Browse Source

add variables and outputs

tags/0.1.0^2
Quentin Vallin 2 years ago
parent
commit
ca843765e6
Signed by untrusted user: quentin.vallin <quentin.vallin@fxinnovation.com> GPG Key ID: 96D1C2CDC50558C3
3 changed files with 143 additions and 8 deletions
  1. +7
    -8
      main.tf
  2. +23
    -0
      outputs.tf
  3. +113
    -0
      variabales.tf

+ 7
- 8
main.tf View File

@@ -42,7 +42,7 @@ resource "aws_kms_alias" "this" {
}

####
# IAM Instance Profile
# IAM Policy
####

data "aws_iam_policy_document" "read" {
@@ -59,9 +59,7 @@ data "aws_iam_policy_document" "read" {
"ssm:GetParameters",
]

resources = [
"arn:aws:ssm:*:${data.aws_caller_identity.current.account_id}:parameter/${var.ssm_parameter_prefix}/var.names.*",
]
resources = "${formatlist("arn:aws:ssm:*:%s:parameter/%s/%s", data.aws_caller_identity.current.account_id, var.ssm_parameter_prefix, var.names.*)}"
}

statement {
@@ -81,8 +79,9 @@ data "aws_iam_policy_document" "read" {
}

resource "aws_iam_policy" "read" {
count = "${var.enabled && var.policy_create ? 1 : 0}"
name = "${var.policy_name}"
path = "${var.policy_path}"
policy = "${data.aws_iam_policy_document.read.json}"
count = "${var.enabled && var.iam_policy_create ? 1 : 0}"
name_prefix = "${var.iam_policy_name_prefix_read_only}"
path = "${var.iam_policy_path}"
policy = "${data.aws_iam_policy_document.read.json}"
description = "Read only policy to get access to ${var.prefix} SSM parameters."
}

+ 23
- 0
outputs.tf View File

@@ -1 +1,24 @@
output "arns" {
description = "Arns of ssm parameters"
value = "${compact(concat(aws_ssm_parameter.this.*.arn, list("")))}"
}

output "names" {
description = "Names of ssm parameters"
value = "${compact(concat(aws_ssm_parameter.this.*.name, list("")))}"
}

output "iam_policy_read_only_id" {
description = "ID of the read only policy"
value = "${element(concat(aws_iam_policy.read.*.id, list("")), 0)}"
}

output "iam_policy_read_only_arn" {
description = "ARN of the read only policy"
value = "${element(concat(aws_iam_policy.read.*.arn, list("")), 0)}"
}

output "iam_policy_read_only_path" {
description = "Path of the read only policy"
value = "${element(concat(aws_iam_policy.read.*.path, list("")), 0)}"
}

+ 113
- 0
variabales.tf View File

@@ -1 +1,114 @@
#####
# Global variables
####

variable "enabled" {
description = "Enable this module"
default = true
}

variable "tags" {
description = "Global tags for resources"
default = {}
}

#####
# SSM parameters
#####

variable "ssm_parameter_count" {
description = "Number of parameters to add"
}

variable "prefix" {
description = "The prefix to be used for every SSM Parameters."
type = "string"
}

variable "names" {
description = "List of names for parameters."
type = "list"
}

variable "descriptions" {
description = "List of descriptions for parameters."
default = []
}

variable "types" {
description = "List of types for parameters."
type = "list"
}

variable "values" {
description = "List of values for parameters."
type = "list"
}

variable "tiers" {
description = "List of tiers for parameters."
default = []
}

variable "overwrite" {
description = "Overwrite an existing parameter"
default = false
}

variable "allowed_patterns" {
description = "List of regular expression used to validate the parameter value."
default = []
}

#####
# KMS key
#####

variable "kms_key_create" {
description = "Create a kms key for secure string parameters."
default = false
}

variable "kms_key_arn" {
description = "Arn of the kms key if toggle kms_key_create is disable."
default = ""
}

variable "kms_key_name" {
description = "Name of the kms key if toggle kms_key_create is set"
default = ""
}

variable "kms_tags" {
description = "Tags that will be merged with variable tags for the kms key"
default = {}
}

variable "kms_key_alias_name" {
description = "Alias of the kms key if toggle kms_key_create is set"
default = ""
}

#####
# IAM Policy
#####

variable "iam_policy_create" {
description = "Create read only and read write policy to get an access to SSM paramters"
default = false
}

variable "iam_policy_name_prefix_read_only" {
description = "Name of the IAM read only access to SSM parameter policy"
default = ""
}

variable "iam_policy_name_prefix_read_write" {
description = "Name of the IAM read write access to SSM parameter policy"
default = ""
}

variable "iam_policy_path" {
description = "Path in which to create the policies."
default = "/"
}

Loading…
Cancel
Save