UPD: updated several modules to simplify input variables
This commit is contained in:
parent
aaf99335bd
commit
d47e06df0c
GPG Key ID:
CD4FF6793F09AB86
@ -1,5 +1,8 @@
|
||||
data aws_regions all-aws-regions {}
|
||||
|
||||
resource "null_resource" "shell" {
|
||||
for_each = data.aws_regions.all-aws-regions.names
|
||||
provisioner "local-exec" {
|
||||
command = "/bin/bash -c '${path.module}/exec.sh ${var.region-name}'"
|
||||
command = "/bin/bash -c '${path.module}/exec.sh ${each.value}'"
|
||||
}
|
||||
}
|
||||
@ -80,16 +80,10 @@ resource "aws_config_configuration_recorder_status" "main" {
|
||||
|
||||
module config-bucket {
|
||||
source = "../../storage/infra-s3-bucket"
|
||||
|
||||
application = var.application
|
||||
aws-region-short = var.aws-region-short
|
||||
bucket-name = "${local.resource-prefix}-configbucket-${data.aws_caller_identity.this.account_id}"
|
||||
bucket-name = "${var.resource-prefix}-configbucket-${data.aws_caller_identity.this.account_id}"
|
||||
add-random-suffix = false
|
||||
bucket-policy-json = data.aws_iam_policy_document.config_bucket_policy.json
|
||||
customer-name = var.customer-name
|
||||
default-tags = var.default-tags
|
||||
environment = var.environment
|
||||
project = var.project
|
||||
}
|
||||
|
||||
data "aws_iam_policy_document" "config_bucket_policy" {
|
||||
@ -107,7 +101,7 @@ data "aws_iam_policy_document" "config_bucket_policy" {
|
||||
]
|
||||
|
||||
resources = [
|
||||
"arn:aws:s3:::${local.resource-prefix}-configbucket-${data.aws_caller_identity.this.account_id}",
|
||||
"arn:aws:s3:::${var.resource-prefix}-configbucket-${data.aws_caller_identity.this.account_id}",
|
||||
]
|
||||
}
|
||||
|
||||
@ -124,7 +118,7 @@ data "aws_iam_policy_document" "config_bucket_policy" {
|
||||
]
|
||||
|
||||
resources = [
|
||||
"arn:aws:s3:::${local.resource-prefix}-configbucket-${data.aws_caller_identity.this.account_id}",
|
||||
"arn:aws:s3:::${var.resource-prefix}-configbucket-${data.aws_caller_identity.this.account_id}",
|
||||
]
|
||||
}
|
||||
|
||||
@ -141,7 +135,7 @@ data "aws_iam_policy_document" "config_bucket_policy" {
|
||||
]
|
||||
|
||||
resources = [
|
||||
"arn:aws:s3:::${local.resource-prefix}-configbucket-${data.aws_caller_identity.this.account_id}/*",
|
||||
"arn:aws:s3:::${var.resource-prefix}-configbucket-${data.aws_caller_identity.this.account_id}/*",
|
||||
]
|
||||
|
||||
condition {
|
||||
|
||||
@ -1,13 +1,5 @@
|
||||
variable "customer-name" {}
|
||||
variable "environment" {}
|
||||
variable "project" {}
|
||||
variable "application" {}
|
||||
variable "aws-region-short" {}
|
||||
variable "default-tags" {}
|
||||
|
||||
locals {
|
||||
resource-prefix = "${var.environment}-${var.aws-region-short}-${var.customer-name}-${var.project}"
|
||||
}
|
||||
variable resource-prefix {}
|
||||
|
||||
variable config-retention-days {
|
||||
type = number
|
||||
|
||||
@ -1,12 +1,12 @@
|
||||
resource "aws_iam_role" "iam_cloudtrial_cloudwatch_role" {
|
||||
name = "${local.resource-prefix}-cwl-role"
|
||||
name = "${var.resource-prefix}-cwl-role"
|
||||
assume_role_policy = data.aws_iam_policy_document.ct-role-assumerole-policy.json
|
||||
description = "Enables AWS CloudTrail to deliver log to CloudWatch log"
|
||||
tags = var.default-tags
|
||||
}
|
||||
|
||||
resource "aws_iam_role_policy" "iam_cloudtrial_cloudwatach_role_policy" {
|
||||
name = "${local.resource-prefix}-cwl-role-policy"
|
||||
name = "${var.resource-prefix}-cwl-role-policy"
|
||||
role = aws_iam_role.iam_cloudtrial_cloudwatch_role.id
|
||||
policy = data.aws_iam_policy_document.ct-role-pdoc.json
|
||||
}
|
||||
@ -46,7 +46,7 @@ data "aws_iam_policy_document" "ct-role-pdoc" {
|
||||
|
||||
|
||||
resource "aws_cloudtrail" "default" {
|
||||
name = "${local.resource-prefix}-trail-001"
|
||||
name = "${var.resource-prefix}-trail-001"
|
||||
enable_logging = true
|
||||
s3_bucket_name = local.ct-bucket-name
|
||||
enable_log_file_validation = true
|
||||
|
||||
@ -6,7 +6,7 @@ resource "aws_kms_key" "ctbucket-key" {
|
||||
}
|
||||
|
||||
resource "aws_kms_alias" ctbucket-key-aliaas {
|
||||
name = "alias/${local.resource-prefix}-kmskey-default"
|
||||
name = "alias/${var.resource-prefix}-kmskey-default"
|
||||
target_key_id = aws_kms_key.ctbucket-key.key_id
|
||||
}
|
||||
|
||||
|
||||
@ -55,54 +55,10 @@ data "aws_iam_policy_document" "cloudtrail_bucket_policy" {
|
||||
|
||||
}
|
||||
|
||||
module ct-bucket {
|
||||
source = "../../storage/infra-s3-bucket"
|
||||
|
||||
