terraform-provider-cloudconformity

command module

v0.0.0-...-d0de3f5 Latest Latest Go to latest Published: Dec 16, 2019 License: MPL-2.0 Imports: 2 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/intelematics/terraform-provider-cloudconformity

Links

Open Source Insights

README ¶

Terraform Provider for Cloud Conformity

Website: https://www.terraform.io

License

Maintainers

This provider plugin is maintained by the Cloud team at Intelematics, and the Cloud Conformity team at Cloud Conformity

Requirements

Cloud Conformity Account
Terraform 0.10.x
Go 1.11 (to build the provider plugin)

Usage

# Requires a Cloud Conformity API Key
# Generate this by logging in to CC, click your name in the top right then
# `User Settings` -> `API Keys` -> `New API Key`
provider "cloudconformity" {
  api_key = var.cloudconformity_key
}

# Assumes you have Aliases set up for your AWS Accounts
# This is recommended for readability, but otherwise can just use AWS Account name
data "aws_iam_account_alias" "current" {
  depends_on = [aws_iam_account_alias.alias]
}

# Retrieve CloudConformity External ID, for use in IAM trust policy
data "cloudconformity_external_id" "it" {}

# IAM Policy doc allowing CloudConformity External ID to assume a role
data "aws_iam_policy_document" "assume" {
  statement {
    effect = "Allow"

    principals {
      type = "AWS"

      identifiers = [
        "arn:aws:iam::${var.cloudconformity_account_Id}:root",
      ]
    }

    actions = [
      "sts:AssumeRole",
    ]

    condition {
      test     = "StringEquals"
      variable = "sts:ExternalId"

      values = [
        data.cloudconformity_external_id.it.id,
      ]
    }
  }
}

# Create the IAM Role for CloudConformity to assume, using the IAM Policy above
resource "aws_iam_role" "cloud_conformity_role" {
  name                 = "cloud-conformity-role"
  assume_role_policy   = data.aws_iam_policy_document.assume.json
}

resource "aws_iam_role_policy_attachment" "cloud_conformity_role_attach" {
  role       = aws_iam_role.cloud_conformity_role.name
  policy_arn = "arn:aws:iam::aws:policy/ReadOnlyAccess"
}

# Create the actual CloudConformity Account
resource "cloudconformity_account" "cloudconformity_account" {
  name        = data.aws_iam_account_alias.current.account_alias
  environment = "production"
  role_arn    = aws_iam_role.cloud_conformity_role.arn
  external_id = data.cloudconformity_external_id.it.id
}

output "account_id" {
  value = data.aws_iam_account_alias.current.account_alias
}

Building The Provider

Clone repository to: $GOPATH/src/github.com/terraform-providers/terraform-provider-cloudconformity

$ mkdir -p $GOPATH/src/github.com/terraform-providers; cd $GOPATH/src/github.com/terraform-providers
$ git clone [email protected]:terraform-providers/terraform-provider-cloudconformity

Enter the provider directory and build the provider

$ cd $GOPATH/src/github.com/terraform-providers/terraform-provider-cloudconformity
$ make build

Using the provider

Fill in for each provider

Developing the Provider

If you wish to work on the provider, you'll first need Go installed on your machine (version 1.12+ is required). You'll also need to correctly setup a GOPATH, as well as adding $GOPATH/bin to your $PATH.

To compile the provider, run make build. This will build the provider and put the provider binary in the $GOPATH/bin directory.

$ make build
...
$ $GOPATH/bin/terraform-provider-cloudconformity
...

In order to test the provider, you can simply run make test.

$ make test

In order to run the full suite of Acceptance tests, run make testacc.

Note: Acceptance tests create real resources, and often cost money to run.

$ make testacc

Go Module Upgrade

The go.mod file lists all required module dependencies. Along with go.sum, it can be removed and recreated with:

go mod init

This replaces the older dep program and places the vendor directory in a centralised location outside the project.

Go will fetch the latest versions of the dependencies to create the files. However, at the time of writing, the latest version of terraform-provider-aws generated compile errors. It has been pinned to version 1.23.0 until these are resolved.

Further details about using Go modules can be found here. The go.mod file will always contain a reference to the last version retrieved with go get.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
cloud-conformity
sdk

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL