diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..6f64b5a --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,25 @@ +# Use this file to define individuals or teams that are responsible for code in a repository. +# Read more: +# +# Order is important: the last matching pattern has the highest precedence + +# These owners will be the default owners for everything +* @cloudposse/engineering @cloudposse/contributors + +# Cloud Posse must review any changes to Makefiles +**/Makefile @cloudposse/engineering +**/Makefile.* @cloudposse/engineering + +# Cloud Posse must review any changes to GitHub actions +.github/* @cloudposse/engineering + +# Cloud Posse must review any changes to standard context definition, +# but some changes can be rubber-stamped. +**/*.tf @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers +README.yaml @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers +README.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers +docs/*.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers + +# Cloud Posse Admins must review all changes to CODEOWNERS or the mergify configuration +.github/mergify.yml @cloudposse/admins +.github/CODEOWNERS @cloudposse/admins diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml new file mode 100644 index 0000000..94d3246 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -0,0 +1,72 @@ +--- +name: Bug report +description: Create a report to help us improve +labels: ["bug"] +assignees: [""] +body: + - type: markdown + attributes: + value: | + Found a bug? + + Please checkout our [Slack Community](https://slack.cloudposse.com) + or visit our [Slack Archive](https://archive.sweetops.com/). + + [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) + + - type: textarea + id: concise-description + attributes: + label: Describe the Bug + description: A clear and concise description of what the bug is. + placeholder: What is the bug about? + validations: + required: true + + - type: textarea + id: expected + attributes: + label: Expected Behavior + description: A clear and concise description of what you expected. + placeholder: What happened? + validations: + required: true + + - type: textarea + id: reproduction-steps + attributes: + label: Steps to Reproduce + description: Steps to reproduce the behavior. + placeholder: How do we reproduce it? + validations: + required: true + + - type: textarea + id: screenshots + attributes: + label: Screenshots + description: If applicable, add screenshots or logs to help explain. + validations: + required: false + + - type: textarea + id: environment + attributes: + label: Environment + description: Anything that will help us triage the bug. + placeholder: | + - OS: [e.g. Linux, OSX, WSL, etc] + - Version [e.g. 10.15] + - Module version + - Terraform version + validations: + required: false + + - type: textarea + id: additional + attributes: + label: Additional Context + description: | + Add any other context about the problem here. + validations: + required: false diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000..76ae6d6 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,18 @@ +blank_issues_enabled: false + +contact_links: + + - name: Community Slack Team + url: https://cloudposse.com/slack/ + about: |- + Please ask and answer questions here. + + - name: Office Hours + url: https://cloudposse.com/office-hours/ + about: |- + Join us every Wednesday for FREE Office Hours (lunch & learn). + + - name: DevOps Accelerator Program + url: https://cloudposse.com/accelerate/ + about: |- + Own your infrastructure in record time. We build it. You drive it. diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml new file mode 100644 index 0000000..7b86672 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.yml @@ -0,0 +1,71 @@ +--- +name: Feature Request +description: Suggest an idea for this project +labels: ["feature request"] +assignees: [""] +body: + - type: markdown + attributes: + value: | + Have a question? + + Please checkout our [Slack Community](https://slack.cloudposse.com) + or visit our [Slack Archive](https://archive.sweetops.com/). + + [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) + + - type: textarea + id: concise-description + attributes: + label: Describe the Feature + description: A clear and concise description of what the feature is. + placeholder: What is the feature about? + validations: + required: true + + - type: textarea + id: expected + attributes: + label: Expected Behavior + description: A clear and concise description of what you expected. + placeholder: What happened? + validations: + required: true + + - type: textarea + id: use-case + attributes: + label: Use Case + description: | + Is your feature request related to a problem/challenge you are trying + to solve? + + Please provide some additional context of why this feature or + capability will be valuable. + validations: + required: true + + - type: textarea + id: ideal-solution + attributes: + label: Describe Ideal Solution + description: A clear and concise description of what you want to happen. + validations: + required: true + + - type: textarea + id: alternatives-considered + attributes: + label: Alternatives Considered + description: Explain alternative solutions or features considered. + validations: + required: false + + - type: textarea + id: additional + attributes: + label: Additional Context + description: | + Add any other context about the problem here. + validations: + required: false diff --git a/.github/ISSUE_TEMPLATE/question.md b/.github/ISSUE_TEMPLATE/question.md new file mode 100644 index 0000000..e69de29 diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..8944933 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,21 @@ +## what + + + +## why + + + +## references + + diff --git a/.github/auto-release.yml b/.github/auto-release.yml new file mode 100644 index 0000000..cc9bf05 --- /dev/null +++ b/.github/auto-release.yml @@ -0,0 +1,54 @@ +name-template: 'v$RESOLVED_VERSION' +tag-template: '$RESOLVED_VERSION' +version-template: '$MAJOR.$MINOR.$PATCH' +version-resolver: + major: + labels: + - 'major' + minor: + labels: + - 'minor' + - 'enhancement' + patch: + labels: + - 'auto-update' + - 'patch' + - 'fix' + - 'bugfix' + - 'bug' + - 'hotfix' + default: 'minor' +filter-by-commitish: true + +categories: +- title: '🚀 Enhancements' + labels: + - 'enhancement' + - 'patch' +- title: '🐛 Bug Fixes' + labels: + - 'fix' + - 'bugfix' + - 'bug' + - 'hotfix' +- title: '🤖 Automatic Updates' + labels: + - 'auto-update' + +change-template: | +
