From e61f89ac36b7fff3b7240d389b6d44e14b4f6a03 Mon Sep 17 00:00:00 2001 From: Gareth Denny <37297485+gpdenny@users.noreply.github.com> Date: Mon, 26 Jun 2023 11:12:15 +0100 Subject: [PATCH 1/2] Add wrapper modules --- .pre-commit-config.yaml | 1 + wrappers/iam-account/README.md | 100 ++++++++++++++++++ wrappers/iam-account/main.tf | 18 ++++ wrappers/iam-account/outputs.tf | 5 + wrappers/iam-account/variables.tf | 11 ++ wrappers/iam-account/versions.tf | 3 + .../iam-assumable-role-with-oidc/README.md | 100 ++++++++++++++++++ wrappers/iam-assumable-role-with-oidc/main.tf | 24 +++++ .../iam-assumable-role-with-oidc/outputs.tf | 5 + .../iam-assumable-role-with-oidc/variables.tf | 11 ++ .../iam-assumable-role-with-oidc/versions.tf | 3 + .../iam-assumable-role-with-saml/README.md | 100 ++++++++++++++++++ wrappers/iam-assumable-role-with-saml/main.tf | 22 ++++ .../iam-assumable-role-with-saml/outputs.tf | 5 + .../iam-assumable-role-with-saml/variables.tf | 11 ++ .../iam-assumable-role-with-saml/versions.tf | 3 + wrappers/iam-assumable-role/README.md | 100 ++++++++++++++++++ wrappers/iam-assumable-role/main.tf | 34 ++++++ wrappers/iam-assumable-role/outputs.tf | 5 + wrappers/iam-assumable-role/variables.tf | 11 ++ wrappers/iam-assumable-role/versions.tf | 3 + .../iam-assumable-roles-with-saml/README.md | 100 ++++++++++++++++++ .../iam-assumable-roles-with-saml/main.tf | 30 ++++++ .../iam-assumable-roles-with-saml/outputs.tf | 5 + .../variables.tf | 11 ++ .../iam-assumable-roles-with-saml/versions.tf | 3 + wrappers/iam-assumable-roles/README.md | 100 ++++++++++++++++++ wrappers/iam-assumable-roles/main.tf | 33 ++++++ wrappers/iam-assumable-roles/outputs.tf | 5 + wrappers/iam-assumable-roles/variables.tf | 11 ++ wrappers/iam-assumable-roles/versions.tf | 3 + wrappers/iam-eks-role/README.md | 100 ++++++++++++++++++ wrappers/iam-eks-role/main.tf | 19 ++++ wrappers/iam-eks-role/outputs.tf | 5 + wrappers/iam-eks-role/variables.tf | 11 ++ wrappers/iam-eks-role/versions.tf | 3 + wrappers/iam-github-oidc-provider/README.md | 100 ++++++++++++++++++ wrappers/iam-github-oidc-provider/main.tf | 10 ++ wrappers/iam-github-oidc-provider/outputs.tf | 5 + .../iam-github-oidc-provider/variables.tf | 11 ++ wrappers/iam-github-oidc-provider/versions.tf | 3 + wrappers/iam-github-oidc-role/README.md | 100 ++++++++++++++++++ wrappers/iam-github-oidc-role/main.tf | 19 ++++ wrappers/iam-github-oidc-role/outputs.tf | 5 + wrappers/iam-github-oidc-role/variables.tf | 11 ++ wrappers/iam-github-oidc-role/versions.tf | 3 + .../README.md | 100 ++++++++++++++++++ .../main.tf | 11 ++ .../outputs.tf | 5 + .../variables.tf | 11 ++ .../versions.tf | 3 + wrappers/iam-group-with-policies/README.md | 100 ++++++++++++++++++ wrappers/iam-group-with-policies/main.tf | 16 +++ wrappers/iam-group-with-policies/outputs.tf | 5 + wrappers/iam-group-with-policies/variables.tf | 11 ++ wrappers/iam-group-with-policies/versions.tf | 3 + wrappers/iam-policy/README.md | 100 ++++++++++++++++++ wrappers/iam-policy/main.tf | 13 +++ wrappers/iam-policy/outputs.tf | 5 + wrappers/iam-policy/variables.tf | 11 ++ wrappers/iam-policy/versions.tf | 3 + wrappers/iam-read-only-policy/README.md | 100 ++++++++++++++++++ wrappers/iam-read-only-policy/main.tf | 18 ++++ wrappers/iam-read-only-policy/outputs.tf | 5 + wrappers/iam-read-only-policy/variables.tf | 11 ++ wrappers/iam-read-only-policy/versions.tf | 3 + .../README.md | 100 ++++++++++++++++++ .../iam-role-for-service-accounts-eks/main.tf | 58 ++++++++++ .../outputs.tf | 5 + .../variables.tf | 11 ++ .../versions.tf | 3 + wrappers/iam-user/README.md | 100 ++++++++++++++++++ wrappers/iam-user/main.tf | 21 ++++ wrappers/iam-user/outputs.tf | 5 + wrappers/iam-user/variables.tf | 11 ++ wrappers/iam-user/versions.tf | 3 + 76 files changed, 2132 insertions(+) create mode 100644 wrappers/iam-account/README.md create mode 100644 wrappers/iam-account/main.tf create mode 100644 wrappers/iam-account/outputs.tf create mode 100644 wrappers/iam-account/variables.tf create mode 100644 wrappers/iam-account/versions.tf create mode 100644 wrappers/iam-assumable-role-with-oidc/README.md create mode 100644 wrappers/iam-assumable-role-with-oidc/main.tf create mode 100644 wrappers/iam-assumable-role-with-oidc/outputs.tf create mode 100644 wrappers/iam-assumable-role-with-oidc/variables.tf create mode 100644 wrappers/iam-assumable-role-with-oidc/versions.tf create mode 100644 wrappers/iam-assumable-role-with-saml/README.md create mode 100644 wrappers/iam-assumable-role-with-saml/main.tf create mode 100644 wrappers/iam-assumable-role-with-saml/outputs.tf create mode 100644 wrappers/iam-assumable-role-with-saml/variables.tf create mode 100644 wrappers/iam-assumable-role-with-saml/versions.tf create mode 100644 wrappers/iam-assumable-role/README.md create mode 100644 wrappers/iam-assumable-role/main.tf create mode 100644 wrappers/iam-assumable-role/outputs.tf create mode 100644 wrappers/iam-assumable-role/variables.tf create mode 100644 wrappers/iam-assumable-role/versions.tf create mode 100644 wrappers/iam-assumable-roles-with-saml/README.md create mode 100644 wrappers/iam-assumable-roles-with-saml/main.tf create mode 100644 wrappers/iam-assumable-roles-with-saml/outputs.tf create mode 100644 wrappers/iam-assumable-roles-with-saml/variables.tf create mode 100644 wrappers/iam-assumable-roles-with-saml/versions.tf create mode 100644 wrappers/iam-assumable-roles/README.md create mode 100644 wrappers/iam-assumable-roles/main.tf create mode 100644 wrappers/iam-assumable-roles/outputs.tf create mode 100644 wrappers/iam-assumable-roles/variables.tf create mode 100644 wrappers/iam-assumable-roles/versions.tf create mode 100644 wrappers/iam-eks-role/README.md create mode 100644 wrappers/iam-eks-role/main.tf create mode 100644 wrappers/iam-eks-role/outputs.tf create mode 100644 wrappers/iam-eks-role/variables.tf create mode 100644 wrappers/iam-eks-role/versions.tf create mode 100644 wrappers/iam-github-oidc-provider/README.md create mode 100644 wrappers/iam-github-oidc-provider/main.tf create mode 100644 wrappers/iam-github-oidc-provider/outputs.tf create mode 100644 wrappers/iam-github-oidc-provider/variables.tf create mode 100644 wrappers/iam-github-oidc-provider/versions.tf create mode 100644 wrappers/iam-github-oidc-role/README.md create mode 100644 wrappers/iam-github-oidc-role/main.tf create mode 100644 wrappers/iam-github-oidc-role/outputs.tf create mode 100644 wrappers/iam-github-oidc-role/variables.tf create mode 100644 wrappers/iam-github-oidc-role/versions.tf create mode 100644 wrappers/iam-group-with-assumable-roles-policy/README.md create mode 100644 wrappers/iam-group-with-assumable-roles-policy/main.tf create mode 100644 wrappers/iam-group-with-assumable-roles-policy/outputs.tf create mode 100644 wrappers/iam-group-with-assumable-roles-policy/variables.tf create mode 100644 wrappers/iam-group-with-assumable-roles-policy/versions.tf create mode 100644 wrappers/iam-group-with-policies/README.md create mode 100644 wrappers/iam-group-with-policies/main.tf create mode 100644 wrappers/iam-group-with-policies/outputs.tf create mode 100644 wrappers/iam-group-with-policies/variables.tf create mode 100644 wrappers/iam-group-with-policies/versions.tf create mode 100644 wrappers/iam-policy/README.md create mode 100644 wrappers/iam-policy/main.tf create mode 100644 wrappers/iam-policy/outputs.tf create mode 100644 wrappers/iam-policy/variables.tf create mode 100644 wrappers/iam-policy/versions.tf create mode 100644 wrappers/iam-read-only-policy/README.md create mode 100644 wrappers/iam-read-only-policy/main.tf create mode 100644 wrappers/iam-read-only-policy/outputs.tf create