From 3be342d5e0f6c70162072e243d3e3b532bd66054 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johannes=20W=C3=BCrbach?= Date: Mon, 15 Apr 2024 15:11:47 +0200 Subject: [PATCH] feat: use resource account --- examples/dns/README.md | 11 ++- examples/dns/main.tf | 66 ++++++++++++- examples/dns/providers.tf | 20 +++- examples/dns/terraform.tfvars.example | 8 +- examples/dns/variables.tf | 10 -- examples/mysql/aurora/README.md | 10 +- examples/mysql/aurora/main.tf | 67 ++++++++++++- examples/mysql/aurora/providers.tf | 9 +- .../mysql/aurora/terraform.tfvars.example | 6 -- examples/mysql/aurora/variables.tf | 10 -- examples/mysql/basic/README.md | 9 +- examples/mysql/basic/main.tf | 67 ++++++++++++- examples/mysql/basic/providers.tf | 9 +- examples/mysql/basic/terraform.tfvars.example | 6 -- examples/mysql/basic/variables.tf | 10 -- examples/postgres/aurora/README.md | 10 +- examples/postgres/aurora/main.tf | 67 ++++++++++++- examples/postgres/aurora/providers.tf | 9 +- .../postgres/aurora/terraform.tfvars.example | 6 -- examples/postgres/aurora/variables.tf | 10 -- examples/postgres/basic/README.md | 9 +- examples/postgres/basic/main.tf | 67 ++++++++++++- examples/postgres/basic/providers.tf | 9 +- .../postgres/basic/terraform.tfvars.example | 6 -- examples/postgres/basic/variables.tf | 10 -- examples/redis/README.md | 9 +- examples/redis/main.tf | 70 +++++++++++-- examples/redis/providers.tf | 6 ++ examples/redis/terraform.tfvars.example | 6 -- examples/redis/variables.tf | 10 -- examples/s3/README.md | 11 ++- examples/s3/main.tf | 97 ++++++++++++++++--- examples/s3/providers.tf | 21 +++- examples/s3/terraform.tfvars.example | 8 +- examples/s3/variables.tf | 10 -- examples/sqs/README.md | 15 ++- examples/sqs/main.tf | 97 ++++++++++++++++--- examples/sqs/providers.tf | 21 +++- examples/sqs/terraform.tfvars.example | 12 +-- examples/sqs/variables.tf | 14 +-- humanitec-resource-defs/dns/basic/README.md | 4 +- humanitec-resource-defs/dns/basic/main.tf | 18 ++-- .../dns/basic/terraform.tfvars.example | 12 +-- .../dns/basic/variables.tf | 11 ++- .../ecr-create-repository/README.md | 4 +- .../iam-policy/ecr-create-repository/main.tf | 18 ++-- .../terraform.tfvars.example | 16 +-- .../ecr-create-repository/variables.tf | 11 ++- .../iam-policy/s3/README.md | 4 +- humanitec-resource-defs/iam-policy/s3/main.tf | 18 ++-- .../iam-policy/s3/terraform.tfvars.example | 11 ++- .../iam-policy/s3/variables.tf | 11 ++- .../iam-policy/sqs/README.md | 4 +- .../iam-policy/sqs/main.tf | 18 ++-- .../iam-policy/sqs/terraform.tfvars.example | 9 +- .../iam-policy/sqs/variables.tf | 11 ++- .../iam-role/service-account/README.md | 4 +- .../iam-role/service-account/main.tf | 18 ++-- .../service-account/terraform.tfvars.example | 12 ++- .../iam-role/service-account/variables.tf | 11 ++- .../mysql/aurora/README.md | 4 +- humanitec-resource-defs/mysql/aurora/main.tf | 18 ++-- .../mysql/aurora/terraform.tfvars.example | 9 +- .../mysql/aurora/variables.tf | 11 ++- humanitec-resource-defs/mysql/basic/README.md | 4 +- humanitec-resource-defs/mysql/basic/main.tf | 19 ++-- .../mysql/basic/terraform.tfvars.example | 14 ++- .../mysql/basic/variables.tf | 11 ++- .../postgres/aurora/README.md | 4 +- .../postgres/aurora/main.tf | 18 ++-- .../postgres/aurora/terraform.tfvars.example | 9 +- .../postgres/aurora/variables.tf | 11 ++- .../postgres/basic/README.md | 4 +- .../postgres/basic/main.tf | 19 ++-- .../postgres/basic/terraform.tfvars.example | 14 ++- .../postgres/basic/variables.tf | 11 ++- humanitec-resource-defs/redis/basic/README.md | 4 +- humanitec-resource-defs/redis/basic/main.tf | 18 ++-- .../redis/basic/terraform.tfvars.example | 10 +- .../redis/basic/variables.tf | 11 ++- humanitec-resource-defs/s3/basic/README.md | 4 +- humanitec-resource-defs/s3/basic/main.tf | 18 ++-- .../s3/basic/terraform.tfvars.example | 11 ++- humanitec-resource-defs/s3/basic/variables.tf | 11 ++- humanitec-resource-defs/sqs/basic/README.md | 4 +- humanitec-resource-defs/sqs/basic/main.tf | 18 ++-- .../sqs/basic/terraform.tfvars.example | 11 ++- .../sqs/basic/variables.tf | 11 ++- modules/dns/basic/README.md | 2 - modules/dns/basic/providers.tf | 5 +- modules/dns/basic/terraform.tfvars.example | 7 -- modules/dns/basic/variables.tf | 11 --- .../ecr-create-repository/README.md | 2 - .../ecr-create-repository/providers.tf | 5 +- .../terraform.tfvars.example | 12 +-- .../ecr-create-repository/variables.tf | 8 -- modules/iam-policy/s3-admin/README.md | 2 - modules/iam-policy/s3-admin/providers.tf | 5 +- .../s3-admin/terraform.tfvars.example | 4 +- modules/iam-policy/s3-admin/variables.tf | 8 -- modules/iam-policy/s3-read-only/README.md | 2 - modules/iam-policy/s3-read-only/providers.tf | 5 +- .../s3-read-only/terraform.tfvars.example | 4 +- modules/iam-policy/s3-read-only/variables.tf | 8 -- modules/iam-policy/sqs-admin/README.md | 2 - modules/iam-policy/sqs-admin/providers.tf | 5 +- .../sqs-admin/terraform.tfvars.example | 2 - modules/iam-policy/sqs-admin/variables.tf | 8 -- modules/iam-policy/sqs-consumer/README.md | 2 - modules/iam-policy/sqs-consumer/providers.tf | 5 +- .../sqs-consumer/terraform.tfvars.example | 2 - modules/iam-policy/sqs-consumer/variables.tf | 8 -- modules/iam-policy/sqs-publisher/README.md | 2 - modules/iam-policy/sqs-publisher/providers.tf | 5 +- .../sqs-publisher/terraform.tfvars.example | 2 - modules/iam-policy/sqs-publisher/variables.tf | 8 -- modules/iam-role/service-account/README.md | 2 - modules/iam-role/service-account/providers.tf | 5 +- .../service-account/terraform.tfvars.example | 6 +- modules/iam-role/service-account/variables.tf | 8 -- modules/rds/aurora/README.md | 2 - modules/rds/aurora/providers.tf | 5 +- modules/rds/aurora/terraform.tfvars.example | 2 - modules/rds/aurora/variables.tf | 8 -- modules/rds/basic/README.md | 2 - modules/rds/basic/providers.tf | 5 +- modules/rds/basic/terraform.tfvars.example | 2 - modules/rds/basic/variables.tf | 8 -- modules/redis/basic/README.md | 2 - modules/redis/basic/providers.tf | 5 +- modules/redis/basic/terraform.tfvars.example | 7 -- modules/redis/basic/variables.tf | 10 -- modules/s3/basic/README.md | 2 - modules/s3/basic/providers.tf | 5 +- modules/s3/basic/terraform.tfvars.example | 6 +- modules/s3/basic/variables.tf | 8 -- modules/sqs/basic/README.md | 2 - modules/sqs/basic/providers.tf | 5 +- modules/sqs/basic/terraform.tfvars.example | 10 +- modules/sqs/basic/variables.tf | 8 -- 140 files changed, 1071 insertions(+), 659 deletions(-) diff --git a/examples/dns/README.md b/examples/dns/README.md index ea93d94..b556d6e 100644 --- a/examples/dns/README.md +++ b/examples/dns/README.md @@ -40,13 +40,17 @@ graph LR; | Name | Version | |------|---------| | terraform | >= 1.3.0 | +| aws | ~> 5.0 | | humanitec | ~> 1.0 | +| random | ~> 3.5 | ## Providers | Name | Version | |------|---------| +| aws | ~> 5.0 | | humanitec | ~> 1.0 | +| random | ~> 3.5 | ## Modules @@ -58,17 +62,20 @@ graph LR; | Name | Type | |------|------| +| [aws_iam_role.humanitec_provisioner](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.humanitec_provisioner](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [humanitec_application.example](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/application) | resource | +| [humanitec_resource_account.humanitec_provisioner](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_account) | resource | | [humanitec_resource_definition_criteria.dns](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | +| [random_password.external_id](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | +| [aws_iam_policy_document.instance_assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_key | AWS Access Key | `string` | n/a | yes | | hosted\_zone\_id | The id of the hosted zone in which this record set will reside. | `string` | n/a | yes | | region | AWS Region | `string` | n/a | yes | -| secret\_key | AWS Secret Key | `string` | n/a | yes | | name | Name of the example application | `string` | `"hum-rp-dns-example"` | no | | prefix | Prefix of the created resources | `string` | `"hum-rp-dns-ex-"` | no | | resource\_packs\_aws\_rev | AWS Resource Pack git branch | `string` | `"refs/heads/main"` | no | diff --git a/examples/dns/main.tf b/examples/dns/main.tf index a80d6e2..2297bac 100644 --- a/examples/dns/main.tf +++ b/examples/dns/main.tf @@ -1,3 +1,60 @@ +# AWS IAM role used by Humanitec to provision resources + +locals { + admin_policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess" + humanitec_user_arn = "arn:aws:iam::767398028804:user/humanitec" +} + +resource "random_password" "external_id" { + length = 16 + special = false +} + +data "aws_iam_policy_document" "instance_assume_role_policy" { + statement { + actions = ["sts:AssumeRole"] + + principals { + type = "AWS" + identifiers = [local.humanitec_user_arn] + } + + condition { + test = "StringEquals" + variable = "sts:ExternalId" + values = [random_password.external_id.result] + } + } +} + +resource "aws_iam_role" "humanitec_provisioner" { + name = var.name + + assume_role_policy = data.aws_iam_policy_document.instance_assume_role_policy.json +} + +resource "aws_iam_role_policy_attachment" "humanitec_provisioner" { + role = aws_iam_role.humanitec_provisioner.name + policy_arn = local.admin_policy_arn +} + +resource "humanitec_resource_account" "humanitec_provisioner" { + id = var.name + name = var.name + type = "aws-role" + credentials = jsonencode({ + aws_role = aws_iam_role.humanitec_provisioner.arn + external_id = random_password.external_id.result + }) + + depends_on = [ + # Otherwise the account looses permissions before the resources are deleted + aws_iam_role_policy_attachment.humanitec_provisioner + ] +} + +# Example application and resource definition criteria + resource "humanitec_application" "example" { id = var.name name = var.name @@ -6,11 +63,12 @@ resource "humanitec_application" "example" { module "route53" { source = "../../humanitec-resource-defs/dns/basic" - access_key = var.access_key - secret_key = var.secret_key resource_packs_aws_url = var.resource_packs_aws_url resource_packs_aws_rev = var.resource_packs_aws_rev - region = var.region + append_logs_to_error = true + driver_account = humanitec_resource_account.humanitec_provisioner.id + + region = var.region prefix = var.prefix @@ -20,4 +78,6 @@ module "route53" { resource "humanitec_resource_definition_criteria" "dns" { resource_definition_id = module.route53.id app_id = humanitec_application.example.id + + force_delete = true } diff --git a/examples/dns/providers.tf b/examples/dns/providers.tf index 256300e..b76dbb0 100644 --- a/examples/dns/providers.tf +++ b/examples/dns/providers.tf @@ -1,13 +1,31 @@ terraform { required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.0" + } humanitec = { source = "humanitec/humanitec" version = "~> 1.0" } + random = { + source = "hashicorp/random" + version = "~> 3.5" + } } required_version = ">= 1.3.0" } -provider "humanitec" { +provider "aws" { + default_tags { + tags = { + "managed_by" = "terraform" + "source" = "github.com/humanitec-architecture/resource-pack-aws" + } + } } + +provider "humanitec" {} + +provider "random" {} diff --git a/examples/dns/terraform.tfvars.example b/examples/dns/terraform.tfvars.example index f7b2bc4..16da46f 100644 --- a/examples/dns/terraform.tfvars.example +++ b/examples/dns/terraform.tfvars.example @@ -1,7 +1,4 @@ -# AWS Access Key -access_key = "" - # The id of the hosted zone in which this record set will reside. hosted_zone_id = "" @@ -18,7 +15,4 @@ region = "" resource_packs_aws_rev = "refs/heads/main" # AWS Resource Pack git url -resource_packs_aws_url = "https://github.com/humanitec-architecture/resource-packs-aws.git" - -# AWS Secret Key -secret_key = "" \ No newline at end of file +resource_packs_aws_url = "https://github.com/humanitec-architecture/resource-packs-aws.git" \ No newline at end of file diff --git a/examples/dns/variables.tf b/examples/dns/variables.tf index fc08cdd..a533671 100644 --- a/examples/dns/variables.tf +++ b/examples/dns/variables.tf @@ -1,13 +1,3 @@ -variable "access_key" { - description = "AWS Access Key" - type = string -} - -variable "secret_key" { - description = "AWS Secret Key" - type = string -} - variable "region" { description = "AWS Region" type = string diff --git a/examples/mysql/aurora/README.md b/examples/mysql/aurora/README.md index b955017..6ecfd67 100644 --- a/examples/mysql/aurora/README.md +++ b/examples/mysql/aurora/README.md @@ -41,12 +41,15 @@ graph LR; | terraform | >= 1.3.0 | | aws | ~> 5.0 | | humanitec | ~> 1.0 | +| random | ~> 3.5 | ## Providers | Name | Version | |------|---------| +| aws | ~> 5.0 | | humanitec | ~> 1.0 | +| random | ~> 3.5 | ## Modules @@ -58,17 +61,20 @@ graph LR; | Name | Type | |------|------| +| [aws_iam_role.humanitec_provisioner](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.humanitec_provisioner](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [humanitec_application.app](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/application) | resource | +| [humanitec_resource_account.humanitec_provisioner](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_account) | resource | | [humanitec_resource_definition_criteria.mysql](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | +| [random_password.external_id](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | +| [aws_iam_policy_document.instance_assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_key | AWS Access Key | `string` | n/a | yes | | k8s\_node\_security\_group\_id | AWS Security Group ID of the kubernetes nodes to allow access to the AWS RDS cluster | `string` | n/a | yes | | region | AWS Region to create resources | `string` | n/a | yes | -| secret\_key | AWS Secret Key | `string` | n/a | yes | | subnet\_ids | AWS Subnet IDs to use for the AWS RDS cluster | `set(string)` | n/a | yes | | vpc\_id | AWS VPC ID | `string` | n/a | yes | | name | Name of the example application | `string` | `"hum-rp-mysql-example"` | no | diff --git a/examples/mysql/aurora/main.tf b/examples/mysql/aurora/main.tf index 1dc73cc..f06c3d9 100644 --- a/examples/mysql/aurora/main.tf +++ b/examples/mysql/aurora/main.tf @@ -1,3 +1,60 @@ +# AWS IAM role used by Humanitec to provision resources + +locals { + admin_policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess" + humanitec_user_arn = "arn:aws:iam::767398028804:user/humanitec" +} + +resource "random_password" "external_id" { + length = 16 + special = false +} + +data "aws_iam_policy_document" "instance_assume_role_policy" { + statement { + actions = ["sts:AssumeRole"] + + principals { + type = "AWS" + identifiers = [local.humanitec_user_arn] + } + + condition { + test = "StringEquals" + variable = "sts:ExternalId" + values = [random_password.external_id.result] + } + } +} + +resource "aws_iam_role" "humanitec_provisioner" { + name = var.name + + assume_role_policy = data.aws_iam_policy_document.instance_assume_role_policy.json +} + +resource "aws_iam_role_policy_attachment" "humanitec_provisioner" { + role = aws_iam_role.humanitec_provisioner.name + policy_arn = local.admin_policy_arn +} + +resource "humanitec_resource_account" "humanitec_provisioner" { + id = var.name + name = var.name + type = "aws-role" + credentials = jsonencode({ + aws_role = aws_iam_role.humanitec_provisioner.arn + external_id = random_password.external_id.result + }) + + depends_on = [ + # Otherwise the account looses permissions before the resources are deleted + aws_iam_role_policy_attachment.humanitec_provisioner + ] +} + +# Example application and resource definition criteria + resource "humanitec_application" "app" { id = var.name name = var.name @@ -6,12 +63,12 @@ resource "humanitec_application" "app" { module "mysql" { source = "../../../humanitec-resource-defs/mysql/aurora" - resource_packs_aws_rev = var.resource_packs_aws_rev resource_packs_aws_url = var.resource_packs_aws_url + resource_packs_aws_rev = var.resource_packs_aws_rev + append_logs_to_error = true + driver_account = humanitec_resource_account.humanitec_provisioner.id - access_key = var.access_key - secret_key = var.secret_key - region = var.region + region = var.region prefix = var.prefix name = var.name @@ -32,4 +89,6 @@ module "mysql" { resource "humanitec_resource_definition_criteria" "mysql" { resource_definition_id = module.mysql.id app_id = humanitec_application.app.id + + force_delete = true } diff --git a/examples/mysql/aurora/providers.tf b/examples/mysql/aurora/providers.tf index 7a7e63e..b76dbb0 100644 --- a/examples/mysql/aurora/providers.tf +++ b/examples/mysql/aurora/providers.tf @@ -8,6 +8,10 @@ terraform { source = "humanitec/humanitec" version = "~> 1.0" } + random = { + source = "hashicorp/random" + version = "~> 3.5" + } } required_version = ">= 1.3.0" @@ -22,5 +26,6 @@ provider "aws" { } } -provider "humanitec" { -} +provider "humanitec" {} + +provider "random" {} diff --git a/examples/mysql/aurora/terraform.tfvars.example b/examples/mysql/aurora/terraform.tfvars.example index 780f60a..98e3fed 100644 --- a/examples/mysql/aurora/terraform.tfvars.example +++ b/examples/mysql/aurora/terraform.tfvars.example @@ -1,7 +1,4 @@ -# AWS Access Key -access_key = "" - # AWS Security Group ID of the kubernetes nodes to allow access to the AWS RDS cluster k8s_node_security_group_id = "" @@ -20,9 +17,6 @@ resource_packs_aws_rev = "refs/heads/main" # AWS Resource Pack git url resource_packs_aws_url = "https://github.com/humanitec-architecture/resource-packs-aws.git" -# AWS Secret Key -secret_key = "" - # AWS Subnet IDs to use for the AWS RDS cluster subnet_ids = "" diff --git a/examples/mysql/aurora/variables.tf b/examples/mysql/aurora/variables.tf index 34e8882..75ddd2f 100644 --- a/examples/mysql/aurora/variables.tf +++ b/examples/mysql/aurora/variables.tf @@ -1,13 +1,3 @@ -variable "access_key" { - type = string - description = "AWS Access Key" -} - -variable "secret_key" { - type = string - description = "AWS Secret Key" -} - variable "region" { type = string description = "AWS Region to create resources" diff --git a/examples/mysql/basic/README.md b/examples/mysql/basic/README.md index 9cad22e..40814d2 100644 --- a/examples/mysql/basic/README.md +++ b/examples/mysql/basic/README.md @@ -42,6 +42,7 @@ graph LR; | terraform | >= 1.3.0 | | aws | ~> 5.0 | | humanitec | ~> 1.0 | +| random | ~> 3.5 | ## Providers @@ -49,6 +50,7 @@ graph LR; |------|---------| | aws | ~> 5.0 | | humanitec | ~> 1.0 | +| random | ~> 3.5 | ## Modules @@ -60,19 +62,22 @@ graph LR; | Name | Type | |------|------| +| [aws_iam_role.humanitec_provisioner](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.humanitec_provisioner](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [aws_security_group.mysql](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | | [aws_vpc_security_group_ingress_rule.k8s_node_mysql](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_ingress_rule) | resource | | [humanitec_application.app](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/application) | resource | +| [humanitec_resource_account.humanitec_provisioner](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_account) | resource | | [humanitec_resource_definition_criteria.mysql](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | +| [random_password.external_id](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | +| [aws_iam_policy_document.instance_assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_key | AWS Access Key | `string` | n/a | yes | | k8s\_node\_security\_group\_id | AWS Security Group ID of the kubernetes nodes to allow access to the AWS RDS cluster | `string` | n/a | yes | | region | AWS Region to create resources | `string` | n/a | yes | -| secret\_key | AWS Secret Key | `string` | n/a | yes | | subnet\_ids | AWS Subnet IDs to use for the AWS RDS cluster | `set(string)` | n/a | yes | | vpc\_id | AWS VPC ID | `string` | n/a | yes | | name | Name of the example application | `string` | `"hum-rp-mysql-example"` | no | diff --git a/examples/mysql/basic/main.tf b/examples/mysql/basic/main.tf index 3789615..a956343 100644 --- a/examples/mysql/basic/main.tf +++ b/examples/mysql/basic/main.tf @@ -1,3 +1,60 @@ +# AWS IAM role used by Humanitec to provision resources + +locals { + admin_policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess" + humanitec_user_arn = "arn:aws:iam::767398028804:user/humanitec" +} + +resource "random_password" "external_id" { + length = 16 + special = false +} + +data "aws_iam_policy_document" "instance_assume_role_policy" { + statement { + actions = ["sts:AssumeRole"] + + principals { + type = "AWS" + identifiers = [local.humanitec_user_arn] + } + + condition { + test = "StringEquals" + variable = "sts:ExternalId" + values = [random_password.external_id.result] + } + } +} + +resource "aws_iam_role" "humanitec_provisioner" { + name = var.name + + assume_role_policy = data.aws_iam_policy_document.instance_assume_role_policy.json +} + +resource "aws_iam_role_policy_attachment" "humanitec_provisioner" { + role = aws_iam_role.humanitec_provisioner.name + policy_arn = local.admin_policy_arn +} + +resource "humanitec_resource_account" "humanitec_provisioner" { + id = var.name + name = var.name + type = "aws-role" + credentials = jsonencode({ + aws_role = aws_iam_role.humanitec_provisioner.arn + external_id = random_password.external_id.result + }) + + depends_on = [ + # Otherwise the account looses permissions before the resources are deleted + aws_iam_role_policy_attachment.humanitec_provisioner + ] +} + +# Example application and resource definition criteria + resource "humanitec_application" "app" { id = var.name name = var.name @@ -6,12 +63,12 @@ resource "humanitec_application" "app" { module "mysql" { source = "../../../humanitec-resource-defs/mysql/basic" - resource_packs_aws_rev = var.resource_packs_aws_rev resource_packs_aws_url = var.resource_packs_aws_url + resource_packs_aws_rev = var.resource_packs_aws_rev + append_logs_to_error = true + driver_account = humanitec_resource_account.humanitec_provisioner.id - access_key = var.access_key - secret_key = var.secret_key - region = var.region + region = var.region prefix = var.prefix name = var.name @@ -28,6 +85,8 @@ module "mysql" { resource "humanitec_resource_definition_criteria" "mysql" { resource_definition_id = module.mysql.id app_id = humanitec_application.app.id + + force_delete = true } resource "aws_security_group" "mysql" { diff --git a/examples/mysql/basic/providers.tf b/examples/mysql/basic/providers.tf index 7a7e63e..b76dbb0 100644 --- a/examples/mysql/basic/providers.tf +++ b/examples/mysql/basic/providers.tf @@ -8,6 +8,10 @@ terraform { source = "humanitec/humanitec" version = "~> 1.0" } + random = { + source = "hashicorp/random" + version = "~> 3.5" + } } required_version = ">= 1.3.0" @@ -22,5 +26,6 @@ provider "aws" { } } -provider "humanitec" { -} +provider "humanitec" {} + +provider "random" {} diff --git a/examples/mysql/basic/terraform.tfvars.example b/examples/mysql/basic/terraform.tfvars.example index 780f60a..98e3fed 100644 --- a/examples/mysql/basic/terraform.tfvars.example +++ b/examples/mysql/basic/terraform.tfvars.example @@ -1,7 +1,4 @@ -# AWS Access Key -access_key = "" - # AWS Security Group ID of the kubernetes nodes to allow access to the AWS RDS cluster k8s_node_security_group_id = "" @@ -20,9 +17,6 @@ resource_packs_aws_rev = "refs/heads/main" # AWS Resource Pack git url resource_packs_aws_url = "https://github.com/humanitec-architecture/resource-packs-aws.git" -# AWS Secret Key -secret_key = "" - # AWS Subnet IDs to use for the AWS RDS cluster subnet_ids = "" diff --git a/examples/mysql/basic/variables.tf b/examples/mysql/basic/variables.tf index 34e8882..75ddd2f 100644 --- a/examples/mysql/basic/variables.tf +++ b/examples/mysql/basic/variables.tf @@ -1,13 +1,3 @@ -variable "access_key" { - type = string - description = "AWS Access Key" -} - -variable "secret_key" { - type = string - description = "AWS Secret Key" -} - variable "region" { type = string description = "AWS Region to create resources" diff --git a/examples/postgres/aurora/README.md b/examples/postgres/aurora/README.md index c678ec5..4223b6f 100644 --- a/examples/postgres/aurora/README.md +++ b/examples/postgres/aurora/README.md @@ -41,12 +41,15 @@ graph LR; | terraform | >= 1.3.0 | | aws | ~> 5.0 | | humanitec | ~> 1.0 | +| random | ~> 3.5 | ## Providers | Name | Version | |------|---------| +| aws | ~> 5.0 | | humanitec | ~> 1.0 | +| random | ~> 3.5 | ## Modules @@ -58,17 +61,20 @@ graph LR; | Name | Type | |------|------| +| [aws_iam_role.humanitec_provisioner](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.humanitec_provisioner](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [humanitec_application.app](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/application) | resource | +| [humanitec_resource_account.humanitec_provisioner](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_account) | resource | | [humanitec_resource_definition_criteria.postgres](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | +| [random_password.external_id](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | +| [aws_iam_policy_document.instance_assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_key | AWS Access Key | `string` | n/a | yes | | k8s\_node\_security\_group\_id | AWS Security Group ID of the kubernetes nodes to allow access to the AWS RDS cluster | `string` | n/a | yes | | region | AWS Region to create resources | `string` | n/a | yes | -| secret\_key | AWS Secret Key | `string` | n/a | yes | | subnet\_ids | AWS Subnet IDs to use for the AWS RDS cluster | `set(string)` | n/a | yes | | vpc\_id | AWS VPC ID | `string` | n/a | yes | | name | Name of the example application | `string` | `"hum-rp-postgres-example"` | no | diff --git a/examples/postgres/aurora/main.tf b/examples/postgres/aurora/main.tf index 7ae0b4f..252d10e 100644 --- a/examples/postgres/aurora/main.tf +++ b/examples/postgres/aurora/main.tf @@ -1,3 +1,60 @@ +# AWS IAM role used by Humanitec to provision resources + +locals { + admin_policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess" + humanitec_user_arn = "arn:aws:iam::767398028804:user/humanitec" +} + +resource "random_password" "external_id" { + length = 16 + special = false +} + +data "aws_iam_policy_document" "instance_assume_role_policy" { + statement { + actions = ["sts:AssumeRole"] + + principals { + type = "AWS" + identifiers = [local.humanitec_user_arn] + } + + condition { + test = "StringEquals" + variable = "sts:ExternalId" + values = [random_password.external_id.result] + } + } +} + +resource "aws_iam_role" "humanitec_provisioner" { + name = var.name + + assume_role_policy = data.aws_iam_policy_document.instance_assume_role_policy.json +} + +resource "aws_iam_role_policy_attachment" "humanitec_provisioner" { + role = aws_iam_role.humanitec_provisioner.name + policy_arn = local.admin_policy_arn +} + +resource "humanitec_resource_account" "humanitec_provisioner" { + id = var.name + name = var.name + type = "aws-role" + credentials = jsonencode({ + aws_role = aws_iam_role.humanitec_provisioner.arn + external_id = random_password.external_id.result + }) + + depends_on = [ + # Otherwise the account looses permissions before the resources are deleted + aws_iam_role_policy_attachment.humanitec_provisioner + ] +} + +# Example application and resource definition criteria + resource "humanitec_application" "app" { id = var.name name = var.name @@ -6,12 +63,12 @@ resource "humanitec_application" "app" { module "postgres" { source = "../../../humanitec-resource-defs/postgres/aurora" - resource_packs_aws_rev = var.resource_packs_aws_rev resource_packs_aws_url = var.resource_packs_aws_url + resource_packs_aws_rev = var.resource_packs_aws_rev + append_logs_to_error = true + driver_account = humanitec_resource_account.humanitec_provisioner.id - access_key = var.access_key - secret_key = var.secret_key - region = var.region + region = var.region prefix = var.prefix name = var.name @@ -32,4 +89,6 @@ module "postgres" { resource "humanitec_resource_definition_criteria" "postgres" { resource_definition_id = module.postgres.id app_id = humanitec_application.app.id + + force_delete = true } diff --git a/examples/postgres/aurora/providers.tf b/examples/postgres/aurora/providers.tf index 7a7e63e..b76dbb0 100644 --- a/examples/postgres/aurora/providers.tf +++ b/examples/postgres/aurora/providers.tf @@ -8,6 +8,10 @@ terraform { source = "humanitec/humanitec" version = "~> 1.0" } + random = { + source = "hashicorp/random" + version = "~> 3.5" + } } required_version = ">= 1.3.0" @@ -22,5 +26,6 @@ provider "aws" { } } -provider "humanitec" { -} +provider "humanitec" {} + +provider "random" {} diff --git a/examples/postgres/aurora/terraform.tfvars.example b/examples/postgres/aurora/terraform.tfvars.example index 392b929..c2bbe7e 100644 --- a/examples/postgres/aurora/terraform.tfvars.example +++ b/examples/postgres/aurora/terraform.tfvars.example @@ -1,7 +1,4 @@ -# AWS Access Key -access_key = "" - # AWS Security Group ID of the kubernetes nodes to allow access to the AWS RDS cluster k8s_node_security_group_id = "" @@ -20,9 +17,6 @@ resource_packs_aws_rev = "refs/heads/main" # AWS Resource Pack git url resource_packs_aws_url = "https://github.com/humanitec-architecture/resource-packs-aws.git" -# AWS Secret Key -secret_key = "" - # AWS Subnet IDs to use for the AWS RDS cluster subnet_ids = "" diff --git a/examples/postgres/aurora/variables.tf b/examples/postgres/aurora/variables.tf index 15fb1be..0ff3e66 100644 --- a/examples/postgres/aurora/variables.tf +++ b/examples/postgres/aurora/variables.tf @@ -1,13 +1,3 @@ -variable "access_key" { - type = string - description = "AWS Access Key" -} - -variable "secret_key" { - type = string - description = "AWS Secret Key" -} - variable "region" { type = string description = "AWS Region to create resources" diff --git a/examples/postgres/basic/README.md b/examples/postgres/basic/README.md index afabce4..a3ad16b 100644 --- a/examples/postgres/basic/README.md +++ b/examples/postgres/basic/README.md @@ -41,6 +41,7 @@ graph LR; | terraform | >= 1.3.0 | | aws | ~> 5.0 | | humanitec | ~> 1.0 | +| random | ~> 3.5 | ## Providers @@ -48,6 +49,7 @@ graph LR; |------|---------| | aws | ~> 5.0 | | humanitec | ~> 1.0 | +| random | ~> 3.5 | ## Modules @@ -59,19 +61,22 @@ graph LR; | Name | Type | |------|------| +| [aws_iam_role.humanitec_provisioner](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.humanitec_provisioner](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [aws_security_group.postgres](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | | [aws_vpc_security_group_ingress_rule.k8s_node_postgres](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_ingress_rule) | resource | | [humanitec_application.app](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/application) | resource | +| [humanitec_resource_account.humanitec_provisioner](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_account) | resource | | [humanitec_resource_definition_criteria.postgres](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | +| [random_password.external_id](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | +| [aws_iam_policy_document.instance_assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_key | AWS Access Key | `string` | n/a | yes | | k8s\_node\_security\_group\_id | AWS Security Group ID of the kubernetes nodes to allow access to the AWS RDS cluster | `string` | n/a | yes | | region | AWS Region to create resources | `string` | n/a | yes | -| secret\_key | AWS Secret Key | `string` | n/a | yes | | subnet\_ids | AWS Subnet IDs to use for the AWS RDS cluster | `set(string)` | n/a | yes | | vpc\_id | AWS VPC ID | `string` | n/a | yes | | name | Name of the example application | `string` | `"hum-rp-postgres-example"` | no | diff --git a/examples/postgres/basic/main.tf b/examples/postgres/basic/main.tf index 69447e9..ac2e938 100644 --- a/examples/postgres/basic/main.tf +++ b/examples/postgres/basic/main.tf @@ -1,3 +1,60 @@ +# AWS IAM role used by Humanitec to provision resources + +locals { + admin_policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess" + humanitec_user_arn = "arn:aws:iam::767398028804:user/humanitec" +} + +resource "random_password" "external_id" { + length = 16 + special = false +} + +data "aws_iam_policy_document" "instance_assume_role_policy" { + statement { + actions = ["sts:AssumeRole"] + + principals { + type = "AWS" + identifiers = [local.humanitec_user_arn] + } + + condition { + test = "StringEquals" + variable = "sts:ExternalId" + values = [random_password.external_id.result] + } + } +} + +resource "aws_iam_role" "humanitec_provisioner" { + name = var.name + + assume_role_policy = data.aws_iam_policy_document.instance_assume_role_policy.json +} + +resource "aws_iam_role_policy_attachment" "humanitec_provisioner" { + role = aws_iam_role.humanitec_provisioner.name + policy_arn = local.admin_policy_arn +} + +resource "humanitec_resource_account" "humanitec_provisioner" { + id = var.name + name = var.name + type = "aws-role" + credentials = jsonencode({ + aws_role = aws_iam_role.humanitec_provisioner.arn + external_id = random_password.external_id.result + }) + + depends_on = [ + # Otherwise the account looses permissions before the resources are deleted + aws_iam_role_policy_attachment.humanitec_provisioner + ] +} + +# Example application and resource definition criteria + resource "humanitec_application" "app" { id = var.name name = var.name @@ -6,12 +63,12 @@ resource "humanitec_application" "app" { module "postgres" { source = "../../../humanitec-resource-defs/postgres/basic" - resource_packs_aws_rev = var.resource_packs_aws_rev resource_packs_aws_url = var.resource_packs_aws_url + resource_packs_aws_rev = var.resource_packs_aws_rev + append_logs_to_error = true + driver_account = humanitec_resource_account.humanitec_provisioner.id - access_key = var.access_key - secret_key = var.secret_key - region = var.region + region = var.region prefix = var.prefix name = var.name @@ -28,6 +85,8 @@ module "postgres" { resource "humanitec_resource_definition_criteria" "postgres" { resource_definition_id = module.postgres.id app_id = humanitec_application.app.id + + force_delete = true } resource "aws_security_group" "postgres" { diff --git a/examples/postgres/basic/providers.tf b/examples/postgres/basic/providers.tf index 7a7e63e..b76dbb0 100644 --- a/examples/postgres/basic/providers.tf +++ b/examples/postgres/basic/providers.tf @@ -8,6 +8,10 @@ terraform { source = "humanitec/humanitec" version = "~> 1.0" } + random = { + source = "hashicorp/random" + version = "~> 3.5" + } } required_version = ">= 1.3.0" @@ -22,5 +26,6 @@ provider "aws" { } } -provider "humanitec" { -} +provider "humanitec" {} + +provider "random" {} diff --git a/examples/postgres/basic/terraform.tfvars.example b/examples/postgres/basic/terraform.tfvars.example index 392b929..c2bbe7e 100644 --- a/examples/postgres/basic/terraform.tfvars.example +++ b/examples/postgres/basic/terraform.tfvars.example @@ -1,7 +1,4 @@ -# AWS Access Key -access_key = "" - # AWS Security Group ID of the kubernetes nodes to allow access to the AWS RDS cluster k8s_node_security_group_id = "" @@ -20,9 +17,6 @@ resource_packs_aws_rev = "refs/heads/main" # AWS Resource Pack git url resource_packs_aws_url = "https://github.com/humanitec-architecture/resource-packs-aws.git" -# AWS Secret Key -secret_key = "" - # AWS Subnet IDs to use for the AWS RDS cluster subnet_ids = "" diff --git a/examples/postgres/basic/variables.tf b/examples/postgres/basic/variables.tf index 15fb1be..0ff3e66 100644 --- a/examples/postgres/basic/variables.tf +++ b/examples/postgres/basic/variables.tf @@ -1,13 +1,3 @@ -variable "access_key" { - type = string - description = "AWS Access Key" -} - -variable "secret_key" { - type = string - description = "AWS Secret Key" -} - variable "region" { type = string description = "AWS Region to create resources" diff --git a/examples/redis/README.md b/examples/redis/README.md index 44c0fb6..a1c89b0 100644 --- a/examples/redis/README.md +++ b/examples/redis/README.md @@ -42,6 +42,7 @@ graph LR; | terraform | >= 1.3.0 | | aws | ~> 5.0 | | humanitec | ~> 1.0 | +| random | ~> 3.5 | ## Providers @@ -49,6 +50,7 @@ graph LR; |------|---------| | aws | ~> 5.0 | | humanitec | ~> 1.0 | +| random | ~> 3.5 | ## Modules @@ -61,19 +63,22 @@ graph LR; | Name | Type | |------|------| | [aws_elasticache_subnet_group.redis](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_subnet_group) | resource | +| [aws_iam_role.humanitec_provisioner](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.humanitec_provisioner](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [aws_security_group.redis](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | | [aws_vpc_security_group_ingress_rule.k8s_node_redis](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_ingress_rule) | resource | | [humanitec_application.example](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/application) | resource | +| [humanitec_resource_account.humanitec_provisioner](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_account) | resource | | [humanitec_resource_definition_criteria.redis](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | +| [random_password.external_id](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | +| [aws_iam_policy_document.instance_assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_key | AWS Access Key | `string` | n/a | yes | | k8s\_node\_security\_group\_id | AWS Security Group ID of the kubernetes nodes to allow access to the AWS ElastiCache cluster | `string` | n/a | yes | | region | AWS Region | `string` | n/a | yes | -| secret\_key | AWS Secret Key | `string` | n/a | yes | | subnet\_ids | AWS Subnet IDs to use for the AWS ElastiCache cluster | `set(string)` | n/a | yes | | vpc\_id | AWS VPC ID | `string` | n/a | yes | | name | Name of the example application | `string` | `"hum-rp-redis-example"` | no | diff --git a/examples/redis/main.tf b/examples/redis/main.tf index 12af0a7..747d344 100644 --- a/examples/redis/main.tf +++ b/examples/redis/main.tf @@ -1,10 +1,60 @@ -# Prepare application, subnet group and security group +# AWS IAM role used by Humanitec to provision resources -resource "humanitec_application" "example" { +locals { + admin_policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess" + humanitec_user_arn = "arn:aws:iam::767398028804:user/humanitec" +} + +resource "random_password" "external_id" { + length = 16 + special = false +} + +data "aws_iam_policy_document" "instance_assume_role_policy" { + statement { + actions = ["sts:AssumeRole"] + + principals { + type = "AWS" + identifiers = [local.humanitec_user_arn] + } + + condition { + test = "StringEquals" + variable = "sts:ExternalId" + values = [random_password.external_id.result] + } + } +} + +resource "aws_iam_role" "humanitec_provisioner" { + name = var.name + + assume_role_policy = data.aws_iam_policy_document.instance_assume_role_policy.json +} + +resource "aws_iam_role_policy_attachment" "humanitec_provisioner" { + role = aws_iam_role.humanitec_provisioner.name + policy_arn = local.admin_policy_arn +} + +resource "humanitec_resource_account" "humanitec_provisioner" { id = var.name name = var.name + type = "aws-role" + credentials = jsonencode({ + aws_role = aws_iam_role.humanitec_provisioner.arn + external_id = random_password.external_id.result + }) + + depends_on = [ + # Otherwise the account looses permissions before the resources are deleted + aws_iam_role_policy_attachment.humanitec_provisioner + ] } +# Prepare ElastiCache subnet group and security group + resource "aws_elasticache_subnet_group" "redis" { name = "redis" subnet_ids = var.subnet_ids @@ -25,16 +75,22 @@ resource "aws_vpc_security_group_ingress_rule" "k8s_node_redis" { to_port = 6379 } -# AWS Elasticache Redis +# Example application and resource definition criteria + +resource "humanitec_application" "example" { + id = var.name + name = var.name +} module "redis" { source = "../../humanitec-resource-defs/redis/basic" - access_key = var.access_key - secret_key = var.secret_key resource_packs_aws_url = var.resource_packs_aws_url resource_packs_aws_rev = var.resource_packs_aws_rev - region = var.region + append_logs_to_error = true + driver_account = humanitec_resource_account.humanitec_provisioner.id + + region = var.region prefix = var.prefix subnet_group_name = aws_elasticache_subnet_group.redis.name @@ -44,4 +100,6 @@ module "redis" { resource "humanitec_resource_definition_criteria" "redis" { resource_definition_id = module.redis.id app_id = humanitec_application.example.id + + force_delete = true } diff --git a/examples/redis/providers.tf b/examples/redis/providers.tf index 5af16bf..b76dbb0 100644 --- a/examples/redis/providers.tf +++ b/examples/redis/providers.tf @@ -8,6 +8,10 @@ terraform { source = "humanitec/humanitec" version = "~> 1.0" } + random = { + source = "hashicorp/random" + version = "~> 3.5" + } } required_version = ">= 1.3.0" @@ -23,3 +27,5 @@ provider "aws" { } provider "humanitec" {} + +provider "random" {} diff --git a/examples/redis/terraform.tfvars.example b/examples/redis/terraform.tfvars.example index e0bbc94..53a59ce 100644 --- a/examples/redis/terraform.tfvars.example +++ b/examples/redis/terraform.tfvars.example @@ -1,7 +1,4 @@ -# AWS Access Key -access_key = "" - # AWS Security Group ID of the kubernetes nodes to allow access to the AWS ElastiCache cluster k8s_node_security_group_id = "" @@ -20,9 +17,6 @@ resource_packs_aws_rev = "refs/heads/main" # AWS Resource Pack git url resource_packs_aws_url = "https://github.com/humanitec-architecture/resource-packs-aws.git" -# AWS Secret Key -secret_key = "" - # AWS Subnet IDs to use for the AWS ElastiCache cluster subnet_ids = "" diff --git a/examples/redis/variables.tf b/examples/redis/variables.tf index f7887f9..565ab5a 100644 --- a/examples/redis/variables.tf +++ b/examples/redis/variables.tf @@ -1,13 +1,3 @@ -variable "access_key" { - description = "AWS Access Key" - type = string -} - -variable "secret_key" { - description = "AWS Secret Key" - type = string -} - variable "region" { description = "AWS Region" type = string diff --git a/examples/s3/README.md b/examples/s3/README.md index d04bb96..fa68940 100644 --- a/examples/s3/README.md +++ b/examples/s3/README.md @@ -50,13 +50,17 @@ graph LR; | Name | Version | |------|---------| | terraform | >= 1.3.0 | +| aws | ~> 5.0 | | humanitec | ~> 1.0 | +| random | ~> 3.5 | ## Providers | Name | Version | |------|---------| +| aws | ~> 5.0 | | humanitec | ~> 1.0 | +| random | ~> 3.5 | ## Modules @@ -75,7 +79,10 @@ graph LR; | Name | Type | |------|------| +| [aws_iam_role.humanitec_provisioner](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.humanitec_provisioner](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [humanitec_application.example](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/application) | resource | +| [humanitec_resource_account.humanitec_provisioner](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_account) | resource | | [humanitec_resource_definition_criteria.iam_policy_s3_admin](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | | [humanitec_resource_definition_criteria.iam_policy_s3_read_only](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | | [humanitec_resource_definition_criteria.iam_role_service_account](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | @@ -84,15 +91,15 @@ graph LR; | [humanitec_resource_definition_criteria.s3_basic_admin](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | | [humanitec_resource_definition_criteria.s3_basic_read_only](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | | [humanitec_resource_definition_criteria.workload](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | +| [random_password.external_id](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | +| [aws_iam_policy_document.instance_assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_key | AWS Access Key | `string` | n/a | yes | | cluster\_name | Name of the EKS cluster | `string` | n/a | yes | | region | AWS Region | `string` | n/a | yes | -| secret\_key | AWS Secret Key | `string` | n/a | yes | | name | Name of the example application | `string` | `"hum-rp-s3-example"` | no | | prefix | Prefix of the created resources | `string` | `"hum-rp-s3-ex-"` | no | | resource\_packs\_aws\_rev | AWS Resource Pack git branch | `string` | `"refs/heads/main"` | no | diff --git a/examples/s3/main.tf b/examples/s3/main.tf index 7614182..ae072fd 100644 --- a/examples/s3/main.tf +++ b/examples/s3/main.tf @@ -1,3 +1,60 @@ +# AWS IAM role used by Humanitec to provision resources + +locals { + admin_policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess" + humanitec_user_arn = "arn:aws:iam::767398028804:user/humanitec" +} + +resource "random_password" "external_id" { + length = 16 + special = false +} + +data "aws_iam_policy_document" "instance_assume_role_policy" { + statement { + actions = ["sts:AssumeRole"] + + principals { + type = "AWS" + identifiers = [local.humanitec_user_arn] + } + + condition { + test = "StringEquals" + variable = "sts:ExternalId" + values = [random_password.external_id.result] + } + } +} + +resource "aws_iam_role" "humanitec_provisioner" { + name = var.name + + assume_role_policy = data.aws_iam_policy_document.instance_assume_role_policy.json +} + +resource "aws_iam_role_policy_attachment" "humanitec_provisioner" { + role = aws_iam_role.humanitec_provisioner.name + policy_arn = local.admin_policy_arn +} + +resource "humanitec_resource_account" "humanitec_provisioner" { + id = var.name + name = var.name + type = "aws-role" + credentials = jsonencode({ + aws_role = aws_iam_role.humanitec_provisioner.arn + external_id = random_password.external_id.result + }) + + depends_on = [ + # Otherwise the account looses permissions before the resources are deleted + aws_iam_role_policy_attachment.humanitec_provisioner + ] +} + +# Example application and resource definition criteria + resource "humanitec_application" "example" { id = var.name name = var.name @@ -23,10 +80,10 @@ module "s3_basic" { resource_packs_aws_url = var.resource_packs_aws_url resource_packs_aws_rev = var.resource_packs_aws_rev + append_logs_to_error = true + driver_account = humanitec_resource_account.humanitec_provisioner.id - access_key = var.access_key - secret_key = var.secret_key - region = var.region + region = var.region prefix = var.prefix } @@ -35,6 +92,8 @@ resource "humanitec_resource_definition_criteria" "s3_basic" { resource_definition_id = module.s3_basic.id app_id = humanitec_application.example.id class = local.s3_basic_class + + force_delete = true } # Add different access policy to s3 basic bucket @@ -47,10 +106,10 @@ module "iam_policy_s3_admin" { resource_packs_aws_url = var.resource_packs_aws_url resource_packs_aws_rev = var.resource_packs_aws_rev + append_logs_to_error = true + driver_account = humanitec_resource_account.humanitec_provisioner.id - access_key = var.access_key - secret_key = var.secret_key - region = var.region + region = var.region policy = "admin" @@ -63,6 +122,8 @@ resource "humanitec_resource_definition_criteria" "iam_policy_s3_admin" { resource_definition_id = module.iam_policy_s3_admin.id app_id = humanitec_application.example.id class = local.s3_admin_policy_class + + force_delete = true } ## Exposed delegator resource definition @@ -79,6 +140,8 @@ resource "humanitec_resource_definition_criteria" "s3_basic_admin" { resource_definition_id = module.s3_basic_admin.id app_id = humanitec_application.example.id class = local.s3_basic_admin_class + + force_delete = true } @@ -90,10 +153,10 @@ module "iam_policy_s3_read_only" { resource_packs_aws_url = var.resource_packs_aws_url resource_packs_aws_rev = var.resource_packs_aws_rev + append_logs_to_error = true + driver_account = humanitec_resource_account.humanitec_provisioner.id - access_key = var.access_key - secret_key = var.secret_key - region = var.region + region = var.region policy = "read-only" @@ -106,6 +169,8 @@ resource "humanitec_resource_definition_criteria" "iam_policy_s3_read_only" { resource_definition_id = module.iam_policy_s3_read_only.id app_id = humanitec_application.example.id class = local.s3_read_only_policy_class + + force_delete = true } ## Exposed delegator resource definition @@ -122,6 +187,8 @@ resource "humanitec_resource_definition_criteria" "s3_basic_read_only" { resource_definition_id = module.s3_basic_read_only.id app_id = humanitec_application.example.id class = local.s3_basic_read_only_class + + force_delete = true } @@ -136,6 +203,8 @@ module "k8s_service_account" { resource "humanitec_resource_definition_criteria" "k8s_service_account" { resource_definition_id = module.k8s_service_account.id app_id = humanitec_application.example.id + + force_delete = true } module "iam_role_service_account" { @@ -143,10 +212,10 @@ module "iam_role_service_account" { resource_packs_aws_url = var.resource_packs_aws_url resource_packs_aws_rev = var.resource_packs_aws_rev + append_logs_to_error = true + driver_account = humanitec_resource_account.humanitec_provisioner.id - access_key = var.access_key - secret_key = var.secret_key - region = var.region + region = var.region cluster_name = var.cluster_name prefix = var.prefix @@ -155,6 +224,8 @@ module "iam_role_service_account" { resource "humanitec_resource_definition_criteria" "iam_role_service_account" { resource_definition_id = module.iam_role_service_account.id app_id = humanitec_application.example.id + + force_delete = true } module "workload" { @@ -166,4 +237,6 @@ module "workload" { resource "humanitec_resource_definition_criteria" "workload" { resource_definition_id = module.workload.id app_id = humanitec_application.example.id + + force_delete = true } diff --git a/examples/s3/providers.tf b/examples/s3/providers.tf index 4173d2a..b76dbb0 100644 --- a/examples/s3/providers.tf +++ b/examples/s3/providers.tf @@ -1,14 +1,31 @@ terraform { required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.0" + } humanitec = { source = "humanitec/humanitec" version = "~> 1.0" } + random = { + source = "hashicorp/random" + version = "~> 