Home Explore Help
Register Sign In
AFS
/
xdr-terraform-modules
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Decouples IAM terraform from the `live` repository

* Moves the `iam` modules into subdirectory of `submodules`.
* Moves the terraform source into `base/iam`
* Uses variables to standardize the terragrunt.hcl in
  `xdr-terraform-live`
Fred Damstra 5 years ago
parent
93c44263fa
commit
ffc81e90b9
63 changed files with 44 additions and 0 deletions
Split View Show Diff Stats
  1. 8 0
      base/iam/main.tf
  2. 3 0
      base/iam/outputs.tf
  3. 30 0
      base/iam/vars.tf
  4. 0 0
      base/iam/version.tf
  5. 0 0
      submodules/iam/bootstrap_mdradmin_policies/datasources.tf
  6. 0 0
      submodules/iam/bootstrap_mdradmin_policies/locals.tf
  7. 0 0
      submodules/iam/bootstrap_mdradmin_policies/main.tf
  8. 0 0
      submodules/iam/bootstrap_mdradmin_policies/policy-mdradmin_tfstate_setup.tf
  9. 0 0
      submodules/iam/bootstrap_mdradmin_policies/variables.tf
  10. 0 0
      submodules/iam/child_account_roles/README.md
  11. 0 0
      submodules/iam/child_account_roles/account_alias.tf
  12. 0 0
      submodules/iam/child_account_roles/assume_role_policy-non_saml.tf
  13. 0 0
      submodules/iam/child_account_roles/datasources.tf
  14. 0 0
      submodules/iam/child_account_roles/locals.tf
  15. 0 0
      submodules/iam/child_account_roles/module-policies.tf
  16. 0 0
      submodules/iam/child_account_roles/role-mdr_engineer_readonly.tf
  17. 0 0
      submodules/iam/child_account_roles/role-mdr_terraformer.tf
  18. 0 0
      submodules/iam/child_account_roles/variables.tf
  19. 0 0
      submodules/iam/child_account_roles/versions.tf
  20. 0 0
      submodules/iam/common_services_roles/README.md
  21. 0 0
      submodules/iam/common_services_roles/account_alias.tf
  22. 0 0
      submodules/iam/common_services_roles/assume_role_policy-non_saml.tf
  23. 0 0
      submodules/iam/common_services_roles/assume_role_policy-okta_saml.tf
  24. 0 0
      submodules/iam/common_services_roles/datasources.tf
  25. 0 0
      submodules/iam/common_services_roles/locals.tf
  26. 0 0
      submodules/iam/common_services_roles/module-policies.tf
  27. 0 0
      submodules/iam/common_services_roles/modules/saml_linked_role/main.tf
  28. 0 0
      submodules/iam/common_services_roles/modules/saml_linked_role/outputs.tf
  29. 0 0
      submodules/iam/common_services_roles/modules/saml_linked_role/variables.tf
  30. 0 0
      submodules/iam/common_services_roles/role-mdr_developer_readonly.tf
  31. 0 0
      submodules/iam/common_services_roles/role-mdr_engineer_readonly.tf
  32. 0 0
      submodules/iam/common_services_roles/role-mdr_terraformer.tf
  33. 0 0
      submodules/iam/common_services_roles/saml_provider.tf
  34. 0 0
      submodules/iam/common_services_roles/variables.tf
  35. 0 0
      submodules/iam/common_services_roles/versions.tf
  36. 0 0
      submodules/iam/okta_saml_roles/README.md
  37. 0 0
      submodules/iam/okta_saml_roles/account_alias.tf
  38. 0 0
      submodules/iam/okta_saml_roles/assume_role_policy-okta_saml.tf
  39. 0 0
      submodules/iam/okta_saml_roles/datasources.tf
  40. 0 0
      submodules/iam/okta_saml_roles/locals.tf
  41. 0 0
      submodules/iam/okta_saml_roles/modules/saml_linked_role/main.tf
  42. 0 0
      submodules/iam/okta_saml_roles/modules/saml_linked_role/outputs.tf
  43. 0 0
      submodules/iam/okta_saml_roles/modules/saml_linked_role/variables.tf
  44. 0 0
      submodules/iam/okta_saml_roles/policy-mdr_engineer.tf
  45. 0 0
      submodules/iam/okta_saml_roles/policy-mdr_iam_admin.tf
  46. 0 0
      submodules/iam/okta_saml_roles/policy-mdr_readonly_assumerole.tf
  47. 0 0
      submodules/iam/okta_saml_roles/policy-mdr_terraformer.tf
  48. 0 0
      submodules/iam/okta_saml_roles/role-mdr_engineer.tf
  49. 0 0
      submodules/iam/okta_saml_roles/role-mdr_engineer_readonly.tf
  50. 0 0
      submodules/iam/okta_saml_roles/role-mdr_iam_admin.tf
  51. 0 0
      submodules/iam/okta_saml_roles/role-mdr_terraformer.tf
  52. 0 0
      submodules/iam/okta_saml_roles/saml_provider.tf
  53. 0 0
      submodules/iam/okta_saml_roles/variables.tf
  54. 0 0
      submodules/iam/okta_saml_roles/versions.tf
  55. 0 0
      submodules/iam/standard_iam_policies/README.md
  56. 0 0
      submodules/iam/standard_iam_policies/datasources.tf
  57. 0 0
      submodules/iam/standard_iam_policies/locals.tf
  58. 0 0
      submodules/iam/standard_iam_policies/outputs.tf
  59. 0 0
      submodules/iam/standard_iam_policies/policy-mdr_engineer.tf
  60. 0 0
      submodules/iam/standard_iam_policies/policy-mdr_iam_admin.tf
  61. 0 0
      submodules/iam/standard_iam_policies/policy-mdr_readonly_assumerole.tf
  62. 0 0
      submodules/iam/standard_iam_policies/policy-mdr_terraformer.tf
  63. 3 0
      submodules/iam/standard_iam_policies/versions.tf