mode 100644 wrappers/iam-read-only-policy/variables.tf create mode 100644 wrappers/iam-read-only-policy/versions.tf create mode 100644 wrappers/iam-role-for-service-accounts-eks/README.md create mode 100644 wrappers/iam-role-for-service-accounts-eks/main.tf create mode 100644 wrappers/iam-role-for-service-accounts-eks/outputs.tf create mode 100644 wrappers/iam-role-for-service-accounts-eks/variables.tf create mode 100644 wrappers/iam-role-for-service-accounts-eks/versions.tf create mode 100644 wrappers/iam-user/README.md create mode 100644 wrappers/iam-user/main.tf create mode 100644 wrappers/iam-user/outputs.tf create mode 100644 wrappers/iam-user/variables.tf create mode 100644 wrappers/iam-user/versions.tf diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 4395e67e..06dda853 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -3,6 +3,7 @@ repos: rev: v1.79.1 hooks: - id: terraform_fmt + - id: terraform_wrapper_module_for_each - id: terraform_validate - id: terraform_docs args: diff --git a/wrappers/iam-account/README.md b/wrappers/iam-account/README.md new file mode 100644 index 00000000..14545326 --- /dev/null +++ b/wrappers/iam-account/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/iam-account` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/iam/aws//wrappers/iam-account" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-iam.git//wrappers/iam-account?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/iam/aws//wrappers/iam-account" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/iam-account/main.tf b/wrappers/iam-account/main.tf new file mode 100644 index 00000000..6291683f --- /dev/null +++ b/wrappers/iam-account/main.tf @@ -0,0 +1,18 @@ +module "wrapper" { + source = "../../modules/iam-account" + + for_each = var.items + + get_caller_identity = try(each.value.get_caller_identity, var.defaults.get_caller_identity, true) + account_alias = try(each.value.account_alias, var.defaults.account_alias) + create_account_password_policy = try(each.value.create_account_password_policy, var.defaults.create_account_password_policy, true) + max_password_age = try(each.value.max_password_age, var.defaults.max_password_age, 0) + minimum_password_length = try(each.value.minimum_password_length, var.defaults.minimum_password_length, 8) + allow_users_to_change_password = try(each.value.allow_users_to_change_password, var.defaults.allow_users_to_change_password, true) + hard_expiry = try(each.value.hard_expiry, var.defaults.hard_expiry, false) + password_reuse_prevention = try(each.value.password_reuse_prevention, var.defaults.password_reuse_prevention, null) + require_lowercase_characters = try(each.value.require_lowercase_characters, var.defaults.require_lowercase_characters, true) + require_uppercase_characters = try(each.value.require_uppercase_characters, var.defaults.require_uppercase_characters, true) + require_numbers = try(each.value.require_numbers, var.defaults.require_numbers, true) + require_symbols = try(each.value.require_symbols, var.defaults.require_symbols, true) +} diff --git a/wrappers/iam-account/outputs.tf b/wrappers/iam-account/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/iam-account/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/iam-account/variables.tf b/wrappers/iam-account/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/iam-account/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/iam-account/versions.tf b/wrappers/iam-account/versions.tf new file mode 100644 index 00000000..51cad108 --- /dev/null +++ b/wrappers/iam-account/versions.tf @@ -0,0 +1,3 @@ +terraform { + required_version = ">= 0.13.1" +} diff --git a/wrappers/iam-assumable-role-with-oidc/README.md b/wrappers/iam-assumable-role-with-oidc/README.md new file mode 100644 index 00000000..8c4c2139 --- /dev/null +++ b/wrappers/iam-assumable-role-with-oidc/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/iam-assumable-role-with-oidc` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/iam/aws//wrappers/iam-assumable-role-with-oidc" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-iam.git//wrappers/iam-assumable-role-with-oidc?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/iam/aws//wrappers/iam-assumable-role-with-oidc" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/iam-assumable-role-with-oidc/main.tf b/wrappers/iam-assumable-role-with-oidc/main.tf new file mode 100644 index 00000000..a119c99e --- /dev/null +++ b/wrappers/iam-assumable-role-with-oidc/main.tf @@ -0,0 +1,24 @@ +module "wrapper" { + source = "../../modules/iam-assumable-role-with-oidc" + + for_each = var.items + + create_role = try(each.value.create_role, var.defaults.create_role, false) + provider_url = try(each.value.provider_url, var.defaults.provider_url, "") + provider_urls = try(each.value.provider_urls, var.defaults.provider_urls, []) + aws_account_id = try(each.value.aws_account_id, var.defaults.aws_account_id, "") + tags = try(each.value.tags, var.defaults.tags, {}) + role_name = try(each.value.role_name, var.defaults.role_name, null) + role_name_prefix = try(each.value.role_name_prefix, var.defaults.role_name_prefix, null) + role_description = try(each.value.role_description, var.defaults.role_description, "") + role_path = try(each.value.role_path, var.defaults.role_path, "/") + role_permissions_boundary_arn = try(each.value.role_permissions_boundary_arn, var.defaults.role_permissions_boundary_arn, "") + max_session_duration = try(each.value.max_session_duration, var.defaults.max_session_duration, 3600) + role_policy_arns = try(each.value.role_policy_arns, var.defaults.role_policy_arns, []) + number_of_role_policy_arns = try(each.value.number_of_role_policy_arns, var.defaults.number_of_role_policy_arns, null) + oidc_fully_qualified_subjects = try(each.value.oidc_fully_qualified_subjects, var.defaults.oidc_fully_qualified_subjects, []) + oidc_subjects_with_wildcards = try(each.value.oidc_subjects_with_wildcards, var.defaults.oidc_subjects_with_wildcards, []) + oidc_fully_qualified_audiences = try(each.value.oidc_fully_qualified_audiences, var.defaults.oidc_fully_qualified_audiences, []) + force_detach_policies = try(each.value.force_detach_policies, var.defaults.force_detach_policies, false) + allow_self_assume_role = try(each.value.allow_self_assume_role, var.defaults.allow_self_assume_role, false) +} diff --git a/wrappers/iam-assumable-role-with-oidc/outputs.tf b/wrappers/iam-assumable-role-with-oidc/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/iam-assumable-role-with-oidc/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/iam-assumable-role-with-oidc/variables.tf b/wrappers/iam-assumable-role-with-oidc/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/iam-assumable-role-with-oidc/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/iam-assumable-role-with-oidc/versions.tf b/wrappers/iam-assumable-role-with-oidc/versions.tf new file mode 100644 index 00000000..51cad108 --- /dev/null +++ b/wrappers/iam-assumable-role-with-oidc/versions.tf @@ -0,0 +1,3 @@ +terraform { + required_version = ">= 0.13.1" +} diff --git a/wrappers/iam-assumable-role-with-saml/README.md b/wrappers/iam-assumable-role-with-saml/README.md new file mode 100644 index 00000000..d18f0a01 --- /dev/null +++ b/wrappers/iam-assumable-role-with-saml/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/iam-assumable-role-with-saml` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/iam/aws//wrappers/iam-assumable-role-with-saml" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-iam.git//wrappers/iam-assumable-role-with-saml?