zoitech / terraform-aws-account Goto Github PK

View Code? Open in Web Editor NEW

11.0 3.0 12.0 47 KB

Terraform module which setup the most generic aws-accounts settings.

License: MIT License

HCL 100.00%

terraform-aws-account's Introduction

terraform-aws-account

Terraform module for managing the AWS account.

Description

This module creates the following resources:

Set account alias (optional)
Set IAM password policy (optional)
CloudTail (optional)
Create S3 logging bucket for cloudtrail (optional)
IAM policies (optional)
Guardduty (optional)
EC2 key pair (optional)

Usage

module "account" {
  source              = "git::https://github.com/zoitech/terraform-aws-account.git"
  aws_region              = "eu-central-1"
}

Account Alias

Account alias is enabled by default and has the default name "not_set".

module "account" {
  source                    = "git::https://github.com/zoitech/terraform-aws-account.git"
  aws_region                    = "eu-central-1"
  create_acount_alias       = true
  account_alias             = "my-aws-account"
}

CloudTrail

Cloudtrail and a cloudtrail bucket will be created by default. To disable, set "create_cloudtrail" and "create_cloudtrail_bucket" to "false".

The cloudtrail bucket will fail to create if "create_cloudtrail_bucket" is set to "true" and "create_cloudtrail" is set to "false".

The "cloudtrail_bucketname" can be the name of an existing bucket (set "create_cloudtrail_bucket" to "false") or it will be used to name the bucket that will be created.

module "account" {
  source                   = "git::https://github.com/zoitech/terraform-aws-account.git"
  aws_region                   = "eu-central-1"
  create_cloudtrail        = true
  cloudtrail_name          = "my-cloudtrail"
  create_cloudtrail_bucket = true
  cloudtrail_bucketname    = "my-cloudtrail-bucket"
}

Guardduty Detector

Guardduty detector will be created and enabled by default.

module "account" {
  source                    = "git::https://github.com/zoitech/terraform-aws-account.git"
  aws_region                    = "eu-central-1"
  create_guardduty_detector = true
  enable_guardduty_detector = true
}

EC2 Key Pair

Creating a key pair is disabled by default.

module "account" {
  source          = "git::https://github.com/zoitech/terraform-aws-account.git"
  aws_region          = "eu-central-1"
  create_key_pair = true
  key_name        = "my-key"
  public_key      = file("my-key-name.pub")
}

AWS KMS Keys

Creating KMS keys is disabled by default.

module "account" {
  source          = "git::https://github.com/zoitech/terraform-aws-account.git"
  aws_region          = "eu-central-1"
  create_kms_keys = true
  kms_keys        = [
    {
      alias_name              = "alias/ec2"
      description             = "Encryption/decryption of ec2 data"
      deletion_window_in_days = 30
      is_enabled              = true
      enable_key_rotation     = true
    },
  ]
}

To Reference A Tagged Version of the Repository

To reference a tagged version of the repository:

module "network" {
  source        = "git::https://github.com/zoitech/terraform-aws-account.git?ref=v0.0.5"
  aws_region        = "eu-central-1"
}

Authors

Module managed by Zoi.

License

MIT License. See LICENSE for full details.

terraform-aws-account's People

Contributors

Stargazers

Watchers

Forkers

skardian metricmike sasfaha toketunji trentnow rxfork smelchior whip-networks aruntheja-4 ryanoatz99 asmtal ecogit-stage

terraform-aws-account's Issues

Race Condition for Cloudtrail resource

Occasionally seeing an apply fail with:

aws_s3_bucket.cloudtrail_bucket: Creating...
aws_s3_bucket.cloudtrail_bucket: Creation complete
aws_cloudtrail.global_Default: Creating...
aws_s3_bucket_policy.cloudtrail_bucket_policy: Creating...
aws_s3_bucket_policy.cloudtrail_bucket_policy: Creation complete

aws_cloudtrail.global_Default: InsufficientS3BucketPolicyException: Incorrect S3 bucket policy is detected for bucket

A re-plan and re-apply succeeds. It looks like the aws_cloudtrail resource has a dependency on aws_s3_bucket_policy, but terraform isn't detecting that on its own.

Adding a depends_on argument would be one way to fix, but wanted to ask before making a PR.

Please publish latest version on registry

Please publish v1.1.0 on https://registry.terraform.io/modules/zoitech/account/aws/latest

Add an option to create AWS KMS keys

Enable the optional creation of aws kms keys.

Override the Default Provider?

Interested in using the module in a fairly complex setup involving multiple providers. Would be easy if we implement a way to be able to specify a provider instead of using the default provider supplied in provider.tf.

Thoughts on easier ways of implementing than editing every single file? Tried simple overrides but that conflicted with a fair amount of existing structure.

Cloudtrail bucket tag causes interpolation warning

Warning: Interpolation-only expressions are deprecated

on ..... /s3_cloudtrail.tf line 18, in resource "aws_s3_bucket" "cloudtrail_bucket":
18: "${var.tag_name}" = local.cloudtrail_bucket_name

Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.

Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.