+ 8 - 0
base/iam/main.tf
View File 

@@ -0,0 +1,8 @@
 
+module "iam_roles" {
 
+  source = "../../submodules/iam/child_account_roles"
 
+  account_alias = var.account_name
 
+
 
+  assume_role_trusted_arns  = [
 
+    "arn:${var.aws_partition}:iam::${var.common_services_account}:role/user/mdr_engineer_readonly",
 
+  ]
 
+}

+ 3 - 0
base/iam/outputs.tf
View File 

@@ -0,0 +1,3 @@
 
+#output "TODO" {
 
+#  value = TODO
 
+#}

+ 30 - 0
base/iam/vars.tf
View File 

@@ -0,0 +1,30 @@
 
+# No local module inputs (yet)
 
+
 
+# ----------------------------------
 
+# Below this line are variables inherited from higher levels, so they
 
+# do not need to be explicitly passed to this module.
 
+variable "account_name" {
 
+  type = string
 
+}
 
+
 
+# ----------------------------------
 
+# Required for remote state, though they can be used elsewhere
 
+variable "remote_state_bucket" {
 
+  type = string
 
+}
 
+
 
+variable "aws_region" {
 
+  type = string
 
+}
 
+
 
+variable "aws_partition" {
 
+  type = string
 
+}
 
+
 
+variable "common_services_account" {
 
+  type = string
 
+}
 
+
 
+variable "common_profile" {
 
+  type = string
 
+}

+ 0 - 0
base/iam/standard_iam_policies/versions.tf → base/iam/version.tf
View File


+ 0 - 0
base/iam/bootstrap_mdradmin_policies/datasources.tf → submodules/iam/bootstrap_mdradmin_policies/datasources.tf
View File


+ 0 - 0
base/iam/bootstrap_mdradmin_policies/locals.tf → submodules/iam/bootstrap_mdradmin_policies/locals.tf
View File


+ 0 - 0
base/iam/bootstrap_mdradmin_policies/main.tf → submodules/iam/bootstrap_mdradmin_policies/main.tf
View File


+ 0 - 0
base/iam/bootstrap_mdradmin_policies/policy-mdradmin_tfstate_setup.tf → submodules/iam/bootstrap_mdradmin_policies/policy-mdradmin_tfstate_setup.tf
View File


+ 0 - 0
base/iam/bootstrap_mdradmin_policies/variables.tf → submodules/iam/bootstrap_mdradmin_policies/variables.tf
View File


+ 0 - 0
base/iam/child_account_roles/README.md → submodules/iam/child_account_roles/README.md
View File