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/iam/aws//wrappers/iam-assumable-role-with-saml" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/iam-assumable-role-with-saml/main.tf b/wrappers/iam-assumable-role-with-saml/main.tf new file mode 100644 index 00000000..38b231f6 --- /dev/null +++ b/wrappers/iam-assumable-role-with-saml/main.tf @@ -0,0 +1,22 @@ +module "wrapper" { + source = "../../modules/iam-assumable-role-with-saml" + + for_each = var.items + + create_role = try(each.value.create_role, var.defaults.create_role, false) + provider_id = try(each.value.provider_id, var.defaults.provider_id, "") + provider_ids = try(each.value.provider_ids, var.defaults.provider_ids, []) + aws_saml_endpoint = try(each.value.aws_saml_endpoint, var.defaults.aws_saml_endpoint, "https://signin.aws.amazon.com/saml") + tags = try(each.value.tags, var.defaults.tags, {}) + role_name = try(each.value.role_name, var.defaults.role_name, null) + role_name_prefix = try(each.value.role_name_prefix, var.defaults.role_name_prefix, null) + role_description = try(each.value.role_description, var.defaults.role_description, "") + role_path = try(each.value.role_path, var.defaults.role_path, "/") + role_permissions_boundary_arn = try(each.value.role_permissions_boundary_arn, var.defaults.role_permissions_boundary_arn, "") + max_session_duration = try(each.value.max_session_duration, var.defaults.max_session_duration, 3600) + role_policy_arns = try(each.value.role_policy_arns, var.defaults.role_policy_arns, []) + number_of_role_policy_arns = try(each.value.number_of_role_policy_arns, var.defaults.number_of_role_policy_arns, null) + force_detach_policies = try(each.value.force_detach_policies, var.defaults.force_detach_policies, false) + allow_self_assume_role = try(each.value.allow_self_assume_role, var.defaults.allow_self_assume_role, false) + trusted_role_actions = try(each.value.trusted_role_actions, var.defaults.trusted_role_actions, [""]) +} diff --git a/wrappers/iam-assumable-role-with-saml/outputs.tf b/wrappers/iam-assumable-role-with-saml/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/iam-assumable-role-with-saml/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/iam-assumable-role-with-saml/variables.tf b/wrappers/iam-assumable-role-with-saml/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/iam-assumable-role-with-saml/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/iam-assumable-role-with-saml/versions.tf b/wrappers/iam-assumable-role-with-saml/versions.tf new file mode 100644 index 00000000..51cad108 --- /dev/null +++ b/wrappers/iam-assumable-role-with-saml/versions.tf @@ -0,0 +1,3 @@ +terraform { + required_version = ">= 0.13.1" +} diff --git a/wrappers/iam-assumable-role/README.md b/wrappers/iam-assumable-role/README.md new file mode 100644 index 00000000..3df6fd86 --- /dev/null +++ b/wrappers/iam-assumable-role/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/iam-assumable-role` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/iam/aws//wrappers/iam-assumable-role" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-iam.git//wrappers/iam-assumable-role?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/iam/aws//wrappers/iam-assumable-role" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/iam-assumable-role/main.tf b/wrappers/iam-assumable-role/main.tf new file mode 100644 index 00000000..14f835cb --- /dev/null +++ b/wrappers/iam-assumable-role/main.tf @@ -0,0 +1,34 @@ +module "wrapper" { + source = "../../modules/iam-assumable-role" + + for_each = var.items + + trusted_role_actions = try(each.value.trusted_role_actions, var.defaults.trusted_role_actions, ["sts:AssumeRole"]) + trusted_role_arns = try(each.value.trusted_role_arns, var.defaults.trusted_role_arns, []) + trusted_role_services = try(each.value.trusted_role_services, var.defaults.trusted_role_services, []) + mfa_age = try(each.value.mfa_age, var.defaults.mfa_age, 86400) + max_session_duration = try(each.value.max_session_duration, var.defaults.max_session_duration, 3600) + create_role = try(each.value.create_role, var.defaults.create_role, false) + create_instance_profile = try(each.value.create_instance_profile, var.defaults.create_instance_profile, false) + role_name = try(each.value.role_name, var.defaults.role_name, null) + role_name_prefix = try(each.value.role_name_prefix, var.defaults.role_name_prefix, null) + role_path = try(each.value.role_path, var.defaults.role_path, "/") + role_requires_mfa = try(each.value.role_requires_mfa, var.defaults.role_requires_mfa, true) + role_permissions_boundary_arn = try(each.value.role_permissions_boundary_arn, var.defaults.role_permissions_boundary_arn, "") + tags = try(each.value.tags, var.defaults.tags, {}) + custom_role_policy_arns = try(each.value.custom_role_policy_arns, var.defaults.custom_role_policy_arns, []) + custom_role_trust_policy = try(each.value.custom_role_trust_policy, var.defaults.custom_role_trust_policy, "") + number_of_custom_role_policy_arns = try(each.value.number_of_custom_role_policy_arns, var.defaults.number_of_custom_role_policy_arns, null) + admin_role_policy_arn = try(each.value.admin_role_policy_arn, var.defaults.admin_role_policy_arn, "arn:aws:iam::aws:policy/AdministratorAccess") + poweruser_role_policy_arn = try(each.value.poweruser_role_policy_arn, var.defaults.poweruser_role_policy_arn, "arn:aws:iam::aws:policy/PowerUserAccess") + readonly_role_policy_arn = try(each.value.readonly_role_policy_arn, var.defaults.readonly_role_policy_arn, "arn:aws:iam::aws:policy/ReadOnlyAccess") + attach_admin_policy = try(each.value.attach_admin_policy, var.defaults.attach_admin_policy, false) + attach_poweruser_policy = try(each.value.attach_poweruser_policy, var.defaults.attach_poweruser_policy, false) + attach_readonly_policy = try(each.value.attach_readonly_policy, var.defaults.attach_readonly_policy, false) + force_detach_policies = try(each.value.force_detach_policies, var.defaults.force_detach_policies, false) + role_description = try(each.value.role_description, var.defaults.role_description, "") + role_sts_externalid = try(each.value.role_sts_externalid, var.defaults.role_sts_externalid, []) + allow_self_assume_role = try(each.value.allow_self_assume_role, var.defaults.allow_self_assume_role, false) + role_requires_session_name = try(each.value.role_requires_session_name, var.defaults.role_requires_session_name, false) + role_session_name = try(each.value.role_session_name, var.defaults.role_session_name, ["$${aws:username}"]) +} diff --git a/wrappers/iam-assumable-role/outputs.tf b/wrappers/iam-assumable-role/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/iam-assumable-role/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/iam-assumable-role/variables.tf b/wrappers/iam-assumable-role/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/iam-assumable-role/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/iam-assumable-role/versions.tf b/wrappers/iam-assumable-role/versions.tf new file mode 100644 index 00000000..51cad108 --- /dev/null +++ b/wrappers/iam-assumable-role/versions.tf @@ -0,0 +1,3 @@ +terraform { + required_version = ">= 0.13.1" +} diff --git a/wrappers/iam-assumable-roles-with-saml/README.md b/wrappers/iam-assumable-roles-with-saml/README.md new file mode 100644 index 00000000..6fecde0b --- /dev/null +++ b/wrappers/iam-assumable-roles-with-saml/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/iam-assumable-roles-with-saml` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/iam/aws//wrappers/iam-assumable-roles-with-saml" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-iam.git//wrappers/iam-assumable-roles-with-saml?