Terraform AWS: Cloud Custodian¶
Overview¶
The purpose of this module is to provide a Terraform based interface for administering Cloud Custodian to assist with managing the state of template files and to allow for easier runtime interpolation via Terraform.
For more information about this repository and its usage, please see Terraform AWS ARC GitHub CLOUD CUSTODIAN Module Usage Guide.
Requirements¶
Getting started¶
You must have Python 3.8 or above installed.
To install Cloud Custodian, you can download it using Pip:
Usage¶
Requirements¶
Name | Version |
---|---|
terraform | ~> 1.3 |
aws | ~> 4.0 |
local | >= 2.0 |
null | >= 2.0 |
random | >= 2.0 |
Providers¶
Name | Version |
---|---|
aws | 3.68.0 |
local | 2.1.0 |
null | 3.1.0 |
Modules¶
Name | Source | Version |
---|---|---|
cloudtrail | git::https://github.com/cloudposse/terraform-aws-cloudtrail.git | 0.20.1 |
cloudtrail_s3_bucket | git::https://github.com/cloudposse/terraform-aws-cloudtrail-s3-bucket.git | 0.26.2 |
cloudtrail_sqs_queue | git::https://github.com/terraform-aws-modules/terraform-aws-sqs.git | v3.1.0 |
Resources¶
Name | Type |
---|---|
aws_iam_policy.custodian_output_s3_policy | resource |
aws_iam_role.role | resource |
aws_iam_role_policy_attachment.cloudtrail | resource |
aws_iam_role_policy_attachment.cloudwatchlogs | resource |
aws_iam_role_policy_attachment.iam | resource |
aws_iam_role_policy_attachment.s3_output | resource |
aws_iam_role_policy_attachment.sqs | resource |
aws_iam_role_policy_attachment.tags | resource |
aws_s3_bucket.custodian_output | resource |
aws_s3_bucket_server_side_encryption_configuration.server_side_encryption | resource |
local_file.cc_files | resource |
null_resource.run_custodian | resource |
Inputs¶
Name | Description | Type | Default | Required |
---|---|---|---|---|
cloudtrail_enabled | Set to false to prevent the module from creating any resources. | bool |
true |
no |
cloudtrail_s3_bucket_enabled | Set to false to prevent the module from creating any resources. | bool |
true |
no |
cloudtrail_sqs_enabled | Set to false to prevent the module from creating any resources. | bool |
true |
no |
custodian_files_path | Path to where the custodian files are located. | string |
null |
no |
custodian_templates_path | Path to where the custodian template files are located. | string |
null |
no |
name | Name of invocation. | string |
n/a | yes |
namespace | A namespace for all the resources to live in. | string |
n/a | yes |
region | AWS Region to create objects in. | string |
n/a | yes |
stage | Stage of pipeline (Eg. sbx, dev, staging, uat, prod). | string |
n/a | yes |
tags | Additional tags to assign resources. | map(string) |
n/a | yes |
template_file_vars | Variable name and value maps. | map(string) |
{} |
no |
Outputs¶
Name | Description |
---|---|
bucket_arn | ARN of the bucket. |
bucket_id | Name of the bucket. |
role_arn | ARN of the role created. |
role_name | Name of the role created. |
sqs_arn | ARN of the SQS queue |
Versioning¶
This project uses a .version
file at the root of the repo which the pipeline reads from and does a git tag.
On commits to main
, you will need to increment this version. Once the project is merged, the pipeline will kick off and tag the latest git commit.
Development¶
Prerequisites¶
Install the prerequisites: * pre-commit * terraform * terraform-docs
Then run pre-commit
on the repo:
Authors¶
This project is authored by:
* SourceFuse ARC Team