From a02084782052495b2f752f3ed9f62d027833e975 Mon Sep 17 00:00:00 2001 From: Lewis Marsden-Lambert <893830+m13t@users.noreply.github.com> Date: Fri, 13 Sep 2024 09:28:48 +0100 Subject: [PATCH 1/5] chore: updated readme and example --- README.md | 22 +++++++++++++++++----- examples/basic/README.md | 4 +++- examples/basic/main.tf | 22 +++++++++++++++++----- examples/basic/providers.tf | 1 - examples/basic/terraform.tf | 1 - 5 files changed, 37 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index e5c1a65..f7d68da 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,15 @@ ![Github Actions](../../actions/workflows/terraform.yml/badge.svg) -# Terraform +# Terraform AWS Appvia Audit Role ## Description -Add a description of the module here +This module creates a federated AWS IAM role in one or more accounts for the purpose of providing remote audit access +for Appvia. The module should be deployed from the organization management account or a delegated administrator account. + +The role is designed as such that it can only be consumed from a coresponding audit role within Appvia's infrastructure +and when an agreed external ID is in place. Once the audit is complete, this role should be removed, however it will automatically +block further access after 7 days. ## Usage @@ -12,10 +17,17 @@ Add example usage here ```hcl module "example" { - source = "appvia//aws" - version = "0.0.1" + source = "appvia/appvia-audit-role/aws" + version = "1.0.0" + + external_id = "" + + deployment_account_ids = [ + "012345678910", + "102938475632", + ] - # insert variables here + expiry_days = 7 } ``` diff --git a/examples/basic/README.md b/examples/basic/README.md index 07361b0..fbdc201 100644 --- a/examples/basic/README.md +++ b/examples/basic/README.md @@ -12,7 +12,9 @@ No providers. ## Modules -No modules. +| Name | Source | Version | +|------|--------|---------| +| [example](#module\_example) | appvia/appvia-audit-role/aws | 1.0.0 | ## Resources diff --git a/examples/basic/main.tf b/examples/basic/main.tf index b2619ce..7c44c00 100644 --- a/examples/basic/main.tf +++ b/examples/basic/main.tf @@ -1,5 +1,17 @@ -##################################################################################### -# Terraform module examples are meant to show an _example_ on how to use a module -# per use-case. The code below should not be copied directly but referenced in order -# to build your own root module that invokes this module -##################################################################################### +module "example" { + source = "appvia/appvia-audit-role/aws" + version = "1.0.0" + + # A secure random string to be used as the role's external ID. + # This should only be shared between the client and Appvia. + external_id = "b03e124b514528288a38cb791de17bde" + + # List of account IDs that the role should be deployed to + deployment_account_ids = [ + "012345678910", + "102938475632", + ] + + # The number of days after which an account should expire + expiry_days = 7 +} diff --git a/examples/basic/providers.tf b/examples/basic/providers.tf index f7a5cfa..b21d3b6 100644 --- a/examples/basic/providers.tf +++ b/examples/basic/providers.tf @@ -1,2 +1 @@ - provider "aws" {} diff --git a/examples/basic/terraform.tf b/examples/basic/terraform.tf index c3db407..45dce90 100644 --- a/examples/basic/terraform.tf +++ b/examples/basic/terraform.tf @@ -1,4 +1,3 @@ - terraform { required_version = ">= 1.0.0" From 923e10ef87e03845befe9ad9d881510ce22b5223 Mon Sep 17 00:00:00 2001 From: Lewis Marsden-Lambert <893830+m13t@users.noreply.github.com> Date: Fri, 13 Sep 2024 09:34:37 +0100 Subject: [PATCH 2/5] chore: use relative path --- examples/basic/main.tf | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/examples/basic/main.tf b/examples/basic/main.tf index 7c44c00..a5a27d3 100644 --- a/examples/basic/main.tf +++ b/examples/basic/main.tf @@ -1,6 +1,5 @@ module "example" { - source = "appvia/appvia-audit-role/aws" - version = "1.0.0" + source = "../../" # A secure random string to be used as the role's external ID. # This should only be shared between the client and Appvia. From 9d1385ac6247a6ccba639c242fc14c34e16c6631 Mon Sep 17 00:00:00 2001 From: Lewis Marsden-Lambert <893830+m13t@users.noreply.github.com> Date: Fri, 13 Sep 2024 09:35:41 +0100 Subject: [PATCH 3/5] chore: fix formatting --- examples/basic/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/basic/main.tf b/examples/basic/main.tf index a5a27d3..459488a 100644 --- a/examples/basic/main.tf +++ b/examples/basic/main.tf @@ -1,5 +1,5 @@ module "example" { - source = "../../" + source = "../../" # A secure random string to be used as the role's external ID. # This should only be shared between the client and Appvia. From a2bae7d8ad85f452216eb90aa948f0c98d12b68f Mon Sep 17 00:00:00 2001 From: Lewis Marsden-Lambert <893830+m13t@users.noreply.github.com> Date: Fri, 13 Sep 2024 09:42:08 +0100 Subject: [PATCH 4/5] chore: aws provider constraints --- examples/basic/.terraform.lock.hcl | 54 ++++++++++++++++++++---------- examples/basic/terraform.tf | 2 +- terraform.tf | 2 +- 3 files changed, 39 insertions(+), 19 deletions(-) diff --git a/examples/basic/.terraform.lock.hcl b/examples/basic/.terraform.lock.hcl index 2569825..5f319d2 100644 --- a/examples/basic/.terraform.lock.hcl +++ b/examples/basic/.terraform.lock.hcl @@ -2,24 +2,44 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "5.45.0" - constraints = ">= 5.0.0" + version = "5.67.0" + constraints = ">= 5.58.0" hashes = [ - "h1:8m3+C1VNevzU/8FsABoKp2rTOx3Ue7674INfhfk0TZY=", - "zh:1379bcf45aef3d486ee18b4f767bfecd40a0056510d26107f388be3d7994c368", - "zh:1615a6f5495acfb3a0cb72324587261dd4d72711a3cc51aff13167b14531501e", - "zh:18b69a0f33f8b1862fbd3f200756b7e83e087b73687085f2cf9c7da4c318e3e6", - "zh:2c5e7aecd197bc3d3b19290bad8cf4c390c2c6a77bb165da4e11f53f2dfe2e54", - "zh:3794da9bef97596e3bc60e12cdd915bda5ec2ed62cd1cd93723d58b4981905fe", - "zh:40a5e45ed91801f83db76dffd467dcf425ea2ca8642327cf01119601cb86021c", - "zh:4abfc3f53d0256a7d5d1fa5e931e4601b02db3d1da28f452341d3823d0518f1a", - "zh:4eb0e98078f79aeb06b5ff6115286dc2135d12a80287885698d04036425494a2", - "zh:75470efbadea4a8d783642497acaeec5077fc4a7f3df3340defeaa1c7de29bf7", - "zh:8861a0b4891d5fa2fa7142f236ae613cea966c45b5472e3915a4ac3abcbaf487", - "zh:8bf6f21cd9390b742ca0b4393fde92616ca9e6553fb75003a0999006ad233d35", + "h1:8wkuQvQiqjjm2+gQepy6xFBfimGoesKz1BPcVKWvED8=", + "zh:1259c8106c0a3fc0ed3b3eb814ab88d6a672e678b533f47d1bbbe3107949f43e", + "zh:226414049afd6d334cc16ff5d6cef23683620a9b56da67a21422a113d9cce4ab", + "zh:3c89b103aea20ef82a84e889abaeb971cb168de8292b61b34b83e807c40085a9", + "zh:3dd88e994fb7d7a6c6eafd3c01393274e4f776021176acea2e980f73fbd4acbc", + "zh:487e0dda221c84a20a143904c1cee4e63fce6c5c57c21368ea79beee87b108da", + "zh:7693bdcec8181aafcbda2c41c35b1386997e2c92b6f011df058009e4c8b300e1", + "zh:82679536250420f9e8e6edfd0fa9a1bab99a7f31fe5f049ac7a2e0d8c287b56f", + "zh:8685218dae921740083820c52afa66cdf14cf130539da1efd7d9a78bfb6ade64", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:ad73008a044e75d337acda910fb54