| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404 |
- {
- "version": 4,
- "terraform_version": "0.12.25",
- "serial": 62,
- "lineage": "a5b3f3fc-da94-9f2f-5793-230f4da09eb8",
- "outputs": {},
- "resources": [
- {
- "module": "module.tfstate",
- "mode": "data",
- "type": "aws_caller_identity",
- "name": "current",
- "provider": "provider.aws",
- "instances": [
- {
- "schema_version": 0,
- "attributes": {
- "account_id": "471284459109",
- "arn": "arn:aws:iam::471284459109:user/MDRAdmin",
- "id": "2020-05-26 02:14:19.837763 +0000 UTC",
- "user_id": "AIDAW3OV6EZS5DFJAO7CP"
- }
- }
- ]
- },
- {
- "module": "module.tfstate",
- "mode": "data",
- "type": "aws_iam_policy_document",
- "name": "kms_key_policy_tfstate",
- "provider": "provider.aws",
- "instances": [
- {
- "schema_version": 0,
- "attributes": {
- "id": "716496905",
- "json": "{\n \"Version\": \"2012-10-17\",\n \"Id\": \"key-consolepolicy-3\",\n \"Statement\": [\n {\n \"Sid\": \"Enable IAM User Permissions\",\n \"Effect\": \"Allow\",\n \"Action\": \"kms:*\",\n \"Resource\": \"*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::471284459109:root\"\n }\n },\n {\n \"Sid\": \"Allow access for Key Administrators\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kms:Update*\",\n \"kms:UntagResource\",\n \"kms:TagResource\",\n \"kms:ScheduleKeyDeletion\",\n \"kms:Revoke*\",\n \"kms:Put*\",\n \"kms:List*\",\n \"kms:Get*\",\n \"kms:Enable*\",\n \"kms:Disable*\",\n \"kms:Describe*\",\n \"kms:Delete*\",\n \"kms:Create*\",\n \"kms:CancelKeyDeletion\"\n ],\n \"Resource\": \"*\",\n \"Principal\": {\n \"AWS\": [\n \"arn:aws:iam::471284459109:user/MDRAdmin\",\n \"arn:aws:iam::471284459109:role/user/mdr_iam_admin\",\n \"arn:aws:iam::471284459109:role/user/mdr_engineer\"\n ]\n }\n },\n {\n \"Sid\": \"Allow use of the key\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kms:ReEncrypt*\",\n \"kms:GenerateDataKey*\",\n \"kms:Encrypt\",\n \"kms:DescribeKey\",\n \"kms:Decrypt\"\n ],\n \"Resource\": \"*\",\n \"Principal\": {\n \"AWS\": [\n \"arn:aws:iam::471284459109:user/MDRAdmin\",\n \"arn:aws:iam::471284459109:role/user/mdr_iam_admin\",\n \"arn:aws:iam::471284459109:role/user/mdr_engineer\"\n ]\n }\n },\n {\n \"Sid\": \"Allow attachment of persistent resources\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kms:RevokeGrant\",\n \"kms:ListGrants\",\n \"kms:CreateGrant\"\n ],\n \"Resource\": \"*\",\n \"Principal\": {\n \"AWS\": [\n \"arn:aws:iam::471284459109:user/MDRAdmin\",\n \"arn:aws:iam::471284459109:role/user/mdr_iam_admin\",\n \"arn:aws:iam::471284459109:role/user/mdr_engineer\"\n ]\n },\n \"Condition\": {\n \"Bool\": {\n \"kms:GrantIsForAWSResource\": \"true\"\n }\n }\n }\n ]\n}",
- "override_json": null,
- "policy_id": "key-consolepolicy-3",
- "source_json": null,
- "statement": [
- {
- "actions": [
- "kms:*"
- ],
- "condition": [],
- "effect": "Allow",
- "not_actions": [],
- "not_principals": [],
- "not_resources": [],
- "principals": [
- {
- "identifiers": [
- "arn:aws:iam::471284459109:root"
- ],
- "type": "AWS"
- }
- ],
- "resources": [
- "*"
- ],
- "sid": "Enable IAM User Permissions"
- },
- {
- "actions": [
- "kms:CancelKeyDeletion",
- "kms:Create*",
- "kms:Delete*",
- "kms:Describe*",
- "kms:Disable*",
- "kms:Enable*",
- "kms:Get*",
- "kms:List*",
- "kms:Put*",
- "kms:Revoke*",
- "kms:ScheduleKeyDeletion",
- "kms:TagResource",
- "kms:UntagResource",
- "kms:Update*"
- ],
- "condition": [],
- "effect": "Allow",
- "not_actions": [],
- "not_principals": [],
- "not_resources": [],
- "principals": [
- {
- "identifiers": [
- "arn:aws:iam::471284459109:role/user/mdr_engineer",
- "arn:aws:iam::471284459109:role/user/mdr_iam_admin",
- "arn:aws:iam::471284459109:user/MDRAdmin"
- ],
- "type": "AWS"
- }
- ],
- "resources": [
- "*"
- ],
- "sid": "Allow access for Key Administrators"
- },
- {
- "actions": [
- "kms:Decrypt",