3.5" + } } required_version = ">= 1.3.0" } - -provider "humanitec" { +provider "aws" { + default_tags { + tags = { + "managed_by" = "terraform" + "source" = "github.com/humanitec-architecture/resource-pack-aws" + } + } } + +provider "humanitec" {} + +provider "random" {} diff --git a/examples/s3/terraform.tfvars.example b/examples/s3/terraform.tfvars.example index 6cfddaf..809e0c5 100644 --- a/examples/s3/terraform.tfvars.example +++ b/examples/s3/terraform.tfvars.example @@ -1,7 +1,4 @@ -# AWS Access Key -access_key = "" - # Name of the EKS cluster cluster_name = "" @@ -18,7 +15,4 @@ region = "" resource_packs_aws_rev = "refs/heads/main" # AWS Resource Pack git url -resource_packs_aws_url = "https://github.com/humanitec-architecture/resource-packs-aws.git" - -# AWS Secret Key -secret_key = "" \ No newline at end of file +resource_packs_aws_url = "https://github.com/humanitec-architecture/resource-packs-aws.git" \ No newline at end of file diff --git a/examples/s3/variables.tf b/examples/s3/variables.tf index cc6a409..59328af 100644 --- a/examples/s3/variables.tf +++ b/examples/s3/variables.tf @@ -1,13 +1,3 @@ -variable "access_key" { - description = "AWS Access Key" - type = string -} - -variable "secret_key" { - description = "AWS Secret Key" - type = string -} - variable "region" { description = "AWS Region" type = string diff --git a/examples/sqs/README.md b/examples/sqs/README.md index 7a046d4..f2a7668 100644 --- a/examples/sqs/README.md +++ b/examples/sqs/README.md @@ -50,13 +50,17 @@ graph LR; | Name | Version | |------|---------| | terraform | >= 1.3.0 | +| aws | ~> 5.0 | | humanitec | ~> 1.0 | +| random | ~> 3.5 | ## Providers | Name | Version | |------|---------| +| aws | ~> 5.0 | | humanitec | ~> 1.0 | +| random | ~> 3.5 | ## Modules @@ -75,7 +79,10 @@ graph LR; | Name | Type | |------|------| +| [aws_iam_role.humanitec_provisioner](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.humanitec_provisioner](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [humanitec_application.example](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/application) | resource | +| [humanitec_resource_account.humanitec_provisioner](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_account) | resource | | [humanitec_resource_definition_criteria.iam_policy_sqs_consumer](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | | [humanitec_resource_definition_criteria.iam_policy_sqs_publisher](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | | [humanitec_resource_definition_criteria.iam_role_service_account](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | @@ -84,17 +91,17 @@ graph LR; | [humanitec_resource_definition_criteria.sqs_basic_consumer](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | | [humanitec_resource_definition_criteria.sqs_basic_publisher](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | | [humanitec_resource_definition_criteria.workload](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition_criteria) | resource | +| [random_password.external_id](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | +| [aws_iam_policy_document.instance_assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_key | AWS Access Key | `string` | n/a | yes | | cluster\_name | Name of the EKS cluster | `string` | n/a | yes | | region | AWS Region | `string` | n/a | yes | -| secret\_key | AWS Secret Key | `string` | n/a | yes | -| name | Name of the example application | `string` | `"hum-rp-s3-example"` | no | -| prefix | Prefix of the created resources | `string` | `"hum-rp-s3-ex-"` | no | +| name | Name of the example application | `string` | `"hum-rp-sqs-example"` | no | +| prefix | Prefix of the created resources | `string` | `"hum-rp-sqs-ex-"` | no | | resource\_packs\_aws\_rev | AWS Resource Pack git branch | `string` | `"refs/heads/main"` | no | | resource\_packs\_aws\_url | AWS Resource Pack git url | `string` | `"https://github.com/humanitec-architecture/resource-packs-aws.git"` | no | diff --git a/examples/sqs/main.tf b/examples/sqs/main.tf index 0e03308..d414d07 100644 --- a/examples/sqs/main.tf +++ b/examples/sqs/main.tf @@ -1,3 +1,60 @@ +# AWS IAM role used by Humanitec to provision resources + +locals { + admin_policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess" + humanitec_user_arn = "arn:aws:iam::767398028804:user/humanitec" +} + +resource "random_password" "external_id" { + length = 16 + special = false +} + +data "aws_iam_policy_document" "instance_assume_role_policy" { + statement { + actions = ["sts:AssumeRole"] + + principals { + type = "AWS" + identifiers = [local.humanitec_user_arn] + } + + condition { + test = "StringEquals" + variable = "sts:ExternalId" + values = [random_password.external_id.result] + } + } +} + +resource "aws_iam_role" "humanitec_provisioner" { + name = var.name + + assume_role_policy = data.aws_iam_policy_document.instance_assume_role_policy.json +} + +resource "aws_iam_role_policy_attachment" "humanitec_provisioner" { + role = aws_iam_role.humanitec_provisioner.name + policy_arn = local.admin_policy_arn +} + +resource "humanitec_resource_account" "humanitec_provisioner" { + id = var.name + name = var.name + type = "aws-role" + credentials = jsonencode({ + aws_role = aws_iam_role.humanitec_provisioner.arn + external_id = random_password.external_id.result + }) + + depends_on = [ + # Otherwise the account looses permissions before the resources are deleted + aws_iam_role_policy_attachment.humanitec_provisioner + ] +} + +# Example application and resource definition criteria + resource "humanitec_application" "example" { id = var.name name = var.name @@ -23,10 +80,10 @@ module "sqs_basic" { resource_packs_aws_url = var.resource_packs_aws_url resource_packs_aws_rev = var.resource_packs_aws_rev + append_logs_to_error = true + driver_account = humanitec_resource_account.humanitec_provisioner.id - access_key = var.access_key - secret_key = var.secret_key - region = var.region + region = var.region prefix = var.prefix } @@ -35,6 +92,8 @@ resource "humanitec_resource_definition_criteria" "sqs_basic" { resource_definition_id = module.sqs_basic.id app_id = humanitec_application.example.id class = local.sqs_basic_class + + force_delete = true } # Add different access policy to sqs basic queue @@ -48,10 +107,10 @@ module "iam_policy_sqs_publisher" { resource_packs_aws_url = var.resource_packs_aws_url resource_packs_aws_rev = var.resource_packs_aws_rev + append_logs_to_error = true + driver_account = humanitec_resource_account.humanitec_provisioner.id - access_key = var.access_key - secret_key = var.secret_key - region = var.region + region = var.region prefix = var.prefix policy = "publisher" @@ -62,6 +121,8 @@ resource "humanitec_resource_definition_criteria" "iam_policy_sqs_publisher" { resource_definition_id = module.iam_policy_sqs_publisher.id app_id = humanitec_application.example.id class = local.sqs_publisher_policy_class + + force_delete = true } ## Exposed delegator resource definition @@ -78,6 +139,8 @@ resource "humanitec_resource_definition_criteria" "sqs_basic_publisher" { resource_definition_id = module.sqs_basic_publisher.id app_id = humanitec_application.example.id class = local.sqs_basic_publisher_class + + force_delete = true } # Consumer @@ -88,10 +151,10 @@ module "iam_policy_sqs_consumer" { resource_packs_aws_url = var.resource_packs_aws_url resource_packs_aws_rev = var.resource_packs_aws_rev + append_logs_to_error = true + driver_account = humanitec_resource_account.humanitec_provisioner.id - access_key = var.access_key - secret_key = var.secret_key - region = var.region + region = var.region policy = "consumer" @@ -104,6 +167,8 @@ resource "humanitec_resource_definition_criteria" "iam_policy_sqs_consumer" { resource_definition_id = module.iam_policy_sqs_consumer.id app_id = humanitec_application.example.id class = local.sqs_consumer_policy_class + + force_delete = true } ## Exposed delegator resource definition @@ -120,6 +185,8 @@ resource "humanitec_resource_definition_criteria" "sqs_basic_consumer" { resource_definition_id = module.sqs_basic_consumer.id app_id = humanitec_application.example.id class = local.sqs_basic_consumer_class + + force_delete = true } @@ -134,6 +201,8 @@ module "k8s_service_account" { resource "humanitec_resource_definition_criteria" "k8s_service_account" { resource_definition_id = module.k8s_service_account.id app_id = humanitec_application.example.id + + force_delete = true } module "iam_role_service_account" { @@ -141,10 +210,10 @@ module "iam_role_service_account" { resource_packs_aws_url = var.resource_packs_aws_url resource_packs_aws_rev = var.resource_packs_aws_rev + append_logs_to_error = true + driver_account = humanitec_resource_account.humanitec_provisioner.id - access_key = var.access_key - secret_key = var.secret_key - region = var.region + region = var.region cluster_name = var.cluster_name prefix = var.prefix @@ -153,6 +222,8 @@ module "iam_role_service_account" { resource "humanitec_resource_definition_criteria" "iam_role_service_account" { resource_definition_id = module.iam_role_service_account.id app_id = humanitec_application.example.id + + force_delete = true } module "workload" { @@ -164,4 +235,6 @@ module "workload" { resource "humanitec_resource_definition_criteria" "workload" { resource_definition_id = module.workload.id app_id = humanitec_application.example.id + + force_delete = true } diff --git a/examples/sqs/providers.tf b/examples/sqs/providers.tf index 4173d2a..b76dbb0 100644 --- a/examples/sqs/providers.tf +++ b/examples/sqs/providers.tf @@ -1,14 +1,31 @@ terraform { required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.0" + } humanitec = { source = "humanitec/humanitec" version = "~> 1.0" } + random = { + source = "hashicorp/random" + version = "~> 3.5" + } } required_version = ">= 1.3.0" } - -provider "humanitec" { +provider "aws" { + default_tags { + tags = { + "managed_by" = "terraform" + "source" = "github.com/humanitec-architecture/resource-pack-aws" + } + } } + +provider "humanitec" {} + +provider "random" {} diff --git a/examples/sqs/terraform.tfvars.example b/examples/sqs/terraform.tfvars.example index 6cfddaf..290e9ec 100644 --- a/examples/sqs/terraform.tfvars.example +++ b/examples/sqs/terraform.tfvars.example @@ -1,15 +1,12 @@ -# AWS Access Key -access_key = "" - # Name of the EKS cluster cluster_name = "" # Name of the example application -name = "hum-rp-s3-example" +name = "hum-rp-sqs-example" # Prefix of the created resources -prefix = "hum-rp-s3-ex-" +prefix = "hum-rp-sqs-ex-" # AWS Region region = "" @@ -18,7 +15,4 @@ region = "" resource_packs_aws_rev = "refs/heads/main" # AWS Resource Pack git url -resource_packs_aws_url = "https://github.com/humanitec-architecture/resource-packs-aws.git" - -# AWS Secret Key -secret_key = "" \ No newline at end of file +resource_packs_aws_url = "https://github.com/humanitec-architecture/resource-packs-aws.git" \ No newline at end of file diff --git a/examples/sqs/variables.tf b/examples/sqs/variables.tf index cc6a409..206362d 100644 --- a/examples/sqs/variables.tf +++ b/examples/sqs/variables.tf @@ -1,13 +1,3 @@ -variable "access_key" { - description = "AWS Access Key" - type = string -} - -variable "secret_key" { - description = "AWS Secret Key" - type = string -} - variable "region" { description = "AWS Region" type = string @@ -33,11 +23,11 @@ variable "resource_packs_aws_rev" { variable "name" { description = "Name of the example application" type = string - default = "hum-rp-s3-example" + default = "hum-rp-sqs-example" } variable "prefix" { description = "Prefix of the created resources" type = string - default = "hum-rp-s3-ex-" + default = "hum-rp-sqs-ex-" } diff --git a/humanitec-resource-defs/dns/basic/README.md b/humanitec-resource-defs/dns/basic/README.md index 216e16f..76fd7c6 100644 --- a/humanitec-resource-defs/dns/basic/README.md +++ b/humanitec-resource-defs/dns/basic/README.md @@ -22,11 +22,11 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_key | AWS Access Key | `string` | n/a | yes | +| driver\_account | The ID of the Resource Account which should be used. | `string` | n/a | yes | | hosted\_zone\_id | The id of the hosted zone in which this record set will reside. | `string` | n/a | yes | | prefix | Prefix for all resources | `string` | n/a | yes | | region | AWS Region | `string` | n/a | yes | -| secret\_key | AWS Secret Key | `string` | n/a | yes | +| append\_logs\_to\_error | Append Terraform logs to error messages. | `bool` | `false` | no | | resource\_packs\_aws\_rev | AWS Resource Pack git branch | `string` | `"refs/heads/main"` | no | | resource\_packs\_aws\_url | AWS Resource Pack git url | `string` | `"https://github.com/humanitec-architecture/resource-packs-aws.git"` | no | diff --git a/humanitec-resource-defs/dns/basic/main.tf b/humanitec-resource-defs/dns/basic/main.tf index a1a62da..d9f2682 100644 --- a/humanitec-resource-defs/dns/basic/main.tf +++ b/humanitec-resource-defs/dns/basic/main.tf @@ -4,14 +4,8 @@ resource "humanitec_resource_definition" "main" { name = "${var.prefix}route53" type = "dns" + driver_account = var.driver_account driver_inputs = { - secrets_string = jsonencode({ - variables = { - access_key = var.access_key - secret_key = var.secret_key - } - }) - values_string = jsonencode({ source = { path = "modules/dns/basic" @@ -19,6 +13,16 @@ resource "humanitec_resource_definition" "main" { url = var.resource_packs_aws_url } + append_logs_to_error = var.append_logs_to_error + + credentials_config = { + environment = { + AWS_ACCESS_KEY_ID = "AccessKeyId" + AWS_SECRET_ACCESS_KEY = "SecretAccessKey" + AWS_SESSION_TOKEN = "SessionToken" + } + } + variables = { region = var.region res_id = "$${context.res.id}" diff --git a/humanitec-resource-defs/dns/basic/terraform.tfvars.example b/humanitec-resource-defs/dns/basic/terraform.tfvars.example index c64c038..dbf2c37 100644 --- a/humanitec-resource-defs/dns/basic/terraform.tfvars.example +++ b/humanitec-resource-defs/dns/basic/terraform.tfvars.example @@ -1,6 +1,9 @@ -# AWS Access Key -access_key = "" +# Append Terraform logs to error messages. +append_logs_to_error = false + +# The ID of the Resource Account which should be used. +driver_account = "" # The id of the hosted zone in which this record set will reside. hosted_zone_id = "" @@ -15,7 +18,4 @@ region = "" resource_packs_aws_rev = "refs/heads/main" # AWS Resource Pack git url -resource_packs_aws_url = "https://github.com/humanitec-architecture/resource-packs-aws.git" - -# AWS Secret Key -secret_key = "" \ No newline at end of file +resource_packs_aws_url = "https://github.com/humanitec-architecture/resource-packs-aws.git" \ No newline at end of file diff --git a/humanitec-resource-defs/dns/basic/variables.tf b/humanitec-resource-defs/dns/basic/variables.tf index 4028165..cf6cc5e 100644 --- a/humanitec-resource-defs/dns/basic/variables.tf +++ b/humanitec-resource-defs/dns/basic/variables.tf @@ -15,13 +15,14 @@ variable "resource_packs_aws_rev" { default = "refs/heads/main" } -variable "access_key" { - description = "AWS Access Key" - type = string +variable "append_logs_to_error" { + description = "Append Terraform logs to error messages." + type = bool + default = false } -variable "secret_key" { - description = "AWS Secret Key" +variable "driver_account" { + description = "The ID of the Resource Account which should be used." type = string } diff --git a/humanitec-resource-defs/iam-policy/ecr-create-repository/README.md b/humanitec-resource-defs/iam-policy/ecr-create-repository/README.md index 84e6aa7..c5383bf 100644 --- a/humanitec-resource-defs/iam-policy/ecr-create-repository/README.md +++ b/humanitec-resource-defs/iam-policy/ecr-create-repository/README.md @@ -22,11 +22,11 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_key | n/a | `string` | n/a | yes | +| driver\_account | The ID of the Resource Account which should be used. | `string` | n/a | yes | | prefix | n/a | `string` | n/a | yes | | region | n/a | `string` | n/a | yes | | resource\_packs\_aws\_rev | AWS Resource Pack git branch | `string` | n/a | yes | -| secret\_key | n/a | `string` | n/a | yes | +| append\_logs\_to\_error | Append Terraform logs to error messages. | `bool` | `false` | no | | resource\_packs\_aws\_url | AWS Resource Pack git url | `string` | `"https://github.com/humanitec-architecture/resource-packs-aws.git"` | no | ## Outputs diff --git a/humanitec-resource-defs/iam-policy/ecr-create-repository/main.tf b/humanitec-resource-defs/iam-policy/ecr-create-repository/main.tf index 5ab4cdb..662d04f 100644 --- a/humanitec-resource-defs/iam-policy/ecr-create-repository/main.tf +++ b/humanitec-resource-defs/iam-policy/ecr-create-repository/main.tf @@ -4,14 +4,8 @@ resource "humanitec_resource_definition" "main" { name = "${var.prefix}iam-policy-ecr-create-repository" type = "aws-policy" + driver_account = var.driver_account driver_inputs = { - secrets_string = jsonencode({ - variables = { - access_key = var.access_key - secret_key = var.secret_key - } - }) - values_string = jsonencode({ source = { path = "modules/iam-policy/ecr-create-repository" @@ -19,6 +13,16 @@ resource "humanitec_resource_definition" "main" { url = var.resource_packs_aws_url } + append_logs_to_error = var.append_logs_to_error + + credentials_config = { + environment = { + AWS_ACCESS_KEY_ID = "AccessKeyId" + AWS_SECRET_ACCESS_KEY = "SecretAccessKey" + AWS_SESSION_TOKEN = "SessionToken" + } + } + variables = { region = var.region, prefix = "${var.prefix}$${context.res.id}" diff --git a/humanitec-resource-defs/iam-policy/ecr-create-repository/terraform.tfvars.example b/humanitec-resource-defs/iam-policy/ecr-create-repository/terraform.tfvars.example index b52a6af..2f2842a 100644 --- a/humanitec-resource-defs/iam-policy/ecr-create-repository/terraform.tfvars.example +++ b/humanitec-resource-defs/iam-policy/ecr-create-repository/terraform.tfvars.example @@ -1,11 +1,15 @@ -access_key = "" -prefix = "" -region = "" + +# Append Terraform logs to error messages. +append_logs_to_error = false + +# The ID of the Resource Account which should be used. +driver_account = "" + +prefix = "" +region = "" # AWS Resource Pack git branch resource_packs_aws_rev = "" # AWS Resource Pack git url -resource_packs_aws_url = "https://github.com/humanitec-architecture/resource-packs-aws.git" - -secret_key = "" \ No newline at end of file +resource_packs_aws_url = "https://github.com/humanitec-architecture/resource-packs-aws.git" \ No newline at end of file diff --git a/humanitec-resource-defs/iam-policy/ecr-create-repository/variables.tf b/humanitec-resource-defs/iam-policy/ecr-create-repository/variables.tf index f5b3698..033d9ca 100644 --- a/humanitec-resource-defs/iam-policy/ecr-create-repository/variables.tf +++ b/humanitec-resource-defs/iam-policy/ecr-create-repository/variables.tf @@ -13,12 +13,15 @@ variable "resource_packs_aws_rev" { type = string } -variable "access_key" { - type = string +variable "append_logs_to_error" { + description = "Append Terraform logs to error messages." + type = bool + default = false } -variable "secret_key" { - type = string +variable "driver_account" { + description = "The ID of the Resource Account which should be used." + type = string } variable "region" { diff --git a/humanitec-resource-defs/iam-policy/s3/README.md b/humanitec-resource-defs/iam-policy/s3/README.md index 7a1153d..b8142fd 100644 --- a/humanitec-resource-defs/iam-policy/s3/README.md +++ b/humanitec-resource-defs/iam-policy/s3/README.md @@ -22,13 +22,13 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_key | n/a | `string` | n/a | yes | +| driver\_account | The ID of the Resource Account which should be used. | `string` | n/a | yes | | policy | Name of the exposed policy | `string` | n/a | yes | | prefix | n/a | `string` | n/a | yes | | region | n/a | `string` | n/a | yes | | resource\_packs\_aws\_rev | AWS Resource Pack git branch | `string` | n/a | yes | | s3\_resource\_class | The class of the S3 resource | `string` | n/a | yes | -| secret\_key | n/a | `string` | n/a | yes | +| append\_logs\_to\_error | Append Terraform logs to error messages. | `bool` | `false` | no | | resource\_packs\_aws\_url | AWS Resource Pack git url | `string` | `"https://github.com/humanitec-architecture/resource-packs-aws.git"` | no | ## Outputs diff --git a/humanitec-resource-defs/iam-policy/s3/main.tf b/humanitec-resource-defs/iam-policy/s3/main.tf index df3a714..36166ce 100644 --- a/humanitec-resource-defs/iam-policy/s3/main.tf +++ b/humanitec-resource-defs/iam-policy/s3/main.tf @@ -4,14 +4,8 @@ resource "humanitec_resource_definition" "main" { name = "${var.prefix}iam-policy-s3-${var.policy}" type = "aws-policy" + driver_account = var.driver_account driver_inputs = { - secrets_string = jsonencode({ - variables = { - access_key = var.access_key - secret_key = var.secret_key - } - }) - values_string = jsonencode({ source = { path = "modules/iam-policy/s3-${var.policy}" @@ -19,6 +13,16 @@ resource "humanitec_resource_definition" "main" { url = var.resource_packs_aws_url } + append_logs_to_error = var.append_logs_to_error + + credentials_config = { + environment = { + AWS_ACCESS_KEY_ID = "AccessKeyId" + AWS_SECRET_ACCESS_KEY = "SecretAccessKey" + AWS_SESSION_TOKEN = "SessionToken" + } + } + variables = { region = var.region, prefix = "${var.prefix}$${context.res.id}" diff --git a/humanitec-resource-defs/iam-policy/s3/terraform.tfvars.example b/humanitec-resource-defs/iam-policy/s3/terraform.tfvars.example index 4e491e8..5ac78f3 100644 --- a/humanitec-resource-defs/iam-policy/s3/terraform.tfvars.example +++ b/humanitec-resource-defs/iam-policy/s3/terraform.tfvars.example @@ -1,4 +1,9 @@ -access_key = "" + +# Append Terraform logs to error messages. +append_logs_to_error = false + +# The ID of the Resource Account which should be used. +driver_account = "" # Name of the exposed policy policy = "" @@ -13,6 +18,4 @@ resource_packs_aws_rev = "" resource_packs_aws_url = "https://github.com/humanitec-architecture/resource-packs-aws.git" # The class of the S3 resource -s3_resource_class = "" - -secret_key = "" \ No newline at end of file +s3_resource_class = "" \ No newline at end of file diff --git a/humanitec-resource-defs/iam-policy/s3/variables.tf b/humanitec-resource-defs/iam-policy/s3/variables.tf index adec55d..e796b92 100644 --- a/humanitec-resource-defs/iam-policy/s3/variables.tf +++ b/humanitec-resource-defs/iam-policy/s3/variables.tf @@ -13,12 +13,15 @@ variable "resource_packs_aws_rev" { type = string } -variable "access_key" { - type = string +variable "append_logs_to_error" { + description = "Append Terraform logs to error messages." + type = bool + default = false } -variable "secret_key" { - type = string +variable "driver_account" { + description = "The ID of the Resource Account which should be used." + type = string } variable "region" { diff --git a/humanitec-resource-defs/iam-policy/sqs/README.md b/humanitec-resource-defs/iam-policy/sqs/README.md index 49897e1..d7ecd84 100644 --- a/humanitec-resource-defs/iam-policy/sqs/README.md +++ b/humanitec-resource-defs/iam-policy/sqs/README.md @@ -22,13 +22,13 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_key | n/a | `string` | n/a | yes | +| driver\_account | The ID of the Resource Account which should be used. | `string` | n/a | yes | | policy | Name of the exposed policy | `string` | n/a | yes | | prefix | n/a | `string` | n/a | yes | | region | n/a | `string` | n/a | yes | | resource\_packs\_aws\_rev | AWS Resource Pack git branch | `string` | n/a | yes | -| secret\_key | n/a | `string` | n/a | yes | | sqs\_resource\_class | The class of the SQS resource | `string` | n/a | yes | +| append\_logs\_to\_error | Append Terraform logs to error messages. | `bool` | `false` | no | | resource\_packs\_aws\_url | AWS Resource Pack git url | `string` | `"https://github.com/humanitec-architecture/resource-packs-aws.git"` | no | ## Outputs diff --git a/humanitec-resource-defs/iam-policy/sqs/main.tf b/humanitec-resource-defs/iam-policy/sqs/main.tf index f34f209..4a9e1d4 100644 --- a/humanitec-resource-defs/iam-policy/sqs/main.tf +++ b/humanitec-resource-defs/iam-policy/sqs/main.tf @@ -4,14 +4,8 @@ resource "humanitec_resource_definition" "main" { name = "${var.prefix}iam-policy-sqs-${var.policy}" type = "aws-policy" + driver_account = var.driver_account driver_inputs = { - secrets_string = jsonencode({ - variables = { - access_key = var.access_key - secret_key = var.secret_key - } - }) - values_string = jsonencode({ source = { path = "modules/iam-policy/sqs-${var.policy}" @@ -19,6 +13,16 @@ resource "humanitec_resource_definition" "main" { url = var.resource_packs_aws_url } + append_logs_to_error = var.append_logs_to_error + + credentials_config = { + environment = { + AWS_ACCESS_KEY_ID = "AccessKeyId" + AWS_SECRET_ACCESS_KEY = "SecretAccessKey" + AWS_SESSION_TOKEN = "SessionToken" + } + } + variables = { region = var.region, prefix = "${var.prefix}$${context.res.id}" diff --git a/humanitec-resource-defs/iam-policy/sqs/terraform.tfvars.example b/humanitec-resource-defs/iam-policy/sqs/terraform.tfvars.example index 4155494..ae9a1cb 100644 --- a/humanitec-resource-defs/iam-policy/sqs/terraform.tfvars.example +++ b/humanitec-resource-defs/iam-policy/sqs/terraform.tfvars.example @@ -1,4 +1,9 @@ -access_key = "" + +# Append Terraform logs to error messages. +append_logs_to_error = false + +# The ID of the Resource Account which should be used. +driver_account = "" # Name of the exposed policy policy = "" @@ -12,7 +17,5 @@ resource_packs_aws_rev = "" # AWS Resource Pack git url resource_packs_aws_url = "https://github.com/humanitec-architecture/resource-packs-aws.git" -secret_key = "" - # The class of the SQS resource sqs_resource_class = "" \ No newline at end of file diff --git a/humanitec-resource-defs/iam-policy/sqs/variables.tf b/humanitec-resource-defs/iam-policy/sqs/variables.tf index 90a6118..2f1fad5 100644 --- a/humanitec-resource-defs/iam-policy/sqs/variables.tf +++ b/humanitec-resource-defs/iam-policy/sqs/variables.tf @@ -13,12 +13,15 @@ variable "resource_packs_aws_rev" { type = string } -variable "access_key" { - type = string +variable "append_logs_to_error" { + description = "Append Terraform logs to error messages." + type = bool + default = false } -variable "secret_key" { - type = string +variable "driver_account" { + description = "The ID of the Resource Account which should be used." + type = string } variable "region" { diff --git a/humanitec-resource-defs/iam-role/service-account/README.md b/humanitec-resource-defs/iam-role/service-account/README.md index ecdfca5..263e462 100644 --- a/humanitec-resource-defs/iam-role/service-account/README.md +++ b/humanitec-resource-defs/iam-role/service-account/README.md @@ -22,12 +22,12 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_key | n/a | `string` | n/a | yes | | cluster\_name | n/a | `string` | n/a | yes | +| driver\_account | The ID of the Resource Account which should be used. | `string` | n/a | yes | | prefix | Prefix for all resources | `string` | n/a | yes | | region | n/a | `string` | n/a | yes | | resource\_packs\_aws\_rev | AWS Resource Pack git branch | `string` | n/a | yes | -| secret\_key | n/a | `string` | n/a | yes | +| append\_logs\_to\_error | Append Terraform logs to error messages. | `bool` | `false` | no | | name | Resource name (can contain placeholders like ${context.app.id}) | `string` | `""` | no | | policy\_classes | Humanitec aws-policy classes to provision by default for this role. | `list(string)` | `[]` | no | | resource\_packs\_aws\_url | AWS Resource Pack git url | `string` | `"https://github.com/humanitec-architecture/resource-packs-aws.git"` | no | diff --git a/humanitec-resource-defs/iam-role/service-account/main.tf b/humanitec-resource-defs/iam-role/service-account/main.tf index 9142d51..dcf5aa6 100644 --- a/humanitec-resource-defs/iam-role/service-account/main.tf +++ b/humanitec-resource-defs/iam-role/service-account/main.tf @@ -15,14 +15,8 @@ resource "humanitec_resource_definition" "main" { provision = length(var.policy_classes) > 0 ? local.co_provisioned : null + driver_account = var.driver_account driver_inputs = { - secrets_string = jsonencode({ - variables = { - access_key = var.access_key - secret_key = var.secret_key - } - }) - values_string = jsonencode({ source = { path = "modules/iam-role/service-account" @@ -30,6 +24,16 @@ resource "humanitec_resource_definition" "main" { url = var.resource_packs_aws_url } + append_logs_to_error = var.append_logs_to_error + + credentials_config = { + environment = { + AWS_ACCESS_KEY_ID = "AccessKeyId" + AWS_SECRET_ACCESS_KEY = "SecretAccessKey" + AWS_SESSION_TOKEN = "SessionToken" + } + } + variables = { region = var.region prefix = var.prefix diff --git a/humanitec-resource-defs/iam-role/service-account/terraform.tfvars.example b/humanitec-resource-defs/iam-role/service-account/terraform.tfvars.example index 7dc9872..4a2c569 100644 --- a/humanitec-resource-defs/iam-role/service-account/terraform.tfvars.example +++ b/humanitec-resource-defs/iam-role/service-account/terraform.tfvars.example @@ -1,6 +1,12 @@ -access_key = "" + +# Append Terraform logs to error messages. +append_logs_to_error = false + cluster_name = "" +# The ID of the Resource Account which should be used. +driver_account = "" + # Resource name (can contain placeholders like ${context.app.id}) name = "" @@ -16,6 +22,4 @@ region = "" resource_packs_aws_rev = "" # AWS Resource Pack git url -resource_packs_aws_url = "https://github.com/humanitec-architecture/resource-packs-aws.git" - -secret_key = "" \ No newline at end of file +resource_packs_aws_url = "https://github.com/humanitec-architecture/resource-packs-aws.git" \ No newline at end of file diff --git a/humanitec-resource-defs/iam-role/service-account/variables.tf b/humanitec-resource-defs/iam-role/service-account/variables.tf index c448905..a16c913 100644 --- a/humanitec-resource-defs/iam-role/service-account/variables.tf +++ b/humanitec-resource-defs/iam-role/service-account/variables.tf @@ -14,12 +14,15 @@ variable "resource_packs_aws_rev" { type = string } -variable "access_key" { - type = string +variable "append_logs_to_error" { + description = "Append Terraform logs to error messages." + type = bool + default = false } -variable "secret_key" { - type = string +variable "driver_account" { + description = "The ID of the Resource Account which should be used." + type = string } variable "region" { diff --git a/humanitec-resource-defs/mysql/aurora/README.md b/humanitec-resource-defs/mysql/aurora/README.md index dbfe717..71d01a2 100644 --- a/humanitec-resource-defs/mysql/aurora/README.md +++ b/humanitec-resource-defs/mysql/aurora/README.md @@ -22,16 +22,16 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_key | n/a | `string` | n/a | yes | | database\_name | n/a | `string` | n/a | yes | +| driver\_account | The ID of the Resource Account which should be used. | `string` | n/a | yes | | master\_password | n/a | `string` | n/a | yes | | master\_username | n/a | `string` | n/a | yes | | prefix | Prefix for all resources | `string` | n/a | yes | | region | n/a | `string` | n/a | yes | | resource\_packs\_aws\_rev | AWS Resource Pack git branch | `string` | n/a | yes | -| secret\_key | n/a | `string` | n/a | yes | | subnets | n/a | `set(string)` | n/a | yes | | vpc | n/a | `string` | n/a | yes | +| append\_logs\_to\_error | Append Terraform logs to error messages. | `bool` | `false` | no | | apply\_immediately | n/a | `bool` | `true` | no | | create\_cloudwatch\_log\_group | n/a | `bool` | `false` | no | | create\_db\_cluster\_activity\_stream | n/a | `bool` | `false` | no | diff --git a/humanitec-resource-defs/mysql/aurora/main.tf b/humanitec-resource-defs/mysql/aurora/main.tf index 3f3f47c..c9b6472 100644 --- a/humanitec-resource-defs/mysql/aurora/main.tf +++ b/humanitec-resource-defs/mysql/aurora/main.tf @@ -4,14 +4,8 @@ resource "humanitec_resource_definition" "main" { name = "${var.prefix}rds-aurora" type = var.type + driver_account = var.driver_account driver_inputs = { - secrets_string = jsonencode({ - variables = { - access_key = var.access_key - secret_key = var.secret_key - } - }) - values_string = jsonencode({ source = { path = "modules/rds/aurora" @@ -19,6 +13,16 @@ resource "humanitec_resource_definition" "main" { url = var.resource_packs_aws_url } + append_logs_to_error = var.append_logs_to_error + + credentials_config = { + environment = { + AWS_ACCESS_KEY_ID = "AccessKeyId" + AWS_SECRET_ACCESS_KEY = "SecretAccessKey" + AWS_SESSION_TOKEN = "SessionToken" + } + } + variables = { region = var.region res_id = "$${context.res.id}" diff --git a/humanitec-resource-defs/mysql/aurora/terraform.tfvars.example b/humanitec-resource-defs/mysql/aurora/terraform.tfvars.example index 43be214..e33b119 100644 --- a/humanitec-resource-defs/mysql/aurora/terraform.tfvars.example +++ b/humanitec-resource-defs/mysql/aurora/terraform.tfvars.example @@ -1,4 +1,7 @@ -access_key = "" + +# Append Terraform logs to error messages. +append_logs_to_error = false + apply_immediately = true create_cloudwatch_log_group = false create_db_cluster_activity_stream = false @@ -12,6 +15,9 @@ db_parameter_group_parameters = [] # DB subnet group name (can contain placeholders like ${context.app.id}) db_subnet_group_name = "" +# The ID of the Resource Account which should be used. +driver_account = "" + enabled_cloudwatch_logs_exports = [] endpoints = {} engine = "aurora-mysql" @@ -45,7 +51,6 @@ resource_packs_aws_rev = "" # AWS Resource