resource "aws_s3_bucket" "ct-bucket" {
|
||||
bucket = local.ct-bucket-name
|
||||
policy = data.aws_iam_policy_document.cloudtrail_bucket_policy.json
|
||||
|
||||
versioning {
|
||||
enabled = false
|
||||
}
|
||||
|
||||
server_side_encryption_configuration {
|
||||
rule {
|
||||
apply_server_side_encryption_by_default {
|
||||
kms_master_key_id = aws_kms_key.ctbucket-key.arn
|
||||
sse_algorithm = "aws:kms"
|
||||
}
|
||||
}
|
||||
}
|
||||
tags = var.default-tags
|
||||
|
||||
lifecycle_rule {
|
||||
id = "${local.resource-prefix}-ctbucket-lifecycle-rule"
|
||||
enabled = true
|
||||
|
||||
transition {
|
||||
days = 30
|
||||
storage_class = "INTELLIGENT_TIERING"
|
||||
}
|
||||
|
||||
expiration {
|
||||
days = var.cloudtrail-retain-days
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
resource "aws_s3_bucket_public_access_block" "s3-public-access-settings" {
|
||||
bucket = aws_s3_bucket.ct-bucket.id
|
||||
|
||||
block_public_acls = true
|
||||
block_public_policy = true
|
||||
ignore_public_acls = true
|
||||
restrict_public_buckets = true
|
||||
}
|
||||
|
||||
resource "aws_s3_bucket_ownership_controls" "ctbucket-ownership-setting" {
|
||||
bucket = aws_s3_bucket.ct-bucket.id
|
||||
|
||||
rule {
|
||||
object_ownership = "BucketOwnerPreferred"
|
||||
}
|
||||
bucket-name = local.ct-bucket-name
|
||||
bucket-policy-json = data.aws_iam_policy_document.cloudtrail_bucket_policy.json
|
||||
default-tags = var.default-tags
|
||||
}
|
||||
@ -1,16 +1,19 @@
|
||||
/*
|
||||
variable "customer-name" {}
|
||||
variable "environment" {}
|
||||
variable "project" {}
|
||||
variable "application" {}
|
||||
variable "aws-region-short" {}
|
||||
*/
|
||||
variable resource-prefix {}
|
||||
variable "default-tags" {}
|
||||
variable "cloudtrail-retain-days" {
|
||||
type = number
|
||||
default = 90
|
||||
}
|
||||
|
||||
data aws_region this-region {}
|
||||
|
||||
locals {
|
||||
ct-bucket-name = "${var.environment}-${var.aws-region-short}-${var.customer-name}-${var.project}-ctbucket-${data.aws_caller_identity.this.account_id}"
|
||||
resource-prefix = "${var.environment}-${var.aws-region-short}-${var.customer-name}-${var.project}"
|
||||
ct-bucket-name = "${var.resource-prefix}-ctbucket-${data.aws_caller_identity.this.account_id}"
|
||||
}
|
||||
|
||||
|
||||
@ -1,12 +1 @@
|
||||
variable "customer-name" {}
|
||||
variable "environment" {}
|
||||
variable "project" {}
|
||||
variable "application" {}
|
||||
variable "aws-region-short" {}
|
||||
variable "default-tags" {}
|
||||
|
||||
locals {
|
||||
ct-bucket-name = "${var.environment}-${var.aws-region-short}-${var.customer-name}-${var.project}-ctbucket-${data.aws_caller_identity.this.account_id}"
|
||||
resource-prefix = "${var.environment}-${var.aws-region-short}-${var.customer-name}-${var.project}"
|
||||
}
|
||||
|
||||
|
||||
@ -1,8 +1,4 @@
|
||||
variable "customer-name" {}
|
||||
variable "environment" {}
|
||||
variable "project" {}
|
||||
variable "application" {}
|
||||
variable "aws-region-short" {}
|
||||
variable "default-tags" {}
|
||||
variable "cloudtrail-retain-days" {
|
||||
type = number
|
||||
@ -14,11 +10,11 @@ variable "create-cloudhealth-resources" {
|
||||
default = false
|
||||
}
|
||||
|
||||
variable "cloudheath-ext-id1" {}
|
||||
variable "cloudheath-ext-id2" {}
|
||||
|
||||
locals {
|
||||
ct-bucket-name = "${var.environment}-${var.aws-region-short}-${var.customer-name}-${var.project}-ctbucket-${data.aws_caller_identity.this.account_id}"
|
||||
resource-prefix = "${var.environment}-${var.aws-region-short}-${var.customer-name}-${var.project}"
|
||||
variable "cloudheath-ext-id1" {
|
||||
type = string
|
||||
default = ""
|
||||
}
|
||||
variable "cloudheath-ext-id2" {
|
||||
type = string
|
||||
default = ""
|
||||
}
|
||||
|
||||
|
||||
@ -1,8 +1,3 @@
|
||||
variable "customer-name" {}
|
||||
variable "environment" {}
|
||||
variable "project" {}
|
||||
variable "application" {}
|
||||
variable "aws-region-short" {}
|
||||
variable "default-tags" {}
|
||||
variable "bucket-retain-days" {
|
||||
type = number
|
||||
@ -19,12 +14,6 @@ variable "add-random-suffix" {
|
||||
default = false
|
||||
}
|
||||
|
||||
data aws_region this-region {}
|
||||
|
||||
locals {
|
||||
resource-prefix = "${var.environment}-substr(${data.aws_region.this-region.name}, 0, 2)-${var.customer-name}-${var.project}"
|
||||
}
|
||||
|
||||
variable bucket-acl {
|
||||
type = string
|
||||
default = "private"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user