qSaWAkt6vUETI4Uyoc5le50QL66peH7z6Cke0WXt8V9C3NpBOvyMGclyBeQxn27Xs2YJYWwNmlMvK9yxdqJ1e5GygF1wBSpJf4c6zcwUpEXw5w0lkBFNada/j5e4gwZzblkELFyNTBFDfDpTgIhs51kiVsrRRxZP5bQk6Qt9VOD7TUA8VZRoctNmOcTOvkOOPI8YBm6wGxdnbqWt26qVWdg5OBsJ/+0eVeLGZpPg==",
"encrypted_ses_smtp_password_v4": "wcDMA3pyazT9EturAQv/f+sDkXwv+JmCZnrIVO5fU9P46enwflraECEsP2njgN9oixUaO76qKE3Gl3SmwOtV+fX2TYHBk+5h6nYHOOsmQAo02noMVXJJHIm++Axtt8EGkhYQp6meuJyHln1K25S2jrzyTFd2nxK9B/40qvltjmP9lBZVn5g7PVfWD27+5q/8imClCuPFFn0gFliw6e46dSU7cqfMx8KAWkEIyYBO2aoAhQWgNhGGWM6PsZESFuvX9YNTlcl45LMrW+eiRYzcDSmJrQa/75emIGM6Yy4hZiLPMHuYnJ9v74EMgI3xO9iMlLNmRxgMnnYHw8FkotXCLCAj/+EA09bw2eeEBKMOgYl8Oti/DGPe0yKP+ILElTKQFJlp4ugIIrL+PmF87z/V+7h/sIIOa2BkM6zj2N/MCkROBDr/EEYaqQuec9vnnSg1fdq1L0FmuxA0Pf9bqUhMP8N/X/eRnIaU5l+1+56OIoYo1i9kqR+qvEgXsze5v0uvru2hyrdVL7JvNFxTnaVB0l0B3P/WkLXASUi5mRrf96f8s6ZFkG1758ieN5XC+zZQ9wYYIwgll3drsdjDHgDjQoW8MLxtTitu5jJJ3EAevQwWtQCIaf9Q/TiDYLN8tvOByoR3R4nNMjxA04Y20jw=",
"id": "AKIAQSXIRFROOWPOZRPO",
"key_fingerprint": "5fb0eceadfea9004547daa15cd4ff6793f09ab86",
"pgp_key": "mQGNBFwvcRcBDADFUwrq87O8Xe0A0m+8sBAfp9N9NfVf1DjF6u2fRNOyCe0wP7ZakmPC/lot3eAn\n9Ztd/S4ReY5o8G6O7euRsa9ha2jmOAKmChOsbAYJogz9+MI4mxKY38XyKN7qItfwDQhanAktgx+P\nBKmeBOzVPEslKb2F/bf32UilxwDdstxHBq7XObO1JFh5b5WPlau4JFG2OSlhI65+WRVBEo/d3ysc\n9m3f4nVEGbiAFzU+Tk48s00CqfMW43+Ktz9Pxi2HAbzw83UvzIsyWYPEMky0tee9iaC4XbjndTTB\niwZpQw8+zdDpmhObkee+rFnK8/xTB8jGe5BE2Mjoo1PTM0v8jdtigC5vAKniMZq9bBccX+Wfmx9D\nLlL5hTqQ04a22VCVi0jSTLEwL6SKmx5O81OQWPOKcl+mi3DwoiT2Te9EXbTiiwVQHcoKkVs+jjRr\n6I3vtbbvKen/Dd9jE+dBtrOmPfJPAIm0oNg47R1soqIiYDm3PNC9XoWwMqn1zfTvlc6RIYMAEQEA\nAbQXeCBwIGsgPHhwa0BoZWFkZGVzay5tZT6JAc4EEwEIADgWIQRfsOzq3+qQBFR9qhXNT/Z5Pwmr\nhgUCXC9xFwIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDNT/Z5Pwmrhl3hDACaAgHhd8dP\n433Q25veYnE0tyEQNpF36v3AhBSCW6r5+KDkWmvyo87JXx6uyD09vHd2maQDgc9D3GBD54X3CBTA\nq89a60dAfdW152sm7X74gKLTgSXXnYBAXC6ZY75uusw+DKpRzPRfzkHwX+7cl4sErDMivCzci0nf\ndn9uGOFD/96AZUwb40Rr3abetisddF6Tog8REhAY6apNFddWlYrdLkoHJqnZjVpMlWK/08bWOyDE\nsIv0wC1yqtY9WKyQv0A8E03ZBjACzTIn988DvfA5e8iNxOvduk+s8xuHFNblyZYzJsqDuD+i/qVD\nMI188A3OhO3Ew3D2pGvf9w97qI0Q5b4fKVgFfQHaJnruqrJiIaYLtyeiZr2NsHu6rRxky/Wr3Oat\n9Z+AUzNc/BcvW19paD+c0AOFwR9fGuDWwcSN0QffHA905ydklPDKuxa9F1MZcuEvW+HHrxHTL08l\nYonBTydQKY5XOZe2pFFf3JgTXsCTlZYbbiZzJ4mXGjRLQ325AY0EXC9xFwEMAOWNTfkoha8t0NEF\n+WmBybtQ0R/AraG3CmjN416Sfnudhg0HX+NXbsCNCtt5ht2lS+y1gDD/pClR02/QFjNfihjxxHIC\nql9dnqDUlay1wmgv2kKGbHGeRZ3MnwYJjm2evAEid2GA7euBYwUbFS6cJz88jn+cTENsNpn6zNYD\n1112o1vdZTUZzIGvYIw8DL31FgC6twZlSsJ7wIhKQxj40uxQ+sPCxvvhFIz3et2COfKlQwsyugD0\nwefFqU65ByTArs8qBiuMjphqx4JVkfv+NUk7hSAc7/+XC7Fz6kSuMljLeg0SZY02Od/2U6iy2zQm\n6psmKgITwfgy01YcKXNCJDR8CcIb70xr3WmdJmqpmQUl19VLbF0cIeXTuG7YUEmWWqLNXlAxnpBf\n2pknLKfqUIrRAEHC4L7LWFdi+UeDeoOFvbkKcQ0MjYBrA0wfr2kF6y0PagTgHUW0eUnQx4CRIKab\nLwwqQphwoug+jMqLOF9SVK4Rq+TrspmGg8GR0OeBbwARAQABiQG2BBgBCAAgFiEEX7Ds6t/qkARU\nfaoVzU/2eT8Jq4YFAlwvcRcCGwwACgkQzU/2eT8Jq4aKugwAiNYSNwonzR15p24zsfLqxBeNLmtt\nXcoorlpmSPAQFr9gMUY94I+ZH4jKydhz8H5oEuxHnM4VQIs1OAH9YQqG/m8aq91i+Gva3quSjdTN\nXl6lnPnC1eZKJbm04U2Uj73cAtt+rGJoqvZiEOme2LqQtmiQhJh5ASMX+W9d3bCnogML/CHVRV0t\nhVf5tudCK8R+KwcNV1NjvH7sVbtxfpJTeZtP7hIxhEUnTnjetd54UJKBQ3yFuDXD2d0nuuCSz1qO\n8C/HYe672m2slVZfX5eTQItVd3wPCc9Zfum3zTMuFTFb8en9cOUzLynfzOwj2+FGwlwaWUppUBH/\nD8HUCIzKJcXVHHCi3pww8TSVoD+n545kUhyJwh+qxWtttm4Hs0al3t0QGuaD6RHGtpdqZ8jgRY8Q\nFLiCnhBm3F0GWXkbKUfH2zVPSexsPSp/DH1hjy7s+ugIJZ75+JzXfFL45C2aXhArKdCFqQQlVFh7\nB92IFh1fiCOyTmXkDWiNOa5jY9mN\n",
"secret": null,
"ses_smtp_password_v4": null,
"status": "Active",
"user": "UserNoGroup001"
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"module.iam-user1.aws_iam_user.iam-user"
]
}
]
},
{
"module": "module.iam-user1",
"mode": "managed",
"type": "aws_iam_user",
"name": "iam-user",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:iam::040216112220:user/UserNoGroup001",
"force_destroy": true,
"id": "UserNoGroup001",
"name": "UserNoGroup001",
"path": "/",
"permissions_boundary": null,
"tags": {
"Application": "terraform",
"BuildDate": "20221020",
"CostCenter": "none",
"Environment": "dev",
"Owner": "Rackspace",
"Project": "iac",
"ServiceProvider": "RackspaceTechnology",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "terraform",
"BuildDate": "20221020",
"CostCenter": "none",
"Environment": "dev",
"Owner": "Rackspace",
"Project": "iac",
