From e60fb2d0087c17d1ee6a72a74b20d0e0d26914af Mon Sep 17 00:00:00 2001 From: luis cavalcante Date: Mon, 16 Oct 2023 11:28:35 +0800 Subject: [PATCH] Add initial files Add describe and start ec2 instance pipelines fix names and add param support multiple instances json decode output Update EC2 pipelines and var names (#1) Fix param and step name references Remove unnecessary null check on list(string) param Add modify_rds_db_instance Add list_s3_buckets pipeline Add tag_resources pipeline feat: update_s3_bucket_versioning pipeline rds fixes work-around: added defaults to vars to work-around a parse validation error refactor: get raw stdout/stderr Add untag_resources pipeline Add titles, fix spacing, update descriptions lots of changes moving rds to its folder add backup_retention_period to rds add create_iam_role Add descriptions to pipelines Added pipeline to list groups for a user create_iam_policy Add start_ec2_instances pipeline Updated the List Groups by User pipeline and param description attach_role_policy Add put_role_policy add_role_inline_policy Added session token support Add library mod for aws-ec2. add pipeline for deleting security group rules fix s3 reference in security group pipeline Added list users pipeline Writen read s3 file Rename IAM pipelines, add output descriptions Updated the list users pipeline Updated the output variable and its description iam instance profile vpc create and describe remove non defaults values from read_s3_file describe_subnets modify_ec2_instance_metadata_options renaming files fix typo put_s3_bucket_encryption updating pipeline names update_s3_public_access_block Add S3 bucket create and delete pipelines with tests, update var descriptions Add test_update_s3_bucket_versioning and update outputs in test_create_s3_bucket Move S3 tests Cleanup in S3 test files add params to s3 bucket create_subnet Renaming bucket_name parameter to bucket to match aws-cli Add EBS default encryption and modify volume pipelines (#2) Add missing quote Rename update_s3_public_access_block and add get_s3_bucket_versioning pipeline Add more check steps to test_update_s3_bucket_versioning update description for aws-ec2 pipelines. Updated title and descriptions. Add minor comments to test Fix outputs in test_update_s3_bucket_versioning pipeline create ec2 instance add terminate_ec2_instances and test create rename security group rule revocation update pipeline descriptions Fix revoke_security_group_ingress_rule pipeline name Update S3 tests to use hardcoded us-east-1 region Add TODO around location to create_s3_bucket write documentation moving docs to root add test_modify_ec2_instance_metadata_options snapshot pipelines Code cleanup elb, lambda, sns, sqs, vpc pipelines --- locals.hcl | 1 + pipelines/ebs/create_ec2_snapshot.hcl | 51 +++++++++++++ pipelines/ebs/delete_ec2_snapshot.hcl | 52 ++++++++++++++ pipelines/ebs/describe_ec2_snapshots.hcl | 67 +++++++++++++++++ .../elb/create_elb_classic_load_balancer.hcl | 64 +++++++++++++++++ pipelines/elb/create_elb_load_balancer.hcl | 64 +++++++++++++++++ pipelines/elb/delete_elb_load_balancer.hcl | 52 ++++++++++++++ pipelines/lambda/create_lambda_function.hcl | 72 +++++++++++++++++++ pipelines/lambda/delete_lambda_function.hcl | 52 ++++++++++++++ pipelines/lambda/get_lambda_function.hcl | 52 ++++++++++++++ pipelines/s3/get_s3_object.hcl | 69 ++++++++++++++++++ pipelines/s3/list_s3_buckets.hcl | 10 ++- pipelines/s3/read_s3_file.hcl | 61 ++++++++++++++++ pipelines/s3/tests/test_create_s3_bucket.hcl | 2 +- pipelines/sns/create_sns_topic.hcl | 52 ++++++++++++++ pipelines/sns/delete_sns_topic.hcl | 52 ++++++++++++++ pipelines/sns/get_sns_topic_attributes.hcl | 52 ++++++++++++++ pipelines/sns/set_sns_topic_attributes.hcl | 64 +++++++++++++++++ pipelines/sqs/create_sqs_queue.hcl | 52 ++++++++++++++ pipelines/sqs/delete_sqs_queue.hcl | 52 ++++++++++++++ pipelines/sqs/get_sqs_queue_attributes.hcl | 52 ++++++++++++++ pipelines/sqs/set_sqs_queue_attributes.hcl | 64 +++++++++++++++++ pipelines/vpc/create_vpc_security_group.hcl | 65 +++++++++++++++++ variables.hcl | 6 ++ 24 files changed, 1178 insertions(+), 2 deletions(-) create mode 100644 pipelines/ebs/create_ec2_snapshot.hcl create mode 100644 pipelines/ebs/delete_ec2_snapshot.hcl create mode 100644 pipelines/ebs/describe_ec2_snapshots.hcl create mode 100644 pipelines/elb/create_elb_classic_load_balancer.hcl create mode 100644 pipelines/elb/create_elb_load_balancer.hcl create mode 100644 pipelines/elb/delete_elb_load_balancer.hcl create mode 100644 pipelines/lambda/create_lambda_function.hcl create mode 100644 pipelines/lambda/delete_lambda_function.hcl create mode 100644 pipelines/lambda/get_lambda_function.hcl create mode 100644 pipelines/s3/get_s3_object.hcl create mode 100644 pipelines/s3/read_s3_file.hcl create mode 100644 pipelines/sns/create_sns_topic.hcl create mode 100644 pipelines/sns/delete_sns_topic.hcl create mode 100644 pipelines/sns/get_sns_topic_attributes.hcl