Skip to content

Commit

Permalink
feat: Allow deploying all resources in management account (#112)
Browse files Browse the repository at this point in the history 
* feat: allow deploy all reosurces in managment account

* chore: update min tf version

* chore: run precommit

* chore: remove aliased provider and fix precommit

* fix: precommit version

* chore: fix variable name

* chore: remove unned resource group

* fix: docs
  • Loading branch information
@hayk99
hayk99 authored Jul 5, 2022
1 parent 29b399e commit 9ce4be3
Show file tree
Hide file tree
Showing 48 changed files with 86 additions and 75 deletions.
2 changes: 1 addition & 1 deletion examples-internal/organizational-k8s-threat-reuse_cloudtrail_s3/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ $ terraform apply

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.0 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.50.0 |
| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >=2.3.0 |
| <a name="requirement_sysdig"></a> [sysdig](#requirement\_sysdig) | >= 0.5.33 |
Expand Down
2 changes: 1 addition & 1 deletion examples-internal/organizational-k8s-threat-reuse_cloudtrail_s3/versions.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 0.15.0"
required_version = ">= 1.0.0"
required_providers {
aws = {
version = ">= 3.50.0"
Expand Down
9 changes: 5 additions & 4 deletions examples/organizational/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,17 +137,17 @@ $ terraform apply

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.0 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0.0 |
| <a name="requirement_sysdig"></a> [sysdig](#requirement\_sysdig) | >= 0.5.33 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
| <a name="provider_aws.member"></a> [aws.member](#provider\_aws.member) | 4.20.1 |
| <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | 0.5.37 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.0.0 |
| <a name="provider_aws.member"></a> [aws.member](#provider\_aws.member) | >= 4.0.0 |
| <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | >= 0.5.33 |

## Modules

Expand All @@ -168,6 +168,7 @@ $ terraform apply
| Name | Type |
|------|------|
| [aws_iam_role.connector_ecs_task](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_caller_identity.me](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_iam_policy_document.task_assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
| [sysdig_secure_connection.current](https://registry.terraform.io/providers/sysdiglabs/sysdig/latest/docs/data-sources/secure_connection) | data source |
Expand Down
1 change: 1 addition & 0 deletions examples/organizational/data.tf
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
data "aws_region" "current" {}
data "sysdig_secure_connection" "current" {}
data "aws_caller_identity" "me" {}
4 changes: 4 additions & 0 deletions examples/organizational/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@
# resources deployed always in management account
# with default provider
#-------------------------------------
locals {
deploy_same_account = data.aws_caller_identity.me.account_id == var.sysdig_secure_for_cloud_member_account_id
}

module "resource_group" {
source = "../../modules/infrastructure/resource-group"
Expand All @@ -10,6 +13,7 @@ module "resource_group" {
}

module "resource_group_secure_for_cloud_member" {
count = local.deploy_same_account ? 0 : 1
providers = {
aws = aws.member
}
Expand Down
2 changes: 1 addition & 1 deletion examples/organizational/versions.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 0.15.0"
required_version = ">= 1.0.0"
required_providers {
aws = {
version = ">= 4.0.0"
Expand Down
4 changes: 2 additions & 2 deletions examples/single-account-apprunner/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,14 +64,14 @@ $ terraform apply

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.0 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
| <a name="requirement_sysdig"></a> [sysdig](#requirement\_sysdig) | >= 0.5.33 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | 0.5.37 |
| <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | >= 0.5.33 |

## Modules

Expand Down
2 changes: 1 addition & 1 deletion examples/single-account-apprunner/versions.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 0.15.0"
required_version = ">= 1.0.0"
required_providers {
sysdig = {
source = "sysdiglabs/sysdig"
Expand Down
4 changes: 2 additions & 2 deletions examples/single-account-ecs/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,14 +64,14 @@ $ terraform apply

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.0 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
| <a name="requirement_sysdig"></a> [sysdig](#requirement\_sysdig) | >= 0.5.33 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | 0.5.37 |
| <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | >= 0.5.33 |

## Modules

Expand Down
2 changes: 1 addition & 1 deletion examples/single-account-ecs/versions.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 0.15.0"
required_version = ">= 1.0.0"
required_providers {
sysdig = {
source = "sysdiglabs/sysdig"
Expand Down
8 changes: 4 additions & 4 deletions examples/single-account-k8s/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ $ terraform apply

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.0 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.50.0 |
| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >=2.3.0 |
| <a name="requirement_sysdig"></a> [sysdig](#requirement\_sysdig) | >= 0.5.33 |
Expand All @@ -84,9 +84,9 @@ $ terraform apply

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
| <a name="provider_helm"></a> [helm](#provider\_helm) | 2.6.0 |
| <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | 0.5.37 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.50.0 |
| <a name="provider_helm"></a> [helm](#provider\_helm) | >=2.3.0 |
| <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | >= 0.5.33 |

## Modules

Expand Down
2 changes: 1 addition & 1 deletion examples/single-account-k8s/versions.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 0.15.0"
required_version = ">= 1.0.0"
required_providers {
aws = {
version = ">= 3.50.0"
Expand Down
4 changes: 2 additions & 2 deletions examples/trigger-events/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,14 +42,14 @@ $ terraform apply

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.0 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.50.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.50.0 |