"ServiceProvider": "RackspaceTechnology",
"TerraformMode": "managed"
},
"unique_id": "AIDAQSXIRFROJW2NMAYS6"
},
"sensitive_attributes": [],
"private": "bnVsbA=="
}
]
},
{
"module": "module.iam-user1",
"mode": "managed",
"type": "aws_iam_user_login_profile",
"name": "iam-user-profile-pgp",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"encrypted_password": "wcDMA3pyazT9EturAQwA5OJsNQi0NQgktGsNbZNAzkZy/g7+GH+n76KqS1xvuvLVJnbQJ9z+53cPEFWmAAzfr3DsT5MjoFrLtJBA2LG9a6dnQZ+Doy3tn/UTqvp+Ttn1UN8Ky8m6rJHHWnN16+uNEaOl75JJuC9P+v+azdG8Q5XOcS2WD85XAR3NRx4F6lYld5DOKVLkrJP05NGUgRgnnwCcUAz/GPZhhTNwDciBD45AN0Ukm9z7uEeRA21vtJFjvZgP/zPqM4DJ0oA/0F0Kgqmfut/XygPhe3AR5cLJW2w0jdlQP0UaXw5pobEsgBbgQLg4kNlxuG/ay08IbkXQ6p3TpGzybgWgTQjGTEtu8A72ZBZuPyRRtMTsArRB4tSK6wXTh95SaVWzEgi5p/k2qmuRN55BVNg17yFQ6posisP+gNt8RdOFcdDG0vtzglJ0OrNMxB6gv/CS8jWnPLcfqoYentYyfKVjeHuSWk5GMlX8ZYWjdXwYtMXmvNrvAdzICuGXW9uAj3r/4sA52rbx0kUBbhA/F3KyZ7/s32JqKCiMt6rcY47TuwObU27e4gprRCyKewMxtanBDbTROtusaNztQym1CRV8TQTx6OzqqpAYzKc+3YY=",
"id": "UserNoGroup001",
"key_fingerprint": "5fb0eceadfea9004547daa15cd4ff6793f09ab86",
"password": null,
"password_length": 20,
"password_reset_required": false,
"pgp_key": "mQGNBFwvcRcBDADFUwrq87O8Xe0A0m+8sBAfp9N9NfVf1DjF6u2fRNOyCe0wP7ZakmPC/lot3eAn\n9Ztd/S4ReY5o8G6O7euRsa9ha2jmOAKmChOsbAYJogz9+MI4mxKY38XyKN7qItfwDQhanAktgx+P\nBKmeBOzVPEslKb2F/bf32UilxwDdstxHBq7XObO1JFh5b5WPlau4JFG2OSlhI65+WRVBEo/d3ysc\n9m3f4nVEGbiAFzU+Tk48s00CqfMW43+Ktz9Pxi2HAbzw83UvzIsyWYPEMky0tee9iaC4XbjndTTB\niwZpQw8+zdDpmhObkee+rFnK8/xTB8jGe5BE2Mjoo1PTM0v8jdtigC5vAKniMZq9bBccX+Wfmx9D\nLlL5hTqQ04a22VCVi0jSTLEwL6SKmx5O81OQWPOKcl+mi3DwoiT2Te9EXbTiiwVQHcoKkVs+jjRr\n6I3vtbbvKen/Dd9jE+dBtrOmPfJPAIm0oNg47R1soqIiYDm3PNC9XoWwMqn1zfTvlc6RIYMAEQEA\nAbQXeCBwIGsgPHhwa0BoZWFkZGVzay5tZT6JAc4EEwEIADgWIQRfsOzq3+qQBFR9qhXNT/Z5Pwmr\nhgUCXC9xFwIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDNT/Z5Pwmrhl3hDACaAgHhd8dP\n433Q25veYnE0tyEQNpF36v3AhBSCW6r5+KDkWmvyo87JXx6uyD09vHd2maQDgc9D3GBD54X3CBTA\nq89a60dAfdW152sm7X74gKLTgSXXnYBAXC6ZY75uusw+DKpRzPRfzkHwX+7cl4sErDMivCzci0nf\ndn9uGOFD/96AZUwb40Rr3abetisddF6Tog8REhAY6apNFddWlYrdLkoHJqnZjVpMlWK/08bWOyDE\nsIv0wC1yqtY9WKyQv0A8E03ZBjACzTIn988DvfA5e8iNxOvduk+s8xuHFNblyZYzJsqDuD+i/qVD\nMI188A3OhO3Ew3D2pGvf9w97qI0Q5b4fKVgFfQHaJnruqrJiIaYLtyeiZr2NsHu6rRxky/Wr3Oat\n9Z+AUzNc/BcvW19paD+c0AOFwR9fGuDWwcSN0QffHA905ydklPDKuxa9F1MZcuEvW+HHrxHTL08l\nYonBTydQKY5XOZe2pFFf3JgTXsCTlZYbbiZzJ4mXGjRLQ325AY0EXC9xFwEMAOWNTfkoha8t0NEF\n+WmBybtQ0R/AraG3CmjN416Sfnudhg0HX+NXbsCNCtt5ht2lS+y1gDD/pClR02/QFjNfihjxxHIC\nql9dnqDUlay1wmgv2kKGbHGeRZ3MnwYJjm2evAEid2GA7euBYwUbFS6cJz88jn+cTENsNpn6zNYD\n1112o1vdZTUZzIGvYIw8DL31FgC6twZlSsJ7wIhKQxj40uxQ+sPCxvvhFIz3et2COfKlQwsyugD0\nwefFqU65ByTArs8qBiuMjphqx4JVkfv+NUk7hSAc7/+XC7Fz6kSuMljLeg0SZY02Od/2U6iy2zQm\n6psmKgITwfgy01YcKXNCJDR8CcIb70xr3WmdJmqpmQUl19VLbF0cIeXTuG7YUEmWWqLNXlAxnpBf\n2pknLKfqUIrRAEHC4L7LWFdi+UeDeoOFvbkKcQ0MjYBrA0wfr2kF6y0PagTgHUW0eUnQx4CRIKab\nLwwqQphwoug+jMqLOF9SVK4Rq+TrspmGg8GR0OeBbwARAQABiQG2BBgBCAAgFiEEX7Ds6t/qkARU\nfaoVzU/2eT8Jq4YFAlwvcRcCGwwACgkQzU/2eT8Jq4aKugwAiNYSNwonzR15p24zsfLqxBeNLmtt\nXcoorlpmSPAQFr9gMUY94I+ZH4jKydhz8H5oEuxHnM4VQIs1OAH9YQqG/m8aq91i+Gva3quSjdTN\nXl6lnPnC1eZKJbm04U2Uj73cAtt+rGJoqvZiEOme2LqQtmiQhJh5ASMX+W9d3bCnogML/CHVRV0t\nhVf5tudCK8R+KwcNV1NjvH7sVbtxfpJTeZtP7hIxhEUnTnjetd54UJKBQ3yFuDXD2d0nuuCSz1qO\n8C/HYe672m2slVZfX5eTQItVd3wPCc9Zfum3zTMuFTFb8en9cOUzLynfzOwj2+FGwlwaWUppUBH/\nD8HUCIzKJcXVHHCi3pww8TSVoD+n545kUhyJwh+qxWtttm4Hs0al3t0QGuaD6RHGtpdqZ8jgRY8Q\nFLiCnhBm3F0GWXkbKUfH2zVPSexsPSp/DH1hjy7s+ugIJZ75+JzXfFL45C2aXhArKdCFqQQlVFh7\nB92IFh1fiCOyTmXkDWiNOa5jY9mN\n",
"user": "UserNoGroup001"
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"module.iam-user1.aws_iam_user.iam-user"
]
}
]
},
{
"module": "module.iam-user1",
"mode": "managed",
"type": "aws_iam_user_policy",
"name": "iam-user-selfservice-policy",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "UserNoGroup001:SelfServicePermissions",
"name": "SelfServicePermissions",
"name_prefix": null,
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"ManageOwnCredentials\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"iam:ResyncMFADevice\",\n \"iam:ListVirtualMFA*\",\n \"iam:ListMFA*\",\n \"iam:ListAccessKey\",\n \"iam:EnableMFADevice\",\n \"iam:DeleteAccessKey\",\n \"iam:CreateVirtualMFADevice\",\n \"iam:CreateAccessKey\",\n \"iam:ChangePassword\"\n ],\n \"Resource\": \"arn:aws:iam::account-id:user/UserNoGroup001\"\n }\n ]\n}",