+ $TITLE @$AUTHOR (#$NUMBER) + + $BODY +
+ +template: | + $CHANGES + +replacers: +# Remove irrelevant information from Renovate bot +- search: '/(?<=---\s)\s*^#.*(Renovate configuration|Configuration)(?:.|\n)*?This PR has been generated .*/gm' + replace: '' +# Remove Renovate bot banner image +- search: '/\[!\[[^\]]*Renovate\][^\]]*\](\([^)]*\))?\s*\n+/gm' + replace: '' diff --git a/.github/mergify.yml b/.github/mergify.yml new file mode 100644 index 0000000..148d85c --- /dev/null +++ b/.github/mergify.yml @@ -0,0 +1,76 @@ +# https://docs.mergify.io/conditions.html +# https://docs.mergify.io/actions.html +pull_request_rules: +- name: "approve automated PRs that have passed checks" + conditions: + - "author~=^(cloudpossebot|renovate\\[bot\\])$" + - "-closed" + - "head~=^(auto-update|renovate)/.*" + - "check-success=test/bats" + - "check-success=test/readme" + - "check-success=test/terratest" + - "check-success=validate-codeowners" + - or: + - "base=master" + - "base=main" + - "base~=^release/v\\d{1,2}$" + + actions: + review: + type: "APPROVE" + bot_account: "cloudposse-mergebot" + message: "We've automatically approved this PR because the checks from the automated Pull Request have passed." + +- name: "merge automated PRs when approved and tests pass" + conditions: + - "author~=^(cloudpossebot|renovate\\[bot\\])$" + - "-closed" + - "head~=^(auto-update|renovate)/.*" + - "check-success=test/bats" + - "check-success=test/readme" + - "check-success=test/terratest" + - "check-success=validate-codeowners" + - "#approved-reviews-by>=1" + - "#changes-requested-reviews-by=0" + - "#commented-reviews-by=0" + - or: + - "base=master" + - "base=main" + - "base~=^release/v\\d{1,2}$" + + actions: + merge: + method: "squash" + +- name: "delete the head branch after merge" + conditions: + - "merged" + actions: + delete_head_branch: {} + +- name: "ask to resolve conflict" + conditions: + - "conflict" + - "-closed" + actions: + comment: + message: "This pull request is now in conflict. Could you fix it @{{author}}? 🙏" + +- name: "remove outdated reviews" + conditions: + - or: + - "base=master" + - "base=main" + - "base~=^release/v\\d{1,2}$" + actions: + dismiss_reviews: + changes_requested: true + approved: true + message: "This Pull Request has been updated, so we're dismissing all reviews." + +- name: "close Pull Requests without files changed" + conditions: + - "#files=0" + actions: + close: + message: "This pull request has been automatically closed by Mergify because there are no longer any changes." diff --git a/.github/renovate.json b/.github/renovate.json new file mode 100644 index 0000000..b61ed24 --- /dev/null +++ b/.github/renovate.json @@ -0,0 +1,13 @@ +{ + "extends": [ + "config:base", + ":preserveSemverRanges" + ], + "baseBranches": ["main", "master", "/^release\\/v\\d{1,2}$/"], + "labels": ["auto-update"], + "dependencyDashboardAutoclose": true, + "enabledManagers": ["terraform"], + "terraform": { + "ignorePaths": ["**/context.tf", "examples/**"] + } +} diff --git a/.github/workflows/feature-branch-chatops.yml b/.github/workflows/feature-branch-chatops.yml new file mode 100644 index 0000000..9abfc61 --- /dev/null +++ b/.github/workflows/feature-branch-chatops.yml @@ -0,0 +1,16 @@ +--- +name: feature-branch-chatops +on: + issue_comment: + types: [created] + +permissions: + pull-requests: write + id-token: write + contents: write + +jobs: + terraform-module: + uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/feature-branch-chatops.yml@main + secrets: + github_access_token: ${{ secrets.REPO_ACCESS_TOKEN }} diff --git a/.github/workflows/feature-branch.yml b/.github/workflows/feature-branch.yml new file mode 100644 index 0000000..8faa955 --- /dev/null +++ b/.github/workflows/feature-branch.yml @@ -0,0 +1,19 @@ +--- +name: feature-branch +on: + pull_request: + branches: + - main + - release/** + types: [opened, synchronize, reopened, labeled, unlabeled] + +permissions: + pull-requests: write + id-token: write + contents: write + +jobs: + terraform-module: + uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/feature-branch.yml@main + secrets: + github_access_token: ${{ secrets.REPO_ACCESS_TOKEN }} diff --git a/.github/workflows/release-branch.yml b/.github/workflows/release-branch.yml new file mode 100644 index 0000000..3f8fe62 --- /dev/null +++ b/.github/workflows/release-branch.yml @@ -0,0 +1,22 @@ +--- +name: release-branch +on: + push: + branches: + - main + - release/** + paths-ignore: + - '.github/**' + - 'docs/**' + - 'examples/**' + - 'test/**' + +permissions: + contents: write + id-token: write + +jobs: + terraform-module: + uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release-branch.yml@main + secrets: + github_access_token: ${{ secrets.REPO_ACCESS_TOKEN }} diff --git a/.github/workflows/release-published.yml b/.github/workflows/release-published.yml new file mode 100644 index 0000000..f86352b --- /dev/null +++ b/.github/workflows/release-published.yml @@ -0,0 +1,14 @@ +--- +name: release-published +on: + release: + types: + - published + +permissions: + contents: write + id-token: write + +jobs: + terraform-module: + uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release.yml@main diff --git a/.github/workflows/scheduled.yml b/.github/workflows/scheduled.yml new file mode 100644 index 0000000..163be0b --- /dev/null +++ b/.github/workflows/scheduled.yml @@ -0,0 +1,17 @@ +--- +name: scheduled +on: + workflow_dispatch: { } # Allows manually trigger this workflow + schedule: + - cron: "0 3 * * *" + +permissions: + pull-requests: write + id-token: write + contents: write + +jobs: + scheduled: + uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/scheduled.yml@main + secrets: + github_access_token: ${{ secrets.REPO_ACCESS_TOKEN }} diff --git a/README.md b/README.md index 2329064..5f64bfd 100644 --- a/README.md +++ b/README.md @@ -1,24 +1,23 @@ - +# terraform-aws-teleport-storage [![Codefresh Build Status](https://g.codefresh.io/api/badges/pipeline/cloudposse/terraform-modules%2Fterraform-aws-teleport-storage?type=cf-1)](https://g.codefresh.io/public/accounts/cloudposse/pipelines/5d04407b1fc622c0cf6d3df8) [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-teleport-storage.svg)](https://github.com/cloudposse/terraform-aws-teleport-storage/releases/latest) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) + +[![README Header][readme_header_img]][readme_header_link] +[![Cloud Posse][logo]](https://cpco.io/homepage) + -[![README Header][readme_header_img]][readme_header_link] - -[![Cloud Posse][logo]](https://cpco.io/homepage) - -# terraform-aws-teleport-storage [![Codefresh Build Status](https://g.codefresh.io/api/badges/pipeline/cloudposse/terraform-modules%2Fterraform-aws-teleport-storage?type=cf-1)](https://g.codefresh.io/public/accounts/cloudposse/pipelines/5d04407b1fc622c0cf6d3df8) [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-teleport-storage.svg)](https://github.com/cloudposse/terraform-aws-teleport-storage/releases/latest) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) - +--> This Terraform module provisions: @@ -67,10 +50,9 @@ Using S3 for Teleport session storage has many advantages: * Easily prevent deletions * Audit Trails, Access Logs via Cloud Trails - --- -This project is part of our comprehensive ["SweetOps"](https://cpco.io/sweetops) approach towards DevOps. +This project is part of our comprehensive ["SweetOps"](https://cpco.io/sweetops) approach towards DevOps. [][share_email] [][share_googleplus] [][share_facebook] @@ -91,12 +73,29 @@ It's 100% Open Source and licensed under the [APACHE2](LICENSE). -We literally have [*hundreds of terraform modules*][terraform_modules] that are Open Source and well-maintained. Check them out! +We literally have [*hundreds of terraform modules*][terraform_modules] that are Open Source and well-maintained. Check them out! + + + +## Security & Compliance [](https://bridgecrew.io/) +Security scanning is graciously provided by Bridgecrew. Bridgecrew is the leading fully hosted, cloud-native solution providing continuous Terraform security and compliance. +| Benchmark | Description | +|--------|---------------| +| [![Infrastructure Security](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-teleport-storage/general)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-teleport-storage&benchmark=INFRASTRUCTURE+SECURITY) | Infrastructure Security Compliance | +| [![CIS KUBERNETES](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-teleport-storage/cis_kubernetes)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-teleport-storage&benchmark=CIS+KUBERNETES+V1.5) | Center for Internet Security, KUBERNETES Compliance | +| [![CIS AWS](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-teleport-storage/cis_aws)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-teleport-storage&benchmark=CIS+AWS+V1.2) | Center for Internet Security, AWS Compliance | +| [![CIS AZURE](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-teleport-storage/cis_azure)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-teleport-storage&benchmark=CIS+AZURE+V1.1) | Center for Internet Security, AZURE Compliance | +| [![PCI-DSS](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-teleport-storage/pci)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-teleport-storage&benchmark=PCI-DSS+V3.2) | Payment Card Industry Data Security Standards Compliance | +| [![NIST-800-53](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-teleport-storage/nist)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-teleport-storage&benchmark=NIST-800-53) | National Institute of Standards and Technology Compliance | +| [![ISO27001](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-teleport-storage/iso)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-teleport-storage&benchmark=ISO27001) | Information Security Management System, ISO/IEC 27001 Compliance | +| [![SOC2](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-teleport-storage/soc2)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-teleport-storage&benchmark=SOC2)| Service Organization Control 2 Compliance | +| [![CIS GCP](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-teleport-storage/cis_gcp)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-teleport-storage&benchmark=CIS+GCP+V1.1) | Center for Internet Security, GCP Compliance | +| [![HIPAA](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-teleport-storage/hipaa)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-teleport-storage&benchmark=HIPAA) | Health Insurance Portability and Accountability Compliance | @@ -105,8 +104,10 @@ We literally have [*hundreds of terraform modules*][terraform_modules] that are + + ## Makefile Targets -``` +```text Available targets: help Help screen @@ -115,46 +116,85 @@ Available targets: lint Lint terraform code ``` + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | n/a | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [dynamodb\_audit\_table](#module\_dynamodb\_audit\_table) | git::https://github.com/cloudposse/terraform-aws-dynamodb.git | tags/0.7.0 | +| [dynamodb\_state\_table](#module\_dynamodb\_state\_table) | git::https://github.com/cloudposse/terraform-aws-dynamodb.git | tags/0.7.0 | +| [label\_dynamodb](#module\_label\_dynamodb) | git::https://github.com/cloudposse/terraform-null-label.git | tags/0.3.3 | +| [label\_s3](#module\_label\_s3) | git::https://github.com/cloudposse/terraform-null-label.git | tags/0.3.3 | +| [s3\_bucket](#module\_s3\_bucket) | git::https://github.com/cloudposse/terraform-aws-s3-log-storage.git | tags/0.1.3 | + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_instance_profile.dynamodb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource | +| [aws_iam_instance_profile.