{ "version": 4, "terraform_version": "0.12.26", "serial": 3, "lineage": "ab283235-9e55-43f2-d2d8-04b00b55ed63", "outputs": {}, "resources": [ { "module": "module.mdradmin-bootstrap", "mode": "data", "type": "aws_caller_identity", "name": "current", "provider": "provider.aws", "instances": [ { "schema_version": 0, "attributes": { "account_id": "701290387780", "arn": "arn:aws-us-gov:iam::701290387780:user/MDRAdmin", "id": "2020-06-10 17:20:53.549088 +0000 UTC", "user_id": "AIDA2GSBKDFCIOHM2OZMZ" } } ] }, { "module": "module.mdradmin-bootstrap", "mode": "data", "type": "aws_iam_policy_document", "name": "mdradmin_tfstate_setup", "provider": "provider.aws", "instances": [ { "schema_version": 0, "attributes": { "id": "3951987947", "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"DynamoDBTablesAndLocking\",\n \"Effect\": \"Allow\",\n \"Action\": \"dynamodb:*\",\n \"Resource\": \"arn:aws-us-gov:dynamodb:us-gov-east-1:701290387780:table/afsxdr-terraform-state\",\n \"Condition\": {\n \"BoolIfExists\": {\n \"aws:MultiFactorAuthPresent\": \"true\"\n }\n }\n },\n {\n \"Sid\": \"DynamoDBTablesAndLocking2\",\n \"Effect\": \"Allow\",\n \"Action\": \"dynamodb:ListTables\",\n \"Resource\": \"arn:aws-us-gov:dynamodb:us-gov-east-1:701290387780:table/*\",\n \"Condition\": {\n \"BoolIfExists\": {\n \"aws:MultiFactorAuthPresent\": \"true\"\n }\n }\n },\n {\n \"Sid\": \"KMSKeyCreate\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kms:List*\",\n \"kms:DeleteKey\",\n \"kms:DeleteAlias\",\n \"kms:CreateKey\",\n \"kms:CreateAlias\"\n ],\n \"Resource\": \"*\",\n \"Condition\": {\n \"BoolIfExists\": {\n \"aws:MultiFactorAuthPresent\": \"true\"\n }\n }\n },\n {\n \"Sid\": \"S3AllResources\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:HeadBucket\",\n \"Resource\": \"*\",\n \"Condition\": {\n \"BoolIfExists\": {\n \"aws:MultiFactorAuthPresent\": \"true\"\n }\n }\n },\n {\n \"Sid\": \"S3ManageStateBucket\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:Put*\",\n \"s3:ListBucket\",\n \"s3:Get*\",\n \"s3:DeleteBucket\",\n \"s3:CreateBucket\"\n ],\n \"Resource\": \"arn:aws-us-gov:s3:::afsxdr-terraform-state\",\n \"Condition\": {\n \"BoolIfExists\": {\n \"aws:MultiFactorAuthPresent\": \"true\"\n }\n }\n },\n {\n \"Sid\": \"S3ObjectOperations\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:PutObject*\",\n \"s3:GetObject*\",\n \"s3:DeleteObject*\"\n ],\n \"Resource\": \"arn:aws-us-gov:s3:::afsxdr-terraform-state/*\",\n \"Condition\": {\n \"BoolIfExists\": {\n \"aws:MultiFactorAuthPresent\": \"true\"\n }\n }\n }\n ]\n}", "override_json": null, "policy_id": null, "source_json": null, "statement": [ { "actions": [ "dynamodb:*" ], "condition": [ { "test": "BoolIfExists", "values": [ "true" ], "variable": "aws:MultiFactorAuthPresent" } ], "effect": "Allow", "not_actions": [], "not_principals": [], "not_resources": [], "principals": [], "resources": [ "arn:aws-us-gov:dynamodb:us-gov-east-1:701290387780:table/afsxdr-terraform-state" ], "sid": "DynamoDBTablesAndLocking" }, { "actions": [ "dynamodb:ListTables" ], "condition": [ { "test": "BoolIfExists", "values": [ "true" ], "variable": "aws:MultiFactorAuthPresent" } ], "effect": "Allow", "not_actions": [], "not_principals": [], "not_resources": [], "principals": [], "resources": [ "arn:aws-us-gov:dynamodb:us-gov-east-1:701290387780:table/*" ], "sid": "DynamoDBTablesAndLocking2" }, { "actions": [ "kms:CreateAlias", "kms:CreateKey", "kms:DeleteAlias", "kms:DeleteKey", "kms:List*" ], "condition": [ { "test": "BoolIfExists", "values": [ "true" ], "variable": "aws:MultiFactorAuthPresent" } ], "effect": "Allow", "not_actions": [], "not_principals": [], "not_resources": [], "principals": [], "resources": [ "*" ], "sid": "KMSKeyCreate" }, { "actions": [ "s3:HeadBucket" ], "condition": [ { "test": "BoolIfExists", "values": [ "true" ], "variable": "aws:MultiFactorAuthPresent" } ], "effect": "Allow", "not_actions": [], "not_principals": [], "not_resources": [], "principals": [], "resources": [ "*" ], "sid": "S3AllResources" }, { "actions": [ "s3:CreateBucket", "s3:DeleteBucket", "s3:Get*", "s3:ListBucket", "s3:Put*" ], "condition": [ { "test": "BoolIfExists", "values": [ "true" ], "variable": "aws:MultiFactorAuthPresent" } ], "effect": "Allow", "not_actions": [], "not_principals": [], "not_resources": [], "principals": [], "resources": [ "arn:aws-us-gov:s3:::afsxdr-terraform-state" ], "sid": "S3ManageStateBucket" }, { "actions": [ "s3:DeleteObject*", "s3:GetObject*", "s3:PutObject*" ], "condition": [ { "test": "BoolIfExists", "values": [ "true" ], "variable": "aws:MultiFactorAuthPresent" } ], "effect": "Allow", "not_actions": [], "not_principals": [], "not_resources": [], "principals": [], "resources": [ "arn:aws-us-gov:s3:::afsxdr-terraform-state/*" ], "sid": "S3ObjectOperations" } ], "version": "2012-10-17" } } ] }, { "module": "module.mdradmin-bootstrap", "mode": "data", "type": "aws_partition", "name": "current", "provider": "provider.aws", "instances": [ { "schema_version": 0, "attributes": { "dns_suffix": "amazonaws.com", "id": "2020-06-10 17:20:53.237014 +0000 UTC", "partition": "aws-us-gov" } } ] }, { "module": "module.mdradmin-bootstrap", "mode": "data", "type": "aws_region", "name": "current", "provider": "provider.aws", "instances": [ { "schema_version": 0, "attributes": { "current": null, "description": "AWS GovCloud (US-East)", "endpoint": "ec2.us-gov-east-1.amazonaws.com", "id": "us-gov-east-1", "name": "us-gov-east-1" } } ] }, { "module": "module.mdradmin-bootstrap", "mode": "managed", "type": "aws_iam_policy", "name": "mdradmin_tfstate_setup", "provider": "provider.aws", "instances": [ { "schema_version": 0, "attributes": { "arn": "arn:aws-us-gov:iam::701290387780:policy/bootstrap/mdradmmin_tfstate_setup", "description": "Gives MDRAdmin account rights needed to set up tfstate management", "id": "arn:aws-us-gov:iam::701290387780:policy/bootstrap/mdradmmin_tfstate_setup", "name": "mdradmmin_tfstate_setup", "name_prefix": null, "path": "/bootstrap/", "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"DynamoDBTablesAndLocking\",\n \"Effect\": \"Allow\",\n \"Action\": \"dynamodb:*\",\n \"Resource\": \"arn:aws-us-gov:dynamodb:us-gov-east-1:701290387780:table/afsxdr-terraform-state\",\n \"Condition\": {\n \"BoolIfExists\": {\n \"aws:MultiFactorAuthPresent\": \"true\"\n }\n }\n },\n {\n \"Sid\": \"DynamoDBTablesAndLocking2\",\n \"Effect\": \"Allow\",\n \"Action\": \"dynamodb:ListTables\",\n \"Resource\": \"arn:aws-us-gov:dynamodb:us-gov-east-1:701290387780:table/*\",\n \"Condition\": {\n \"BoolIfExists\": {\n \"aws:MultiFactorAuthPresent\": \"true\"\n }\n }\n },\n {\n \"Sid\": \"KMSKeyCreate\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kms:List*\",\n \"kms:DeleteKey\",\n \"kms:DeleteAlias\",\n \"kms:CreateKey\",\n \"kms:CreateAlias\"\n ],\n \"Resource\": \"*\",\n \"Condition\": {\n \"BoolIfExists\": {\n \"aws:MultiFactorAuthPresent\": \"true\"\n }\n }\n },\n {\n \"Sid\": \"S3AllResources\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:HeadBucket\",\n \"Resource\": \"*\",\n \"Condition\": {\n \"BoolIfExists\": {\n \"aws:MultiFactorAuthPresent\": \"true\"\n }\n }\n },\n {\n \"Sid\": \"S3ManageStateBucket\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:Put*\",\n \"s3:ListBucket\",\n \"s3:Get*\",\n \"s3:DeleteBucket\",\n \"s3:CreateBucket\"\n ],\n \"Resource\": \"arn:aws-us-gov:s3:::afsxdr-terraform-state\",\n \"Condition\": {\n \"BoolIfExists\": {\n \"aws:MultiFactorAuthPresent\": \"true\"\n }\n }\n },\n {\n \"Sid\": \"S3ObjectOperations\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:PutObject*\",\n \"s3:GetObject*\",\n \"s3:DeleteObject*\"\n ],\n \"Resource\": \"arn:aws-us-gov:s3:::afsxdr-terraform-state/*\",\n \"Condition\": {\n \"BoolIfExists\": {\n \"aws:MultiFactorAuthPresent\": \"true\"\n }\n }\n }\n ]\n}" }, "private": "bnVsbA==" } ] }, { "module": "module.mdradmin-bootstrap", "mode": "managed", "type": "aws_iam_user_policy_attachment", "name": "this", "each": "map", "provider": "provider.aws", "instances": [ { "index_key": "MDRAdmin", "schema_version": 0, "attributes": { "id": "MDRAdmin-20200610172103702600000001", "policy_arn": "arn:aws-us-gov:iam::701290387780:policy/bootstrap/mdradmmin_tfstate_setup", "user": "MDRAdmin" }, "private": "bnVsbA==", "dependencies": [ "module.mdradmin-bootstrap.aws_iam_policy.mdradmin_tfstate_setup" ] } ] } ] }