"user": "UserNoGroup001"
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"module.iam-user1.aws_iam_user.iam-user",
"module.iam-user1.data.aws_iam_policy_document.user-policy"
]
}
]
},
{
"module": "module.iam-user1",
"mode": "managed",
"type": "aws_iam_user_policy_attachment",
"name": "iam-user-managed-policies",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"id": "UserNoGroup001-20221020005608303300000003",
"policy_arn": "arn:aws:iam::aws:policy/job-function/ViewOnlyAccess",
"user": "UserNoGroup001"
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"module.iam-user1.aws_iam_user.iam-user"
]
}
]
},
{
"module": "module.iam-user1",
"mode": "managed",
"type": "aws_secretsmanager_secret",
"name": "secretmanager",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"arn": "arn:aws:secretsmanager:ap-east-1:040216112220:secret:IamUserCredential-3122855049-UserNoGroup001-CMRrPv",
"description": "AWS resource credential",
"force_overwrite_replica_secret": false,
"id": "arn:aws:secretsmanager:ap-east-1:040216112220:secret:IamUserCredential-3122855049-UserNoGroup001-CMRrPv",
"kms_key_id": "",
"name": "IamUserCredential-3122855049-UserNoGroup001",
"name_prefix": "",
"policy": "",
"recovery_window_in_days": 30,
"replica": [],
"rotation_enabled": false,
"rotation_lambda_arn": "",
"rotation_rules": [],
"tags": {
"Application": "terraform",
"BuildDate": "20221020",
"CostCenter": "none",
"Environment": "dev",
"Owner": "Rackspace",
"Project": "iac",
"ServiceProvider": "RackspaceTechnology",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "terraform",
"BuildDate": "20221020",
"CostCenter": "none",
"Environment": "dev",
"Owner": "Rackspace",
"Project": "iac",
"ServiceProvider": "RackspaceTechnology",
"TerraformMode": "managed"
}
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"module.iam-user1.random_id.secrets-random-id"
]
}
]
},
{
"module": "module.iam-user1",
"mode": "managed",
"type": "aws_secretsmanager_secret_version",
"name": "iam-user-secret",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"arn": "arn:aws:secretsmanager:ap-east-1:040216112220:secret:IamUserCredential-3122855049-UserNoGroup001-CMRrPv",
"id": "arn:aws:secretsmanager:ap-east-1:040216112220:secret:IamUserCredential-3122855049-UserNoGroup001-CMRrPv|B38A89D2-2C00-40A3-B3EE-CFD2F9204311",
"secret_binary": "",
"secret_id": "arn:aws:secretsmanager:ap-east-1:040216112220:secret:IamUserCredential-3122855049-UserNoGroup001-CMRrPv",
"secret_string": "{\"AccessKeyId\":\"NotSet\",\"ConsolePassword\":\"QdpV$e}w]0xpKcmm6o%!\",\"KeySecret\":\"NotSet\"}",
"version_id": "B38A89D2-2C00-40A3-B3EE-CFD2F9204311",
"version_stages": [
"AWSCURRENT"
]
},
"sensitive_attributes": [
[
{
"type": "get_attr",
"value": "secret_string"
}
]
],
"private": "bnVsbA==",
"dependencies": [
"module.iam-user1.aws_iam_access_key.iam-user-access-key",
"module.iam-user1.aws_secretsmanager_secret.secretmanager",
"module.iam-user1.random_id.secrets-random-id",
"module.iam-user1.random_password.iam-user-pass"
]
}
]
},
{
"module": "module.iam-user1",
"mode": "managed",
"type": "random_id",
"name": "secrets-random-id",
"provider": "provider[\"registry.terraform.io/hashicorp/random\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"b64_std": "uiL8iQ==",
"b64_url": "uiL8iQ",
"byte_length": 4,
"dec": "3122855049",
"hex": "ba22fc89",
"id": "uiL8iQ",
"keepers": null,
"prefix": null
},
"sensitive_attributes": []
}
]
},
{
"module": "module.iam-user1",
"mode": "managed",
"type": "random_password",
"name": "iam-user-pass",
"provider": "provider[\"registry.terraform.io/hashicorp/random\"]",
"instances": [
{
"index_key": 0,
"schema_version": 3,
"attributes": {
"bcrypt_hash": "$2a$10$Lp9gvqvgb/XOnXgTic6kJOKPic9KRmak/bOQz720zlpU7DG0KwIpO",
"id": "none",
"keepers": null,
"length": 20,
"lower": true,
"min_lower": 0,
"min_numeric": 0,
"min_special": 0,
"min_upper": 0,
"number": true,
"numeric": true,
"override_special": null,
"result": "QdpV$e}w]0xpKcmm6o%!",
"special": true,
"upper": true
},
"sensitive_attributes": []
}
]
},
{
"module": "module.iam-user2",
"mode": "data",
"type": "aws_iam_policy_document",
"name": "user-policy",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "4218331518",