## Modules

Expand Down
2 changes: 1 addition & 1 deletion examples/trigger-events/versions.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 0.15.0"
required_version = ">= 1.0.0"
required_providers {
aws = {
version = ">= 3.50.0"
Expand Down
4 changes: 2 additions & 2 deletions modules/infrastructure/cloudtrail/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,14 +5,14 @@

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.0 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.0.0 |

## Modules

Expand Down
5 changes: 4 additions & 1 deletion modules/infrastructure/cloudtrail/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,10 @@ resource "aws_cloudtrail" "cloudtrail" {
tags = var.tags

## note: seems required to avoid racing conditions (InsufficientSnsTopicPolicyException on cloudtrail creation) /shrug
depends_on = [aws_s3_bucket_policy.cloudtrail_s3, aws_sns_topic_policy.allow_cloudtrail_publish]
depends_on = [
aws_s3_bucket_policy.cloudtrail_s3,
aws_sns_topic_policy.allow_cloudtrail_publish
]
}

data "aws_caller_identity" "me" {}
6 changes: 4 additions & 2 deletions modules/infrastructure/cloudtrail/sns_permissions.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,10 @@ data "aws_iam_policy_document" "cloudtrail_sns" {
sid = "AllowSysdigSecureForCloudSubscribe"
effect = "Allow"
principals {
identifiers = ["arn:aws:iam::${var.organizational_config.sysdig_secure_for_cloud_member_account_id}:role/${var.organizational_config.organizational_role_per_account}"]
type = "AWS"
identifiers = [
"arn:aws:iam::${var.organizational_config.sysdig_secure_for_cloud_member_account_id}:role/${var.organizational_config.organizational_role_per_account}"
]
type = "AWS"
# more open policy but without requiring aws provider role
# identifiers = ["sqs.amazonaws.com"]
# type = "Service"
Expand Down
2 changes: 1 addition & 1 deletion modules/infrastructure/cloudtrail/versions.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 0.15.0"
required_version = ">= 1.0.0"
required_providers {
aws = {
version = ">= 4.0.0"
Expand Down
4 changes: 2 additions & 2 deletions modules/infrastructure/cloudtrail_s3-sns-sqs/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,14 +39,14 @@ EVENT FILTER/fine-tunning, regarding what we want to send to Sysdig Cloud-Connec

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.0 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.50.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.50.0 |

## Modules

Expand Down
2 changes: 1 addition & 1 deletion modules/infrastructure/cloudtrail_s3-sns-sqs/versions.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 0.15.0"
required_version = ">= 1.0.0"
required_providers {
aws = {
version = ">= 3.50.0"
Expand Down
4 changes: 2 additions & 2 deletions modules/infrastructure/codebuild/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,14 +5,14 @@

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.0 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.50.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.50.0 |

## Modules

Expand Down
2 changes: 1 addition & 1 deletion modules/infrastructure/codebuild/versions.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 0.15.0"
required_version = ">= 1.0.0"
required_providers {
aws = {
version = ">= 3.50.0"
Expand Down
4 changes: 2 additions & 2 deletions modules/infrastructure/ecs-vpc/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,14 +6,14 @@

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.0 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.50.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.50.0 |

## Modules

Expand Down
2 changes: 1 addition & 1 deletion modules/infrastructure/ecs-vpc/versions.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 0.15.0"
required_version = ">= 1.0.0"
required_providers {
aws = {
version = ">= 3.50.0"
Expand Down
2 changes: 1 addition & 1 deletion modules/infrastructure/eks/versions.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 0.15.0"
required_version = ">= 1.0.0"
required_providers {
aws = {
version = ">= 3.50.0"
Expand Down
4 changes: 2 additions & 2 deletions modules/infrastructure/permissions/cloud-connector/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,14 +5,14 @@

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.0 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.50.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.50.0 |

## Modules

Expand Down
2 changes: 1 addition & 1 deletion modules/infrastructure/permissions/cloud-connector/versions.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 0.15.0"
required_version = ">= 1.0.0"
required_providers {
aws = {
version = ">= 3.50.0"
Expand Down
4 changes: 2 additions & 2 deletions modules/infrastructure/permissions/cloud-scanning/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,14 +5,14 @@

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.0 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.50.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.50.0 |

## Modules

Expand Down
2 changes: 1 addition & 1 deletion modules/infrastructure/permissions/cloud-scanning/versions.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 0.15.0"
required_version = ">= 1.0.0"
required_providers {
aws = {
version = ">= 3.50.0"
Expand Down
4 changes: 2 additions & 2 deletions modules/infrastructure/permissions/general/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,14 @@ General permissions that apply to both cloud-connector and cloud-scanning module

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.0 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.50.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.50.0 |

## Modules

Expand Down
2 changes: 1 addition & 1 deletion modules/infrastructure/permissions/general/versions.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 0.15.0"
required_version = ">= 1.0.0"
required_providers {
aws = {
version = ">= 3.50.0"
Expand Down
4 changes: 2 additions & 2 deletions modules/infrastructure/permissions/iam-user/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,14 +38,14 @@ Note: Contact us if this authentication system does not match your requirement.

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.0 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.50.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.50.0 |

## Modules

Expand Down
2 changes: 1 addition & 1 deletion modules/infrastructure/permissions/iam-user/versions.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 0.15.0"
required_version = ">= 1.0.0"
required_providers {
aws = {
version = ">= 3.50.0"
Expand Down
Loading

0 comments on commit 9ce4be3

Please sign in to comment.