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/iam/aws//wrappers/iam-assumable-roles-with-saml" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/iam-assumable-roles-with-saml/main.tf b/wrappers/iam-assumable-roles-with-saml/main.tf new file mode 100644 index 00000000..b206973e --- /dev/null +++ b/wrappers/iam-assumable-roles-with-saml/main.tf @@ -0,0 +1,30 @@ +module "wrapper" { + source = "../../modules/iam-assumable-roles-with-saml" + + for_each = var.items + + provider_id = try(each.value.provider_id, var.defaults.provider_id, "") + provider_ids = try(each.value.provider_ids, var.defaults.provider_ids, []) + aws_saml_endpoint = try(each.value.aws_saml_endpoint, var.defaults.aws_saml_endpoint, "https://signin.aws.amazon.com/saml") + allow_self_assume_role = try(each.value.allow_self_assume_role, var.defaults.allow_self_assume_role, false) + create_admin_role = try(each.value.create_admin_role, var.defaults.create_admin_role, false) + admin_role_name = try(each.value.admin_role_name, var.defaults.admin_role_name, "admin") + admin_role_path = try(each.value.admin_role_path, var.defaults.admin_role_path, "/") + admin_role_policy_arns = try(each.value.admin_role_policy_arns, var.defaults.admin_role_policy_arns, ["arn:aws:iam::aws:policy/AdministratorAccess"]) + admin_role_permissions_boundary_arn = try(each.value.admin_role_permissions_boundary_arn, var.defaults.admin_role_permissions_boundary_arn, "") + admin_role_tags = try(each.value.admin_role_tags, var.defaults.admin_role_tags, {}) + create_poweruser_role = try(each.value.create_poweruser_role, var.defaults.create_poweruser_role, false) + poweruser_role_name = try(each.value.poweruser_role_name, var.defaults.poweruser_role_name, "poweruser") + poweruser_role_path = try(each.value.poweruser_role_path, var.defaults.poweruser_role_path, "/") + poweruser_role_policy_arns = try(each.value.poweruser_role_policy_arns, var.defaults.poweruser_role_policy_arns, ["arn:aws:iam::aws:policy/PowerUserAccess"]) + poweruser_role_permissions_boundary_arn = try(each.value.poweruser_role_permissions_boundary_arn, var.defaults.poweruser_role_permissions_boundary_arn, "") + poweruser_role_tags = try(each.value.poweruser_role_tags, var.defaults.poweruser_role_tags, {}) + create_readonly_role = try(each.value.create_readonly_role, var.defaults.create_readonly_role, false) + readonly_role_name = try(each.value.readonly_role_name, var.defaults.readonly_role_name, "readonly") + readonly_role_path = try(each.value.readonly_role_path, var.defaults.readonly_role_path, "/") + readonly_role_policy_arns = try(each.value.readonly_role_policy_arns, var.defaults.readonly_role_policy_arns, ["arn:aws:iam::aws:policy/ReadOnlyAccess"]) + readonly_role_permissions_boundary_arn = try(each.value.readonly_role_permissions_boundary_arn, var.defaults.readonly_role_permissions_boundary_arn, "") + readonly_role_tags = try(each.value.readonly_role_tags, var.defaults.readonly_role_tags, {}) + max_session_duration = try(each.value.max_session_duration, var.defaults.max_session_duration, 3600) + force_detach_policies = try(each.value.force_detach_policies, var.defaults.force_detach_policies, false) +} diff --git a/wrappers/iam-assumable-roles-with-saml/outputs.tf b/wrappers/iam-assumable-roles-with-saml/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/iam-assumable-roles-with-saml/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/iam-assumable-roles-with-saml/variables.tf b/wrappers/iam-assumable-roles-with-saml/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/iam-assumable-roles-with-saml/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/iam-assumable-roles-with-saml/versions.tf b/wrappers/iam-assumable-roles-with-saml/versions.tf new file mode 100644 index 00000000..51cad108 --- /dev/null +++ b/wrappers/iam-assumable-roles-with-saml/versions.tf @@ -0,0 +1,3 @@ +terraform { + required_version = ">= 0.13.1" +} diff --git a/wrappers/iam-assumable-roles/README.md b/wrappers/iam-assumable-roles/README.md new file mode 100644 index 00000000..6d9e8136 --- /dev/null +++ b/wrappers/iam-assumable-roles/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/iam-assumable-roles` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/iam/aws//wrappers/iam-assumable-roles" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-iam.git//wrappers/iam-assumable-roles?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/iam/aws//wrappers/iam-assumable-roles" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/iam-assumable-roles/main.tf b/wrappers/iam-assumable-roles/main.tf new file mode 100644 index 00000000..5bd7274b --- /dev/null +++ b/wrappers/iam-assumable-roles/main.tf @@ -0,0 +1,33 @@ +module "wrapper" { + source = "../../modules/iam-assumable-roles" + + for_each = var.items + + trusted_role_arns = try(each.value.trusted_role_arns, var.defaults.trusted_role_arns, []) + trusted_role_services = try(each.value.trusted_role_services, var.defaults.trusted_role_services, []) + mfa_age = try(each.value.mfa_age, var.defaults.mfa_age, 86400) + allow_self_assume_role = try(each.value.allow_self_assume_role, var.defaults.allow_self_assume_role, false) + create_admin_role = try(each.value.create_admin_role, var.defaults.create_admin_role, false) + admin_role_name = try(each.value.admin_role_name, var.defaults.admin_role_name, "admin") + admin_role_path = try(each.value.admin_role_path, var.defaults.admin_role_path, "/") + admin_role_requires_mfa = try(each.value.admin_role_requires_mfa, var.defaults.admin_role_requires_mfa, true) + admin_role_policy_arns = try(each.value.admin_role_policy_arns, var.defaults.admin_role_policy_arns, ["arn:aws:iam::aws:policy/AdministratorAccess"]) + admin_role_permissions_boundary_arn = try(each.value.admin_role_permissions_boundary_arn, var.defaults.admin_role_permissions_boundary_arn, "") + admin_role_tags = try(each.value.admin_role_tags, var.defaults.admin_role_tags, {}) + create_poweruser_role = try(each.value.create_poweruser_role, var.defaults.create_poweruser_role, false) + poweruser_role_name = try(each.value.poweruser_role_name, var.defaults.poweruser_role_name, "poweruser") + poweruser_role_path = try(each.value.poweruser_role_path, var.defaults.poweruser_role_path, "/") + poweruser_role_requires_mfa = try(each.value.poweruser_role_requires_mfa, var.defaults.poweruser_role_requires_mfa, true) + poweruser_role_policy_arns = try(each.value.poweruser_role_policy_arns, var.defaults.poweruser_role_policy_arns, ["arn:aws:iam::aws:policy/PowerUserAccess"]) + poweruser_role_permissions_boundary_arn = try(each.value.poweruser_role_permissions_boundary_arn, var.defaults.poweruser_role_permissions_boundary_arn, "") + poweruser_role_tags = try(each.value.poweruser_role_tags, var.defaults.poweruser_role_tags, {}) + create_readonly_role = try(each.value.create_readonly_role, var.defaults.create_readonly_role, false) + readonly_role_name = try(each.value.readonly_role_name, var.defaults.readonly_role_name, "readonly") + readonly_role_path = try(each.value.readonly_role_path, var.defaults.readonly_role_path, "/") + readonly_role_requires_mfa = try(each.value.readonly_role_requires_mfa, var.defaults.readonly_role_requires_mfa, true) + readonly_role_policy_arns = try(each.value.readonly_role_policy_arns, var.defaults.readonly_role_policy_arns, ["arn:aws:iam::aws:policy/ReadOnlyAccess"]) + readonly_role_permissions_boundary_arn = try(each.value.readonly_role_permissions_boundary_arn, var.defaults.readonly_role_permissions_boundary_arn, "") + readonly_role_tags = try(each.value.readonly_role_tags, var.defaults.readonly_role_tags, {}) + max_session_duration = try(each.value.max_session_duration, var.defaults.max_session_duration, 3600) + force_detach_policies = try(each.value.force_detach_policies, var.defaults.force_detach_policies, false) +} diff --git a/wrappers/iam-assumable-roles/outputs.tf b/wrappers/iam-assumable-roles/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/iam-assumable-roles/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/iam-assumable-roles/variables.tf b/wrappers/iam-assumable-roles/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/iam-assumable-roles/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/iam-assumable-roles/versions.tf b/wrappers/iam-assumable-roles/versions.tf new file mode 100644 index 00000000..51cad108 --- /dev/null +++ b/wrappers/iam-assumable-roles/versions.tf @@ -0,0 +1,3 @@ +terraform { + required_version = ">= 0.13.1" +} diff --git a/wrappers/iam-eks-role/README.md b/wrappers/iam-eks-role/README.md new file mode 100644 index 00000000..f91dbe06 --- /dev/null +++ b/wrappers/iam-eks-role/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/iam-eks-role` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/iam/aws//wrappers/iam-eks-role" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-iam.git//wrappers/iam-eks-role?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/iam/aws//wrappers/iam-eks-role" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/iam-eks-role/main.tf b/wrappers/iam-eks-role/main.tf new file mode 100644 index 00000000..79af5201 --- /dev/null +++ b/wrappers/iam-eks-role/main.tf @@ -0,0 +1,19 @@ +module "wrapper" { + source = "../../modules/iam-eks-role" + + for_each = var.items + + create_role = try(each.value.create_role, var.defaults.create_role, true) + role_name = try(each.value.role_name, var.defaults.role_name, null) + role_path = try(each.value.role_path, var.defaults.role_path, "/") + role_permissions_boundary_arn = try(each.value.role_permissions_boundary_arn, var.defaults.role_permissions_boundary_arn, "") + role_description = try(each.value.role_description, var.defaults.role_description, "") + role_name_prefix = try(each.value.role_name_prefix, var.defaults.role_name_prefix, null) + role_policy_arns = try(each.value.role_policy_arns, var.defaults.role_policy_arns, {}) + cluster_service_accounts = try(each.value.cluster_service_accounts, var.defaults.cluster_service_accounts, {}) + tags = try(each.value.tags, var.defaults.tags, {}) + force_detach_policies = try(each.value.force_detach_policies, var.defaults.force_detach_policies, false) + max_session_duration = try(each.value.max_session_duration, var.defaults.max_session_duration, 43200) + allow_self_assume_role = try(each.value.allow_self_assume_role, var.defaults.allow_self_assume_role, false) + assume_role_condition_test = try(each.value.assume_role_condition_test, var.defaults.assume_role_condition_test, "StringEquals") +} diff --git a/wrappers/iam-eks-role/outputs.tf b/wrappers/iam-eks-role/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/iam-eks-role/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/iam-eks-role/variables.tf b/wrappers/iam-eks-role/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/iam-eks-role/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/iam-eks-role/versions.tf b/wrappers/iam-eks-role/versions.tf new file mode 100644 index 00000000..51cad108 --- /dev/null +++ b/wrappers/iam-eks-role/versions.tf @@ -0,0 +1,3 @@ +terraform { + required_version = ">= 0.13.1" +} diff --git a/wrappers/iam-github-oidc-provider/README.md b/wrappers/iam-github-oidc-provider/README.md new file mode 100644 index 00000000..00c46598 --- /dev/null +++ b/wrappers/iam-github-oidc-provider/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/iam-github-oidc-provider` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/iam/aws//wrappers/iam-github-oidc-provider" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-iam.git//wrappers/iam-github-oidc-provider?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/iam/aws//wrappers/iam-github-oidc-provider" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/iam-github-oidc-provider/main.tf b/wrappers/iam-github-oidc-provider/main.tf new file mode 100644 index 00000000..fb4f3d01 --- /dev/null +++ b/wrappers/iam-github-oidc-provider/main.tf @@ -0,0 +1,10 @@ +module "wrapper" { + source = "../../modules/iam-github-oidc-provider" + + for_each = var.items + + create = try(each.value.create, var.defaults.create, true) + tags = try(each.value.tags, var.defaults.tags, {}) + client_id_list = try(each.value.client_id_list, var.defaults.client_id_list, []) + url = try(each.value.url, var.defaults.url, "https://token.actions.githubusercontent.com") +} diff --git a/wrappers/iam-github-oidc-provider/outputs.tf b/wrappers/iam-github-oidc-provider/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/iam-github-oidc-provider/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/iam-github-oidc-provider/variables.tf b/wrappers/iam-github-oidc-provider/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/iam-github-oidc-provider/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/iam-github-oidc-provider/versions.tf b/wrappers/iam-github-oidc-provider/versions.tf new file mode 100644 index 00000000..51cad108 --- /dev/null +++ b/wrappers/iam-github-oidc-provider/versions.tf @@ -0,0 +1,3 @@ +terraform { + required_version = ">= 0.13.1" +} diff --git a/wrappers/iam-github-oidc-role/README.md b/wrappers/iam-github-oidc-role/README.md new file mode 100644 index 00000000..665b4073 --- /dev/null +++ b/wrappers/iam-github-oidc-role/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/iam-github-oidc-role` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/iam/aws//wrappers/iam-github-oidc-role" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-iam.git//wrappers/iam-github-oidc-role?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/iam/aws//wrappers/iam-github-oidc-role" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/iam-github-oidc-role/main.tf b/wrappers/iam-github-oidc-role/main.tf new file mode 100644 index 00000000..7cbf6e4a --- /dev/null +++ b/wrappers/iam-github-oidc-role/main.tf @@ -0,0 +1,19 @@ +module "wrapper" { + source = "../../modules/iam-github-oidc-role" + + for_each = var.items + + create = try(each.value.create, var.defaults.create, true) + tags = try(each.value.tags, var.defaults.tags, {}) + name = try(each.value.name, var.defaults.name, null) + path = try(each.value.path, var.defaults.path, "/") + permissions_boundary_arn = try(each.value.permissions_boundary_arn, var.defaults.permissions_boundary_arn, null) + description = try(each.value.description, var.defaults.description, null) + name_prefix = try(each.value.name_prefix, var.defaults.name_prefix, null) + policies = try(each.value.policies, var.defaults.policies, {}) + force_detach_policies = try(each.value.force_detach_policies, var.defaults.force_detach_policies, true) + max_session_duration = try(each.value.max_session_duration, var.defaults.max_session_duration, null) + audience = try(each.value.audience, var.defaults.audience, "sts.amazonaws.com") + subjects = try(each.value.subjects, var.defaults.subjects, []) + provider_url = try(each.value.provider_url, var.defaults.provider_url, "token.actions.githubusercontent.com") +} diff --git a/wrappers/iam-github-oidc-role/outputs.tf b/wrappers/iam-github-oidc-role/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/iam-github-oidc-role/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/iam-github-oidc-role/variables.tf b/wrappers/iam-github-oidc-role/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/iam-github-oidc-role/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/iam-github-oidc-role/versions.tf b/wrappers/iam-github-oidc-role/versions.tf new file mode 100644 index 00000000..51cad108 --- /dev/null +++ b/wrappers/iam-github-oidc-role/versions.tf @@ -0,0 +1,3 @@ +terraform { + required_version = ">= 0.13.1" +} diff --git a/wrappers/iam-group-with-assumable-roles-policy/README.md b/wrappers/iam-group-with-assumable-roles-policy/README.md new file mode 100644 index 00000000..dac91e8d --- /dev/null +++ b/wrappers/iam-group-with-assumable-roles-policy/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/iam-group-with-assumable-roles-policy` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/iam/aws//wrappers/iam-group-with-assumable-roles-policy" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-iam.git//wrappers/iam-group-with-assumable-roles-policy?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/iam/aws//wrappers/iam-group-with-assumable-roles-policy" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/iam-group-with-assumable-roles-policy/main.tf b/wrappers/iam-group-with-assumable-roles-policy/main.tf new file mode 100644 index 00000000..1b4e62ed --- /dev/null +++ b/wrappers/iam-group-with-assumable-roles-policy/main.tf @@ -0,0 +1,11 @@ +module "wrapper" { + source = "../../modules/iam-group-with-assumable-roles-policy" + + for_each = var.items + + name = try(each.value.name, var.defaults.name) + path = try(each.value.path, var.defaults.path, "/") + assumable_roles = try(each.value.assumable_roles, var.defaults.assumable_roles, []) + group_users = try(each.value.group_users, var.defaults.group_users, []) + tags = try(each.value.tags, var.defaults.tags, {}) +} diff --git a/wrappers/iam-group-with-assumable-roles-policy/outputs.tf b/wrappers/iam-group-with-assumable-roles-policy/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/iam-group-with-assumable-roles-policy/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/iam-group-with-assumable-roles-policy/variables.tf b/wrappers/iam-group-with-assumable-roles-policy/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/iam-group-with-assumable-roles-policy/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/iam-group-with-assumable-roles-policy/versions.tf b/wrappers/iam-group-with-assumable-roles-policy/versions.tf new file mode 100644 index 00000000..51cad108 --- /dev/null +++ b/wrappers/iam-group-with-assumable-roles-policy/versions.tf @@ -0,0 +1,3 @@ +terraform { + required_version = ">= 0.13.1" +} diff --git a/wrappers/iam-group-with-policies/README.md b/wrappers/iam-group-with-policies/README.md new file mode 100644 index 00000000..3705d850 --- /dev/null +++ b/wrappers/iam-group-with-policies/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/iam-group-with-policies` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/iam/aws//wrappers/iam-group-with-policies" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-iam.git//wrappers/iam-group-with-policies?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/iam/aws//wrappers/iam-group-with-policies" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/iam-group-with-policies/main.tf b/wrappers/iam-group-with-policies/main.tf new file mode 100644 index 00000000..89a600f9 --- /dev/null +++ b/wrappers/iam-group-with-policies/main.tf @@ -0,0 +1,16 @@ +module "wrapper" { + source = "../../modules/iam-group-with-policies" + + for_each = var.items + + create_group = try(each.value.create_group, var.defaults.create_group, true) + name = try(each.value.name, var.defaults.name, "") + group_users = try(each.value.group_users, var.defaults.group_users, []) + custom_group_policy_arns = try(each.value.custom_group_policy_arns, var.defaults.custom_group_policy_arns, []) + custom_group_policies = try(each.value.custom_group_policies, var.defaults.custom_group_policies, []) + enable_mfa_enforcment = try(each.value.enable_mfa_enforcment, var.defaults.enable_mfa_enforcment, true) + attach_iam_self_management_policy = try(each.value.attach_iam_self_management_policy, var.defaults.attach_iam_self_management_policy, true) + iam_self_management_policy_name_prefix = try(each.value.iam_self_management_policy_name_prefix, var.defaults.iam_self_management_policy_name_prefix, "IAMSelfManagement-") + aws_account_id = try(each.value.aws_account_id, var.defaults.aws_account_id, "") + tags = try(each.value.tags, var.defaults.tags, {}) +} diff --git a/wrappers/iam-group-with-policies/outputs.tf b/wrappers/iam-group-with-policies/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/iam-group-with-policies/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/iam-group-with-policies/variables.tf b/wrappers/iam-group-with-policies/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/iam-group-with-policies/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/iam-group-with-policies/versions.tf b/wrappers/iam-group-with-policies/versions.tf new file mode 100644 index 00000000..51cad108 --- /dev/null +++ b/wrappers/iam-group-with-policies/versions.tf @@ -0,0 +1,3 @@ +terraform { + required_version = ">= 0.13.1" +} diff --git a/wrappers/iam-policy/README.md b/wrappers/iam-policy/README.md new file mode 100644 index 00000000..6d951656 --- /dev/null +++ b/wrappers/iam-policy/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/iam-policy` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/iam/aws//wrappers/iam-policy" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-iam.git//wrappers/iam-policy?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/iam/aws//wrappers/iam-policy" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/iam-policy/main.tf b/wrappers/iam-policy/main.tf new file mode 100644 index 00000000..1b6db390 --- /dev/null +++ b/wrappers/iam-policy/main.tf @@ -0,0 +1,13 @@ +module "wrapper" { + source = "../../modules/iam-policy" + + for_each = var.items + + create_policy = try(each.value.create_policy, var.defaults.create_policy, true) + name = try(each.value.name, var.defaults.name, null) + name_prefix = try(each.value.name_prefix, var.defaults.name_prefix, null) + path = try(each.value.path, var.defaults.path, "/") + description = try(each.value.description, var.defaults.description, "IAM Policy") + policy = try(each.value.policy, var.defaults.policy, "") + tags = try(each.value.tags, var.defaults.tags, {}) +} diff --git a/wrappers/iam-policy/outputs.tf b/wrappers/iam-policy/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/iam-policy/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/iam-policy/variables.tf b/wrappers/iam-policy/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/iam-policy/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/iam-policy/versions.tf b/wrappers/iam-policy/versions.tf new file mode 100644 index 00000000..51cad108 --- /dev/null +++ b/wrappers/iam-policy/versions.tf @@ -0,0 +1,3 @@ +terraform { + required_version = ">= 0.13.1" +} diff --git a/wrappers/iam-read-only-policy/README.md b/wrappers/iam-read-only-policy/README.md new file mode 100644 index 00000000..0d9d2f95 --- /dev/null +++ b/wrappers/iam-read-only-policy/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/iam-read-only-policy` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/iam/aws//wrappers/iam-read-only-policy" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-iam.git//wrappers/iam-read-only-policy?