Pack git url resource_packs_aws_url = "https://github.com/humanitec-architecture/resource-packs-aws.git" -secret_key = "" security_group_rules = {} skip_final_snapshot = true storage_encrypted = true diff --git a/humanitec-resource-defs/mysql/aurora/variables.tf b/humanitec-resource-defs/mysql/aurora/variables.tf index 46752e3..58bfd39 100644 --- a/humanitec-resource-defs/mysql/aurora/variables.tf +++ b/humanitec-resource-defs/mysql/aurora/variables.tf @@ -14,12 +14,15 @@ variable "resource_packs_aws_rev" { type = string } -variable "access_key" { - type = string +variable "append_logs_to_error" { + description = "Append Terraform logs to error messages." + type = bool + default = false } -variable "secret_key" { - type = string +variable "driver_account" { + description = "The ID of the Resource Account which should be used." + type = string } variable "region" { diff --git a/humanitec-resource-defs/mysql/basic/README.md b/humanitec-resource-defs/mysql/basic/README.md index b868527..6365212 100644 --- a/humanitec-resource-defs/mysql/basic/README.md +++ b/humanitec-resource-defs/mysql/basic/README.md @@ -22,17 +22,17 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_key | n/a | `string` | n/a | yes | | database\_name | n/a | `string` | n/a | yes | +| driver\_account | The ID of the Resource Account which should be used. | `string` | n/a | yes | | password | n/a | `string` | n/a | yes | | prefix | Prefix for all resources | `string` | n/a | yes | | region | n/a | `string` | n/a | yes | | resource\_packs\_aws\_rev | AWS Resource Pack git branch | `string` | n/a | yes | -| secret\_key | n/a | `string` | n/a | yes | | subnet\_ids | n/a | `set(string)` | n/a | yes | | username | n/a | `string` | n/a | yes | | vpc\_security\_group\_ids | n/a | `set(string)` | n/a | yes | | allocated\_storage | n/a | `number` | `20` | no | +| append\_logs\_to\_error | Append Terraform logs to error messages. | `bool` | `false` | no | | backup\_retention\_period | n/a | `number` | `1` | no | | backup\_window | n/a | `string` | `null` | no | | create\_cloudwatch\_log\_group | n/a | `bool` | `false` | no | diff --git a/humanitec-resource-defs/mysql/basic/main.tf b/humanitec-resource-defs/mysql/basic/main.tf index 80d0a19..98c57a5 100644 --- a/humanitec-resource-defs/mysql/basic/main.tf +++ b/humanitec-resource-defs/mysql/basic/main.tf @@ -4,20 +4,25 @@ resource "humanitec_resource_definition" "main" { name = "${var.prefix}rds" type = var.type + driver_account = var.driver_account driver_inputs = { - secrets_string = jsonencode({ - variables = { - access_key = var.access_key - secret_key = var.secret_key - } - }) - values_string = jsonencode({ source = { path = "modules/rds/basic" rev = var.resource_packs_aws_rev url = var.resource_packs_aws_url } + + append_logs_to_error = var.append_logs_to_error + + credentials_config = { + environment = { + AWS_ACCESS_KEY_ID = "AccessKeyId" + AWS_SECRET_ACCESS_KEY = "SecretAccessKey" + AWS_SESSION_TOKEN = "SessionToken" + } + } + variables = { region = var.region res_id = "$${context.res.id}" diff --git a/humanitec-resource-defs/mysql/basic/terraform.tfvars.example b/humanitec-resource-defs/mysql/basic/terraform.tfvars.example index 7dd62d7..e352f2b 100644 --- a/humanitec-resource-defs/mysql/basic/terraform.tfvars.example +++ b/humanitec-resource-defs/mysql/basic/terraform.tfvars.example @@ -1,5 +1,8 @@ -access_key = "" -allocated_storage = 20 +allocated_storage = 20 + +# Append Terraform logs to error messages. +append_logs_to_error = false + backup_retention_period = 1 backup_window = "" create_cloudwatch_log_group = false @@ -10,7 +13,11 @@ database_name = "" # DB subnet group name (can contain placeholders like ${context.app.id}) db_subnet_group_name = "" -deletion_protection = false +deletion_protection = false + +# The ID of the Resource Account which should be used. +driver_account = "" + enabled_cloudwatch_logs_exports = [] engine = "mysql" engine_version = "8.0" @@ -45,7 +52,6 @@ resource_packs_aws_rev = "" # AWS Resource Pack git url resource_packs_aws_url = "https://github.com/humanitec-architecture/resource-packs-aws.git" -secret_key = "" skip_final_snapshot = true subnet_ids = "" type = "mysql" diff --git a/humanitec-resource-defs/mysql/basic/variables.tf b/humanitec-resource-defs/mysql/basic/variables.tf index bb56489..35d0d41 100644 --- a/humanitec-resource-defs/mysql/basic/variables.tf +++ b/humanitec-resource-defs/mysql/basic/variables.tf @@ -18,12 +18,15 @@ variable "region" { type = string } -variable "access_key" { - type = string +variable "append_logs_to_error" { + description = "Append Terraform logs to error messages." + type = bool + default = false } -variable "secret_key" { - type = string +variable "driver_account" { + description = "The ID of the Resource Account which should be used." + type = string } variable "name" { diff --git a/humanitec-resource-defs/postgres/aurora/README.md b/humanitec-resource-defs/postgres/aurora/README.md index ed35f29..e8f8212 100644 --- a/humanitec-resource-defs/postgres/aurora/README.md +++ b/humanitec-resource-defs/postgres/aurora/README.md @@ -22,16 +22,16 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_key | n/a | `string` | n/a | yes | | database\_name | n/a | `string` | n/a | yes | +| driver\_account | The ID of the Resource Account which should be used. | `string` | n/a | yes | | master\_password | n/a | `string` | n/a | yes | | master\_username | n/a | `string` | n/a | yes | | prefix | Prefix for all resources | `string` | n/a | yes | | region | n/a | `string` | n/a | yes | | resource\_packs\_aws\_rev | AWS Resource Pack git branch | `string` | n/a | yes | -| secret\_key | n/a | `string` | n/a | yes | | subnets | n/a | `set(string)` | n/a | yes | | vpc | n/a | `string` | n/a | yes | +| append\_logs\_to\_error | Append Terraform logs to error messages. | `bool` | `false` | no | | apply\_immediately | n/a | `bool` | `true` | no | | create\_cloudwatch\_log\_group | n/a | `bool` | `false` | no | | create\_db\_cluster\_activity\_stream | n/a | `bool` | `false` | no | diff --git a/humanitec-resource-defs/postgres/aurora/main.tf b/humanitec-resource-defs/postgres/aurora/main.tf index 3f3f47c..c9b6472 100644 --- a/humanitec-resource-defs/postgres/aurora/main.tf +++ b/humanitec-resource-defs/postgres/aurora/main.tf @@ -4,14 +4,8 @@ resource "humanitec_resource_definition" "main" { name = "${var.prefix}rds-aurora" type = var.type + driver_account = var.driver_account driver_inputs = { - secrets_string = jsonencode({ - variables = { - access_key = var.access_key - secret_key = var.secret_key - } - }) - values_string = jsonencode({ source = { path = "modules/rds/aurora" @@ -19,6 +13,16 @@ resource "humanitec_resource_definition" "main" { url = var.resource_packs_aws_url } + append_logs_to_error = var.append_logs_to_error + + credentials_config = { + environment = { + AWS_ACCESS_KEY_ID = "AccessKeyId" + AWS_SECRET_ACCESS_KEY = "SecretAccessKey" + AWS_SESSION_TOKEN = "SessionToken" + } + } + variables = { region = var.region res_id = "$${context.res.id}" diff --git a/humanitec-resource-defs/postgres/aurora/terraform.tfvars.example b/humanitec-resource-defs/postgres/aurora/terraform.tfvars.example index e27a1e9..9c72ce9 100644 --- a/humanitec-resource-defs/postgres/aurora/terraform.tfvars.example +++ b/humanitec-resource-defs/postgres/aurora/terraform.tfvars.example @@ -1,4 +1,7 @@ -access_key = "" + +# Append Terraform logs to error messages. +append_logs_to_error = false + apply_immediately = true create_cloudwatch_log_group = false create_db_cluster_activity_stream = false @@ -12,6 +15,9 @@ db_parameter_group_parameters = [] # DB subnet group name (can contain placeholders like ${context.app.id}) db_subnet_group_name = "" +# The ID of the Resource Account which should be used. +driver_account = "" + enabled_cloudwatch_logs_exports = [] endpoints = {} engine = "aurora-postgresql" @@ -45,7 +51,6 @@ resource_packs_aws_rev = "" # AWS Resource Pack git url resource_packs_aws_url = "https://github.com/humanitec-architecture/resource-packs-aws.git" -secret_key = "" security_group_rules = {} skip_final_snapshot = true storage_encrypted = true diff --git a/humanitec-resource-defs/postgres/aurora/variables.tf b/humanitec-resource-defs/postgres/aurora/variables.tf index dc9ca9d..112cd14 100644 --- a/humanitec-resource-defs/postgres/aurora/variables.tf +++ b/humanitec-resource-defs/postgres/aurora/variables.tf @@ -14,12 +14,15 @@ variable "resource_packs_aws_rev" { type = string } -variable "access_key" { - type = string +variable "append_logs_to_error" { + description = "Append Terraform logs to error messages." + type = bool + default = false } -variable "secret_key" { - type = string +variable "driver_account" { + description = "The ID of the Resource Account which should be used." + type = string } variable "region" { diff --git a/humanitec-resource-defs/postgres/basic/README.md b/humanitec-resource-defs/postgres/basic/README.md index beb0a90..f2ed1e4 100644 --- a/humanitec-resource-defs/postgres/basic/README.md +++ b/humanitec-resource-defs/postgres/basic/README.md @@ -22,17 +22,17 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_key | n/a | `string` | n/a | yes | | database\_name | n/a | `string` | n/a | yes | +| driver\_account | The ID of the Resource Account which should be used. | `string` | n/a | yes | | password | n/a | `string` | n/a | yes | | prefix | Prefix for all resources | `string` | n/a | yes | | region | n/a | `string` | n/a | yes | | resource\_packs\_aws\_rev | AWS Resource Pack git branch | `string` | n/a | yes | -| secret\_key | n/a | `string` | n/a | yes | | subnet\_ids | n/a | `set(string)` | n/a | yes | | username | n/a | `string` | n/a | yes | | vpc\_security\_group\_ids | n/a | `set(string)` | n/a | yes | | allocated\_storage | n/a | `number` | `20` | no | +| append\_logs\_to\_error | Append Terraform logs to error messages. | `bool` | `false` | no | | backup\_retention\_period | n/a | `number` | `1` | no | | backup\_window | n/a | `string` | `null` | no | | create\_cloudwatch\_log\_group | n/a | `bool` | `false` | no | diff --git a/humanitec-resource-defs/postgres/basic/main.tf b/humanitec-resource-defs/postgres/basic/main.tf index 80d0a19..98c57a5 100644 --- a/humanitec-resource-defs/postgres/basic/main.tf +++ b/humanitec-resource-defs/postgres/basic/main.tf @@ -4,20 +4,25 @@ resource "humanitec_resource_definition" "main" { name = "${var.prefix}rds" type = var.type + driver_account = var.driver_account driver_inputs = { - secrets_string = jsonencode({ - variables = { - access_key = var.access_key - secret_key = var.secret_key - } - }) - values_string = jsonencode({ source = { path = "modules/rds/basic" rev = var.resource_packs_aws_rev url = var.resource_packs_aws_url } + + append_logs_to_error = var.append_logs_to_error + + credentials_config = { + environment = { + AWS_ACCESS_KEY_ID = "AccessKeyId" + AWS_SECRET_ACCESS_KEY = "SecretAccessKey" + AWS_SESSION_TOKEN = "SessionToken" + } + } + variables = { region = var.region res_id = "$${context.res.id}" diff --git a/humanitec-resource-defs/postgres/basic/terraform.tfvars.example b/humanitec-resource-defs/postgres/basic/terraform.tfvars.example index c092dcc..e32f504 100644 --- a/humanitec-resource-defs/postgres/basic/terraform.tfvars.example +++ b/humanitec-resource-defs/postgres/basic/terraform.tfvars.example @@ -1,5 +1,8 @@ -access_key = "" -allocated_storage = 20 +allocated_storage = 20 + +# Append Terraform logs to error messages. +append_logs_to_error = false + backup_retention_period = 1 backup_window = "" create_cloudwatch_log_group = false @@ -10,7 +13,11 @@ database_name = "" # DB subnet group name (can contain placeholders like ${context.app.id}) db_subnet_group_name = "" -deletion_protection = false +deletion_protection = false + +# The ID of the Resource Account which should be used. +driver_account = "" + enabled_cloudwatch_logs_exports = [] engine = "postgres" engine_version = "14" @@ -45,7 +52,6 @@ resource_packs_aws_rev = "" # AWS Resource Pack git url resource_packs_aws_url = "https://github.com/humanitec-architecture/resource-packs-aws.git" -secret_key = "" skip_final_snapshot = true subnet_ids = "" type = "postgres" diff --git a/humanitec-resource-defs/postgres/basic/variables.tf b/humanitec-resource-defs/postgres/basic/variables.tf index d3cbd28..fa487af 100644 --- a/humanitec-resource-defs/postgres/basic/variables.tf +++ b/humanitec-resource-defs/postgres/basic/variables.tf @@ -18,12 +18,15 @@ variable "region" { type = string } -variable "access_key" { - type = string +variable "append_logs_to_error" { + description = "Append Terraform logs to error messages." + type = bool + default = false } -variable "secret_key" { - type = string +variable "driver_account" { + description = "The ID of the Resource Account which should be used." + type = string } variable "name" { diff --git a/humanitec-resource-defs/redis/basic/README.md b/humanitec-resource-defs/redis/basic/README.md index ac0f7c9..d9512f5 100644 --- a/humanitec-resource-defs/redis/basic/README.md +++ b/humanitec-resource-defs/redis/basic/README.md @@ -22,13 +22,13 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_key | AWS Access Key | `string` | n/a | yes | +| driver\_account | The ID of the Resource Account which should be used. | `string` | n/a | yes | | prefix | Prefix for all resources | `string` | n/a | yes | | region | AWS Region | `string` | n/a | yes | | resource\_packs\_aws\_rev | AWS Resource Pack git branch | `string` | n/a | yes | -| secret\_key | AWS Secret Key | `string` | n/a | yes | | security\_group\_ids | List of AWS security group IDs to use for the AWS ElastiCache cluster | `set(string)` | n/a | yes | | subnet\_group\_name | Name of the AWS ElastiCache subnet group to use | `string` | n/a | yes | +| append\_logs\_to\_error | Append Terraform logs to error messages. | `bool` | `false` | no | | name | Resource name (can contain placeholders like ${context.app.id}) | `string` | `""` | no | | node\_type | AWS ElastiCache node type | `string` | `"cache.t4g.micro"` | no | | num\_cache\_clusters | Number of AWS ElastiCache clusters | `number` | `1` | no | diff --git a/humanitec-resource-defs/redis/basic/main.tf b/humanitec-resource-defs/redis/basic/main.tf index afa6680..c5a96b1 100644 --- a/humanitec-resource-defs/redis/basic/main.tf +++ b/humanitec-resource-defs/redis/basic/main.tf @@ -4,14 +4,8 @@ resource "humanitec_resource_definition" "main" { name = "${var.prefix}redis-basic" type = "redis" + driver_account = var.driver_account driver_inputs = { - secrets_string = jsonencode({ - variables = { - access_key = var.access_key - secret_key = var.secret_key - } - }) - values_string = jsonencode({ source = { path = "modules/redis/basic" @@ -19,6 +13,16 @@ resource "humanitec_resource_definition" "main" { url = var.resource_packs_aws_url } + append_logs_to_error = var.append_logs_to_error + + credentials_config = { + environment = { + AWS_ACCESS_KEY_ID = "AccessKeyId" + AWS_SECRET_ACCESS_KEY = "SecretAccessKey" + AWS_SESSION_TOKEN = "SessionToken" + } + } + variables = { region = var.region prefix = var.prefix diff --git a/humanitec-resource-defs/redis/basic/terraform.tfvars.example b/humanitec-resource-defs/redis/basic/terraform.tfvars.example index 7de1eff..7d90b02 100644 --- a/humanitec-resource-defs/redis/basic/terraform.tfvars.example +++ b/humanitec-resource-defs/redis/basic/terraform.tfvars.example @@ -1,6 +1,9 @@ -# AWS Access Key -access_key = "" +# Append Terraform logs to error messages. +append_logs_to_error = false + +# The ID of the Resource Account which should be used. +driver_account = "" # Resource name (can contain placeholders like ${context.app.id}) name = "" @@ -26,9 +29,6 @@ resource_packs_aws_rev = "" # AWS Resource Pack git url resource_packs_aws_url = "https://github.com/humanitec-architecture/resource-packs-aws.git" -# AWS Secret Key -secret_key = "" - # List of AWS security group IDs to use for the AWS ElastiCache cluster security_group_ids = "" diff --git a/humanitec-resource-defs/redis/basic/variables.tf b/humanitec-resource-defs/redis/basic/variables.tf index 327db05..e201134 100644 --- a/humanitec-resource-defs/redis/basic/variables.tf +++ b/humanitec-resource-defs/redis/basic/variables.tf @@ -14,13 +14,14 @@ variable "resource_packs_aws_rev" { type = string } -variable "access_key" { - description = "AWS Access Key" - type = string +variable "append_logs_to_error" { + description = "Append Terraform logs to error messages." + type = bool + default = false } -variable "secret_key" { - description = "AWS Secret Key" +variable "driver_account" { + description = "The ID of the Resource Account which should be used." type = string } diff --git a/humanitec-resource-defs/s3/basic/README.md