- "kms:DescribeKey",
- "kms:Encrypt",
- "kms:GenerateDataKey*",
- "kms:ReEncrypt*"
- ],
- "condition": [],
- "effect": "Allow",
- "not_actions": [],
- "not_principals": [],
- "not_resources": [],
- "principals": [
- {
- "identifiers": [
- "arn:aws:iam::471284459109:role/user/mdr_engineer",
- "arn:aws:iam::471284459109:role/user/mdr_iam_admin",
- "arn:aws:iam::471284459109:user/MDRAdmin"
- ],
- "type": "AWS"
- }
- ],
- "resources": [
- "*"
- ],
- "sid": "Allow use of the key"
- },
- {
- "actions": [
- "kms:CreateGrant",
- "kms:ListGrants",
- "kms:RevokeGrant"
- ],
- "condition": [
- {
- "test": "Bool",
- "values": [
- "true"
- ],
- "variable": "kms:GrantIsForAWSResource"
- }
- ],
- "effect": "Allow",
- "not_actions": [],
- "not_principals": [],
- "not_resources": [],
- "principals": [
- {
- "identifiers": [
- "arn:aws:iam::471284459109:role/user/mdr_engineer",
- "arn:aws:iam::471284459109:role/user/mdr_iam_admin",
- "arn:aws:iam::471284459109:user/MDRAdmin"
- ],
- "type": "AWS"
- }
- ],
- "resources": [
- "*"
- ],
- "sid": "Allow attachment of persistent resources"
- }
- ],
- "version": "2012-10-17"
- }
- }
- ]
- },
- {
- "module": "module.tfstate",
- "mode": "data",
- "type": "aws_partition",
- "name": "current",
- "provider": "provider.aws",
- "instances": [
- {
- "schema_version": 0,
- "attributes": {
- "dns_suffix": "amazonaws.com",
- "id": "2020-05-26 02:14:19.583075 +0000 UTC",
- "partition": "aws"
- }
- }
- ]
- },
- {
- "module": "module.tfstate",
- "mode": "managed",
- "type": "aws_dynamodb_table",
- "name": "lock_table",
- "provider": "provider.aws",
- "instances": [
- {
- "schema_version": 1,
- "attributes": {
- "arn": "arn:aws:dynamodb:us-east-1:471284459109:table/afsxdr-terraform-state",
- "attribute": [
- {
- "name": "LockID",
- "type": "S"
- }
- ],
- "billing_mode": "PAY_PER_REQUEST",
- "global_secondary_index": [],
- "hash_key": "LockID",
- "id": "afsxdr-terraform-state",
- "local_secondary_index": [],
- "name": "afsxdr-terraform-state",
- "point_in_time_recovery": [
- {
- "enabled": false
- }
- ],
- "range_key": null,
- "read_capacity": 0,
- "replica": [],
- "server_side_encryption": [
- {
- "enabled": true,
- "kms_key_arn": "arn:aws:kms:us-east-1:471284459109:key/5f348d15-d45c-434a-99ee-362970e0e5b0"
- }
- ],
- "stream_arn": "",
- "stream_enabled": false,
- "stream_label": "",
- "stream_view_type": "",
- "tags": {
- "Name": "afsxdr-terraform-state"
- },
- "timeouts": null,
- "ttl": [
- {
- "attribute_name": "",
- "enabled": false
- }
- ],
- "write_capacity": 0
- },
- "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjM2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
- "dependencies": [
- "module.tfstate.aws_kms_key.tfstate"
- ]
- }
- ]
- },
- {
- "module": "module.tfstate",
- "mode": "managed",
- "type": "aws_kms_alias",
- "name": "tfstate",
- "provider": "provider.aws",
- "instances": [
- {
- "schema_version": 0,
- "attributes": {
- "arn": "arn:aws:kms:us-east-1:471284459109:alias/tfstate",
- "id": "alias/tfstate",
- "name": "alias/tfstate",
- "name_prefix": null,
- "target_key_arn": "arn:aws:kms:us-east-1:471284459109:key/5f348d15-d45c-434a-99ee-362970e0e5b0",
- "target_key_id": "5f348d15-d45c-434a-99ee-362970e0e5b0"
- },
- "private": "bnVsbA==",
- "dependencies": [
- "module.tfstate.aws_kms_key.tfstate"
- ]
- }
- ]
- },
- {
- "module": "module.tfstate",
- "mode": "managed",
- "type": "aws_kms_key",
- "name": "tfstate",
- "provider": "provider.aws",
- "instances": [
- {
- "schema_version": 0,
- "attributes": {
- "arn": "arn:aws:kms:us-east-1:471284459109:key/5f348d15-d45c-434a-99ee-362970e0e5b0",
- "customer_master_key_spec": "SYMMETRIC_DEFAULT",
- "deletion_window_in_days": 30,
- "description": "tfstate bucket default S3 SSE-KMS",
- "enable_key_rotation": true,
- "id": "5f348d15-d45c-434a-99ee-362970e0e5b0",
- "is_enabled": true,
- "key_id": "5f348d15-d45c-434a-99ee-362970e0e5b0",
