Skip to content

Commit

Permalink
Merge pull request #22 from trussworks/mk-conditional-naming
Browse files Browse the repository at this point in the history 
Move AWS Config name to a variable
  • Loading branch information
Michael Kania authored Nov 14, 2019
2 parents 5dadbd2 + e65b572 commit 0e79bca
Show file tree
Hide file tree
Showing 8 changed files with 33 additions and 13 deletions.
7 changes: 6 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,13 @@ Terraform 0.11. Pin module version to ~> 1.5.1. Submit pull-requests to terrafor

## Usage

**Note: This module sets up AWS IAM Roles and Policies, which are globally namespaced. If you plan to have multiple instances of AWS Config, make sure they have unique values for `config_name`.**

```hcl
module "aws_config" {
source = "trussworks/config/aws"
source = "trussworks/config/aws"
config_name = "my-aws-config"
config_logs_bucket = "my-aws-logs"
}
```
Expand All @@ -46,6 +50,7 @@ module "aws_config" {
| config\_logs\_bucket | The S3 bucket for AWS Config logs. | string | n/a | yes |
| config\_logs\_prefix | The S3 prefix for AWS Config logs. | string | `"config"` | no |
| config\_max\_execution\_frequency | The maximum frequency with which AWS Config runs evaluations for a rule. | string | `"TwentyFour_Hours"` | no |
| config\_name | The name of the AWS Config instance. | string | `"aws-config"` | no |
| password\_max\_age | Number of days before password expiration. | string | `"90"` | no |
| password\_min\_length | Password minimum length. | string | `"14"` | no |
| password\_require\_lowercase | Require at least one lowercase character in password. | string | `"true"` | no |
Expand Down
2 changes: 1 addition & 1 deletion config-aggregator.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ data "aws_iam_policy_document" "aws_config_aggregator_role_policy" {

resource "aws_iam_role" "aggregator" {
count = var.aggregate_organization ? 1 : 0
name = "aws-config-aggregator-role"
name = "${var.config_name}-aggregator-role"
assume_role_policy = data.aws_iam_policy_document.aws_config_aggregator_role_policy.json
}

Expand Down
6 changes: 3 additions & 3 deletions config-service.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,13 @@
#

resource "aws_config_configuration_recorder_status" "main" {
name = "aws-config"
name = var.config_name
is_enabled = true
depends_on = [aws_config_delivery_channel.main]
}

resource "aws_config_delivery_channel" "main" {
name = "aws-config"
name = var.config_name
s3_bucket_name = var.config_logs_bucket
s3_key_prefix = var.config_logs_prefix

Expand All @@ -21,7 +21,7 @@ resource "aws_config_delivery_channel" "main" {
}

resource "aws_config_configuration_recorder" "main" {
name = "aws-config"
name = var.config_name
role_arn = aws_iam_role.main.arn

recording_group {
Expand Down
1 change: 1 addition & 0 deletions examples/simple/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ module "config_logs" {
module "config" {
source = "../../"

config_name = var.config_name
config_logs_bucket = "${module.config_logs.aws_logs_bucket}"
config_logs_prefix = "config"
}
4 changes: 4 additions & 0 deletions examples/simple/variables.tf
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
variable "config_name" {
type = "string"
}

variable "config_logs_bucket" {
type = "string"
}
Expand Down
8 changes: 4 additions & 4 deletions iam.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,23 +66,23 @@ data "aws_iam_policy_document" "aws-config-role-policy" {
#

resource "aws_iam_role" "main" {
name = "aws-config-role"
name = "${var.config_name}-role"
assume_role_policy = data.aws_iam_policy_document.aws-config-role-policy.json
}

resource "aws_iam_policy_attachment" "managed-policy" {
name = "aws-config-managed-policy"
name = "${var.config_name}-managed-policy"
roles = [aws_iam_role.main.name]
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSConfigRole"
}

resource "aws_iam_policy" "aws-config-policy" {
name = "aws-config-policy"
name = "${var.config_name}-policy"
policy = data.template_file.aws_config_policy.rendered
}

resource "aws_iam_policy_attachment" "aws-config-policy" {
name = "aws-config-policy"
name = "${var.config_name}-policy"
roles = [aws_iam_role.main.name]
policy_arn = aws_iam_policy.aws-config-policy.arn
}
Expand Down
12 changes: 8 additions & 4 deletions test/terraform_aws_config_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,23 +13,27 @@ import (
func TestTerraformAwsConfig(t *testing.T) {
t.Parallel()

expectedConfigLogsBucket := fmt.Sprintf("terratest-aws-config-%s", strings.ToLower(random.UniqueId()))
awsRegion := aws.GetRandomStableRegion(t, nil, nil)
configName := fmt.Sprintf("aws-config-%s", strings.ToLower(random.UniqueId()))
expectedConfigLogsBucket := fmt.Sprintf("terratest-%s", configName)
awsRegion := "us-west-2"

terraformOptions := &terraform.Options{
TerraformDir: "../examples/simple/",
Vars: map[string]interface{}{
"region": awsRegion,
"config_logs_bucket": expectedConfigLogsBucket,
"config_name": configName,
},
EnvVars: map[string]string{
"AWS_DEFAULT_REGION": awsRegion,
},
}

defer terraform.Destroy(t, terraformOptions)
terraform.InitAndApply(t, terraformOptions)

// Empty config_logs_bucket before terraform destroy
aws.EmptyS3Bucket(t, awsRegion, expectedConfigLogsBucket)
defer aws.EmptyS3Bucket(t, awsRegion, expectedConfigLogsBucket)

terraform.InitAndApply(t, terraformOptions)

}
6 changes: 6 additions & 0 deletions variables.tf
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,9 @@
variable "config_name" {
description = "The name of the AWS Config instance."
type = string
default = "aws-config"
}

variable "config_aggregator_name" {
description = "The name of the aggregator."
type = string
Expand Down

0 comments on commit 0e79bca

Please sign in to comment.