From fbfaec42a55b79173b1bceddd8ffb4c51402e101 Mon Sep 17 00:00:00 2001 From: kkirov Date: Thu, 15 Nov 2018 11:48:18 -0700 Subject: [PATCH 1/2] fix: various fixes for multi account. --- master-account/accounts.tf | 16 ++++++---------- master-account/main.tf | 10 ++++------ master-account/variables.tf | 11 ++++++----- user/send-email.sh | 4 ++-- 4 files changed, 18 insertions(+), 23 deletions(-) diff --git a/master-account/accounts.tf b/master-account/accounts.tf index 01da967..0d912d5 100644 --- a/master-account/accounts.tf +++ b/master-account/accounts.tf @@ -7,23 +7,18 @@ // | |- testing // | |- development // | |- forensics - - - // TODO loop over local.subaccounts // Docs: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html // To set password go to root sign up and enter email resource "aws_organizations_account" "main" { - count = "${length(var.sub_accounts)}" - name = "${var.sub_accounts[count.index]}" - email = "${local.account_email_local_part}+${var.sub_accounts[count.index]}@${local.account_email_domain}" - iam_user_access_to_billing = "DENY" + count = "${length(var.sub_accounts)}" + name = "${var.sub_accounts[count.index]}" + email = "${local.account_email_local_part}+${var.sub_accounts[count.index]}@${local.account_email_domain}" + + #iam_user_access_to_billing = "DENY" } # Org Units - TODO https://github.com/terraform-providers/terraform-provider-aws/pull/4207 - - - // https://www.terraform.io/docs/providers/aws/r/organizations_policy_attachment.html //resource "aws_organizations_policy_attachment" "environments" { // policy_id = "${aws_organizations_policy.environments.id}" @@ -44,3 +39,4 @@ resource "aws_organizations_account" "main" { //} //POLICY //} + diff --git a/master-account/main.tf b/master-account/main.tf index e54eca5..6c1ff06 100644 --- a/master-account/main.tf +++ b/master-account/main.tf @@ -1,10 +1,8 @@ - -resource "aws_organizations_organization" "account" { - feature_set = "ALL" -} +# resource "aws_organizations_organization" "account" { +# feature_set = "ALL" +# } resource "aws_iam_account_alias" "alias" { - count = "${var.account_alias == "" ? 0 : 1}" + count = "${var.account_alias == "" ? 0 : 1}" account_alias = "${var.account_alias}" } - diff --git a/master-account/variables.tf b/master-account/variables.tf index 8d4fbd4..f6af96b 100644 --- a/master-account/variables.tf +++ b/master-account/variables.tf @@ -1,13 +1,14 @@ +variable "name" {} variable "account_alias" { - type = "string" + type = "string" default = "" } // variable "roles" { - type = "list" - default = ["admin","developer"] + type = "list" + default = ["admin", "developer"] } // {username:[role,role]} @@ -20,19 +21,19 @@ variable "roles" { // type = "string" //} - variable "account_email" { description = "Organization account email" } variable "sub_accounts" { type = "list" + default = [ "operations", "production", "staging", "testing", "development", - "forensics" + "forensics", ] } diff --git a/user/send-email.sh b/user/send-email.sh index 47b32b7..81a47b3 100755 --- a/user/send-email.sh +++ b/user/send-email.sh @@ -28,7 +28,7 @@ ENC_PASSWORD="$5" # PGP encrypted password # PASSWORD=$(base64 --decode | keybase pgp decrypt) # Create a temporary file to store the encrypted binary data. -password_file=$(mktemp "password.${USERNAME}.gpg") +password_file=$(mktemp "password.${USERNAME}.gpg.XXXXX") # Decode the Base64 password and store it in password file. echo "$ENC_PASSWORD" | base64 --decode > "$password_file" @@ -40,7 +40,7 @@ PASSWORD=$(gpg -q --decrypt "$password_file") rm "$password_file" # Create a temporary file to store the HTML email body. -message_file=$(mktemp "message.${USERNAME}.html") +message_file=$(mktemp "message.${USERNAME}.html.XXXXX") # Replace username and passwords with correct values. cat "$DIR/send-email.html.tpl" > ${message_file} From 3abf890b874982813689f891bcc569ef40ec2c22 Mon Sep 17 00:00:00 2001 From: kkirov Date: Tue, 20 Nov 2018 12:27:03 -0700 Subject: [PATCH 2/2] fix: add comment. --- user/send-email.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/user/send-email.sh b/user/send-email.sh index 81a47b3..5e14388 100755 --- a/user/send-email.sh +++ b/user/send-email.sh @@ -27,7 +27,8 @@ ENC_PASSWORD="$5" # PGP encrypted password # Uncomment following if using keybase # PASSWORD=$(base64 --decode | keybase pgp decrypt) -# Create a temporary file to store the encrypted binary data. +# Create a temporary file to store the encrypted binary data. +#.XXXXX is needed due to a an error on ubuntu - "mktemp: too few X's in template" - rtomayko/shocco#5 password_file=$(mktemp "password.${USERNAME}.gpg.XXXXX") # Decode the Base64 password and store it in password file. @@ -40,6 +41,7 @@ PASSWORD=$(gpg -q --decrypt "$password_file") rm "$password_file" # Create a temporary file to store the HTML email body. +#.XXXXX is needed due to a an error on ubuntu - "mktemp: too few X's in template" - rtomayko/shocco#5 message_file=$(mktemp "message.${USERNAME}.html.XXXXX") # Replace username and passwords with correct values.