d8b81a366873c8a413fec1291034899a814", - "zh:bf261713b0b8bebfe8c199291365b87d9043849f28a2dc764bafdde73ae43693", - "zh:da3bafa1fd830be418dfcc730e85085fe67c0d415c066716f2ac350a2306f40a", + "zh:9e553a3ec05eedea779d393447fc316689ba6c4d4d8d569b986898e6dbe58fee", + "zh:a36c24acd3c75bac8211fefde58c459778021eb871ff8339be1c26ad8fd67ee1", + "zh:ce48bd1e35d6f996f1a09d8f99e8084469b7fec5611e67a50a63e96375b87ebe", + "zh:d6c76a24205513725269e4783da14be9648e9086fb621496052f4b37d52d785e", + "zh:d95a31745affb178ea48fa8e0be94691a8f7507ea55c0d0a4b6e0a8ef6fcb929", + "zh:f061ce59fac1bc425c1092e6647ed4bb1b61824416041b46dbf336e01a63ad89", + ] +} + +provider "registry.terraform.io/hashicorp/time" { + version = "0.12.1" + constraints = ">= 0.12.0" + hashes = [ + "h1:JzYsPugN8Fb7C4NlfLoFu7BBPuRVT2/fCOdCaxshveI=", + "zh:090023137df8effe8804e81c65f636dadf8f9d35b79c3afff282d39367ba44b2", + "zh:26f1e458358ba55f6558613f1427dcfa6ae2be5119b722d0b3adb27cd001efea", + "zh:272ccc73a03384b72b964918c7afeb22c2e6be22460d92b150aaf28f29a7d511", + "zh:438b8c74f5ed62fe921bd1078abe628a6675e44912933100ea4fa26863e340e9", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:85c8bd8eefc4afc33445de2ee7fbf33a7807bc34eb3734b8eefa4e98e4cddf38", + "zh:98bbe309c9ff5b2352de6a047e0ec6c7e3764b4ed3dfd370839c4be2fbfff869", + "zh:9c7bf8c56da1b124e0e2f3210a1915e778bab2be924481af684695b52672891e", + "zh:d2200f7f6ab8ecb8373cda796b864ad4867f5c255cff9d3b032f666e4c78f625", + "zh:d8c7926feaddfdc08d5ebb41b03445166df8c125417b28d64712dccd9feef136", + "zh:e2412a192fc340c61b373d6c20c9d805d7d3dee6c720c34db23c2a8ff0abd71b", + "zh:e6ac6bba391afe728a099df344dbd6481425b06d61697522017b8f7a59957d44", ] } diff --git a/examples/basic/terraform.tf b/examples/basic/terraform.tf index 45dce90..62460d5 100644 --- a/examples/basic/terraform.tf +++ b/examples/basic/terraform.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.0.0" + version = ">= 5.58.0" } } } diff --git a/terraform.tf b/terraform.tf index 1c4ff32..57087d1 100644 --- a/terraform.tf +++ b/terraform.tf @@ -5,7 +5,7 @@ terraform { # tflint-ignore: terraform_unused_required_providers aws = { source = "hashicorp/aws" - version = ">= 5.0.0" + version = ">= 5.58.0" } time = { From f3eca1bf2f729f5b85ecdd220ad48081a0302e61 Mon Sep 17 00:00:00 2001 From: Lewis Marsden-Lambert <893830+m13t@users.noreply.github.com> Date: Fri, 13 Sep 2024 09:44:29 +0100 Subject: [PATCH 5/5] chore: updated docs --- README.md | 4 ++-- examples/basic/README.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index f7d68da..c690141 100644 --- a/README.md +++ b/README.md @@ -45,14 +45,14 @@ The `terraform-docs` utility is used to generate this README. Follow the below s | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0.7 | -| [aws](#requirement\_aws) | >= 5.0.0 | +| [aws](#requirement\_aws) | >= 5.58.0 | | [time](#requirement\_time) | >= 0.12.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.0.0 | +| [aws](#provider\_aws) | >= 5.58.0 | | [time](#provider\_time) | >= 0.12.0 | ## Modules diff --git a/examples/basic/README.md b/examples/basic/README.md index fbdc201..69170fb 100644 --- a/examples/basic/README.md +++ b/examples/basic/README.md @@ -4,7 +4,7 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0.0 | -| [aws](#requirement\_aws) | >= 5.0.0 | +| [aws](#requirement\_aws) | >= 5.58.0 | ## Providers @@ -14,7 +14,7 @@ No providers. | Name | Source | Version | |------|--------|---------| -| [example](#module\_example) | appvia/appvia-audit-role/aws | 1.0.0 | +| [example](#module\_example) | ../../ | n/a | ## Resources