create mode 100644 pipelines/sns/set_sns_topic_attributes.hcl create mode 100644 pipelines/sqs/create_sqs_queue.hcl create mode 100644 pipelines/sqs/delete_sqs_queue.hcl create mode 100644 pipelines/sqs/get_sqs_queue_attributes.hcl create mode 100644 pipelines/sqs/set_sqs_queue_attributes.hcl create mode 100644 pipelines/vpc/create_vpc_security_group.hcl diff --git a/locals.hcl b/locals.hcl index 6c75b50..4dfb78a 100644 --- a/locals.hcl +++ b/locals.hcl @@ -3,4 +3,5 @@ locals { access_key_id_param_description = "The ID for this access key." region_param_description = "The name of the Region." secret_access_key_param_description = "The secret key used to sign requests." + session_token_param_description = "The session token that identifies the federated user session." } diff --git a/pipelines/ebs/create_ec2_snapshot.hcl b/pipelines/ebs/create_ec2_snapshot.hcl new file mode 100644 index 0000000..4d414c0 --- /dev/null +++ b/pipelines/ebs/create_ec2_snapshot.hcl @@ -0,0 +1,51 @@ +pipeline "create_ec2_snapshot" { + title = "Create EC2 Snapshot" + description = "Creates a snapshot of the specified EBS volume." + + param "region" { + type = string + description = "The name of the Region." + default = var.region + } + + param "access_key_id" { + type = string + description = "The ID for this access key." + default = var.access_key_id + } + + param "secret_access_key" { + type = string + description = "The secret key used to sign requests." + default = var.secret_access_key + } + + param "volume_id" { + type = string + description = "The ID of the EBS volume to create a snapshot of." + } + + step "container" "create_ec2_snapshot" { + image = "amazon/aws-cli" + + cmd = concat( + ["ec2", "create-snapshot", "--volume-id", param.volume_id] + ) + + env = { + AWS_REGION = param.region + AWS_ACCESS_KEY_ID = param.access_key_id + AWS_SECRET_ACCESS_KEY = param.secret_access_key + } + } + + output "stdout" { + description = "The standard output stream from the AWS CLI." + value = jsondecode(step.container.create_ec2_snapshot.stdout) + } + + output "stderr" { + description = "The standard error stream from the AWS CLI." + value = step.container.create_ec2_snapshot.stderr + } +} diff --git a/pipelines/ebs/delete_ec2_snapshot.hcl b/pipelines/ebs/delete_ec2_snapshot.hcl new file mode 100644 index 0000000..911603a --- /dev/null +++ b/pipelines/ebs/delete_ec2_snapshot.hcl @@ -0,0 +1,52 @@ +pipeline "delete_ec2_snapshot" { + title = "Delete EC2 Snapshot" + description = "Deletes an Amazon EC2 snapshot." + + param "region" { + type = string + description = "The name of the region." + default = var.region + } + + param "access_key_id" { + type = string + description = "The ID for this access key." + default = var.access_key_id + } + + param "secret_access_key" { + type = string + description = "The secret key used to sign requests." + default = var.secret_access_key + } + + param "snapshot_id" { + type = string + description = "The ID of the EC2 snapshot to delete." + } + + step "container" "delete_ec2_snapshot" { + image = "amazon/aws-cli" + + cmd = [ + "ec2", "delete-snapshot", + "--snapshot-id", param.snapshot_id, + ] + + env = { + AWS_REGION = param.region, + AWS_ACCESS_KEY_ID = param.access_key_id, + AWS_SECRET_ACCESS_KEY = param.secret_access_key + } + } + + output "stdout" { + description = "The standard output stream from the AWS CLI." + value = jsondecode(step.container.delete_ec2_snapshot.stdout) + } + + output "stderr" { + description = "The standard error stream from the AWS CLI." + value = step.container.delete_ec2_snapshot.stderr + } +} diff --git a/pipelines/ebs/describe_ec2_snapshots.hcl b/pipelines/ebs/describe_ec2_snapshots.hcl new file mode 100644 index 0000000..3852651 --- /dev/null +++ b/pipelines/ebs/describe_ec2_snapshots.hcl @@ -0,0 +1,67 @@ +pipeline "describe_ec2_snapshots" { + title = "Describe EC2 Snapshots" + description = "Describes the specified EBS snapshots or all available snapshots." + + param "region" { + type = string + description = "The name of the region." + default = var.region + } + + param "access_key_id" { + type = string + description = "The ID for this access key." + default = var.access_key_id + } + + param "secret_access_key" { + type = string + description = "The secret key used to sign requests." + default = var.secret_access_key + } + + param "snapshot_ids" { + type = list(string) + description = "The snapshot IDs." + optional = true + } + + param "owner_ids" { + type = list(string) + description = "Filter results by the IDs of the AWS accounts that own the snapshots." + optional = true + } + + param "volume_ids" { + type = list(string) + description = "Filter results by the IDs of the EBS volumes associated with the snapshots." + optional = true + } + + step "container" "describe_ec2_snapshots" { + image = "amazon/aws-cli" + + cmd = concat( + ["ec2", "describe-snapshots"], + try(length(param.snapshot_ids), 0) > 0 ? concat(["--snapshot-ids"], param.snapshot_ids) : [], + try(length(param.owner_ids), 0) > 0 ? concat(["--owner-ids"], param.owner_ids) : [], + try(length(param.volume_ids), 0) > 0 ? concat(["--filter", "Name=volume-id,Values=${param.volume_ids}"]) : [] + ) + + env = { + AWS_REGION = param.region + AWS_ACCESS_KEY_ID = param.access_key_id + AWS_SECRET_ACCESS_KEY = param.secret_access_key + } + } + + output "stdout" { + description = "The standard output stream from the AWS CLI." + value = jsondecode(step.container.describe_ec2_snapshots.stdout) + } + + output "stderr" { + description = "The standard error stream from the AWS CLI." + value = step.container.describe_ec2_snapshots.stderr + } +} diff --git a/pipelines/elb/create_elb_classic_load_balancer.hcl b/pipelines/elb/create_elb_classic_load_balancer.hcl new file mode 100644 index 0000000..ff63e92 --- /dev/null +++ b/pipelines/elb/create_elb_classic_load_balancer.hcl @@ -0,0 +1,64 @@ +pipeline "create_elb_classic_load_balancer" { + title = "Create ELB Classic Load Balancer" + description = "Creates an classic load balancer." + + param "region" { + type = string + description = "The name of the region." + default = var.region + } + + param "access_key_id" { + type = string + description = "The ID for this access key." + default = var.access_key_id + } + + param "secret_access_key" { + type = string + description = "The secret key used to sign requests." + default = var.secret_access_key + } + + param "name" { + type = string + description = "The name for the load balancer." + } + + param "listeners" { + type = list(map(string)) + description = "A list of listener configurations. Each listener configuration should include 'Protocol', 'LoadBalancerPort', 'InstanceProtocol', and 'InstancePort'." + } + + param "availability_zones" { + type = list(string) + description = "A list of availability zones to associate with the load balancer." + } + + step "container" "create_elb_classic_load_balancer" { + image = "amazon/aws-cli" + + cmd = concat( + ["elb", "create-load-balancer"], + ["--load-balancer-name", param.name], + flatten([for listener in param.listeners : ["--listener", jsonencode(listener)]]), + ["--availability-zones", join(",", param.availability_zones)] + ) + + env = { + AWS_REGION = param.region + AWS_ACCESS_KEY_ID = param.access_key_id + AWS_SECRET_ACCESS_KEY = param.secret_access_key + } + } + + output "stdout" { + description = "The standard output stream from the AWS CLI." + value = jsondecode(step.container.create_elb_classic_load_balancer.stdout) + } + + output "stderr" { + description = "The standard error stream from the AWS CLI." + value = step.container.create_elb_classic_load_balancer.stderr + } +} diff --git a/pipelines/elb/create_elb_load_balancer.hcl b/pipelines/elb/create_elb_load_balancer.hcl new file mode 100644 index 0000000..19c07bf --- /dev/null +++ b/pipelines/elb/create_elb_load_balancer.hcl @@ -0,0 +1,64 @@ +pipeline "create_elb_load_balancer" { + title = "Create ELB Load Balancer" + description = "Creates a load balancer (application, network or gateway)." + + param "region" { + type = string + description = "The name of the region." + default = var.region + } + + param "access_key_id" { + type = string + description = "The ID for this access key." + default = var.access_key_id + } + + param "secret_access_key" { + type = string + description = "The secret key used to sign requests." + default = var.secret_access_key + } + + param "name" { + type = string + description = "The name for the load balancer." + } + + param "type" { + type = string + description = "The type of load balancer (e.g., 'application' for Application Load Balancer, 'network' for Network Load Balancer)." + } + + param "availability_zones" { + type = list(string) + description = "A list of availability zones to associate with the load balancer." + } + + step "container" "create_elb_load_balancer" { + image = "amazon/aws-cli" + + cmd = concat( + ["elbv2", "create-load-balancer"], + ["--name", param.name], + ["--type", param.type], + flatten([for az in param.availability_zones : ["--availability-zones", az]]) + ) + + env = { + AWS_REGION = param.region + AWS_ACCESS_KEY_ID = param.access_key_id + AWS_SECRET_ACCESS_KEY = param.secret_access_key + } + } + + output "stdout" { + description = "The standard output stream from the AWS CLI." + value = jsondecode(step.container.create_elb_load_balancer.stdout) + } + + output "stderr" { + description = "The standard error stream from the AWS CLI." + value = step.container.create_elb_load_balancer.stderr + } +} diff --git a/pipelines/elb/delete_elb_load_balancer.hcl b/pipelines/elb/delete_elb_load_balancer.hcl new file mode 100644 index 0000000..fb44753 --- /dev/null +++ b/pipelines/elb/delete_elb_load_balancer.hcl @@ -0,0 +1,52 @@ +pipeline "delete_elb_load_balancer" { + title = "Delete Elastic Load Balancer" + description = "Deletes an Amazon ELB (Elastic Load Balancer)." + + param "region" { + type = string + description = "The name of the Region." + default = var.region + } + + param "access_key_id" { + type = string + description = "The ID for this access key." + default = var.access_key_id + } + + param "secret_access_key" { + type = string + description = "The secret key used to sign requests." + default = var.secret_access_key + } + + param "load_balancer_name" { + type = string + description = "The name of the load balancer to delete." + } + + step "container" "delete_elb_load_balancer" { + image = "amazon/aws-cli" + + cmd = [ + "elb", "delete-load-balancer", + "--load-balancer-name", param.load_balancer_name, + ] + + env = { + AWS_REGION = param.region, + AWS_ACCESS_KEY_ID = param.access_key_id, + AWS_SECRET_ACCESS_KEY = param.secret_access_key + } + } + + output "stdout" { + description = "The standard output stream from the AWS CLI." + value = step.container.delete_elb_load_balancer.stdout + } + + output "stderr" { + description = "The standard error stream from the AWS CLI." + value = step.container.delete_elb_load_balancer.stderr + } +} diff --git a/pipelines/lambda/create_lambda_function.hcl b/pipelines/lambda/create_lambda_function.hcl new file mode 100644 index 0000000..3826314 --- /dev/null +++ b/pipelines/lambda/create_lambda_function.hcl @@ -0,0 +1,72 @@ +pipeline "create_lambda_function" { + title = "Create Lambda Function" + description = "Creates an AWS Lambda function." + + param "region" { + type = string + description = "The name of the region." + default = var.region + } + + param "access_key_id" { + type = string + description = "The ID for this access key." + default = var.access_key_id + } + + param "secret_access_key" { + type = string + description = "The secret key used to sign requests." + default = var.secret_access_key + } + + param "function_name" { + type = string + description = "The name of the Lambda function." + } + + param "role" { + type = string + description = "The Amazon Resource Name (ARN) of the execution role that the function assumes." + } + + param "code" { + type = string + description = "The code for the Lambda function. It can be either a S3 bucket object with a specific key or a local file path." + optional = true + } + + param "publish" { + type = bool + description = "Publishes the Lambda function as a new version if set to true. Otherwise, it doesn't publish the function." + optional = true + } + + step "container" "create_lambda_function" { + image = "amazon/aws-cli" + + cmd = concat( + ["lambda", "create-function"], + ["--function-name", param.function_name], + ["--role", param.role], + param.code ? ["--code", param.code] : [], + param.publish ? ["--publish"] : [], + ) + + env = { + AWS_REGION = param.region + AWS_ACCESS_KEY_ID = param.access_key_id + AWS_SECRET_ACCESS_KEY = param.secret_access_key + } + } + + output "stdout" { + description = "The standard output stream from the AWS CLI." + value = jsondecode(step.container.create_lambda_function.stdout) + } + + output "stderr" { + description = "The standard error stream from the AWS CLI." + value = step.container.create_lambda_function.stderr + } +} diff --git a/pipelines/lambda/delete_lambda_function.hcl b/pipelines/lambda/delete_lambda_function.hcl new file mode 100644 index 0000000..a7270b7 --- /dev/null +++ b/pipelines/lambda/delete_lambda_function.hcl @@ -0,0 +1,52 @@ +pipeline "delete_lambda_function" { + title = "Delete Lambda Function" + description = "Deletes an AWS Lambda function." + + param "region" { + type = string + description = "The name of the region." + default = var.region + } + + param "access_key_id" { + type = string + description = "The ID for this access key." + default = var.access_key_id + } + + param "secret_access_key" { + type = string + description = "The secret key used to sign requests." + default = var.secret_access_key + } + + param "function_name" { + type = string + description = "The name of the Lambda function to delete." + } + + step "container" "delete_lambda_function" { + image = "amazon/aws-cli" + + cmd = concat( + ["lambda", "delete-function"], + ["--function-name", param.function_name], + ) + + env = { + AWS_REGION = param.region + AWS_ACCESS_KEY_ID = param.access_key_id + AWS_SECRET_ACCESS_KEY = param.secret_access_key + } + } + + output "stdout" { + description = "The standard output stream from the AWS CLI." + value = step.container.delete_lambda_function.stdout + } + + output "stderr" { + description = "The standard error stream from the AWS CLI." + value = step.container.delete_lambda_function.stderr + } +} diff --git a/pipelines/lambda/get_lambda_function.hcl b/pipelines/lambda/get_lambda_function.hcl new file mode 100644 index 0000000..3b110c3 --- /dev/null +++ b/pipelines/lambda/get_lambda_function.hcl @@ -0,0 +1,52 @@ +pipeline "get_lambda_function" { + title = "Get Lambda Function" + description = "Retrieves details about an AWS Lambda function." + + param "region" { + type = string + description = "The name of the region." + default = var.region + } + + param "access_key_id" { + type = string + description = "The ID for this access key." + default = var.access_key_id + } + + param "secret_access_key" { + type = string + description = "The secret key used to sign requests." + default = var.secret_access_key + } + + param "function_name" { + type = string + description = "The name of the Lambda function to retrieve details for." + } + + step "container" "get_lambda_function" { + image = "amazon/aws-cli" + + cmd = concat( + ["lambda", "get-function"], + ["--function-name", param.function_name], + ) + + env = { + AWS_REGION = param.region + AWS_ACCESS_KEY_ID = param.access_key_id + AWS_SECRET_ACCESS_KEY = param.secret_access_key + } + } + + output "stdout" { + description = "The standard output stream from the AWS CLI." + value = jsondecode(step.container.get_lambda_function.stdout) + } + + output "stderr" { + description = "The standard error stream from the AWS CLI." + value = step.container.get_lambda_function.stderr + } +} diff --git a/pipelines/s3/get_s3_object.hcl b/pipelines/s3/get_s3_object.hcl new file mode 100644 index 0000000..5aff2ab --- /dev/null +++ b/pipelines/s3/get_s3_object.hcl @@ -0,0 +1,69 @@ +pipeline "get_s3_object" { + title = "Get object from S3 bucket" + description = "Gets an object from an S3 buckets owned by the authenticated sender of the request." + + param "region" { + type = string + description = "The name of the region." + default = var.region + } + + param "access_key_id" { + type = string + description = "The ID for this access key." + default = var.access_key_id + } + + param "secret_access_key" { + type = string + description = "The secret key used to sign requests." + default = var.secret_access_key + } + + param "session_token" { + type = string + description = "The secret key used to sign requests." + default = var.session_token + optional = true + } + + param "bucket" { + type = string + description = "Bucket name." + default = "" + } + + param "key" { + type = string + description = "Key to object." + default = "" + } + + param "destination" { + type = string + description = "Key to object." + default = "" + } + + step "container" "get_s3_object" { + image = "amazon/aws-cli" + cmd = ["s3api", "get-object", "--bucket", param.bucket, "--key", param.key, param.destination] + + env = { + AWS_REGION = param.region + AWS_ACCESS_KEY_ID = param.access_key_id + AWS_SECRET_ACCESS_KEY = param.secret_access_key + AWS_SESSION_TOKEN = param.session_token + } + } + + output "stdout" { + description = "The standard output stream from the AWS CLI." + value = step.container.get_s3_object.stdout + } + + output "stderr" { + description = "The standard error stream from the AWS CLI." + value = step.container.get_s3_object.stderr + } +} diff --git a/pipelines/s3/list_s3_buckets.hcl b/pipelines/s3/list_s3_buckets.hcl index 9db5694..0e250f7 100644 --- a/pipelines/s3/list_s3_buckets.hcl +++ b/pipelines/s3/list_s3_buckets.hcl @@ -20,6 +20,13 @@ pipeline "list_s3_buckets" { default = var.secret_access_key } + param "session_token" { + type = string + description = local.session_token_param_description + default = var.session_token + optional = true + } + param "query" { type = string description = "A JMESPath query to use in filtering the response data." @@ -27,7 +34,7 @@ pipeline "list_s3_buckets" { } step "container" "list_s3_buckets" { - image = "public.ecr.aws/aws-cli/aws-cli" + image = "amazon/aws-cli" cmd = concat( ["s3api", "list-buckets"], @@ -38,6 +45,7 @@ pipeline "list_s3_buckets" { AWS_REGION = param.region AWS_ACCESS_KEY_ID = param.access_key_id AWS_SECRET_ACCESS_KEY = param.secret_access_key + AWS_SESSION_TOKEN = param.session_token } } diff --git a/pipelines/s3/read_s3_file.hcl b/pipelines/s3/read_s3_file.hcl new file mode 100644 index 0000000..fe00050 --- /dev/null +++ b/pipelines/s3/read_s3_file.hcl @@ -0,0 +1,61 @@ +pipeline "read_s3_file" { + title = "Reads an object from S3 bucket" + description = "Gets an object from an S3 buckets owned by the authenticated sender of the request." + + param "region" { + type = string + description = "The name of the region." + default = var.region + } + + param "access_key_id" { + type = string + description = "The ID for this access key." + default = var.access_key_id + } + + param "secret_access_key" { + type = string + description = "The secret key used to sign requests." + default = var.secret_access_key + } + + param "session_token" { + type = string + description = "The secret key used to sign requests." + default = var.session_token + optional = true + } + + param "bucket" { + type = string + description = "S3 bucket name." + } + + param "path_to_file" { + type = string + description = "Path to S3 file." + } + + step "container" "read_s3_file" { + image = "amazon/aws-cli" + cmd = ["s3", "cp", "s3://${param.bucket}/${param.path_to_file}", "-"] + + env = { + AWS_REGION = param.region + AWS_ACCESS_KEY_ID = param.access_key_id + AWS_SECRET_ACCESS_KEY = param.secret_access_key + AWS_SESSION_TOKEN = param.session_token + } + } + + output "stdout" { + description = "The standard output stream from the AWS CLI." + value = step.container.read_s3_file.stdout + } + + output "stderr" { + description = "The standard error stream from the AWS CLI." + value = step.container.read_s3_file.stderr + } +} diff --git a/pipelines/s3/tests/test_create_s3_bucket.hcl b/pipelines/s3/tests/test_create_s3_bucket.hcl index 2dbc2d5..c559f63 100644 --- a/pipelines/s3/tests/test_create_s3_bucket.hcl +++ b/pipelines/s3/tests/test_create_s3_bucket.hcl @@ -34,7 +34,7 @@ pipeline "test_create_s3_bucket" { #region = param.region access_key_id = param.access_key_id secret_access_key = param.secret_access_key - bucket = param.bucket + bucket = param.bucket } } diff --git a/pipelines/sns/create_sns_topic.hcl b/pipelines/sns/create_sns_topic.hcl new file mode 100644 index 0000000..b9c4d1e --- /dev/null +++ b/pipelines/sns/create_sns_topic.hcl @@ -0,0 +1,52 @@ +pipeline "create_sns_topic" { + title = "Create SNS Topic" + description = "Creates an Amazon SNS topic." + + param "region" { + type = string + description = "The name of the region." + default = var.region + } + + param "access_key_id" { + type = string + description = "The ID for this access key." + default = var.access_key_id + } + + param "secret_access_key" { + type = string + description = "The secret key used to sign requests." + default = var.secret_access_key + } + + param "name" { + type = string + description = "The name of the Amazon SNS topic to create." + } + + step "container" "create_sns_topic" { + image = "amazon/aws-cli" + + cmd = concat( + ["sns", "create-topic"], + ["--name", param.name], + ) + + env = { + AWS_REGION = param.region + AWS_ACCESS_KEY_ID = param.access_key_id + AWS_SECRET_ACCESS_KEY = param.secret_access_key + } + } + + output "stdout" { + description = "The standard output stream from the AWS CLI." + value = jsondecode(step.container.create_sns_topic.stdout) + } + + output "stderr" { + description = "The standard error stream from the AWS CLI." + value = step.container.create_sns_topic.stderr + } +} diff --git a/pipelines/sns/delete_sns_topic.hcl b/pipelines/sns/delete_sns_topic.hcl new file mode 100644 index 0000000..3c9039a --- /dev/null +++ b/pipelines/sns/delete_sns_topic.hcl @@ -0,0 +1,52 @@ +pipeline "delete_sns_topic" { + title = "Delete SNS Topic" + description = "Deletes an Amazon SNS topic." + + param "region" { + type = string + description = "The name of the region." + default = var.region + } + + param "access_key_id" { + type = string + description = "The ID for this access key." + default = var.access_key_id + } + + param "secret_access_key" { + type = string + description = "The secret key used to sign requests." + default = var.secret_access_key + } + + param "topic_arn" { + type = string + description = "The Amazon Resource Name (ARN) of the Amazon SNS topic to delete." + } + + step "container" "delete_sns_topic" { + image = "amazon/aws-cli" + + cmd = concat( + ["sns", "delete-topic"], + ["--topic-arn", param.topic_arn], + ) + + env = { + AWS_REGION = param.region + AWS_ACCESS_KEY_ID = param.access_key_id + AWS_SECRET_ACCESS_KEY = param.secret_access_key + } + } + + output "stdout" { + description = "The standard output stream from the AWS CLI." + value = step.container.delete_sns_topic.stdout + } + + output "stderr" { + description = "The standard error stream from the AWS CLI." + value = step.container.delete_sns_topic.stderr + } +} diff --git a/pipelines/sns/get_sns_topic_attributes.hcl b/pipelines/sns/get_sns_topic_attributes.hcl new file mode 100644 index 0000000..41086bd --- /dev/null +++ b/pipelines/sns/get_sns_topic_attributes.hcl @@ -0,0 +1,52 @@ +pipeline "get_sns_topic_attributes" { + title = "Get SNS Topic Attributes" + description = "Retrieves attributes of an Amazon SNS topic." + + param "region" { + type = string + description = "The name of the region." + default = var.region + } + + param "access_key_id" { + type = string + description = "The ID for this access key." + default = var.access_key_id + } + + param "secret_access_key" { + type = string + description = "The secret key used to sign requests." + default = var.secret_access_key + } + + param "topic_arn" { + type = string + description = "The Amazon Resource Name (ARN) of the Amazon SNS topic." + } + + step "container" "get_sns_topic_attributes" { + image = "amazon/aws-cli" + + cmd = concat( + ["sns", "get-topic-attributes"], + ["--topic-arn", param.topic_arn], + ) + + env = { + AWS_REGION = param.region + AWS_ACCESS_KEY_ID = param.access_key_id + AWS_SECRET_ACCESS_KEY = param.secret_access_key + } + } + + output "stdout" { + description = "The standard output stream from the AWS CLI." + value = jsondecode(step.container.get_sns_topic_attributes.stdout) + } + + output "stderr" { + description = "The standard error stream from the AWS CLI." + value = step.container.get_sns_topic_attributes.stderr + } +} diff --git a/pipelines/sns/set_sns_topic_attributes.hcl b/pipelines/sns/set_sns_topic_attributes.hcl new file mode 100644 index 0000000..714b351 --- /dev/null +++ b/pipelines/sns/set_sns_topic_attributes.hcl @@ -0,0 +1,64 @@ +pipeline "set_sns_topic_attributes" { + title = "Set SNS Topic Attributes" + description = "Sets attributes of an Amazon SNS topic." + + param "region" { + type = string + description = "The name of the region." + default = var.region + } + + param "access_key_id" { + type = string + description = "The ID for this access key." + default = var.access_key_id + } + + param "secret_access_key" { + type = string + description = "The secret key used to sign requests." + default = var.secret_access_key + } + + param "topic_arn" { + type = string + description = "The Amazon Resource Name (ARN) of the Amazon SNS topic." + } + + param "attribute_name" { + type = string + description = "The name of the attribute to set." + } + + param "attribute_value" { + type = string + description = "The value to set for the specified attribute." + } + + step "container" "set_sns_topic_attributes" { + image = "amazon/aws-cli" + + cmd = concat( + ["sns", "set-topic-attributes"], + ["--topic-arn", param.topic_arn], + ["--attribute-name", param.attribute_name], + ["--attribute-value", param.attribute_value], + ) + + env = { + AWS_REGION = param.region + AWS_ACCESS_KEY_ID = param.access_key_id + AWS_SECRET_ACCESS_KEY = param.secret_access_key + } + } + + output "stdout" { + description = "The standard output stream from the AWS CLI." + value = step.container.set_sns_topic_attributes.stdout + } + + output "stderr" { + description = "The standard error stream from the AWS CLI." + value = step.container.set_sns_topic_attributes.stderr + } +} diff --git a/pipelines/sqs/create_sqs_queue.hcl b/pipelines/sqs/create_sqs_queue.hcl new file mode 100644 index 0000000..5598c84 --- /dev/null +++ b/pipelines/sqs/create_sqs_queue.hcl @@ -0,0 +1,52 @@ +pipeline "create_sqs_queue" { + title = "Create SQS Queue" + description = "Creates an Amazon SQS queue." + + param "region" { + type = string + description = "The name of the region." + default = var.region + } + + param "access_key_id" { + type = string + description = "The ID for this access key." + default = var.access_key_id + } + + param "secret_access_key" { + type = string + description = "The secret key used to sign requests." + default = var.secret_access_key + } + + param "queue_name" { + type = string + description = "The name of the Amazon SQS queue to create." + } + + step "container" "create_sqs_queue" { + image = "amazon/aws-cli" + + cmd = concat( + ["sqs", "create-queue"], + ["--queue-name", param.queue_name], + ) + + env = { + AWS_REGION = param.region + AWS_ACCESS_KEY_ID = param.access_key_id + AWS_SECRET_ACCESS_KEY = param.secret_access_key + } + } + + output "stdout" { + description = "The standard output stream from the AWS CLI." + value = jsondecode(step.container.create_sqs_queue.stdout) + } + + output "stderr" { + description = "The standard error stream from the AWS CLI." + value = step.container.create_sqs_queue.stderr + } +} diff --git a/pipelines/sqs/delete_sqs_queue.hcl b/pipelines/sqs/delete_sqs_queue.hcl new file mode 100644 index 0000000..3a74b7c --- /dev/null +++ b/pipelines/sqs/delete_sqs_queue.hcl @@ -0,0 +1,52 @@ +pipeline "delete_sqs_queue" { + title = "Delete SQS Queue" + description = "Deletes an Amazon SQS queue." + + param "region" { + type = string + description = "The name of the region." + default = var.region + } + + param "access_key_id" { + type = string + description = "The ID for this access key." + default = var.access_key_id + } + + param "secret_access_key" { + type = string + description = "The secret key used to sign requests." + default = var.secret_access_key + } + + param "queue_url" { + type = string + description = "The URL of the Amazon SQS queue to delete." + } + + step "container" "delete_sqs_queue" { + image = "amazon/aws-cli" + + cmd = concat( + ["sqs", "delete-queue"], + ["--queue-url", param.queue_url], + ) + + env = { + AWS_REGION = param.region + AWS_ACCESS_KEY_ID = param.access_key_id + AWS_SECRET_ACCESS_KEY = param.secret_access_key + } + } + + output "stdout" { + description = "The standard output stream from the AWS CLI." + value = step.container.delete_sqs_queue.stdout + } + + output "stderr" { + description = "The standard error stream from the AWS CLI." + value = step.container.delete_sqs_queue.stderr + } +} diff --git a/pipelines/sqs/get_sqs_queue_attributes.hcl b/pipelines/sqs/get_sqs_queue_attributes.hcl new file mode 100644 index 0000000..e4f030d --- /dev/null +++ b/pipelines/sqs/get_sqs_queue_attributes.hcl @@ -0,0 +1,52 @@ +pipeline "get_sqs_queue_attributes" { + title = "Get SQS Queue Attributes" + description = "Retrieves attributes of an Amazon SQS queue." + + param "region" { + type = string + description = "The name of