This repository contains the following terraform modules
- aws-policies: Provides required access policies
module "pantheon_access_policies" {
source = "github.com/ottogroup/pantheon//terraform/modules/aws-policies?ref=v1.1.26"
pantheon_service_account_id = "100020003000400050006"
pantheon_role_name = "pantheon-audit-access"
}
- gcp-log-export: Provides log-export on folder or organization level
- gcp-org: Provides resources on organization level, e.g. custom roles
- gcp-permission: Provides IAM bindings on folder or organization level
- gcp-billing: Provides IAM bindings for the billing account
On folder level
module "pantheon_gcp_folder_log_export" {
source = "github.com/ottogroup/pantheon//terraform/modules/gcp-log-export?ref=v1.1.26"
destination_uri = "pubsub.googleapis.com/projects/<PROJECT_ID>/topics/<TOPIC_NAME>"
parent_resource_type = "folder"
parent_resource_id = "123456789"
pantheon_service_account = "<SA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com"
}
On organization level
module "pantheon_gcp_org_log_export" {
source = "github.com/ottogroup/pantheon//terraform/modules/gcp-log-export?ref=v1.1.26"
destination_uri = "pubsub.googleapis.com/projects/<PROJECT_ID>/topics/<TOPIC_NAME>"
parent_resource_type = "organization"
parent_resource_id = "123456789"
pantheon_service_account = "<SA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com"
}
module "pantheon_gcp_org" {
source = "github.com/ottogroup/pantheon//terraform/modules/gcp-org?ref=v1.1.26"
org_id = "123456789"
}
On folder level
module "pantheon_gcp_permission" {
source = "github.com/ottogroup/pantheon//terraform/modules/gcp-permission?ref=v1.1.26"
pantheon_engine_role_id = module.pantheon_gcp_org.output.pantheon_engine_role_id
folder_ids = ["123456789", "987654321"]
pantheon_service_account = "<SA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com"
}
On org level
module "pantheon_gcp_permission" {
source = "github.com/ottogroup/pantheon//terraform/modules/gcp-permission?ref=v1.1.20"
pantheon_engine_role_id = module.pantheon_gcp_org.pantheon_engine_role_id
org_id = "123456789"
pantheon_service_account = "<SA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com"
}
module "pantheon_gcp_billing" {
source = "github.com/ottogroup/pantheon//terraform/modules/gcp-billing?ref=v1.1.26"
billing_account_id = "00AA00-000AAA-00AA0A"
pantheon_service_account = "<SA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com"
}
- kubernetes-scanner: Deploy kubernetes scanner agent
module "pantheon_kubernetes_scanner" {
source = "github.com/ottogroup/pantheon//terraform/modules/kubernetes-scanner?ref=v1.1.26"
pantheon_kubernetes_scanner_image = "docker image url"
pantheon_kubernetes_cluster_asset_class = "The asset class of the cluster"
pantheon_kubernetes_cluster_canonical_asset_type = "The canonical asset type of the cluster"
pantheon_kubernetes_cluster_canonical_resource_id = "The canonical resource id of the cluster"
pantheon_kubernetes_cluster_service_id = "The service id cluster"
pantheon_kubernetes_sink_message_broker = "The sink message broker"
}
This repo uses SemVer based git tags for versioning which can be used to select terraform module revision [1].