Skip to content

ottogroup/pantheon

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

73 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Pantheon terraform modules

This repository contains the following terraform modules

Amazon Web Services (AWS)

  • aws-policies: Provides required access policies

Module aws-policies usage

module "pantheon_access_policies" {
    source                      = "github.com/ottogroup/pantheon//terraform/modules/aws-policies?ref=v1.1.26"
    pantheon_service_account_id = "100020003000400050006"
    pantheon_role_name          = "pantheon-audit-access"
}

Google Cloud Platform

  • gcp-log-export: Provides log-export on folder or organization level
  • gcp-org: Provides resources on organization level, e.g. custom roles
  • gcp-permission: Provides IAM bindings on folder or organization level
  • gcp-billing: Provides IAM bindings for the billing account

Example

Module gcp-log-export usage

On folder level

module "pantheon_gcp_folder_log_export" {
  source                   = "github.com/ottogroup/pantheon//terraform/modules/gcp-log-export?ref=v1.1.26"
  destination_uri          = "pubsub.googleapis.com/projects/<PROJECT_ID>/topics/<TOPIC_NAME>"
  parent_resource_type     = "folder"
  parent_resource_id       = "123456789"
  pantheon_service_account = "<SA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com"
}

On organization level

module "pantheon_gcp_org_log_export" {
  source                   = "github.com/ottogroup/pantheon//terraform/modules/gcp-log-export?ref=v1.1.26"
  destination_uri          = "pubsub.googleapis.com/projects/<PROJECT_ID>/topics/<TOPIC_NAME>"
  parent_resource_type     = "organization"
  parent_resource_id       = "123456789"
  pantheon_service_account = "<SA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com"
}

Module gcp-org usage

module "pantheon_gcp_org" {
    source = "github.com/ottogroup/pantheon//terraform/modules/gcp-org?ref=v1.1.26"
    org_id = "123456789"
}

Module gcp-permission usage

On folder level

module "pantheon_gcp_permission" {
  source                   = "github.com/ottogroup/pantheon//terraform/modules/gcp-permission?ref=v1.1.26"
  pantheon_engine_role_id  = module.pantheon_gcp_org.output.pantheon_engine_role_id
  folder_ids = ["123456789", "987654321"]
  pantheon_service_account = "<SA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com"
}

On org level

module "pantheon_gcp_permission" {
  source                   = "github.com/ottogroup/pantheon//terraform/modules/gcp-permission?ref=v1.1.20"
  pantheon_engine_role_id  = module.pantheon_gcp_org.pantheon_engine_role_id
  org_id                   = "123456789"
  pantheon_service_account = "<SA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com"
}

Module gcp-billing usage

module "pantheon_gcp_billing" {
  source                   = "github.com/ottogroup/pantheon//terraform/modules/gcp-billing?ref=v1.1.26"
  billing_account_id       = "00AA00-000AAA-00AA0A"
  pantheon_service_account = "<SA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com"
}

Kubernetes

  • kubernetes-scanner: Deploy kubernetes scanner agent

Module kubernetes-scanner usage

module "pantheon_kubernetes_scanner" {
  source                                            = "github.com/ottogroup/pantheon//terraform/modules/kubernetes-scanner?ref=v1.1.26"
  pantheon_kubernetes_scanner_image                 = "docker image url"
  pantheon_kubernetes_cluster_asset_class           = "The asset class of the cluster"
  pantheon_kubernetes_cluster_canonical_asset_type  = "The canonical asset type of the cluster"
  pantheon_kubernetes_cluster_canonical_resource_id = "The canonical resource id of the cluster"
  pantheon_kubernetes_cluster_service_id            = "The service id cluster"
  pantheon_kubernetes_sink_message_broker           = "The sink message broker"
}

Versioning

This repo uses SemVer based git tags for versioning which can be used to select terraform module revision [1].

Links