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/iam/aws//wrappers/iam-read-only-policy" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/iam-read-only-policy/main.tf b/wrappers/iam-read-only-policy/main.tf new file mode 100644 index 00000000..79e22ed0 --- /dev/null +++ b/wrappers/iam-read-only-policy/main.tf @@ -0,0 +1,18 @@ +module "wrapper" { + source = "../../modules/iam-read-only-policy" + + for_each = var.items + + create_policy = try(each.value.create_policy, var.defaults.create_policy, true) + name = try(each.value.name, var.defaults.name, null) + name_prefix = try(each.value.name_prefix, var.defaults.name_prefix, null) + path = try(each.value.path, var.defaults.path, "/") + description = try(each.value.description, var.defaults.description, "IAM Policy") + allowed_services = try(each.value.allowed_services, var.defaults.allowed_services) + additional_policy_json = try(each.value.additional_policy_json, var.defaults.additional_policy_json, "{}") + tags = try(each.value.tags, var.defaults.tags, {}) + allow_cloudwatch_logs_query = try(each.value.allow_cloudwatch_logs_query, var.defaults.allow_cloudwatch_logs_query, true) + allow_predefined_sts_actions = try(each.value.allow_predefined_sts_actions, var.defaults.allow_predefined_sts_actions, true) + allow_web_console_services = try(each.value.allow_web_console_services, var.defaults.allow_web_console_services, true) + web_console_services = try(each.value.web_console_services, var.defaults.web_console_services, ["resource-groups", "tag", "health", "ce"]) +} diff --git a/wrappers/iam-read-only-policy/outputs.tf b/wrappers/iam-read-only-policy/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/iam-read-only-policy/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/iam-read-only-policy/variables.tf b/wrappers/iam-read-only-policy/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/iam-read-only-policy/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/iam-read-only-policy/versions.tf b/wrappers/iam-read-only-policy/versions.tf new file mode 100644 index 00000000..51cad108 --- /dev/null +++ b/wrappers/iam-read-only-policy/versions.tf @@ -0,0 +1,3 @@ +terraform { + required_version = ">= 0.13.1" +} diff --git a/wrappers/iam-role-for-service-accounts-eks/README.md b/wrappers/iam-role-for-service-accounts-eks/README.md new file mode 100644 index 00000000..f9e92a31 --- /dev/null +++ b/wrappers/iam-role-for-service-accounts-eks/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/iam-role-for-service-accounts-eks` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/iam/aws//wrappers/iam-role-for-service-accounts-eks" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-iam.git//wrappers/iam-role-for-service-accounts-eks?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/iam/aws//wrappers/iam-role-for-service-accounts-eks" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/iam-role-for-service-accounts-eks/main.tf b/wrappers/iam-role-for-service-accounts-eks/main.tf new file mode 100644 index 00000000..52bbf91c --- /dev/null +++ b/wrappers/iam-role-for-service-accounts-eks/main.tf @@ -0,0 +1,58 @@ +module "wrapper" { + source = "../../modules/iam-role-for-service-accounts-eks" + + for_each = var.items + + create_role = try(each.value.create_role, var.defaults.create_role, true) + role_name = try(each.value.role_name, var.defaults.role_name, null) + role_path = try(each.value.role_path, var.defaults.role_path, "/") + role_permissions_boundary_arn = try(each.value.role_permissions_boundary_arn, var.defaults.role_permissions_boundary_arn, null) + role_description = try(each.value.role_description, var.defaults.role_description, null) + role_name_prefix = try(each.value.role_name_prefix, var.defaults.role_name_prefix, null) + policy_name_prefix = try(each.value.policy_name_prefix, var.defaults.policy_name_prefix, "AmazonEKS_") + role_policy_arns = try(each.value.role_policy_arns, var.defaults.role_policy_arns, {}) + oidc_providers = try(each.value.oidc_providers, var.defaults.oidc_providers, {}) + tags = try(each.value.tags, var.defaults.tags, {}) + force_detach_policies = try(each.value.force_detach_policies, var.defaults.force_detach_policies, true) + max_session_duration = try(each.value.max_session_duration, var.defaults.max_session_duration, null) + assume_role_condition_test = try(each.value.assume_role_condition_test, var.defaults.assume_role_condition_test, "StringEquals") + allow_self_assume_role = try(each.value.allow_self_assume_role, var.defaults.allow_self_assume_role, false) + attach_aws_gateway_controller_policy = try(each.value.attach_aws_gateway_controller_policy, var.defaults.attach_aws_gateway_controller_policy, false) + attach_cert_manager_policy = try(each.value.attach_cert_manager_policy, var.defaults.attach_cert_manager_policy, false) + cert_manager_hosted_zone_arns = try(each.value.cert_manager_hosted_zone_arns, var.defaults.cert_manager_hosted_zone_arns, ["arn:aws:route53:::hostedzone/*"]) + attach_cluster_autoscaler_policy = try(each.value.attach_cluster_autoscaler_policy, var.defaults.attach_cluster_autoscaler_policy, false) + cluster_autoscaler_cluster_ids = try(each.value.cluster_autoscaler_cluster_ids, var.defaults.cluster_autoscaler_cluster_ids, []) + cluster_autoscaler_cluster_names = try(each.value.cluster_autoscaler_cluster_names, var.defaults.cluster_autoscaler_cluster_names, []) + attach_ebs_csi_policy = try(each.value.attach_ebs_csi_policy, var.defaults.attach_ebs_csi_policy, false) + ebs_csi_kms_cmk_ids = try(each.value.ebs_csi_kms_cmk_ids, var.defaults.ebs_csi_kms_cmk_ids, []) + attach_efs_csi_policy = try(each.value.attach_efs_csi_policy, var.defaults.attach_efs_csi_policy, false) + attach_external_dns_policy = try(each.value.attach_external_dns_policy, var.defaults.attach_external_dns_policy, false) + external_dns_hosted_zone_arns = try(each.value.external_dns_hosted_zone_arns, var.defaults.external_dns_hosted_zone_arns, ["arn:aws:route53:::hostedzone/*"]) + attach_external_secrets_policy = try(each.value.attach_external_secrets_policy, var.defaults.attach_external_secrets_policy, false) + external_secrets_ssm_parameter_arns = try(each.value.external_secrets_ssm_parameter_arns, var.defaults.external_secrets_ssm_parameter_arns, ["arn:aws:ssm:*:*:parameter/*"]) + external_secrets_secrets_manager_arns = try(each.value.external_secrets_secrets_manager_arns, var.defaults.external_secrets_secrets_manager_arns, ["arn:aws:secretsmanager:*:*:secret:*"]) + external_secrets_kms_key_arns = try(each.value.external_secrets_kms_key_arns, var.defaults.external_secrets_kms_key_arns, ["arn:aws:kms:*:*:key/*"]) + attach_fsx_lustre_csi_policy = try(each.value.attach_fsx_lustre_csi_policy, var.defaults.attach_fsx_lustre_csi_policy, false) + fsx_lustre_csi_service_role_arns = try(each.value.fsx_lustre_csi_service_role_arns, var.defaults.fsx_lustre_csi_service_role_arns, ["arn:aws:iam::*:role/aws-service-role/s3.data-source.lustre.fsx.amazonaws.com/*"]) + attach_karpenter_controller_policy = try(each.value.attach_karpenter_controller_policy, var.defaults.attach_karpenter_controller_policy, false) + karpenter_controller_cluster_id = try(each.value.karpenter_controller_cluster_id, var.defaults.karpenter_controller_cluster_id, "*") + karpenter_controller_cluster_name = try(each.value.karpenter_controller_cluster_name, var.defaults.karpenter_controller_cluster_name, "*") + karpenter_tag_key = try(each.value.karpenter_tag_key, var.defaults.karpenter_tag_key, "karpenter.sh/discovery") + karpenter_controller_ssm_parameter_arns = try(each.value.karpenter_controller_ssm_parameter_arns, var.defaults.karpenter_controller_ssm_parameter_arns, ["arn:aws:ssm:*:*:parameter/aws/service/*"]) + karpenter_controller_node_iam_role_arns = try(each.value.karpenter_controller_node_iam_role_arns, var.defaults.karpenter_controller_node_iam_role_arns, ["*"]) + karpenter_subnet_account_id = try(each.value.karpenter_subnet_account_id, var.defaults.karpenter_subnet_account_id, "") + karpenter_sqs_queue_arn = try(each.value.karpenter_sqs_queue_arn, var.defaults.karpenter_sqs_queue_arn, null) + attach_load_balancer_controller_policy = try(each.value.attach_load_balancer_controller_policy, var.defaults.attach_load_balancer_controller_policy, false) + attach_load_balancer_controller_targetgroup_binding_only_policy = try(each.value.attach_load_balancer_controller_targetgroup_binding_only_policy, var.defaults.attach_load_balancer_controller_targetgroup_binding_only_policy, false) + attach_appmesh_controller_policy = try(each.value.attach_appmesh_controller_policy, var.defaults.attach_appmesh_controller_policy, false) + attach_appmesh_envoy_proxy_policy = try(each.value.attach_appmesh_envoy_proxy_policy, var.defaults.attach_appmesh_envoy_proxy_policy, false) + attach_amazon_managed_service_prometheus_policy = try(each.value.attach_amazon_managed_service_prometheus_policy, var.defaults.attach_amazon_managed_service_prometheus_policy, false) + amazon_managed_service_prometheus_workspace_arns = try(each.value.amazon_managed_service_prometheus_workspace_arns, var.defaults.amazon_managed_service_prometheus_workspace_arns, ["*"]) + attach_velero_policy = try(each.value.attach_velero_policy, var.defaults.attach_velero_policy, false) + velero_s3_bucket_arns = try(each.value.velero_s3_bucket_arns, var.defaults.velero_s3_bucket_arns, ["*"]) + attach_vpc_cni_policy = try(each.value.attach_vpc_cni_policy, var.defaults.attach_vpc_cni_policy, false) + vpc_cni_enable_ipv4 = try(each.value.vpc_cni_enable_ipv4, var.defaults.vpc_cni_enable_ipv4, false) + vpc_cni_enable_ipv6 = try(each.value.vpc_cni_enable_ipv6, var.defaults.vpc_cni_enable_ipv6, false) + attach_node_termination_handler_policy = try(each.value.attach_node_termination_handler_policy, var.defaults.attach_node_termination_handler_policy, false) + node_termination_handler_sqs_queue_arns = try(each.value.node_termination_handler_sqs_queue_arns, var.defaults.node_termination_handler_sqs_queue_arns, ["*"]) +} diff --git a/wrappers/iam-role-for-service-accounts-eks/outputs.tf b/wrappers/iam-role-for-service-accounts-eks/outputs.tf new file mode 100644 index 00000000..ec6da5f4 --- /dev/null +++ b/wrappers/iam-role-for-service-accounts-eks/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + # sensitive = false # No sensitive module output found +} diff --git a/wrappers/iam-role-for-service-accounts-eks/variables.tf b/wrappers/iam-role-for-service-accounts-eks/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/iam-role-for-service-accounts-eks/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/iam-role-for-service-accounts-eks/versions.tf b/wrappers/iam-role-for-service-accounts-eks/versions.tf new file mode 100644 index 00000000..51cad108 --- /dev/null +++ b/wrappers/iam-role-for-service-accounts-eks/versions.tf @@ -0,0 +1,3 @@ +terraform { + required_version = ">= 0.13.1" +} diff --git a/wrappers/iam-user/README.md b/wrappers/iam-user/README.md new file mode 100644 index 00000000..1acb5e61 --- /dev/null +++ b/wrappers/iam-user/README.md @@ -0,0 +1,100 @@ +# Wrapper for module: `modules/iam-user` + +The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt). + +You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module. + +This wrapper does not implement any extra functionality. + +## Usage with Terragrunt + +`terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/iam/aws//wrappers/iam-user" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-iam.git//wrappers/iam-user?ref=master" +} + +inputs = { + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Usage with Terraform + +```hcl +module "wrapper" { + source = "terraform-aws-modules/iam/aws//wrappers/iam-user" + + defaults = { # Default values + create = true + tags = { + Terraform = "true" + Environment = "dev" + } + } + + items = { + my-item = { + # omitted... can be any argument supported by the module + } + my-second-item = { + # omitted... can be any argument supported by the module + } + # omitted... + } +} +``` + +## Example: Manage multiple S3 buckets in one Terragrunt layer + +`eu-west-1/s3-buckets/terragrunt.hcl`: + +```hcl +terraform { + source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers" + # Alternative source: + # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master" +} + +inputs = { + defaults = { + force_destroy = true + + attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true + attach_deny_insecure_transport_policy = true + attach_require_latest_tls_policy = true + } + + items = { + bucket1 = { + bucket = "my-random-bucket-1" + } + bucket2 = { + bucket = "my-random-bucket-2" + tags = { + Secure = "probably" + } + } + } +} +``` diff --git a/wrappers/iam-user/main.tf b/wrappers/iam-user/main.tf new file mode 100644 index 00000000..533ea375 --- /dev/null +++ b/wrappers/iam-user/main.tf @@ -0,0 +1,21 @@ +module "wrapper" { + source = "../../modules/iam-user" + + for_each = var.items + + create_user = try(each.value.create_user, var.defaults.create_user, true) + create_iam_user_login_profile = try(each.value.create_iam_user_login_profile, var.defaults.create_iam_user_login_profile, true) + create_iam_access_key = try(each.value.create_iam_access_key, var.defaults.create_iam_access_key, true) + name = try(each.value.name, var.defaults.name) + path = try(each.value.path, var.defaults.path, "/") + force_destroy = try(each.value.force_destroy, var.defaults.force_destroy, false) + pgp_key = try(each.value.pgp_key, var.defaults.pgp_key, "") + iam_access_key_status = try(each.value.iam_access_key_status, var.defaults.iam_access_key_status, null) + password_reset_required = try(each.value.password_reset_required, var.defaults.password_reset_required, true) + password_length = try(each.value.password_length, var.defaults.password_length, 20) + upload_iam_user_ssh_key = try(each.value.upload_iam_user_ssh_key, var.defaults.upload_iam_user_ssh_key, false) + ssh_key_encoding = try(each.value.ssh_key_encoding, var.defaults.ssh_key_encoding, "SSH") + ssh_public_key = try(each.value.ssh_public_key, var.defaults.ssh_public_key, "") + permissions_boundary = try(each.value.permissions_boundary, var.defaults.permissions_boundary, "") + tags = try(each.value.tags, var.defaults.tags, {}) +} diff --git a/wrappers/iam-user/outputs.tf b/wrappers/iam-user/outputs.tf new file mode 100644 index 00000000..cec56a51 --- /dev/null +++ b/wrappers/iam-user/outputs.tf @@ -0,0 +1,5 @@ +output "wrapper" { + description = "Map of outputs of a wrapper." + value = module.wrapper + sensitive = true # At least one sensitive module output (iam_user_login_profile_password) found (requires Terraform 0.14+) +} diff --git a/wrappers/iam-user/variables.tf b/wrappers/iam-user/variables.tf new file mode 100644 index 00000000..a6ea0962 --- /dev/null +++ b/wrappers/iam-user/variables.tf @@ -0,0 +1,11 @@ +variable "defaults" { + description = "Map of default values which will be used for each item." + type = any + default = {} +} + +variable "items" { + description = "Maps of items to create a wrapper from. Values are passed through to the module." + type = any + default = {} +} diff --git a/wrappers/iam-user/versions.tf b/wrappers/iam-user/versions.tf new file mode 100644 index 00000000..51cad108 --- /dev/null +++ b/wrappers/iam-user/versions.tf @@ -0,0 +1,3 @@ +terraform { + required_version = ">= 0.13.1" +} From 051ab7754b7ed074a07a7ee96769b1a6726fb222 Mon Sep 17 00:00:00 2001 From: Gareth Denny <37297485+gpdenny@users.noreply.github.com> Date: Mon, 26 Jun 2023 11:47:32 +0100 Subject: [PATCH 2/2] bump pre-commit-terraform to v1.81.0 --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 06dda853..e79e67b2 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.79.1 + rev: v1.81.0 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each