"json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"ManageOwnCredentials\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"iam:ResyncMFADevice\",\n \"iam:ListVirtualMFA*\",\n \"iam:ListMFA*\",\n \"iam:ListAccessKey\",\n \"iam:EnableMFADevice\",\n \"iam:DeleteAccessKey\",\n \"iam:CreateVirtualMFADevice\",\n \"iam:CreateAccessKey\",\n \"iam:ChangePassword\"\n ],\n \"Resource\": \"arn:aws:iam::account-id:user/UserInGroup001\"\n }\n ]\n}",
"override_json": null,
"override_policy_documents": null,
"policy_id": null,
"source_json": null,
"source_policy_documents": null,
"statement": [
{
"actions": [
"iam:ChangePassword",
"iam:CreateAccessKey",
"iam:CreateVirtualMFADevice",
"iam:DeleteAccessKey",
"iam:EnableMFADevice",
"iam:ListAccessKey",
"iam:ListMFA*",
"iam:ListVirtualMFA*",
"iam:ResyncMFADevice"
],
"condition": [],
"effect": "Allow",
"not_actions": [],
"not_principals": [],
"not_resources": [],
"principals": [],
"resources": [
"arn:aws:iam::account-id:user/UserInGroup001"
],
"sid": "ManageOwnCredentials"
}
],
"version": "2012-10-17"
},
"sensitive_attributes": []
}
]
},
{
"module": "module.iam-user2",
"mode": "managed",
"type": "aws_iam_group_membership",
"name": "group-membership",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": "ViewOnlyUsers001",
"schema_version": 0,
"attributes": {
"group": "ViewOnlyUsers001",
"id": "MembershipToExistingGroups",
"name": "MembershipToExistingGroups",
"users": [
"UserInGroup001"
]
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"module.iam-group.aws_iam_group.iam-group",
"module.iam-user2.aws_iam_user.iam-user"
]
}
]
},
{
"module": "module.iam-user2",
"mode": "managed",
"type": "aws_iam_user",
"name": "iam-user",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:iam::040216112220:user/UserInGroup001",
"force_destroy": true,
"id": "UserInGroup001",
"name": "UserInGroup001",
"path": "/",
"permissions_boundary": null,
"tags": {
"Application": "terraform",
"BuildDate": "20221020",
"CostCenter": "none",
"Environment": "dev",
"Owner": "Rackspace",
"Project": "iac",
"ServiceProvider": "RackspaceTechnology",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "terraform",
"BuildDate": "20221020",
"CostCenter": "none",
"Environment": "dev",
"Owner": "Rackspace",
"Project": "iac",
"ServiceProvider": "RackspaceTechnology",
"TerraformMode": "managed"
},
"unique_id": "AIDAQSXIRFROHECOCQVO3"
},
"sensitive_attributes": [],
"private": "bnVsbA=="
}
]
},
{
"module": "module.iam-user2",
"mode": "managed",
"type": "aws_iam_user_policy",
"name": "iam-user-policy",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"id": "UserInGroup001:S3AdminPermissions",
"name": "S3AdminPermissions",
"name_prefix": null,
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"s3admin\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:*\",\n \"Resource\": \"*\"\n }\n ]\n}",
"user": "UserInGroup001"
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"data.aws_iam_policy_document.user-policy",
"module.iam-user2.aws_iam_user.iam-user"
]
}
]
},
{
"module": "module.iam-user2",
"mode": "managed",
"type": "aws_iam_user_policy",
"name": "iam-user-selfservice-policy",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "UserInGroup001:SelfServicePermissions",
"name": "SelfServicePermissions",
"name_prefix": null,
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"ManageOwnCredentials\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"iam:ResyncMFADevice\",\n \"iam:ListVirtualMFA*\",\n \"iam:ListMFA*\",\n \"iam:ListAccessKey\",\n \"iam:EnableMFADevice\",\n \"iam:DeleteAccessKey\",\n \"iam:CreateVirtualMFADevice\",\n \"iam:CreateAccessKey\",\n \"iam:ChangePassword\"\n ],\n \"Resource\": \"arn:aws:iam::account-id:user/UserInGroup001\"\n }\n ]\n}",
"user": "UserInGroup001"
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"module.iam-user2.aws_iam_user.iam-user",
"module.iam-user2.data.aws_iam_policy_document.user-policy"
]
}
]
},
{
"module": "module.iam-user2",
"mode": "managed",
"type": "random_id",
"name": "secrets-random-id",
"provider": "provider[\"registry.terraform.io/hashicorp/random\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"b64_std": "9ZF4XA==",
"b64_url": "9ZF4XA",
"byte_length": 4,
"dec": "4119951452",
"hex": "f591785c",
"id": "9ZF4XA",
"keepers": null,
"prefix": null
},
"sensitive_attributes": []
}
]
}
],
"check_results": []
}