- "key_usage": "ENCRYPT_DECRYPT",
- "policy": "{\"Id\":\"key-consolepolicy-3\",\"Statement\":[{\"Action\":\"kms:*\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::471284459109:root\"},\"Resource\":\"*\",\"Sid\":\"Enable IAM User Permissions\"},{\"Action\":[\"kms:Update*\",\"kms:UntagResource\",\"kms:TagResource\",\"kms:ScheduleKeyDeletion\",\"kms:Revoke*\",\"kms:Put*\",\"kms:List*\",\"kms:Get*\",\"kms:Enable*\",\"kms:Disable*\",\"kms:Describe*\",\"kms:Delete*\",\"kms:Create*\",\"kms:CancelKeyDeletion\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":[\"arn:aws:iam::471284459109:role/user/mdr_engineer\",\"arn:aws:iam::471284459109:user/MDRAdmin\",\"arn:aws:iam::471284459109:role/user/mdr_iam_admin\"]},\"Resource\":\"*\",\"Sid\":\"Allow access for Key Administrators\"},{\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":[\"arn:aws:iam::471284459109:role/user/mdr_engineer\",\"arn:aws:iam::471284459109:user/MDRAdmin\",\"arn:aws:iam::471284459109:role/user/mdr_iam_admin\"]},\"Resource\":\"*\",\"Sid\":\"Allow use of the key\"},{\"Action\":[\"kms:RevokeGrant\",\"kms:ListGrants\",\"kms:CreateGrant\"],\"Condition\":{\"Bool\":{\"kms:GrantIsForAWSResource\":\"true\"}},\"Effect\":\"Allow\",\"Principal\":{\"AWS\":[\"arn:aws:iam::471284459109:role/user/mdr_engineer\",\"arn:aws:iam::471284459109:user/MDRAdmin\",\"arn:aws:iam::471284459109:role/user/mdr_iam_admin\"]},\"Resource\":\"*\",\"Sid\":\"Allow attachment of persistent resources\"}],\"Version\":\"2012-10-17\"}",
- "tags": null
- },
- "private": "bnVsbA=="
- }
- ]
- },
- {
- "module": "module.tfstate",
- "mode": "managed",
- "type": "aws_s3_bucket",
- "name": "tfstate",
- "provider": "provider.aws",
- "instances": [
- {
- "schema_version": 0,
- "attributes": {
- "acceleration_status": "",
- "acl": "private",
- "arn": "arn:aws:s3:::afsxdr-terraform-state",
- "bucket": "afsxdr-terraform-state",
- "bucket_domain_name": "afsxdr-terraform-state.s3.amazonaws.com",
- "bucket_prefix": null,
- "bucket_regional_domain_name": "afsxdr-terraform-state.s3.amazonaws.com",
- "cors_rule": [],
- "force_destroy": false,
- "grant": [],
- "hosted_zone_id": "Z3AQBSTGFYJSTF",
- "id": "afsxdr-terraform-state",
- "lifecycle_rule": [
- {
- "abort_incomplete_multipart_upload_days": 7,
- "enabled": true,
- "expiration": [],
- "id": "tf-s3-lifecycle-20200526021436652500000001",
- "noncurrent_version_expiration": [
- {
- "days": 730
- }
- ],
- "noncurrent_version_transition": [
- {
- "days": 30,
- "storage_class": "STANDARD_IA"
- }
- ],
- "prefix": "",
- "tags": null,
- "transition": []
- }
- ],
- "logging": [],
- "object_lock_configuration": [],
- "policy": null,
- "region": "us-east-1",
- "replication_configuration": [],
- "request_payer": "BucketOwner",
- "server_side_encryption_configuration": [
- {
- "rule": [
- {
- "apply_server_side_encryption_by_default": [
- {
- "kms_master_key_id": "arn:aws:kms:us-east-1:471284459109:key/5f348d15-d45c-434a-99ee-362970e0e5b0",
- "sse_algorithm": "aws:kms"
- }
- ]
- }
- ]
- }
- ],
- "tags": null,
- "versioning": [
- {
- "enabled": true,
- "mfa_delete": false
- }
- ],
- "website": [],
- "website_domain": null,
- "website_endpoint": null
- },
- "private": "bnVsbA==",
- "dependencies": [
- "module.tfstate.aws_kms_key.tfstate"
- ]
- }
- ]
- },
- {
- "module": "module.tfstate",
- "mode": "managed",
- "type": "aws_s3_bucket_public_access_block",
- "name": "tfstate",
- "provider": "provider.aws",
- "instances": [
- {
- "schema_version": 0,
- "attributes": {
- "block_public_acls": true,
- "block_public_policy": true,
- "bucket": "afsxdr-terraform-state",
- "id": "afsxdr-terraform-state",
- "ignore_public_acls": true,
- "restrict_public_buckets": true
- },
- "private": "bnVsbA==",
- "dependencies": [
- "module.tfstate.aws_kms_key.tfstate",
- "module.tfstate.aws_s3_bucket.tfstate"
- ]
- }
- ]
- }
- ]
- }
|