b/humanitec-resource-defs/s3/basic/README.md index ed23987..5962dc4 100644 --- a/humanitec-resource-defs/s3/basic/README.md +++ b/humanitec-resource-defs/s3/basic/README.md @@ -22,11 +22,11 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_key | n/a | `string` | n/a | yes | +| driver\_account | The ID of the Resource Account which should be used. | `string` | n/a | yes | | prefix | Name prefix | `string` | n/a | yes | | region | n/a | `string` | n/a | yes | | resource\_packs\_aws\_rev | AWS Resource Pack git branch | `string` | n/a | yes | -| secret\_key | n/a | `string` | n/a | yes | +| append\_logs\_to\_error | Append Terraform logs to error messages. | `bool` | `false` | no | | name | Resource name (can contain placeholders like ${context.app.id}) | `string` | `""` | no | | resource\_packs\_aws\_url | AWS Resource Pack git url | `string` | `"https://github.com/humanitec-architecture/resource-packs-aws.git"` | no | diff --git a/humanitec-resource-defs/s3/basic/main.tf b/humanitec-resource-defs/s3/basic/main.tf index 93acf81..4950e7e 100644 --- a/humanitec-resource-defs/s3/basic/main.tf +++ b/humanitec-resource-defs/s3/basic/main.tf @@ -4,14 +4,8 @@ resource "humanitec_resource_definition" "main" { name = "${var.prefix}s3-basic" type = "s3" + driver_account = var.driver_account driver_inputs = { - secrets_string = jsonencode({ - variables = { - access_key = var.access_key - secret_key = var.secret_key - } - }) - values_string = jsonencode({ source = { path = "modules/s3/basic" @@ -19,6 +13,16 @@ resource "humanitec_resource_definition" "main" { url = var.resource_packs_aws_url } + append_logs_to_error = var.append_logs_to_error + + credentials_config = { + environment = { + AWS_ACCESS_KEY_ID = "AccessKeyId" + AWS_SECRET_ACCESS_KEY = "SecretAccessKey" + AWS_SESSION_TOKEN = "SessionToken" + } + } + variables = { region = var.region prefix = var.prefix diff --git a/humanitec-resource-defs/s3/basic/terraform.tfvars.example b/humanitec-resource-defs/s3/basic/terraform.tfvars.example index a0d95d4..ad22b31 100644 --- a/humanitec-resource-defs/s3/basic/terraform.tfvars.example +++ b/humanitec-resource-defs/s3/basic/terraform.tfvars.example @@ -1,4 +1,9 @@ -access_key = "" + +# Append Terraform logs to error messages. +append_logs_to_error = false + +# The ID of the Resource Account which should be used. +driver_account = "" # Resource name (can contain placeholders like ${context.app.id}) name = "" @@ -12,6 +17,4 @@ region = "" resource_packs_aws_rev = "" # AWS Resource Pack git url -resource_packs_aws_url = "https://github.com/humanitec-architecture/resource-packs-aws.git" - -secret_key = "" \ No newline at end of file +resource_packs_aws_url = "https://github.com/humanitec-architecture/resource-packs-aws.git" \ No newline at end of file diff --git a/humanitec-resource-defs/s3/basic/variables.tf b/humanitec-resource-defs/s3/basic/variables.tf index 113ad63..ff694f7 100644 --- a/humanitec-resource-defs/s3/basic/variables.tf +++ b/humanitec-resource-defs/s3/basic/variables.tf @@ -9,12 +9,15 @@ variable "resource_packs_aws_rev" { type = string } -variable "access_key" { - type = string +variable "append_logs_to_error" { + description = "Append Terraform logs to error messages." + type = bool + default = false } -variable "secret_key" { - type = string +variable "driver_account" { + description = "The ID of the Resource Account which should be used." + type = string } variable "region" { diff --git a/humanitec-resource-defs/sqs/basic/README.md b/humanitec-resource-defs/sqs/basic/README.md index 85f51dc..5f55067 100644 --- a/humanitec-resource-defs/sqs/basic/README.md +++ b/humanitec-resource-defs/sqs/basic/README.md @@ -22,11 +22,11 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_key | n/a | `string` | n/a | yes | +| driver\_account | The ID of the Resource Account which should be used. | `string` | n/a | yes | | prefix | Prefix for all resources | `string` | n/a | yes | | region | n/a | `string` | n/a | yes | | resource\_packs\_aws\_rev | AWS Resource Pack git branch | `string` | n/a | yes | -| secret\_key | n/a | `string` | n/a | yes | +| append\_logs\_to\_error | Append Terraform logs to error messages. | `bool` | `false` | no | | name | Resource name (can contain placeholders like ${context.app.id}) | `string` | `""` | no | | resource\_packs\_aws\_url | AWS Resource Pack git url | `string` | `"https://github.com/humanitec-architecture/resource-packs-aws.git"` | no | diff --git a/humanitec-resource-defs/sqs/basic/main.tf b/humanitec-resource-defs/sqs/basic/main.tf index 43d5c2d..0c3989c 100644 --- a/humanitec-resource-defs/sqs/basic/main.tf +++ b/humanitec-resource-defs/sqs/basic/main.tf @@ -4,14 +4,8 @@ resource "humanitec_resource_definition" "main" { name = "${var.prefix}sqs-basic" type = "sqs" + driver_account = var.driver_account driver_inputs = { - secrets_string = jsonencode({ - variables = { - access_key = var.access_key - secret_key = var.secret_key - } - }) - values_string = jsonencode({ source = { path = "modules/sqs/basic" @@ -19,6 +13,16 @@ resource "humanitec_resource_definition" "main" { url = var.resource_packs_aws_url } + append_logs_to_error = var.append_logs_to_error + + credentials_config = { + environment = { + AWS_ACCESS_KEY_ID = "AccessKeyId" + AWS_SECRET_ACCESS_KEY = "SecretAccessKey" + AWS_SESSION_TOKEN = "SessionToken" + } + } + variables = { region = var.region prefix = var.prefix diff --git a/humanitec-resource-defs/sqs/basic/terraform.tfvars.example b/humanitec-resource-defs/sqs/basic/terraform.tfvars.example index 929b756..0f4feba 100644 --- a/humanitec-resource-defs/sqs/basic/terraform.tfvars.example +++ b/humanitec-resource-defs/sqs/basic/terraform.tfvars.example @@ -1,4 +1,9 @@ -access_key = "" + +# Append Terraform logs to error messages. +append_logs_to_error = false + +# The ID of the Resource Account which should be used. +driver_account = "" # Resource name (can contain placeholders like ${context.app.id}) name = "" @@ -12,6 +17,4 @@ region = "" resource_packs_aws_rev = "" # AWS Resource Pack git url -resource_packs_aws_url = "https://github.com/humanitec-architecture/resource-packs-aws.git" - -secret_key = "" \ No newline at end of file +resource_packs_aws_url = "https://github.com/humanitec-architecture/resource-packs-aws.git" \ No newline at end of file diff --git a/humanitec-resource-defs/sqs/basic/variables.tf b/humanitec-resource-defs/sqs/basic/variables.tf index 22901a7..a799fd8 100644 --- a/humanitec-resource-defs/sqs/basic/variables.tf +++ b/humanitec-resource-defs/sqs/basic/variables.tf @@ -13,12 +13,15 @@ variable "resource_packs_aws_rev" { type = string } -variable "access_key" { - type = string +variable "append_logs_to_error" { + description = "Append Terraform logs to error messages." + type = bool + default = false } -variable "secret_key" { - type = string +variable "driver_account" { + description = "The ID of the Resource Account which should be used." + type = string } variable "region" { diff --git a/modules/dns/basic/README.md b/modules/dns/basic/README.md index 2d41c63..132e7c3 100644 --- a/modules/dns/basic/README.md +++ b/modules/dns/basic/README.md @@ -23,13 +23,11 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_key | AWS Access Key | `string` | n/a | yes | | app\_id | n/a | `string` | n/a | yes | | env\_id | n/a | `string` | n/a | yes | | hosted\_zone\_id | The id of the hosted zone in which this record set will reside. | `string` | n/a | yes | | region | AWS Region | `string` | n/a | yes | | res\_id | n/a | `string` | n/a | yes | -| secret\_key | AWS Secret Key | `string` | n/a | yes | | subdomain | The subdomain of the DNS name that the DNS record is for. | `string` | n/a | yes | | aws\_hosted\_zone | Hosted zone ID for a CloudFront distribution, S3 bucket, ELB, or Route 53 hosted zone. | `string` | `""` | no | | ip\_address | The IPv4 address that the DNS name should resolve to. | `string` | `""` | no | diff --git a/modules/dns/basic/providers.tf b/modules/dns/basic/providers.tf index 712d69b..18844e3 100644 --- a/modules/dns/basic/providers.tf +++ b/modules/dns/basic/providers.tf @@ -10,10 +10,7 @@ terraform { } provider "aws" { - # Injected via the humanitec-terraform-driver - access_key = var.access_key - secret_key = var.secret_key - region = var.region + region = var.region default_tags { tags = { diff --git a/modules/dns/basic/terraform.tfvars.example b/modules/dns/basic/terraform.tfvars.example index 3295839..f29dd57 100644 --- a/modules/dns/basic/terraform.tfvars.example +++ b/modules/dns/basic/terraform.tfvars.example @@ -1,7 +1,3 @@ - -# AWS Access Key -access_key = "" - app_id = "" # Hosted zone ID for a CloudFront distribution, S3 bucket, ELB, or Route 53 hosted zone. @@ -26,8 +22,5 @@ region = "" res_id = "" -# AWS Secret Key -secret_key = "" - # The subdomain of the DNS name that the DNS record is for. subdomain = "" \ No newline at end of file diff --git a/modules/dns/basic/variables.tf b/modules/dns/basic/variables.tf index 4b8350e..ec0bd8f 100644 --- a/modules/dns/basic/variables.tf +++ b/modules/dns/basic/variables.tf @@ -1,14 +1,3 @@ - -variable "access_key" { - description = "AWS Access Key" - type = string -} - -variable "secret_key" { - description = "AWS Secret Key" - type = string -} - variable "region" { description = "AWS Region" type = string diff --git a/modules/iam-policy/ecr-create-repository/README.md b/modules/iam-policy/ecr-create-repository/README.md index 638eedc..d2e2f67 100644 --- a/modules/iam-policy/ecr-create-repository/README.md +++ b/modules/iam-policy/ecr-create-repository/README.md @@ -23,13 +23,11 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_key | n/a | `string` | n/a | yes | | app\_id | n/a | `string` | n/a | yes | | env\_id | n/a | `string` | n/a | yes | | prefix | n/a | `string` | n/a | yes | | region | n/a | `string` | n/a | yes | | res\_id | n/a | `string` | n/a | yes | -| secret\_key | n/a | `string` | n/a | yes | ## Outputs diff --git a/modules/iam-policy/ecr-create-repository/providers.tf b/modules/iam-policy/ecr-create-repository/providers.tf index 712d69b..18844e3 100644 --- a/modules/iam-policy/ecr-create-repository/providers.tf +++ b/modules/iam-policy/ecr-create-repository/providers.tf @@ -10,10 +10,7 @@ terraform { } provider "aws" { - # Injected via the humanitec-terraform-driver - access_key = var.access_key - secret_key = var.secret_key - region = var.region + region = var.region default_tags { tags = { diff --git a/modules/iam-policy/ecr-create-repository/terraform.tfvars.example b/modules/iam-policy/ecr-create-repository/terraform.tfvars.example index 6936f9f..956f7ee 100644 --- a/modules/iam-policy/ecr-create-repository/terraform.tfvars.example +++ b/modules/iam-policy/ecr-create-repository/terraform.tfvars.example @@ -1,7 +1,5 @@ -access_key = "" -app_id = "" -env_id = "" -prefix = "" -region = "" -res_id = "" -secret_key = "" \ No newline at end of file +app_id = "" +env_id = "" +prefix = "" +region = "" +res_id = "" \ No newline at end of file diff --git a/modules/iam-policy/ecr-create-repository/variables.tf b/modules/iam-policy/ecr-create-repository/variables.tf index 7a6c03d..d80ff60 100644 --- a/modules/iam-policy/ecr-create-repository/variables.tf +++ b/modules/iam-policy/ecr-create-repository/variables.tf @@ -6,14 +6,6 @@ variable "region" { type = string } -variable "access_key" { - type = string -} - -variable "secret_key" { - type = string -} - variable "app_id" { type = string } diff --git a/modules/iam-policy/s3-admin/README.md b/modules/iam-policy/s3-admin/README.md index ecc86de..f74abbb 100644 --- a/modules/iam-policy/s3-admin/README.md +++ b/modules/iam-policy/s3-admin/README.md @@ -23,14 +23,12 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_key | n/a | `string` | n/a | yes | | app\_id | n/a | `string` | n/a | yes | | env\_id | n/a | `string` | n/a | yes | | prefix | n/a | `string` | n/a | yes | | region | n/a | `string` | n/a | yes | | res\_id | n/a | `string` | n/a | yes | | s3\_bucket\_arn | n/a | `string` | n/a | yes | -| secret\_key | n/a | `string` | n/a | yes | ## Outputs diff --git a/modules/iam-policy/s3-admin/providers.tf b/modules/iam-policy/s3-admin/providers.tf index 712d69b..18844e3 100644 --- a/modules/iam-policy/s3-admin/providers.tf +++ b/modules/iam-policy/s3-admin/providers.tf @@ -10,10 +10,7 @@ terraform { } provider "aws" { - # Injected via the humanitec-terraform-driver - access_key = var.access_key - secret_key = var.secret_key - region = var.region + region = var.region default_tags { tags = { diff --git a/modules/iam-policy/s3-admin/terraform.tfvars.example b/modules/iam-policy/s3-admin/terraform.tfvars.example index 78c933b..3aaeeb3 100644 --- a/modules/iam-policy/s3-admin/terraform.tfvars.example +++ b/modules/iam-policy/s3-admin/terraform.tfvars.example @@ -1,8 +1,6 @@ -access_key = "" app_id = "" env_id = "" prefix = "" region = "" res_id = "" -s3_bucket_arn = "" -secret_key = "" \ No newline at end of file +s3_bucket_arn = "" \ No newline at end of file diff --git a/modules/iam-policy/s3-admin/variables.tf b/modules/iam-policy/s3-admin/variables.tf index e79fc84..10b99ee 100644 --- a/modules/iam-policy/s3-admin/variables.tf +++ b/modules/iam-policy/s3-admin/variables.tf @@ -6,14 +6,6 @@ variable "region" { type = string } -variable "access_key" { - type = string -} - -variable "secret_key" { - type = string -} - variable "s3_bucket_arn" { type = string } diff --git a/modules/iam-policy/s3-read-only/README.md b/modules/iam-policy/s3-read-only/README.md index ecc86de..f74abbb 100644 --- a/modules/iam-policy/s3-read-only/README.md +++ b/modules/iam-policy/s3-read-only/README.md @@ -23,14 +23,12 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_key | n/a | `string` | n/a | yes | | app\_id | n/a | `string` | n/a | yes | | env\_id | n/a | `string` | n/a | yes | | prefix | n/a | `string` | n/a | yes | | region | n/a | `string` | n/a | yes | | res\_id | n/a | `string` | n/a | yes | | s3\_bucket\_arn | n/a | `string` | n/a | yes | -| secret\_key | n/a | `string` | n/a | yes | ## Outputs diff --git a/modules/iam-policy/s3-read-only/providers.tf b/modules/iam-policy/s3-read-only/providers.tf index 712d69b..18844e3 100644 --- a/modules/iam-policy/s3-read-only/providers.tf +++ b/modules/iam-policy/s3-read-only/providers.tf @@ -10,10 +10,7 @@ terraform { } provider "aws" { - # Injected via the humanitec-terraform-driver - access_key = var.access_key - secret_key = var.secret_key - region = var.region + region = var.region default_tags { tags = { diff --git a/modules/iam-policy/s3-read-only/terraform.tfvars.example b/modules/iam-policy/s3-read-only/terraform.tfvars.example index 78c933b..3aaeeb3 100644 --- a/modules/iam-policy/s3-read-only/terraform.tfvars.example +++ b/modules/iam-policy/s3-read-only/terraform.tfvars.example @@ -1,8 +1,6 @@ -access_key = "" app_id = "" env_id = "" prefix = "" region = "" res_id = "" -s3_bucket_arn = "" -secret_key = "" \ No newline at end of file +s3_bucket_arn = "" \ No newline at end of file diff --git a/modules/iam-policy/s3-read-only/variables.tf b/modules/iam-policy/s3-read-only/variables.tf index e79fc84..10b99ee 100644 --- a/modules/iam-policy/s3-read-only/variables.tf +++ b/modules/iam-policy/s3-read-only/variables.tf @@ -6,14 +6,6 @@ variable "region" { type = string } -variable "access_key" { - type = string -} - -variable "secret_key" { - type = string -} - variable "s3_bucket_arn" { type = string } diff --git a/modules/iam-policy/sqs-admin/README.md b/modules/iam-policy/sqs-admin/README.md index 42a4f12..0c3f414 100644 --- a/modules/iam-policy/sqs-admin/README.md +++ b/modules/iam-policy/sqs-admin/README.md @@ -23,13 +23,11 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_key | n/a | `string` | n/a | yes | | app\_id | n/a | `string` | n/a | yes | | env\_id | n/a | `string` | n/a | yes | | prefix | n/a | `string` | n/a | yes | | region | n/a | `string` | n/a | yes | | res\_id | n/a | `string` | n/a | yes | -| secret\_key | n/a | `string` | n/a | yes | | sqs\_queue\_arn | n/a | `string` | n/a | yes | ## Outputs diff --git a/modules/iam-policy/sqs-admin/providers.tf b/modules/iam-policy/sqs-admin/providers.tf index 712d69b..18844e3 100644 --- a/modules/iam-policy/sqs-admin/providers.tf +++ b/modules/iam-policy/sqs-admin/providers.tf @@ -10,10 +10,7 @@ terraform { } provider "aws" { - # Injected via the humanitec-terraform-driver - access_key = var.access_key - secret_key = var.secret_key - region = var.region + region = var.region default_tags { tags = { diff --git a/modules/iam-policy/sqs-admin/terraform.tfvars.example b/modules/iam-policy/sqs-admin/terraform.tfvars.example index f43f826..02969d2 100644 --- a/modules/iam-policy/sqs-admin/terraform.tfvars.example +++ b/modules/iam-policy/sqs-admin/terraform.tfvars.example @@ -1,8 +1,6 @@ -access_key = "" app_id = "" env_id = "" prefix = "" region = "" res_id = "" -secret_key = "" sqs_queue_arn = "" \ No newline at end of file diff --git a/modules/iam-policy/sqs-admin/variables.tf b/modules/iam-policy/sqs-admin/variables.tf index 6ceb999..16686f2 100644 --- a/modules/iam-policy/sqs-admin/variables.tf +++ b/modules/iam-policy/sqs-admin/variables.tf @@ -6,14 +6,6 @@ variable "region" { type = string } -variable "access_key" { - type = string -} - -variable "secret_key" { - type = string -} - variable "sqs_queue_arn" { type = string } diff --git a/modules/iam-policy/sqs-consumer/README.md b/modules/iam-policy/sqs-consumer/README.md index 42a4f12..0c3f414 100644 --- a/modules/iam-policy/sqs-consumer/README.md +++ b/modules/iam-policy/sqs-consumer/README.md @@ -23,13 +23,11 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_key | n/a | `string` | n/a | yes | | app\_id | n/a | `string` | n/a | yes | | env\_id | n/a | `string` | n/a | yes | | prefix | n/a | `string` | n/a | yes | | region | n/a | `string` | n/a | yes | | res\_id | n/a | `string` | n/a | yes | -| secret\_key | n/a | `string` | n/a | yes | | sqs\_queue\_arn | n/a | `string` | n/a | yes | ## Outputs diff --git a/modules/iam-policy/sqs-consumer/providers.tf b/modules/iam-policy/sqs-consumer/providers.tf index 712d69b..18844e3 100644 --- a/modules/iam-policy/sqs-consumer/providers.tf +++ b/modules/iam-policy/sqs-consumer/providers.tf @@ -10,10 +10,7 @@ terraform { } provider "aws" { - # Injected via the humanitec-terraform-driver - access_key = var.access_key - secret_key = var.secret_key - region = var.region + region = var.region default_tags { tags = { diff --git a/modules/iam-policy/sqs-consumer/terraform.tfvars.example b/modules/iam-policy/sqs-consumer/terraform.tfvars.example index f43f826..02969d2 100644 --- a/modules/iam-policy/sqs-consumer/terraform.tfvars.example +++ b/modules/iam-policy/sqs-consumer/terraform.tfvars.example @@ -1,8 +1,6 @@ -access_key = "" app_id = "" env_id = "" prefix = "" region = "" res_id = "" -secret_key = "" sqs_queue_arn = "" \ No newline at end of file diff --git a/modules/iam-policy/sqs-consumer/variables.tf b/modules/iam-policy/sqs-consumer/variables.tf index 6ceb999..16686f2 100644 --- a/modules/iam-policy/sqs-consumer/variables.tf +++ b/modules/iam-policy/sqs-consumer/variables.tf @@ -6,14 +6,6 @@ variable "region" { type = string } -variable "access_key" { - type = string -} - -variable "secret_key" { - type = string -} - variable "sqs_queue_arn" { type = string } diff --git a/modules/iam-policy/sqs-publisher/README.md b/modules/iam-policy/sqs-publisher/README.md index 42a4f12..0c3f414 100644 --- a/modules/iam-policy/sqs-publisher/README.md +++ b/modules/iam-policy/sqs-publisher/README.md @@ -23,13 +23,11 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_key | n/a | `string` | n/a | yes | | app\_id | n/a | `string` | n/a | yes | | env\_id | n/a | `string` | n/a | yes | | prefix | n/a | `string` | n/a | yes | | region | n/a | `string` | n/a | yes | | res\_id | n/a | `string` | n/a | yes | -| secret\_key | n/a | `string` | n/a | yes | | sqs\_queue\_arn | n/a | `string` | n/a | yes | ## Outputs diff --git a/modules/iam-policy/sqs-publisher/providers.tf b/modules/iam-policy/sqs-publisher/providers.tf index 712d69b..18844e3 100644 --- a/modules/iam-policy/sqs-publisher/providers.tf +++ b/modules/iam-policy/sqs-publisher/providers.tf @@ -10,10 +10,7 @@ terraform { } provider "aws" { - # Injected via the humanitec-terraform-driver - access_key = var.access_key - secret_key = var.secret_key - region = var.region + region = var.region default_tags { tags = { diff --git a/modules/iam-policy/sqs-publisher/terraform.tfvars.example b/modules/iam-policy/sqs-publisher/terraform.tfvars.example index f43f826..02969d2 100644 --- a/modules/iam-policy/sqs-publisher/terraform.tfvars.example +++ b/modules/iam-policy/sqs-publisher/terraform.tfvars.example @@ -1,8 +1,6 @@ -access_key = "" app_id = "" env_id = "" prefix = "" region = "" res_id = "" -secret_key = "" sqs_queue_arn = "" \ No newline at end of file diff --git a/modules/iam-policy/sqs-publisher/variables.tf b/modules/iam-policy/sqs-publisher/variables.tf index 6ceb999..16686f2 100644 --- a/modules/iam-policy/sqs-publisher/variables.tf +++ b/modules/iam-policy/sqs-publisher/variables.tf @@ -6,14 +6,6 @@ variable "region" { type = string } -variable "access_key" { - type = string -} - -variable "secret_key" { - type = string -} - variable "sqs_queue_arn" { type = string } diff --git a/modules/iam-role/service-account/README.md b/modules/iam-role/service-account/README.md index b8d90a6..19ccd1f 100644 --- a/modules/iam-role/service-account/README.md +++ b/modules/iam-role/service-account/README.md @@ -25,7 +25,6 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_key | n/a | `string` | n/a | yes | | app\_id | n/a | `string` | n/a | yes | | cluster\_name | n/a | `string` | n/a | yes | | env\_id | n/a | `string` | n/a | yes | @@ -34,7 +33,6 @@ | prefix | Prefix for all resources | `string` | n/a | yes | | region | n/a | `string` | n/a | yes | | res\_id | n/a | `string` | n/a | yes | -| secret\_key | n/a | `string` | n/a | yes | | name | Resource name | `string` | `""` | no | ## Outputs diff --git a/modules/iam-role/service-account/providers.tf b/modules/iam-role/service-account/providers.tf index 712d69b..18844e3 100644 --- a/modules/iam-role/service-account/providers.tf +++ b/modules/iam-role/service-account/providers.tf @@ -10,10 +10,7 @@ terraform { } provider "aws" { - # Injected via the humanitec-terraform-driver - access_key = var.access_key - secret_key = var.secret_key - region = var.region + region = var.region default_tags { tags = { diff --git a/modules/iam-role/service-account/terraform.tfvars.example b/modules/iam-role/service-account/terraform.tfvars.example index d53c41e..55743f6 100644 --- a/modules/iam-role/service-account/terraform.tfvars.example +++ b/modules/iam-role/service-account/terraform.tfvars.example @@ -1,4 +1,3 @@ -access_key = "" app_id = "" cluster_name = "" env_id = "" @@ -12,6 +11,5 @@ policy_arns = "" # Prefix for all resources prefix = "" -region = "" -res_id = "" -secret_key = "" \ No newline at end of file +region = "" +res_id = "" \ No newline at end of file diff --git a/modules/iam-role/service-account/variables.tf b/modules/iam-role/service-account/variables.tf index ceb29f2..4f23915 100644 --- a/modules/iam-role/service-account/variables.tf +++ b/modules/iam-role/service-account/variables.tf @@ -7,14 +7,6 @@ variable "region" { type = string } -variable "access_key" { - type = string -} - -variable "secret_key" { - type = string -} - variable "policy_arns" { type = set(string) } diff --git a/modules/rds/aurora/README.md b/modules/rds/aurora/README.md index b8bc0b2..389a648 100644 --- a/modules/rds/aurora/README.md +++ b/modules/rds/aurora/README.md @@ -17,7 +17,6 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_key | n/a | `string` | n/a | yes | | app\_id | n/a | `string` | n/a | yes | | database\_name | n/a | `string` | n/a | yes | | env\_id | n/a | `string` | n/a | yes | @@ -26,7 +25,6 @@ | prefix | Prefix for all resources | `string` | n/a | yes | | region | n/a | `string` | n/a | yes | | res\_id | n/a | `string` | n/a | yes | -| secret\_key | n/a | `string` | n/a | yes | | subnets | n/a | `set(string)` | n/a | yes | | vpc | n/a | `string` | n/a | yes | | apply\_immediately | n/a | `bool` | `true` | no | diff --git a/modules/rds/aurora/providers.tf b/modules/rds/aurora/providers.tf index 712d69b..18844e3 100644 --- a/modules/rds/aurora/providers.tf +++ b/modules/rds/aurora/providers.tf @@ -10,10 +10,7 @@ terraform { } provider "aws" { - # Injected via the humanitec-terraform-driver - access_key = var.access_key - secret_key = var.secret_key - region = var.region + region = var.region default_tags { tags = { diff --git a/modules/rds/aurora/terraform.tfvars.example b/modules/rds/aurora/terraform.tfvars.example index 0b53e9f..0b09a24 100644 --- a/modules/rds/aurora/terraform.tfvars.example +++ b/modules/rds/aurora/terraform.tfvars.example @@ -1,4 +1,3 @@ -access_key = "" app_id = "" apply_immediately = true create_cloudwatch_log_group = false @@ -41,7 +40,6 @@ prefix = "" region = "" res_id = "" -secret_key = "" security_group_rules = {} skip_final_snapshot = true storage_encrypted = true diff --git a/modules/rds/aurora/variables.tf b/modules/rds/aurora/variables.tf index b0e970d..f8b87ac 100644 --- a/modules/rds/aurora/variables.tf +++ b/modules/rds/aurora/variables.tf @@ -7,14 +7,6 @@ variable "region" { type = string } -variable "access_key" { - type = string -} - -variable "secret_key" { - type = string -} - variable "app_id" { type = string } diff --git a/modules/rds/basic/README.md b/modules/rds/basic/README.md index 56c7951..03dda1f 100644 --- a/modules/rds/basic/README.md +++ b/modules/rds/basic/README.md @@ -16,7 +16,6 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_key | n/a | `string` | n/a | yes | | app\_id | n/a | `string` | n/a | yes | | database\_name | n/a | `string` | n/a | yes | | env\_id | n/a | `string` | n/a | yes | @@ -24,7 +23,6 @@ | prefix | Prefix for all resources | `string` | n/a | yes | | region | n/a | `string` | n/a | yes | | res\_id | n/a | `string` | n/a | yes | -| secret\_key | n/a | `string` | n/a | yes | | subnet\_ids | n/a | `set(string)` | n/a | yes | | username | n/a | `string` | n/a | yes | | vpc\_security\_group\_ids | n/a | `set(string)` | n/a | yes | diff --git a/modules/rds/basic/providers.tf b/modules/rds/basic/providers.tf index 712d69b..18844e3 100644 --- a/modules/rds/basic/providers.tf +++ b/modules/rds/basic/providers.tf @@ -10,10 +10,7 @@ terraform { } provider "aws" { - # Injected via the humanitec-terraform-driver - access_key = var.access_key - secret_key = var.secret_key - region = var.region + region = var.region default_tags { tags = { diff --git a/modules/rds/basic/terraform.tfvars.example b/modules/rds/basic/terraform.tfvars.example index 8dde015..262f224 100644 --- a/modules/rds/basic/terraform.tfvars.example +++ b/modules/rds/basic/terraform.tfvars.example @@ -1,4 +1,3 @@ -access_key = "" allocated_storage = 20 app_id = "" backup_retention_period = 1 @@ -41,7 +40,6 @@ prefix = "" region = "" res_id = "" -secret_key = "" skip_final_snapshot = true subnet_ids = "" username = "" diff --git a/modules/rds/basic/variables.tf b/modules/rds/basic/variables.tf index 79c5504..ce57785 100644 --- a/modules/rds/basic/variables.tf +++ b/modules/rds/basic/variables.tf @@ -7,14 +7,6 @@ variable "region" { type = string } -variable "access_key" { - type = string -} - -variable "secret_key" { - type = string -} - variable "app_id" { type = string } diff --git a/modules/redis/basic/README.md b/modules/redis/basic/README.md index 7c8650d..11cd467 100644 --- a/modules/redis/basic/README.md +++ b/modules/redis/basic/README.md @@ -25,13 +25,11 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_key | AWS Access Key | `string` | n/a | yes | | app\_id | n/a | `string` | n/a | yes | | env\_id | n/a | `string` | n/a | yes | | prefix | Prefix for all resources | `string` | n/a | yes | | region | AWS Region | `string` | n/a | yes | | res\_id | n/a | `string` | n/a | yes | -| secret\_key | AWS Secret Key | `string` | n/a | yes | | security\_group\_ids | List of AWS security group IDs to use for the AWS ElastiCache cluster | `set(string)` | n/a | yes | | subnet\_group\_name | Name of the AWS ElastiCache subnet group to use | `string` | n/a | yes | | name | Resource name | `string` | `""` | no | diff --git a/modules/redis/basic/providers.tf b/modules/redis/basic/providers.tf index e2cdb22..3e631fa 100644 --- a/modules/redis/basic/providers.tf +++ b/modules/redis/basic/providers.tf @@ -14,10 +14,7 @@ terraform { } provider "aws" { - # Injected via the humanitec-terraform-driver - access_key = var.access_key - secret_key = var.secret_key - region = var.region + region = var.region default_tags { tags = { diff --git a/modules/redis/basic/terraform.tfvars.example b/modules/redis/basic/terraform.tfvars.example index 41c4210..0d95635 100644 --- a/modules/redis/basic/terraform.tfvars.example +++ b/modules/redis/basic/terraform.tfvars.example @@ -1,7 +1,3 @@ - -# AWS Access Key -access_key = "" - app_id = "" env_id = "" @@ -28,9 +24,6 @@ region = "" res_id = "" -# AWS Secret Key -secret_key = "" - # List of AWS security group IDs to use for the AWS ElastiCache cluster security_group_ids = "" diff --git a/modules/redis/basic/variables.tf b/modules/redis/basic/variables.tf index 3a64a5d..8f0d06d 100644 --- a/modules/redis/basic/variables.tf +++ b/modules/redis/basic/variables.tf @@ -3,16 +3,6 @@ variable "prefix" { type = string } -variable "access_key" { - description = "AWS Access Key" - type = string -} - -variable "secret_key" { - description = "AWS Secret Key" - type = string -} - variable "region" { description = "AWS Region" type = string diff --git a/modules/s3/basic/README.md b/modules/s3/basic/README.md index ed03bcc..0b2e207 100644 --- a/modules/s3/basic/README.md +++ b/modules/s3/basic/README.md @@ -24,13 +24,11 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_key | n/a | `string` | n/a | yes | | app\_id | n/a | `string` | n/a | yes | | env\_id | n/a | `string` | n/a | yes | | prefix | Prefix for all resources | `string` | n/a | yes | | region | n/a | `string` | n/a | yes | | res\_id | n/a | `string` | n/a | yes | -| secret\_key | n/a | `string` | n/a | yes | | force\_destroy | n/a | `bool` | `true` | no | | name | Resource name | `string` | `""` | no | diff --git a/modules/s3/basic/providers.tf b/modules/s3/basic/providers.tf index 712d69b..18844e3 100644 --- a/modules/s3/basic/providers.tf +++ b/modules/s3/basic/providers.tf @@ -10,10 +10,7 @@ terraform { } provider "aws" { - # Injected via the humanitec-terraform-driver - access_key = var.access_key - secret_key = var.secret_key - region = var.region + region = var.region default_tags { tags = { diff --git a/modules/s3/basic/terraform.tfvars.example b/modules/s3/basic/terraform.tfvars.example index 37adf46..308e052 100644 --- a/modules/s3/basic/terraform.tfvars.example +++ b/modules/s3/basic/terraform.tfvars.example @@ -1,4 +1,3 @@ -access_key = "" app_id = "" env_id = "" force_destroy = true @@ -9,6 +8,5 @@ name = "" # Prefix for all resources prefix = "" -region = "" -res_id = "" -secret_key = "" \ No newline at end of file +region = "" +res_id = "" \ No newline at end of file diff --git a/modules/s3/basic/variables.tf b/modules/s3/basic/variables.tf index 72bdee5..04f3161 100644 --- a/modules/s3/basic/variables.tf +++ b/modules/s3/basic/variables.tf @@ -7,14 +7,6 @@ variable "region" { type = string } -variable "access_key" { - type = string -} - -variable "secret_key" { - type = string -} - variable "force_destroy" { type = bool default = true diff --git a/modules/sqs/basic/README.md b/modules/sqs/basic/README.md index ecb6e4d..5f2b6d7 100644 --- a/modules/sqs/basic/README.md +++ b/modules/sqs/basic/README.md @@ -16,13 +16,11 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_key | n/a | `string` | n/a | yes | | app\_id | n/a | `string` | n/a | yes | | env\_id | n/a | `string` | n/a | yes | | prefix | Prefix for all resources | `string` | n/a | yes | | region | n/a | `string` | n/a | yes | | res\_id | n/a | `string` | n/a | yes | -| secret\_key | n/a | `string` | n/a | yes | | name | Resource name | `string` | `""` | no | ## Outputs diff --git a/modules/sqs/basic/providers.tf b/modules/sqs/basic/providers.tf index 712d69b..18844e3 100644 --- a/modules/sqs/basic/providers.tf +++ b/modules/sqs/basic/providers.tf @@ -10,10 +10,7 @@ terraform { } provider "aws" { - # Injected via the humanitec-terraform-driver - access_key = var.access_key - secret_key = var.secret_key - region = var.region + region = var.region default_tags { tags = { diff --git a/modules/sqs/basic/terraform.tfvars.example b/modules/sqs/basic/terraform.tfvars.example index 73d92dd..d7bb7d1 100644 --- a/modules/sqs/basic/terraform.tfvars.example +++ b/modules/sqs/basic/terraform.tfvars.example @@ -1,6 +1,5 @@ -access_key = "" -app_id = "" -env_id = "" +app_id = "" +env_id = "" # Resource name name = "" @@ -8,6 +7,5 @@ name = "" # Prefix for all resources prefix = "" -region = "" -res_id = "" -secret_key = "" \ No newline at end of file +region = "" +res_id = "" \ No newline at end of file diff --git a/modules/sqs/basic/variables.tf b/modules/sqs/basic/variables.tf index 863af82..eb6b378 100644 --- a/modules/sqs/basic/variables.tf +++ b/modules/sqs/basic/variables.tf @@ -7,14 +7,6 @@ variable "region" { type = string } -variable "access_key" { - type = string -} - -variable "secret_key" { - type = string -} - variable "app_id" { type = string }