42
examples/iam.user/terraform.tfvars Normal file
View File

@ -0,0 +1,42 @@
aws-region = "ap-southeast-1"
customer-name = "ken2026"
environment = "dev"
project = "iac"
application = "terraform"
costcenter = "none"
DynamicAddressGroup = ""
owner = "Rackspace"
pgp-key = <<EOT
mQGNBFwvcRcBDADFUwrq87O8Xe0A0m+8sBAfp9N9NfVf1DjF6u2fRNOyCe0wP7ZakmPC/lot3eAn
9Ztd/S4ReY5o8G6O7euRsa9ha2jmOAKmChOsbAYJogz9+MI4mxKY38XyKN7qItfwDQhanAktgx+P
BKmeBOzVPEslKb2F/bf32UilxwDdstxHBq7XObO1JFh5b5WPlau4JFG2OSlhI65+WRVBEo/d3ysc
9m3f4nVEGbiAFzU+Tk48s00CqfMW43+Ktz9Pxi2HAbzw83UvzIsyWYPEMky0tee9iaC4XbjndTTB
iwZpQw8+zdDpmhObkee+rFnK8/xTB8jGe5BE2Mjoo1PTM0v8jdtigC5vAKniMZq9bBccX+Wfmx9D
LlL5hTqQ04a22VCVi0jSTLEwL6SKmx5O81OQWPOKcl+mi3DwoiT2Te9EXbTiiwVQHcoKkVs+jjRr
6I3vtbbvKen/Dd9jE+dBtrOmPfJPAIm0oNg47R1soqIiYDm3PNC9XoWwMqn1zfTvlc6RIYMAEQEA
AbQXeCBwIGsgPHhwa0BoZWFkZGVzay5tZT6JAc4EEwEIADgWIQRfsOzq3+qQBFR9qhXNT/Z5Pwmr
hgUCXC9xFwIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDNT/Z5Pwmrhl3hDACaAgHhd8dP
433Q25veYnE0tyEQNpF36v3AhBSCW6r5+KDkWmvyo87JXx6uyD09vHd2maQDgc9D3GBD54X3CBTA
q89a60dAfdW152sm7X74gKLTgSXXnYBAXC6ZY75uusw+DKpRzPRfzkHwX+7cl4sErDMivCzci0nf
dn9uGOFD/96AZUwb40Rr3abetisddF6Tog8REhAY6apNFddWlYrdLkoHJqnZjVpMlWK/08bWOyDE
sIv0wC1yqtY9WKyQv0A8E03ZBjACzTIn988DvfA5e8iNxOvduk+s8xuHFNblyZYzJsqDuD+i/qVD
MI188A3OhO3Ew3D2pGvf9w97qI0Q5b4fKVgFfQHaJnruqrJiIaYLtyeiZr2NsHu6rRxky/Wr3Oat
9Z+AUzNc/BcvW19paD+c0AOFwR9fGuDWwcSN0QffHA905ydklPDKuxa9F1MZcuEvW+HHrxHTL08l
YonBTydQKY5XOZe2pFFf3JgTXsCTlZYbbiZzJ4mXGjRLQ325AY0EXC9xFwEMAOWNTfkoha8t0NEF
+WmBybtQ0R/AraG3CmjN416Sfnudhg0HX+NXbsCNCtt5ht2lS+y1gDD/pClR02/QFjNfihjxxHIC
ql9dnqDUlay1wmgv2kKGbHGeRZ3MnwYJjm2evAEid2GA7euBYwUbFS6cJz88jn+cTENsNpn6zNYD
1112o1vdZTUZzIGvYIw8DL31FgC6twZlSsJ7wIhKQxj40uxQ+sPCxvvhFIz3et2COfKlQwsyugD0
wefFqU65ByTArs8qBiuMjphqx4JVkfv+NUk7hSAc7/+XC7Fz6kSuMljLeg0SZY02Od/2U6iy2zQm
6psmKgITwfgy01YcKXNCJDR8CcIb70xr3WmdJmqpmQUl19VLbF0cIeXTuG7YUEmWWqLNXlAxnpBf
2pknLKfqUIrRAEHC4L7LWFdi+UeDeoOFvbkKcQ0MjYBrA0wfr2kF6y0PagTgHUW0eUnQx4CRIKab
LwwqQphwoug+jMqLOF9SVK4Rq+TrspmGg8GR0OeBbwARAQABiQG2BBgBCAAgFiEEX7Ds6t/qkARU
faoVzU/2eT8Jq4YFAlwvcRcCGwwACgkQzU/2eT8Jq4aKugwAiNYSNwonzR15p24zsfLqxBeNLmtt
XcoorlpmSPAQFr9gMUY94I+ZH4jKydhz8H5oEuxHnM4VQIs1OAH9YQqG/m8aq91i+Gva3quSjdTN
Xl6lnPnC1eZKJbm04U2Uj73cAtt+rGJoqvZiEOme2LqQtmiQhJh5ASMX+W9d3bCnogML/CHVRV0t
hVf5tudCK8R+KwcNV1NjvH7sVbtxfpJTeZtP7hIxhEUnTnjetd54UJKBQ3yFuDXD2d0nuuCSz1qO
8C/HYe672m2slVZfX5eTQItVd3wPCc9Zfum3zTMuFTFb8en9cOUzLynfzOwj2+FGwlwaWUppUBH/
D8HUCIzKJcXVHHCi3pww8TSVoD+n545kUhyJwh+qxWtttm4Hs0al3t0QGuaD6RHGtpdqZ8jgRY8Q
FLiCnhBm3F0GWXkbKUfH2zVPSexsPSp/DH1hjy7s+ugIJZ75+JzXfFL45C2aXhArKdCFqQQlVFh7
B92IFh1fiCOyTmXkDWiNOa5jY9mN
EOT

25
examples/iam.user/variables.tf Normal file
View File

@ -0,0 +1,25 @@
variable "aws-region" {}
variable "customer-name" {}
variable "environment" {}
variable "project" {}
variable "application" {}
variable "owner" {}
variable "costcenter" {}
variable "DynamicAddressGroup" {}
locals {
default-tags = {
ServiceProvider = "RackspaceTechnology"
Environment = var.environment
Project = var.project
Application = var.application
TerraformMode = "managed"
BuildDate = formatdate("YYYYMMDD", timestamp())
Owner = var.owner
CostCenter = var.costcenter
# DynamicAddressGroup = var.DynamicAddressGroup
}
resource-prefix = "${var.environment}-substr(${var.aws-region},0,2)-${var.customer-name}-${var.project}"
}
variable pgp-key {}

9
examples/vpc-ep/.terraform.lock.hcl Normal file
View File

@ -0,0 +1,9 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/aws" {
version = "4.31.0"
hashes = [
"h1:Ib7NTl1AX+17AP1QHbCTl6G2lIjdrlCSSmu8itTTVmk=",
]
}

1
examples/vpc-ep/.terraform/modules/modules.json Normal file
View File

@ -0,0 +1 @@
{"Modules":[{"Key":"","Source":"","Dir":"."},{"Key":"vpc-ep","Source":"../../modules/networking/vpc-endpoints","Dir":"../../modules/networking/vpc-endpoints"}]}

1
examples/vpc-ep/.terraform/providers/registry.terraform.io/hashicorp/aws/4.31.0/linux_amd64 Symbolic link
View File

@ -0,0 +1 @@
/home/kn/.terraform.d/plugin-cache/registry.terraform.io/hashicorp/aws/4.31.0/linux_amd64

9
examples/vpc-ep/main.tf Normal file
View File

@ -0,0 +1,9 @@
module vpc-ep {
source = "../../modules/networking/vpc-endpoints"
default-tags = local.default-tags
gateway-ep-services = ["s3","dynamodb"]
interface-ep-services = ["ssm"]
resource-prefix = local.resource-prefix
vpc-id = "vpc-01a10b033169f89a8"
}

