generated from cloudposse/terraform-example-module
-
-
Notifications
You must be signed in to change notification settings - Fork 49
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fills out main.tf with proposed solution for adding SFTP users (#2)
* fills out main.tf with proposed solution for adding SFTP users. started to modify the tests a bit. i think outputs and variables are done? * minor fixes * Auto Format * Fixes tests. Uses policy documents instead of inline policies. * Auto Format Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>
- Loading branch information
1 parent
7b3f33d
commit 38cf918
Showing
11 changed files
with
175 additions
and
65 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,13 @@ | ||
provider "aws" { | ||
region = var.region | ||
} | ||
|
||
module "example" { | ||
source = "../.." | ||
|
||
example = var.example | ||
region = var.region | ||
|
||
sftp_users = var.sftp_users | ||
|
||
context = module.this.context | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,11 @@ | ||
variable "example" { | ||
type = string | ||
variable "region" { | ||
type = string | ||
} | ||
|
||
variable "sftp_users" { | ||
type = map(object({ | ||
user_name = string, | ||
public_key = string | ||
})) | ||
description = "The value which will be passed to the example module" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,5 @@ | ||
terraform { | ||
required_version = ">= 0.12.26" | ||
required_version = ">= 0.13.7" | ||
|
||
required_providers { | ||
local = { | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,13 +1,82 @@ | ||
resource "random_integer" "example" { | ||
count = module.this.enabled ? 1 : 0 | ||
locals { | ||
enabled = module.this.enabled | ||
} | ||
|
||
resource "aws_transfer_server" "default" { | ||
identity_provider_type = "SERVICE_MANAGED" | ||
protocols = ["SFTP"] # SFTP, FTPS, FTP | ||
domain = "S3" # EFS, S3 | ||
endpoint_type = "PUBLIC" # VPC, PUBLIC | ||
force_destroy = var.force_destroy | ||
|
||
tags = module.this.tags | ||
} | ||
|
||
resource "aws_transfer_user" "default" { | ||
for_each = local.enabled ? var.sftp_users : {} | ||
|
||
server_id = aws_transfer_server.default.id | ||
role = aws_iam_role.default.arn | ||
|
||
user_name = each.value.user_name | ||
|
||
tags = module.this.tags | ||
} | ||
|
||
resource "aws_transfer_ssh_key" "default" { | ||
for_each = local.enabled ? var.sftp_users : {} | ||
|
||
server_id = aws_transfer_server.default.id | ||
|
||
user_name = each.value.user_name | ||
body = each.value.public_key | ||
|
||
depends_on = [ | ||
aws_transfer_user.default | ||
] | ||
} | ||
|
||
# IAM | ||
module "iam_label" { | ||
source = "cloudposse/label/null" | ||
version = "0.24.1" | ||
|
||
min = 1 | ||
max = 50000 | ||
keepers = { | ||
example = var.example | ||
attributes = var.iam_attributes | ||
|
||
context = module.this.context | ||
} | ||
|
||
data "aws_iam_policy_document" "assume_role_policy" { | ||
statement { | ||
actions = ["sts:AssumeRole"] | ||
|
||
principals { | ||
type = "Service" | ||
identifiers = ["transfer.amazonaws.com"] | ||
} | ||
} | ||
} | ||
|
||
locals { | ||
example = format("%v %v", var.example, join("", random_integer.example[*].result)) | ||
data "aws_iam_policy_document" "allows_s3" { | ||
statement { | ||
sid = "S3AccessForAWSTransferusers" | ||
effect = "Allow" | ||
|
||
actions = ["s3:*"] | ||
|
||
resources = [ | ||
"arn:aws:s3:::*" | ||
] | ||
} | ||
} | ||
|
||
resource "aws_iam_policy" "default" { | ||
name = module.iam_label.id | ||
policy = data.aws_iam_policy_document.allows_s3.json | ||
} | ||
|
||
resource "aws_iam_role" "default" { | ||
name = module.iam_label.id | ||
assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json | ||
managed_policy_arns = [aws_iam_policy.default.arn] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,26 @@ | ||
variable "example" { | ||
description = "Example variable" | ||
default = "hello world" | ||
variable "region" { | ||
type = string | ||
default = "us-east-1" | ||
} | ||
|
||
variable "sftp_users" { | ||
type = map(object({ | ||
user_name = string, | ||
public_key = string | ||
})) | ||
|
||
default = {} | ||
description = "List of SFTP usernames and public keys" | ||
} | ||
|
||
variable "force_destroy" { | ||
type = bool | ||
default = false | ||
description = "Forces the AWS Transfer Server to be destroyed" | ||
} | ||
|
||
variable "iam_attributes" { | ||
type = list(string) | ||
description = "Additional attributes to add to the IDs of the IAM role and policy" | ||
default = [] | ||
} |