+ 0 - 0
base/iam/child_account_roles/account_alias.tf → submodules/iam/child_account_roles/account_alias.tf
View File


+ 0 - 0
base/iam/child_account_roles/assume_role_policy-non_saml.tf → submodules/iam/child_account_roles/assume_role_policy-non_saml.tf
View File


+ 0 - 0
base/iam/child_account_roles/datasources.tf → submodules/iam/child_account_roles/datasources.tf
View File


+ 0 - 0
base/iam/child_account_roles/locals.tf → submodules/iam/child_account_roles/locals.tf
View File


+ 0 - 0
base/iam/child_account_roles/module-policies.tf → submodules/iam/child_account_roles/module-policies.tf
View File


+ 0 - 0
base/iam/child_account_roles/role-mdr_engineer_readonly.tf → submodules/iam/child_account_roles/role-mdr_engineer_readonly.tf
View File


+ 0 - 0
base/iam/child_account_roles/role-mdr_terraformer.tf → submodules/iam/child_account_roles/role-mdr_terraformer.tf
View File


+ 0 - 0
base/iam/child_account_roles/variables.tf → submodules/iam/child_account_roles/variables.tf
View File


+ 0 - 0
base/iam/child_account_roles/versions.tf → submodules/iam/child_account_roles/versions.tf
View File


+ 0 - 0
base/iam/common_services_roles/README.md → submodules/iam/common_services_roles/README.md
View File


+ 0 - 0
base/iam/common_services_roles/account_alias.tf → submodules/iam/common_services_roles/account_alias.tf
View File


+ 0 - 0
base/iam/common_services_roles/assume_role_policy-non_saml.tf → submodules/iam/common_services_roles/assume_role_policy-non_saml.tf
View File


+ 0 - 0
base/iam/common_services_roles/assume_role_policy-okta_saml.tf → submodules/iam/common_services_roles/assume_role_policy-okta_saml.tf
View File


+ 0 - 0
base/iam/common_services_roles/datasources.tf → submodules/iam/common_services_roles/datasources.tf
View File


+ 0 - 0
base/iam/common_services_roles/locals.tf → submodules/iam/common_services_roles/locals.tf
View File


+ 0 - 0
base/iam/common_services_roles/module-policies.tf → submodules/iam/common_services_roles/module-policies.tf
View File


+ 0 - 0
base/iam/common_services_roles/modules/saml_linked_role/main.tf → submodules/iam/common_services_roles/modules/saml_linked_role/main.tf
View File


+ 0 - 0
base/iam/common_services_roles/modules/saml_linked_role/outputs.tf → submodules/iam/common_services_roles/modules/saml_linked_role/outputs.tf
View File


+ 0 - 0
base/iam/common_services_roles/modules/saml_linked_role/variables.tf → submodules/iam/common_services_roles/modules/saml_linked_role/variables.tf
View File


+ 0 - 0
base/iam/common_services_roles/role-mdr_developer_readonly.tf → submodules/iam/common_services_roles/role-mdr_developer_readonly.tf
View File


+ 0 - 0
base/iam/common_services_roles/role-mdr_engineer_readonly.tf → submodules/iam/common_services_roles/role-mdr_engineer_readonly.tf
View File


+ 0 - 0
base/iam/common_services_roles/role-mdr_terraformer.tf → submodules/iam/common_services_roles/role-mdr_terraformer.tf
View File


+ 0 - 0
base/iam/common_services_roles/saml_provider.tf → submodules/iam/common_services_roles/saml_provider.tf
View File


+ 0 - 0
base/iam/common_services_roles/variables.tf → submodules/iam/common_services_roles/variables.tf
View File


+ 0 - 0
base/iam/common_services_roles/versions.tf → submodules/iam/common_services_roles/versions.tf
View File


+ 0 - 0
base/iam/okta_saml_roles/README.md → submodules/iam/okta_saml_roles/README.md
View File


+ 0 - 0
base/iam/okta_saml_roles/account_alias.tf → submodules/iam/okta_saml_roles/account_alias.tf
View File


+ 0 - 0
base/iam/okta_saml_roles/assume_role_policy-okta_saml.tf → submodules/iam/okta_saml_roles/assume_role_policy-okta_saml.tf
View File