414
examples/vpc-ep/terraform.tfstate Normal file
View File

@ -0,0 +1,414 @@
{
"version": 4,
"terraform_version": "1.3.0",
"serial": 18,
"lineage": "7e7c4a8c-a513-bbd8-4ebb-b03583bbd5c6",
"outputs": {},
"resources": [
{
"module": "module.vpc-ep",
"mode": "data",
"type": "aws_subnets",
"name": "this-subnets",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"filter": [
{
"name": "vpc-id",
"values": [
"vpc-01a10b033169f89a8"
]
}
],
"id": "ap-east-1",
"ids": [
"subnet-0927ba1b06ccfe6c5",
"subnet-0551e96ffd016192a",
"subnet-08dec6787782ee087"
],
"tags": null,
"timeouts": null
},
"sensitive_attributes": []
}
]
},
{
"module": "module.vpc-ep",
"mode": "data",
"type": "aws_vpc",
"name": "this-vpc",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:ec2:ap-east-1:040216112220:vpc/vpc-01a10b033169f89a8",
"cidr_block": "172.20.0.0/16",
"cidr_block_associations": [
{
"association_id": "vpc-cidr-assoc-021814ddaa62efd0f",
"cidr_block": "172.20.0.0/16",
"state": "associated"
}
],
"default": false,
"dhcp_options_id": "dopt-005007bcb610d7cdc",
"enable_dns_hostnames": true,
"enable_dns_support": true,
"filter": null,
"id": "vpc-01a10b033169f89a8",
"instance_tenancy": "default",
"ipv6_association_id": "vpc-cidr-assoc-0f7f4b5f1bdbf7972",
"ipv6_cidr_block": "2406:da1e:1db:f100::/56",
"main_route_table_id": "rtb-0ffa35a24e515f3b8",
"owner_id": "040216112220",
"state": null,
"tags": {
"Application": "infra",
"BuildDate": "20220421",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-ape1-ken2026-shared-vpc",
"Project": "shared",
"ServiceProvider": "RackspaceTechnology",
"TerraformDir": "LDP.aws.projects/rs-sandbox/rs-asia-sandbox-ken2026/networking.vpc-subnet",
"TerraformMode": "managed"
},
"timeouts": null
},
"sensitive_attributes": []
}
]
},
{
"module": "module.vpc-ep",
"mode": "managed",
"type": "aws_security_group",
"name": "generic-ep-sg",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 1,
"attributes": {
"arn": "arn:aws:ec2:ap-east-1:040216112220:security-group/sg-0e2be56016c1440a8",
"description": "HttpsAccessToVpcEndpoints",
"egress": [
{
"cidr_blocks": [
"0.0.0.0/0"
],
"description": "",
"from_port": 0,
"ipv6_cidr_blocks": [],
"prefix_list_ids": [],
"protocol": "-1",
"security_groups": [],
"self": false,
"to_port": 0
}
],
"id": "sg-0e2be56016c1440a8",
"ingress": [
{
"cidr_blocks": [
"172.20.0.0/16"
],
"description": "TLS from VPC",
"from_port": 443,
"ipv6_cidr_blocks": [],
"prefix_list_ids": [],
"protocol": "tcp",
"security_groups": [],
"self": false,
"to_port": 443
}
],
"name": "HttpsAccessToVpcEndpoints",
"name_prefix": "",
"owner_id": "040216112220",
"revoke_rules_on_delete": false,
"tags": {
"Application": "terraform",
"BuildDate": "20220921",
"CostCenter": "none",
"DynamicAddressGroup": "",
"Environment": "dev",
"Name": "VpcEpAccess",
"Owner": "Rackspace",
"Project": "iac",
"ServiceProvider": "RackspaceTechnology",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "terraform",
"BuildDate": "20220921",
"CostCenter": "none",
"DynamicAddressGroup": "",
"Environment": "dev",
"Name": "VpcEpAccess",
"Owner": "Rackspace",
"Project": "iac",
"ServiceProvider": "RackspaceTechnology",
"TerraformMode": "managed"
},
"timeouts": null,
"vpc_id": "vpc-01a10b033169f89a8"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6OTAwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIxIn0=",
"dependencies": [
"module.vpc-ep.data.aws_vpc.this-vpc"
]
}
]
},
{
"module": "module.vpc-ep",
"mode": "managed",
"type": "aws_vpc_endpoint",
"name": "vpc-gateway-ep",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": "dynamodb",
"schema_version": 0,
"attributes": {
"arn": "arn:aws:ec2:ap-east-1:040216112220:vpc-endpoint/vpce-05b5ee2a00842263e",
"auto_accept": null,
"cidr_blocks": [
"35.71.107.0/25",
"35.71.107.128/26",
"52.119.248.0/24"
],
"dns_entry": [],
"dns_options": [],
"id": "vpce-05b5ee2a00842263e",
"ip_address_type": "",
"network_interface_ids": [],
"owner_id": "040216112220",
"policy": "{\"Statement\":[{\"Action\":\"*\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"*\"}],\"Version\":\"2008-10-17\"}",
"prefix_list_id": "pl-c9b451a0",
"private_dns_enabled": false,
"requester_managed": false,
"route_table_ids": [],
"security_group_ids": [],
"service_name": "com.amazonaws.ap-east-1.dynamodb",
"state": "available",
"subnet_ids": [],
"tags": {
"Application": "terraform",
"BuildDate": "20220921",
"CostCenter": "none",
"DynamicAddressGroup": "",
"Environment": "dev",
"Name": "dev-ap-ken2026-iac-vpcep-dynamodb",
"Owner": "Rackspace",
"Project": "iac",
"ServiceProvider": "RackspaceTechnology",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "terraform",
"BuildDate": "20220921",
"CostCenter": "none",
"DynamicAddressGroup": "",
"Environment": "dev",
"Name": "dev-ap-ken2026-iac-vpcep-dynamodb",
"Owner": "Rackspace",
"Project": "iac",
"ServiceProvider": "RackspaceTechnology",
"TerraformMode": "managed"
},
"timeouts": null,
"vpc_endpoint_type": "Gateway",
"vpc_id": "vpc-01a10b033169f89a8"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19",
"dependencies": [
"module.vpc-ep.data.aws_vpc.this-vpc"
]
},
{
"index_key": "s3",
"schema_version": 0,
"attributes": {
"arn": "arn:aws:ec2:ap-east-1:040216112220:vpc-endpoint/vpce-0ffad2bdf13118244",
"auto_accept": null,
"cidr_blocks": [
"3.5.236.0/22",
"52.95.162.0/24",
"16.12.8.0/24",
"16.12.6.0/23",
"52.95.160.0/23"
],
"dns_entry": [],
"dns_options": [],
"id": "vpce-0ffad2bdf13118244",
"ip_address_type": "",
"network_interface_ids": [],
"owner_id": "040216112220",
"policy": "{\"Statement\":[{\"Action\":\"*\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"*\"}],\"Version\":\"2008-10-17\"}",
"prefix_list_id": "pl-64a5400d",
"private_dns_enabled": false,
"requester_managed": false,
"route_table_ids": [],
"security_group_ids": [],
"service_name": "com.amazonaws.ap-east-1.s3",
"state": "available",
"subnet_ids": [],
"tags": {
"Application": "terraform",
"BuildDate": "20220921",
"CostCenter": "none",
"DynamicAddressGroup": "",
"Environment": "dev",
"Name": "dev-ap-ken2026-iac-vpcep-s3",
"Owner": "Rackspace",
"Project": "iac",
"ServiceProvider": "RackspaceTechnology",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "terraform",
"BuildDate": "20220921",
"CostCenter": "none",
"DynamicAddressGroup": "",
"Environment": "dev",
"Name": "dev-ap-ken2026-iac-vpcep-s3",
"Owner": "Rackspace",
"Project": "iac",
"ServiceProvider": "RackspaceTechnology",
"TerraformMode": "managed"
},
"timeouts": null,
"vpc_endpoint_type": "Gateway",
"vpc_id": "vpc-01a10b033169f89a8"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19",
"dependencies": [
"module.vpc-ep.data.aws_vpc.this-vpc"
]
}
]
},
{
"module": "module.vpc-ep",
"mode": "managed",
"type": "aws_vpc_endpoint",
"name": "vpc-interface-ep",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": "ssm",
"schema_version": 0,
"attributes": {
"arn": "arn:aws:ec2:ap-east-1:040216112220:vpc-endpoint/vpce-07b8a9af30673995f",
"auto_accept": null,
"cidr_blocks": [],
"dns_entry": [
{
"dns_name": "vpce-07b8a9af30673995f-2n2ird8h.ssm.ap-east-1.vpce.amazonaws.com",
"hosted_zone_id": "Z2LIHJ7PKBEMWN"
},
{
"dns_name": "vpce-07b8a9af30673995f-2n2ird8h-ap-east-1c.ssm.ap-east-1.vpce.amazonaws.com",
"hosted_zone_id": "Z2LIHJ7PKBEMWN"
},
{
"dns_name": "vpce-07b8a9af30673995f-2n2ird8h-ap-east-1b.ssm.ap-east-1.vpce.amazonaws.com",
"hosted_zone_id": "Z2LIHJ7PKBEMWN"
},
{
"dns_name": "vpce-07b8a9af30673995f-2n2ird8h-ap-east-1a.ssm.ap-east-1.vpce.amazonaws.com",
"hosted_zone_id": "Z2LIHJ7PKBEMWN"
},
{
"dns_name": "ssm.ap-east-1.amazonaws.com",
"hosted_zone_id": "Z0476620U1IKM0YK6Q0X"
}
],
"dns_options": [
{
"dns_record_ip_type": "ipv4"
}
],
"id": "vpce-07b8a9af30673995f",
"ip_address_type": "ipv4",
"network_interface_ids": [
"eni-05f45ed86856de58d"
],
"owner_id": "040216112220",
"policy": "{\"Statement\":[{\"Action\":\"*\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"*\"}]}",
"prefix_list_id": null,
"private_dns_enabled": true,
"requester_managed": false,
"route_table_ids": [],
"security_group_ids": [
"sg-0e2be56016c1440a8"
],
"service_name": "com.amazonaws.ap-east-1.ssm",
"state": "available",
"subnet_ids": [
"subnet-0551e96ffd016192a",
"subnet-08dec6787782ee087",
"subnet-0927ba1b06ccfe6c5"
],
"tags": {
"Application": "terraform",
"BuildDate": "20220921",
"CostCenter": "none",
"DynamicAddressGroup": "",
"Environment": "dev",
"Name": "dev-ap-ken2026-iac-vpcep-ssm",
"Owner": "Rackspace",
"Project": "iac",
"ServiceProvider": "RackspaceTechnology",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "terraform",
"BuildDate": "20220921",
"CostCenter": "none",
"DynamicAddressGroup": "",
"Environment": "dev",
"Name": "dev-ap-ken2026-iac-vpcep-ssm",
"Owner": "Rackspace",
"Project": "iac",
"ServiceProvider": "RackspaceTechnology",
"TerraformMode": "managed"
},
"timeouts": null,
"vpc_endpoint_type": "Interface",
"vpc_id": "vpc-01a10b033169f89a8"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19",
"dependencies": [
"module.vpc-ep.aws_security_group.generic-ep-sg",
"module.vpc-ep.data.aws_subnets.this-subnets",
"module.vpc-ep.data.aws_vpc.this-vpc"
]
}
]
}
],
"check_results": [
{
"object_kind": "resource",
"config_addr": "module.vpc-ep.data.aws_vpc.this-vpc",
"status": "unknown",
"objects": [
{
"object_addr": "module.vpc-ep.data.aws_vpc.this-vpc",
"status": "unknown"
}
]
}
]
}