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource | +| [aws_iam_policy.dynamodb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_role.dynamodb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.dynamodb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.dynamodb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | + ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| attributes | Additional attributes (e.g. `policy` or `role`) | list | `` | no | -| autoscale_max_read_capacity | DynamoDB autoscale read max capacity | string | `100` | no | -| autoscale_max_write_capacity | DynamoDB autoscale write max capacity | string | `100` | no | -| autoscale_min_read_capacity | DynamoDB autoscale read min capacity | string | `10` | no | -| autoscale_min_write_capacity | DynamoDB autoscale write min capacity | string | `10` | no | -| autoscale_read_target | DynamoDB autoscale read target | string | `50` | no | -| autoscale_write_target | DynamoDB autoscale write target | string | `50` | no | -| delimiter | Delimiter to be used between `name`, `namespace`, `stage`, etc. | string | `-` | no | -| expiration_days | Number of days after which to expunge the objects | string | `90` | no | -| glacier_transition_days | Number of days after which to move the data to the glacier storage tier | string | `60` | no | -| iam_role_max_session_duration | The maximum session duration (in seconds) for the role. Can have a value from 1 hour to 12 hours | string | `3600` | no | -| name | Name (e.g. `bastion` or `db`) | string | - | yes | -| namespace | Namespace (e.g. `cp` or `cloudposse`) | string | - | yes | -| prefix | S3 bucket prefix | string | `` | no | -| stage | Stage (e.g. `prod`, `dev`, `staging`) | string | - | yes | -| standard_transition_days | Number of days to persist in the standard storage tier before moving to the glacier tier | string | `30` | no | -| tags | Additional tags (e.g. map('BusinessUnit`,`XYZ`) | map | `` | no | +|------|-------------|------|---------|:--------:| +| [attributes](#input\_attributes) | Additional attributes (e.g. `policy` or `role`) | `list(string)` | `[]` | no | +| [autoscale\_max\_read\_capacity](#input\_autoscale\_max\_read\_capacity) | DynamoDB autoscale read max capacity | `number` | `100` | no | +| [autoscale\_max\_write\_capacity](#input\_autoscale\_max\_write\_capacity) | DynamoDB autoscale write max capacity | `number` | `100` | no | +| [autoscale\_min\_read\_capacity](#input\_autoscale\_min\_read\_capacity) | DynamoDB autoscale read min capacity | `number` | `10` | no | +| [autoscale\_min\_write\_capacity](#input\_autoscale\_min\_write\_capacity) | DynamoDB autoscale write min capacity | `number` | `10` | no | +| [autoscale\_read\_target](#input\_autoscale\_read\_target) | DynamoDB autoscale read target | `number` | `50` | no | +| [autoscale\_write\_target](#input\_autoscale\_write\_target) | DynamoDB autoscale write target | `number` | `50` | no | +| [delimiter](#input\_delimiter) | Delimiter to be used between `name`, `namespace`, `stage`, etc. | `string` | `"-"` | no | +| [expiration\_days](#input\_expiration\_days) | Number of days after which to expunge the objects | `string` | `"90"` | no | +| [glacier\_transition\_days](#input\_glacier\_transition\_days) | Number of days after which to move the data to the glacier storage tier | `string` | `"60"` | no | +| [iam\_role\_max\_session\_duration](#input\_iam\_role\_max\_session\_duration) | The maximum session duration (in seconds) for the role. Can have a value from 1 hour to 12 hours | `number` | `3600` | no | +| [name](#input\_name) | Name (e.g. `bastion` or `db`) | `string` | n/a | yes | +| [namespace](#input\_namespace) | Namespace (e.g. `cp` or `cloudposse`) | `string` | n/a | yes | +| [prefix](#input\_prefix) | S3 bucket prefix | `string` | `""` | no | +| [stage](#input\_stage) | Stage (e.g. `prod`, `dev`, `staging`) | `string` | n/a | yes | +| [standard\_transition\_days](#input\_standard\_transition\_days) | Number of days to persist in the standard storage tier before moving to the glacier tier | `string` | `"30"` | no | +| [tags](#input\_tags) | Additional tags (e.g. map('BusinessUnit`,`XYZ`)` | `map(string)` | `{}` | no | ## Outputs | Name | Description | |------|-------------| -| dynamodb_audit_table_arn | DynamoDB audit table ARN | -| dynamodb_audit_table_id | DynamoDB audit table id | -| dynamodb_state_table_arn | DynamoDB state table ARN | -| dynamodb_state_table_id | DynamoDB state table id | -| s3_bucket_arn | Session storage S3 bucket ARN | -| s3_bucket_domain_name | Session storage S3 bucket domain name | -| s3_bucket_id | Session storage S3 bucket id | +| [dynamodb\_audit\_table\_arn](#output\_dynamodb\_audit\_table\_arn) | DynamoDB audit table ARN | +| [dynamodb\_audit\_table\_id](#output\_dynamodb\_audit\_table\_id) | DynamoDB audit table id | +| [dynamodb\_state\_table\_arn](#output\_dynamodb\_state\_table\_arn) | DynamoDB state table ARN | +| [dynamodb\_state\_table\_id](#output\_dynamodb\_state\_table\_id) | DynamoDB state table id | +| [s3\_bucket\_arn](#output\_s3\_bucket\_arn) | Session storage S3 bucket ARN | +| [s3\_bucket\_domain\_name](#output\_s3\_bucket\_domain\_name) | Session storage S3 bucket domain name | +| [s3\_bucket\_id](#output\_s3\_bucket\_id) | Session storage S3 bucket id | + ## Help -**Got a question?