the region." + default = var.region + } + + param "access_key_id" { + type = string + description = "The ID for this access key." + default = var.access_key_id + } + + param "secret_access_key" { + type = string + description = "The secret key used to sign requests." + default = var.secret_access_key + } + + param "queue_url" { + type = string + description = "The URL of the Amazon SQS queue to retrieve attributes for." + } + + step "container" "get_sqs_queue_attributes" { + image = "amazon/aws-cli" + + cmd = concat( + ["sqs", "get-queue-attributes"], + ["--queue-url", param.queue_url], + ) + + env = { + AWS_REGION = param.region + AWS_ACCESS_KEY_ID = param.access_key_id + AWS_SECRET_ACCESS_KEY = param.secret_access_key + } + } + + output "stdout" { + description = "The standard output stream from the AWS CLI." + value = jsondecode(step.container.get_sqs_queue_attributes.stdout) + } + + output "stderr" { + description = "The standard error stream from the AWS CLI." + value = step.container.get_sqs_queue_attributes.stderr + } +} diff --git a/pipelines/sqs/set_sqs_queue_attributes.hcl b/pipelines/sqs/set_sqs_queue_attributes.hcl new file mode 100644 index 0000000..ad82932 --- /dev/null +++ b/pipelines/sqs/set_sqs_queue_attributes.hcl @@ -0,0 +1,64 @@ +pipeline "set_sqs_queue_attributes" { + title = "Set SQS Queue Attributes" + description = "Sets attributes of an Amazon SQS queue." + + param "region" { + type = string + description = "The name of the region." + default = var.region + } + + param "access_key_id" { + type = string + description = "The ID for this access key." + default = var.access_key_id + } + + param "secret_access_key" { + type = string + description = "The secret key used to sign requests." + default = var.secret_access_key + } + + param "queue_url" { + type = string + description = "The URL of the Amazon SQS queue to set attributes for." + } + + param "attribute_name" { + type = string + description = "The name of the attribute to set." + } + + param "attribute_value" { + type = string + description = "The value to set for the specified attribute." + } + + step "container" "set_sqs_queue_attributes" { + image = "amazon/aws-cli" + + cmd = concat( + ["sqs", "set-queue-attributes"], + ["--queue-url", param.queue_url], + ["--attribute-name", param.attribute_name], + ["--attribute-value", param.attribute_value], + ) + + env = { + AWS_REGION = param.region + AWS_ACCESS_KEY_ID = param.access_key_id + AWS_SECRET_ACCESS_KEY = param.secret_access_key + } + } + + output "stdout" { + description = "The standard output stream from the AWS CLI." + value = step.container.set_sqs_queue_attributes.stdout + } + + output "stderr" { + description = "The standard error stream from the AWS CLI." + value = step.container.set_sqs_queue_attributes.stderr + } +} diff --git a/pipelines/vpc/create_vpc_security_group.hcl b/pipelines/vpc/create_vpc_security_group.hcl new file mode 100644 index 0000000..a740917 --- /dev/null +++ b/pipelines/vpc/create_vpc_security_group.hcl @@ -0,0 +1,65 @@ +pipeline "create_vpc_security_group" { + title = "Create EC2 Security Group" + description = "Creates an Amazon EC2 security group." + + param "region" { + type = string + description = "The name of the region." + default = var.region + } + + param "access_key_id" { + type = string + description = "The ID for this access key." + default = var.access_key_id + } + + param "secret_access_key" { + type = string + description = "The secret key used to sign requests." + default = var.secret_access_key + } + + param "group_name" { + type = string + description = "The name for the security group." + } + + param "description" { + type = string + description = "A description for the security group." + } + + param "vpc_id" { + type = string + description = "The ID of the VPC to associate the security group with." + optional = true + } + + step "container" "create_vpc_security_group" { + image = "amazon/aws-cli" + + cmd = concat( + ["ec2", "create-security-group"], + ["--group-name", param.group_name], + ["--description", param.description], + param.vpc_id ? ["--vpc-id", param.vpc_id] : [], + ) + + env = { + AWS_REGION = param.region + AWS_ACCESS_KEY_ID = param.access_key_id + AWS_SECRET_ACCESS_KEY = param.secret_access_key + } + } + + output "stdout" { + description = "The JSON output from the AWS CLI." + value = jsondecode(step.container.create_vpc_security_group.stdout) + } + + output "stderr" { + description = "The standard error stream from the AWS CLI." + value = step.container.create_vpc_security_group.stderr + } +} diff --git a/variables.hcl b/variables.hcl index 804febf..d367183 100644 --- a/variables.hcl +++ b/variables.hcl @@ -16,3 +16,9 @@ variable "secret_access_key" { description = "The secret key used to sign requests." default = "" } + +variable "session_token" { + type = string + description = "The token that users must pass to the service API to use the temporary credentials." + default = "" +}