404
examples/vpc-ep/terraform.tfstate.backup Normal file
View File

@ -0,0 +1,404 @@
{
"version": 4,
"terraform_version": "1.3.0",
"serial": 13,
"lineage": "7e7c4a8c-a513-bbd8-4ebb-b03583bbd5c6",
"outputs": {},
"resources": [
{
"module": "module.vpc-ep",
"mode": "data",
"type": "aws_subnets",
"name": "this-subnets",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"filter": [
{
"name": "vpc-id",
"values": [
"vpc-01a10b033169f89a8"
]
}
],
"id": "ap-east-1",
"ids": [
"subnet-0927ba1b06ccfe6c5",
"subnet-0551e96ffd016192a",
"subnet-08dec6787782ee087"
],
"tags": null,
"timeouts": null
},
"sensitive_attributes": []
}
]
},
{
"module": "module.vpc-ep",
"mode": "data",
"type": "aws_vpc",
"name": "this-vpc",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:ec2:ap-east-1:040216112220:vpc/vpc-01a10b033169f89a8",
"cidr_block": "172.20.0.0/16",
"cidr_block_associations": [
{
"association_id": "vpc-cidr-assoc-021814ddaa62efd0f",
"cidr_block": "172.20.0.0/16",
"state": "associated"
}
],
"default": false,
"dhcp_options_id": "dopt-005007bcb610d7cdc",
"enable_dns_hostnames": true,
"enable_dns_support": true,
"filter": null,
"id": "vpc-01a10b033169f89a8",
"instance_tenancy": "default",
"ipv6_association_id": "vpc-cidr-assoc-0f7f4b5f1bdbf7972",
"ipv6_cidr_block": "2406:da1e:1db:f100::/56",
"main_route_table_id": "rtb-0ffa35a24e515f3b8",
"owner_id": "040216112220",
"state": null,
"tags": {
"Application": "infra",
"BuildDate": "20220421",
"CreatedBy": "arn:aws:iam::040216112220:user/ken2026",
"Environment": "lab",
"Name": "lab-ape1-ken2026-shared-vpc",
"Project": "shared",
"ServiceProvider": "RackspaceTechnology",
"TerraformDir": "LDP.aws.projects/rs-sandbox/rs-asia-sandbox-ken2026/networking.vpc-subnet",
"TerraformMode": "managed"
},
"timeouts": null
},
"sensitive_attributes": []
}
]
},
{
"module": "module.vpc-ep",
"mode": "managed",
"type": "aws_security_group",
"name": "generic-ep-sg",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 1,
"attributes": {
"arn": "arn:aws:ec2:ap-east-1:040216112220:security-group/sg-0e2be56016c1440a8",
"description": "HttpsAccessToVpcEndpoints",
"egress": [
{
"cidr_blocks": [
"0.0.0.0/0"
],
"description": "",
"from_port": 0,
"ipv6_cidr_blocks": [],
"prefix_list_ids": [],
"protocol": "-1",
"security_groups": [],
"self": false,
"to_port": 0
}
],
"id": "sg-0e2be56016c1440a8",
"ingress": [
{
"cidr_blocks": [
"172.20.0.0/16"
],
"description": "TLS from VPC",
"from_port": 443,
"ipv6_cidr_blocks": [],
"prefix_list_ids": [],
"protocol": "tcp",
"security_groups": [],
"self": false,
"to_port": 443
}
],
"name": "HttpsAccessToVpcEndpoints",
"name_prefix": "",
"owner_id": "040216112220",
"revoke_rules_on_delete": false,
"tags": {
"Application": "terraform",
"BuildDate": "20220921",
"CostCenter": "none",
"DynamicAddressGroup": "",
"Environment": "dev",
"Name": "VpcEpAccess",
"Owner": "Rackspace",
"Project": "iac",
"ServiceProvider": "RackspaceTechnology",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "terraform",
"BuildDate": "20220921",
"CostCenter": "none",
"DynamicAddressGroup": "",
"Environment": "dev",
"Name": "VpcEpAccess",
"Owner": "Rackspace",
"Project": "iac",
"ServiceProvider": "RackspaceTechnology",
"TerraformMode": "managed"
},
"timeouts": null,
"vpc_id": "vpc-01a10b033169f89a8"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6OTAwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIxIn0=",
"dependencies": [
"module.vpc-ep.data.aws_vpc.this-vpc"
]
}
]
},
{
"module": "module.vpc-ep",
"mode": "managed",
"type": "aws_vpc_endpoint",
"name": "vpc-gateway-ep",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": "dynamodb",
"schema_version": 0,
"attributes": {
"arn": "arn:aws:ec2:ap-east-1:040216112220:vpc-endpoint/vpce-05b5ee2a00842263e",
"auto_accept": null,
"cidr_blocks": [
"35.71.107.0/25",
"35.71.107.128/26",
"52.119.248.0/24"
],
"dns_entry": [],
"dns_options": [],
"id": "vpce-05b5ee2a00842263e",
"ip_address_type": "",
"network_interface_ids": [],
"owner_id": "040216112220",
"policy": "{\"Statement\":[{\"Action\":\"*\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"*\"}],\"Version\":\"2008-10-17\"}",
"prefix_list_id": "pl-c9b451a0",
"private_dns_enabled": false,
"requester_managed": false,
"route_table_ids": [],
"security_group_ids": [],
"service_name": "com.amazonaws.ap-east-1.dynamodb",
"state": "available",
"subnet_ids": [],
"tags": {
"Application": "terraform",
"BuildDate": "20220921",
"CostCenter": "none",
"DynamicAddressGroup": "",
"Environment": "dev",
"Name": "dev-ap-ken2026-iac-vpcep-dynamodb",
"Owner": "Rackspace",
"Project": "iac",
"ServiceProvider": "RackspaceTechnology",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "terraform",
"BuildDate": "20220921",
"CostCenter": "none",
"DynamicAddressGroup": "",
"Environment": "dev",
"Name": "dev-ap-ken2026-iac-vpcep-dynamodb",
"Owner": "Rackspace",
"Project": "iac",
"ServiceProvider": "RackspaceTechnology",
"TerraformMode": "managed"
},
"timeouts": null,
"vpc_endpoint_type": "Gateway",