+ 0 - 0
base/iam/okta_saml_roles/datasources.tf → submodules/iam/okta_saml_roles/datasources.tf
View File


+ 0 - 0
base/iam/okta_saml_roles/locals.tf → submodules/iam/okta_saml_roles/locals.tf
View File


+ 0 - 0
base/iam/okta_saml_roles/modules/saml_linked_role/main.tf → submodules/iam/okta_saml_roles/modules/saml_linked_role/main.tf
View File


+ 0 - 0
base/iam/okta_saml_roles/modules/saml_linked_role/outputs.tf → submodules/iam/okta_saml_roles/modules/saml_linked_role/outputs.tf
View File


+ 0 - 0
base/iam/okta_saml_roles/modules/saml_linked_role/variables.tf → submodules/iam/okta_saml_roles/modules/saml_linked_role/variables.tf
View File


+ 0 - 0
base/iam/okta_saml_roles/policy-mdr_engineer.tf → submodules/iam/okta_saml_roles/policy-mdr_engineer.tf
View File


+ 0 - 0
base/iam/okta_saml_roles/policy-mdr_iam_admin.tf → submodules/iam/okta_saml_roles/policy-mdr_iam_admin.tf
View File


+ 0 - 0
base/iam/okta_saml_roles/policy-mdr_readonly_assumerole.tf → submodules/iam/okta_saml_roles/policy-mdr_readonly_assumerole.tf
View File


+ 0 - 0
base/iam/okta_saml_roles/policy-mdr_terraformer.tf → submodules/iam/okta_saml_roles/policy-mdr_terraformer.tf
View File


+ 0 - 0
base/iam/okta_saml_roles/role-mdr_engineer.tf → submodules/iam/okta_saml_roles/role-mdr_engineer.tf
View File


+ 0 - 0
base/iam/okta_saml_roles/role-mdr_engineer_readonly.tf → submodules/iam/okta_saml_roles/role-mdr_engineer_readonly.tf
View File


+ 0 - 0
base/iam/okta_saml_roles/role-mdr_iam_admin.tf → submodules/iam/okta_saml_roles/role-mdr_iam_admin.tf
View File


+ 0 - 0
base/iam/okta_saml_roles/role-mdr_terraformer.tf → submodules/iam/okta_saml_roles/role-mdr_terraformer.tf
View File


+ 0 - 0
base/iam/okta_saml_roles/saml_provider.tf → submodules/iam/okta_saml_roles/saml_provider.tf
View File


+ 0 - 0
base/iam/okta_saml_roles/variables.tf → submodules/iam/okta_saml_roles/variables.tf
View File


+ 0 - 0
base/iam/okta_saml_roles/versions.tf → submodules/iam/okta_saml_roles/versions.tf
View File


+ 0 - 0
base/iam/standard_iam_policies/README.md → submodules/iam/standard_iam_policies/README.md
View File


+ 0 - 0
base/iam/standard_iam_policies/datasources.tf → submodules/iam/standard_iam_policies/datasources.tf
View File


+ 0 - 0
base/iam/standard_iam_policies/locals.tf → submodules/iam/standard_iam_policies/locals.tf
View File


+ 0 - 0
base/iam/standard_iam_policies/outputs.tf → submodules/iam/standard_iam_policies/outputs.tf
View File


+ 0 - 0
base/iam/standard_iam_policies/policy-mdr_engineer.tf → submodules/iam/standard_iam_policies/policy-mdr_engineer.tf
View File


+ 0 - 0
base/iam/standard_iam_policies/policy-mdr_iam_admin.tf → submodules/iam/standard_iam_policies/policy-mdr_iam_admin.tf
View File


+ 0 - 0
base/iam/standard_iam_policies/policy-mdr_readonly_assumerole.tf → submodules/iam/standard_iam_policies/policy-mdr_readonly_assumerole.tf
View File


+ 0 - 0
base/iam/standard_iam_policies/policy-mdr_terraformer.tf → submodules/iam/standard_iam_policies/policy-mdr_terraformer.tf
View File


+ 3 - 0
submodules/iam/standard_iam_policies/versions.tf
View File 

@@ -0,0 +1,3 @@
 
+terraform {
 
+  required_version = ">= 0.12, < 0.13"
 
+}