** We got answers. +**Got a question?** We got answers. File a GitHub [issue](https://github.com/cloudposse/terraform-aws-teleport-storage/issues), send us an [email][email] or join our [Slack Community][slack]. @@ -163,7 +203,7 @@ File a GitHub [issue](https://github.com/cloudposse/terraform-aws-teleport-stora ## DevOps Accelerator for Startups -We are a [**DevOps Accelerator**][commercial_support]. We'll help you build your cloud infrastructure from the ground up so you can own it. Then we'll show you how to operate it and stick around for as long as you need us. +We are a [**DevOps Accelerator**][commercial_support]. We'll help you build your cloud infrastructure from the ground up so you can own it. Then we'll show you how to operate it and stick around for as long as you need us. [![Learn More](https://img.shields.io/badge/learn%20more-success.svg?style=for-the-badge)][commercial_support] @@ -186,13 +226,17 @@ We deliver 10x the value for a fraction of the cost of a full-time engineer. Our Join our [Open Source Community][slack] on Slack. It's **FREE** for everyone! Our "SweetOps" community is where you get to talk with others who share a similar vision for how to rollout and manage infrastructure. This is the best place to talk shop, ask questions, solicit feedback, and work together as a community to build totally *sweet* infrastructure. +## Discourse Forums + +Participate in our [Discourse Forums][discourse]. Here you'll find answers to commonly asked questions. Most questions will be related to the enormous number of projects we support on our GitHub. Come here to collaborate on answers, find solutions, and get ideas about the products and services we value. It only takes a minute to get started! Just sign in with SSO using your GitHub account. + ## Newsletter -Sign up for [our newsletter][newsletter] that covers everything on our technology radar. Receive updates on what we're up to on GitHub as well as awesome new projects we discover. +Sign up for [our newsletter][newsletter] that covers everything on our technology radar. Receive updates on what we're up to on GitHub as well as awesome new projects we discover. ## Office Hours -[Join us every Wednesday via Zoom][office_hours] for our weekly "Lunch & Learn" sessions. It's **FREE** for everyone! +[Join us every Wednesday via Zoom][office_hours] for our weekly "Lunch & Learn" sessions. It's **FREE** for everyone! [![zoom](https://img.cloudposse.com/fit-in/200x200/https://cloudposse.com/wp-content/uploads/2019/08/Powered-by-Zoom.png")][office_hours] @@ -219,32 +263,34 @@ In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow. ## Copyright -Copyright © 2017-2020 [Cloud Posse, LLC](https://cpco.io/copyright) +Copyright © 2017-2023 [Cloud Posse, LLC](https://cpco.io/copyright) -## License +## License -[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) +[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) See [LICENSE](LICENSE) for full details. - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - https://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. +```text +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + https://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +``` @@ -266,7 +312,7 @@ This project is maintained and funded by [Cloud Posse, LLC][website]. Like it? P We're a [DevOps Professional Services][hire] company based in Los Angeles, CA. We ❤️ [Open Source Software][we_love_open_source]. -We offer [paid support][commercial_support] on all of our projects. +We offer [paid support][commercial_support] on all of our projects. Check out [our other projects][github], [follow us on twitter][twitter], [apply for a job][jobs], or [hire us][hire] to help with your cloud strategy and implementation. @@ -274,8 +320,10 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply ### Contributors + | [![Erik Osterman][osterman_avatar]][osterman_homepage]
[Erik Osterman][osterman_homepage] | [![Andriy Knysh][aknysh_avatar]][aknysh_homepage]
[Andriy Knysh][aknysh_homepage] | [![Igor Rodionov][goruha_avatar]][goruha_homepage]
[Igor Rodionov][goruha_homepage] | |---|---|---| + [osterman_homepage]: https://github.com/osterman [osterman_avatar]: https://img.cloudposse.com/150x150/https://github.com/osterman.png @@ -286,7 +334,7 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply [![README Footer][readme_footer_img]][readme_footer_link] [![Beacon][beacon]][website] - + [logo]: https://cloudposse.com/logo-300x69.svg [docs]: https://cpco.io/docs?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-teleport-storage&utm_content=docs [website]: https://cpco.io/homepage?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-teleport-storage&utm_content=website @@ -299,6 +347,7 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply [testimonial]: https://cpco.io/leave-testimonial?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-teleport-storage&utm_content=testimonial [office_hours]: https://cloudposse.com/office-hours?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-teleport-storage&utm_content=office_hours [newsletter]: https://cpco.io/newsletter?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-teleport-storage&utm_content=newsletter + [discourse]: https://ask.sweetops.com/?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-teleport-storage&utm_content=discourse [email]: https://cpco.io/email?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-teleport-storage&utm_content=email [commercial_support]: https://cpco.io/commercial-support?