"vpc_id": "vpc-01a10b033169f89a8"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19",
"dependencies": [
"module.vpc-ep.data.aws_vpc.this-vpc"
]
},
{
"index_key": "s3",
"schema_version": 0,
"attributes": {
"arn": "arn:aws:ec2:ap-east-1:040216112220:vpc-endpoint/vpce-0ffad2bdf13118244",
"auto_accept": null,
"cidr_blocks": [
"3.5.236.0/22",
"52.95.162.0/24",
"16.12.8.0/24",
"16.12.6.0/23",
"52.95.160.0/23"
],
"dns_entry": [],
"dns_options": [],
"id": "vpce-0ffad2bdf13118244",
"ip_address_type": "",
"network_interface_ids": [],
"owner_id": "040216112220",
"policy": "{\"Statement\":[{\"Action\":\"*\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"*\"}],\"Version\":\"2008-10-17\"}",
"prefix_list_id": "pl-64a5400d",
"private_dns_enabled": false,
"requester_managed": false,
"route_table_ids": [],
"security_group_ids": [],
"service_name": "com.amazonaws.ap-east-1.s3",
"state": "available",
"subnet_ids": [],
"tags": {
"Application": "terraform",
"BuildDate": "20220921",
"CostCenter": "none",
"DynamicAddressGroup": "",
"Environment": "dev",
"Name": "dev-ap-ken2026-iac-vpcep-s3",
"Owner": "Rackspace",
"Project": "iac",
"ServiceProvider": "RackspaceTechnology",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "terraform",
"BuildDate": "20220921",
"CostCenter": "none",
"DynamicAddressGroup": "",
"Environment": "dev",
"Name": "dev-ap-ken2026-iac-vpcep-s3",
"Owner": "Rackspace",
"Project": "iac",
"ServiceProvider": "RackspaceTechnology",
"TerraformMode": "managed"
},
"timeouts": null,
"vpc_endpoint_type": "Gateway",
"vpc_id": "vpc-01a10b033169f89a8"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19",
"dependencies": [
"module.vpc-ep.data.aws_vpc.this-vpc"
]
}
]
},
{
"module": "module.vpc-ep",
"mode": "managed",
"type": "aws_vpc_endpoint",
"name": "vpc-interface-ep",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": "ssm",
"schema_version": 0,
"attributes": {
"arn": "arn:aws:ec2:ap-east-1:040216112220:vpc-endpoint/vpce-07b8a9af30673995f",
"auto_accept": null,
"cidr_blocks": [],
"dns_entry": [
{
"dns_name": "vpce-07b8a9af30673995f-2n2ird8h.ssm.ap-east-1.vpce.amazonaws.com",
"hosted_zone_id": "Z2LIHJ7PKBEMWN"
},
{
"dns_name": "vpce-07b8a9af30673995f-2n2ird8h-ap-east-1a.ssm.ap-east-1.vpce.amazonaws.com",
"hosted_zone_id": "Z2LIHJ7PKBEMWN"
},
{
"dns_name": "ssm.ap-east-1.amazonaws.com",
"hosted_zone_id": "Z0476620U1IKM0YK6Q0X"
}
],
"dns_options": [
{
"dns_record_ip_type": "ipv4"
}
],
"id": "vpce-07b8a9af30673995f",
"ip_address_type": "ipv4",
"network_interface_ids": [
"eni-05f45ed86856de58d"
],
"owner_id": "040216112220",
"policy": "{\"Statement\":[{\"Action\":\"*\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"*\"}]}",
"prefix_list_id": null,
"private_dns_enabled": true,
"requester_managed": false,
"route_table_ids": [],
"security_group_ids": [
"sg-0e2be56016c1440a8"
],
"service_name": "com.amazonaws.ap-east-1.ssm",
"state": "available",
"subnet_ids": [
"subnet-0927ba1b06ccfe6c5"
],
"tags": {
"Application": "terraform",
"BuildDate": "20220921",
"CostCenter": "none",
"DynamicAddressGroup": "",
"Environment": "dev",
"Name": "dev-ap-ken2026-iac-vpcep-ssm",
"Owner": "Rackspace",
"Project": "iac",
"ServiceProvider": "RackspaceTechnology",
"TerraformMode": "managed"
},
"tags_all": {
"Application": "terraform",
"BuildDate": "20220921",
"CostCenter": "none",
"DynamicAddressGroup": "",
"Environment": "dev",
"Name": "dev-ap-ken2026-iac-vpcep-ssm",
"Owner": "Rackspace",
"Project": "iac",
"ServiceProvider": "RackspaceTechnology",
"TerraformMode": "managed"
},
"timeouts": null,
"vpc_endpoint_type": "Interface",
"vpc_id": "vpc-01a10b033169f89a8"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19",
"dependencies": [
"module.vpc-ep.aws_security_group.generic-ep-sg",
"module.vpc-ep.data.aws_subnets.this-subnets",
"module.vpc-ep.data.aws_vpc.this-vpc"
]
}
]
}
],
"check_results": [
{
"object_kind": "resource",
"config_addr": "module.vpc-ep.data.aws_vpc.this-vpc",
"status": "unknown",
"objects": [
{
"object_addr": "module.vpc-ep.data.aws_vpc.this-vpc",
"status": "unknown"
}
]
}
]
}

8
examples/vpc-ep/terraform.tfvars Normal file
View File

@ -0,0 +1,8 @@
aws-region = "ap-east-1"
customer-name = "ken2026"
environment = "dev"
project = "iac"
application = "terraform"
costcenter = "none"
DynamicAddressGroup = ""
owner = "Rackspace"

24
examples/vpc-ep/variables.tf Normal file
View File

@ -0,0 +1,24 @@
variable "aws-region" {}
variable "customer-name" {}
variable "environment" {}
variable "project" {}
variable "application" {}
variable "owner" {}
variable "costcenter" {}
variable "DynamicAddressGroup" {}
locals {
default-tags = {
ServiceProvider = "RackspaceTechnology"
Environment = var.environment
Project = var.project
Application = var.application
TerraformMode = "managed"
BuildDate = formatdate("YYYYMMDD", timestamp())
Owner = var.owner
CostCenter = var.costcenter
DynamicAddressGroup = var.DynamicAddressGroup
}
resource-prefix = "${var.environment}-${substr(var.aws-region,0,2)}-${var.customer-name}-${var.project}"
}