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-teleport-storage&utm_content=commercial_support [we_love_open_source]: https://cpco.io/we-love-open-source?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-teleport-storage&utm_content=we_love_open_source @@ -316,3 +365,4 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply [share_googleplus]: https://plus.google.com/share?url=https://github.com/cloudposse/terraform-aws-teleport-storage [share_email]: mailto:?subject=terraform-aws-teleport-storage&body=https://github.com/cloudposse/terraform-aws-teleport-storage [beacon]: https://ga-beacon.cloudposse.com/UA-76589703-4/cloudposse/terraform-aws-teleport-storage?pixel&cs=github&cm=readme&an=terraform-aws-teleport-storage + diff --git a/docs/targets.md b/docs/targets.md index 3d4be2a..3dce8b3 100644 --- a/docs/targets.md +++ b/docs/targets.md @@ -1,5 +1,6 @@ + ## Makefile Targets -``` +```text Available targets: help Help screen @@ -8,3 +9,4 @@ Available targets: lint Lint terraform code ``` + diff --git a/docs/terraform.md b/docs/terraform.md index 7a8f5aa..19c07c5 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -1,34 +1,71 @@ + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | n/a | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [dynamodb\_audit\_table](#module\_dynamodb\_audit\_table) | git::https://github.com/cloudposse/terraform-aws-dynamodb.git | tags/0.7.0 | +| [dynamodb\_state\_table](#module\_dynamodb\_state\_table) | git::https://github.com/cloudposse/terraform-aws-dynamodb.git | tags/0.7.0 | +| [label\_dynamodb](#module\_label\_dynamodb) | git::https://github.com/cloudposse/terraform-null-label.git | tags/0.3.3 | +| [label\_s3](#module\_label\_s3) | git::https://github.com/cloudposse/terraform-null-label.git | tags/0.3.3 | +| [s3\_bucket](#module\_s3\_bucket) | git::https://github.com/cloudposse/terraform-aws-s3-log-storage.git | tags/0.1.3 | + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_instance_profile.dynamodb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource | +| [aws_iam_instance_profile.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource | +| [aws_iam_policy.dynamodb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_role.dynamodb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.dynamodb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.dynamodb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | + ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| attributes | Additional attributes (e.g. `policy` or `role`) | list | `` | no | -| autoscale_max_read_capacity | DynamoDB autoscale read max capacity | string | `100` | no | -| autoscale_max_write_capacity | DynamoDB autoscale write max capacity | string | `100` | no | -| autoscale_min_read_capacity | DynamoDB autoscale read min capacity | string | `10` | no | -| autoscale_min_write_capacity | DynamoDB autoscale write min capacity | string | `10` | no | -| autoscale_read_target | DynamoDB autoscale read target | string | `50` | no | -| autoscale_write_target | DynamoDB autoscale write target | string | `50` | no | -| delimiter | Delimiter to be used between `name`, `namespace`, `stage`, etc. | string | `-` | no | -| expiration_days | Number of days after which to expunge the objects | string | `90` | no | -| glacier_transition_days | Number of days after which to move the data to the glacier storage tier | string | `60` | no | -| iam_role_max_session_duration | The maximum session duration (in seconds) for the role. Can have a value from 1 hour to 12 hours | string | `3600` | no | -| name | Name (e.g. `bastion` or `db`) | string | - | yes | -| namespace | Namespace (e.g. `cp` or `cloudposse`) | string | - | yes | -| prefix | S3 bucket prefix | string | `` | no | -| stage | Stage (e.g. `prod`, `dev`, `staging`) | string | - | yes | -| standard_transition_days | Number of days to persist in the standard storage tier before moving to the glacier tier | string | `30` | no | -| tags | Additional tags (e.g. map('BusinessUnit`,`XYZ`) | map | `` | no | +|------|-------------|------|---------|:--------:| +| [attributes](#input\_attributes) | Additional attributes (e.g. `policy` or `role`) | `list(string)` | `[]` | no | +| [autoscale\_max\_read\_capacity](#input\_autoscale\_max\_read\_capacity) | DynamoDB autoscale read max capacity | `number` | `100` | no | +| [autoscale\_max\_write\_capacity](#input\_autoscale\_max\_write\_capacity) | DynamoDB autoscale write max capacity | `number` | `100` | no | +| [autoscale\_min\_read\_capacity](#input\_autoscale\_min\_read\_capacity) | DynamoDB autoscale read min capacity | `number` | `10` | no | +| [autoscale\_min\_write\_capacity](#input\_autoscale\_min\_write\_capacity) | DynamoDB autoscale write min capacity | `number` | `10` | no | +| [autoscale\_read\_target](#input\_autoscale\_read\_target) | DynamoDB autoscale read target | `number` | `50` | no | +| [autoscale\_write\_target](#input\_autoscale\_write\_target) | DynamoDB autoscale write target | `number` | `50` | no | +| [delimiter](#input\_delimiter) | Delimiter to be used between `name`, `namespace`, `stage`, etc. | `string` | `"-"` | no | +| [expiration\_days](#input\_expiration\_days) | Number of days after which to expunge the objects | `string` | `"90"` | no | +| [glacier\_transition\_days](#input\_glacier\_transition\_days) | Number of days after which to move the data to the glacier storage tier | `string` | `"60"` | no | +| [iam\_role\_max\_session\_duration](#input\_iam\_role\_max\_session\_duration) | The maximum session duration (in seconds) for the role. Can have a value from 1 hour to 12 hours | `number` | `3600` | no | +| [name](#input\_name) | Name (e.g. `bastion` or `db`) | `string` | n/a | yes | +| [namespace](#input\_namespace) | Namespace (e.g. `cp` or `cloudposse`) | `string` | n/a | yes | +| [prefix](#input\_prefix) | S3 bucket prefix | `string` | `""` | no | +| [stage](#input\_stage) | Stage (e.g. `prod`, `dev`, `staging`) | `string` | n/a | yes | +| [standard\_transition\_days](#input\_standard\_transition\_days) | Number of days to persist in the standard storage tier before moving to the glacier tier | `string` | `"30"` | no | +| [tags](#input\_tags) | Additional tags (e.g. map('BusinessUnit`,`XYZ`)` | `map(string)` | `{}` | no | ## Outputs | Name | Description | |------|-------------| -| dynamodb_audit_table_arn | DynamoDB audit table ARN | -| dynamodb_audit_table_id | DynamoDB audit table id | -| dynamodb_state_table_arn | DynamoDB state table ARN | -| dynamodb_state_table_id | DynamoDB state table id | -| s3_bucket_arn | Session storage S3 bucket ARN | -| s3_bucket_domain_name | Session storage S3 bucket domain name | -| s3_bucket_id | Session storage S3 bucket id | - +| [dynamodb\_audit\_table\_arn](#output\_dynamodb\_audit\_table\_arn) | DynamoDB audit table ARN | +| [dynamodb\_audit\_table\_id](#output\_dynamodb\_audit\_table\_id) | DynamoDB audit table id | +| [dynamodb\_state\_table\_arn](#output\_dynamodb\_state\_table\_arn) | DynamoDB state table ARN | +| [dynamodb\_state\_table\_id](#output\_dynamodb\_state\_table\_id) | DynamoDB state table id | +| [s3\_bucket\_arn](#output\_s3\_bucket\_arn) | Session storage S3 bucket ARN | +| [s3\_bucket\_domain\_name](#output\_s3\_bucket\_domain\_name) | Session storage S3 bucket domain name | +| [s3\_bucket\_id](#output\_s3\_bucket\_id) | Session storage S3 bucket id | + diff --git a/dynamodb.tf b/dynamodb.tf index a579126..1d3524c 100644 --- a/dynamodb.tf +++ b/dynamodb.tf @@ -1,12 +1,12 @@ # From https://github.com/gravitational/teleport/blob/b9813e3/examples/aws/terraform/dynamo.tf#L1-L36 module "dynamodb_state_table" { source = "git::https://github.com/cloudposse/terraform-aws-dynamodb.git?ref=tags/0.7.0" - namespace = "${var.namespace}" - stage = "${var.stage}" - name = "${var.name}" - delimiter = "${var.delimiter}" + namespace = var.namespace + stage = var.stage + name = var.name + delimiter = var.delimiter attributes = ["${compact(concat(var.attributes, list("cluster_state")))}"] - tags = "${var.tags}" + tags = var.tags enable_encryption = "true" enable_streams = "true" stream_view_type = "NEW_IMAGE" @@ -17,25 +17,25 @@ module "dynamodb_state_table" { ttl_attribute = "Expires" # min_read and min_write set the provisioned capacity even if the autoscaler is not enabled - autoscale_min_read_capacity = "${var.autoscale_min_read_capacity}" - autoscale_min_write_capacity = "${var.autoscale_min_write_capacity}" + autoscale_min_read_capacity = var.autoscale_min_read_capacity + autoscale_min_write_capacity = var.autoscale_min_write_capacity enable_autoscaler = "true" - autoscale_read_target = "${var.autoscale_read_target}" - autoscale_write_target = "${var.autoscale_write_target}" - autoscale_max_read_capacity = "${var.autoscale_max_read_capacity}" - autoscale_max_write_capacity = "${var.autoscale_max_write_capacity}" + autoscale_read_target = var.autoscale_read_target + autoscale_write_target = var.autoscale_write_target + autoscale_max_read_capacity = var.autoscale_max_read_capacity + autoscale_max_write_capacity = var.autoscale_max_write_capacity } # From https://github.com/gravitational/teleport/blob/b9813e3/examples/aws/terraform/dynamo.tf#L38-L91 module "dynamodb_audit_table" { source = "git::https://github.com/cloudposse/terraform-aws-dynamodb.git?ref=tags/0.7.0" - namespace = "${var.namespace}" - stage = "${var.stage}" - name = "${var.name}" - delimiter = "${var.delimiter}" + namespace = var.namespace + stage = var.stage + name = var.name + delimiter = var.delimiter attributes = ["${compact(concat(var.attributes, list("events")))}"] - tags = "${var.tags}" + tags = var.tags enable_encryption = "true" hash_key = "SessionID" hash_key_type = "S" @@ -72,24 +72,24 @@ module "dynamodb_audit_table" { }] # min_read and min_write set the provisioned capacity even if the autoscaler is not enabled - autoscale_min_read_capacity = "${var.autoscale_min_read_capacity}" - autoscale_min_write_capacity = "${var.autoscale_min_write_capacity}" + autoscale_min_read_capacity = var.autoscale_min_read_capacity + autoscale_min_write_capacity = var.autoscale_min_write_capacity enable_autoscaler = "true" - autoscale_read_target = "${var.autoscale_read_target}" - autoscale_write_target = "${var.autoscale_write_target}" - autoscale_max_read_capacity = "${var.autoscale_max_read_capacity}" - autoscale_max_write_capacity = "${var.autoscale_max_write_capacity}" + autoscale_read_target = var.autoscale_read_target + autoscale_write_target = var.autoscale_write_target + autoscale_max_read_capacity = var.autoscale_max_read_capacity + autoscale_max_write_capacity = var.autoscale_max_write_capacity } module "label_dynamodb" { source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.3.3" - namespace = "${var.namespace}" - stage = "${var.stage}" - name = "${var.name}" - delimiter = "${var.delimiter}" + namespace = var.namespace + stage = var.stage + name = var.name + delimiter = var.delimiter attributes = ["${compact(concat(var.attributes, list("dynamodb")))}"] - tags = "${var.tags}" + tags = var.tags } data "aws_iam_policy_document" "dynamodb" { @@ -105,24 +105,24 @@ data "aws_iam_policy_document" "dynamodb" { } resource "aws_iam_role" "dynamodb" { - name = "${module.label_dynamodb.id}" - assume_role_policy = "${data.aws_iam_policy_document.assume_role.json}" + name = module.label_dynamodb.id + assume_role_policy = data.aws_iam_policy_document.assume_role.json - max_session_duration = "${var.iam_role_max_session_duration}" + max_session_duration = var.iam_role_max_session_duration } resource "aws_iam_policy" "dynamodb" { - name = "${module.label_dynamodb.id}" + name = module.label_dynamodb.id description = "Allow Teleport Auth service full access to DynamoDB table" - policy = "${data.aws_iam_policy_document.dynamodb.json}" + policy = data.aws_iam_policy_document.dynamodb.json } resource "aws_iam_role_policy_attachment" "dynamodb" { - role = "${aws_iam_role.dynamodb.name}" - policy_arn = "${aws_iam_policy.dynamodb.arn}" + role = aws_iam_role.dynamodb.name + policy_arn = aws_iam_policy.dynamodb.arn } resource "aws_iam_instance_profile" "dynamodb" { - name = "${module.label_dynamodb.id}" - role = "${aws_iam_role.dynamodb.name}" + name = module.label_dynamodb.id + role = aws_iam_role.dynamodb.name } diff --git a/outputs.tf b/outputs.tf index a2b9df6..9f82918 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,34 +1,34 @@ output "s3_bucket_id" { - value = "${module.s3_bucket.bucket_id}" + value = module.s3_bucket.bucket_id description = "Session storage S3 bucket id" } output "s3_bucket_domain_name" { - value = "${module.s3_bucket.bucket_domain_name}" + value = module.s3_bucket.bucket_domain_name description = "Session storage S3 bucket domain name" } output "s3_bucket_arn" { - value = "${module.s3_bucket.bucket_arn}" + value = module.s3_bucket.bucket_arn description = "Session storage S3 bucket ARN" } output "dynamodb_audit_table_id" { - value = "${module.dynamodb_audit_table.table_id}" + value = module.dynamodb_audit_table.table_id description = "DynamoDB audit table id" } output "dynamodb_audit_table_arn" { - value = "${module.dynamodb_audit_table.table_arn}" + value = module.dynamodb_audit_table.table_arn description = "DynamoDB audit table ARN" } output "dynamodb_state_table_id" { - value = "${module.dynamodb_state_table.table_id}" + value = module.dynamodb_state_table.table_id description = "DynamoDB state table id" } output "dynamodb_state_table_arn" { - value = "${module.dynamodb_state_table.table_arn}" + value = module.dynamodb_state_table.table_arn description = "DynamoDB state table ARN" } diff --git a/s3.tf b/s3.tf index 4c254f8..6cb716b 100644 --- a/s3.tf +++ b/s3.tf @@ -1,25 +1,25 @@ module "s3_bucket" { source = "git::https://github.com/cloudposse/terraform-aws-s3-log-storage.git?ref=tags/0.1.3" - namespace = "${var.namespace}" - stage = "${var.stage}" - name = "${var.name}" - delimiter = "${var.delimiter}" + namespace = var.namespace + stage = var.stage + name = var.name + delimiter = var.delimiter attributes = ["${compact(concat(var.attributes, list("sessions")))}"] - tags = "${var.tags}" - prefix = "${var.prefix}" - standard_transition_days = "${var.standard_transition_days}" - glacier_transition_days = "${var.glacier_transition_days}" - expiration_days = "${var.expiration_days}" + tags = var.tags + prefix = var.prefix + standard_transition_days = var.standard_transition_days + glacier_transition_days = var.glacier_transition_days + expiration_days = var.expiration_days } module "label_s3" { source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.3.3" - namespace = "${var.namespace}" - stage = "${var.stage}" - name = "${var.name}" - delimiter = "${var.delimiter}" + namespace = var.namespace + stage = var.stage + name = var.name + delimiter = var.delimiter attributes = ["${compact(concat(var.attributes, list("sessions")))}"] - tags = "${var.tags}" + tags = var.tags } # Allow Read and Write access to the bucket @@ -52,24 +52,24 @@ data "aws_iam_policy_document" "s3" { } resource "aws_iam_role" "s3" { - name = "${module.label_s3.id}" - assume_role_policy = "${data.aws_iam_policy_document.assume_role.json}" + name = module.label_s3.id + assume_role_policy = data.aws_iam_policy_document.assume_role.json - max_session_duration = "${var.iam_role_max_session_duration}" + max_session_duration = var.iam_role_max_session_duration } resource "aws_iam_policy" "s3" { - name = "${module.label_s3.id}" + name = module.label_s3.id description = "Allow Teleport Auth service read/write access to S3 bucket" - policy = "${data.aws_iam_policy_document.s3.json}" + policy = data.aws_iam_policy_document.s3.json } resource "aws_iam_role_policy_attachment" "s3" { - role = "${aws_iam_role.s3.name}" - policy_arn = "${aws_iam_policy.s3.arn}" + role = aws_iam_role.s3.name + policy_arn = aws_iam_policy.s3.arn } resource "aws_iam_instance_profile" "s3" { - name = "${module.label_s3.id}" - role = "${aws_iam_role.s3.name}" + name = module.label_s3.id + role = aws_iam_role.s3.name } diff --git a/variables.tf b/variables.tf index ccb6e9a..d18288f 100644 --- a/variables.tf +++ b/variables.tf @@ -1,56 +1,56 @@ variable "namespace" { description = "Namespace (e.g. `cp` or `cloudposse`)" - type = "string" + type = string } variable "stage" { description = "Stage (e.g. `prod`, `dev`, `staging`)" - type = "string" + type = string } variable "name" { description = "Name (e.g. `bastion` or `db`)" - type = "string" + type = string } variable "delimiter" { - type = "string" + type = string default = "-" description = "Delimiter to be used between `name`, `namespace`, `stage`, etc." } variable "attributes" { - type = "list" + type = list(string) default = [] description = "Additional attributes (e.g. `policy` or `role`)" } variable "tags" { - type = "map" + type = map(string) default = {} description = "Additional tags (e.g. map('BusinessUnit`,`XYZ`)" } variable "prefix" { - type = "string" + type = string description = "S3 bucket prefix" default = "" } variable "standard_transition_days" { - type = "string" + type = string description = "Number of days to persist in the standard storage tier before moving to the glacier tier" default = "30" } variable "glacier_transition_days" { - type = "string" + type = string description = "Number of days after which to move the data to the glacier storage tier" default = "60" } variable "expiration_days" { - type = "string" + type = string description = "Number of days after which to expunge the objects" default = "90" }