diff --git a/.gitignore b/.gitignore index 1ba5480..7bacaf4 100644 --- a/.gitignore +++ b/.gitignore @@ -1,9 +1,210 @@ # ignored files +*~ + +# temporary files which can be created if a process still has a handle open of a deleted file +.fuse_hidden* + +# KDE directory preferences +.directory + +# Linux trash folder which might appear on any partition or disk +.Trash-* + +# .nfs files are created when an open file is removed but is still being accessed +.nfs* +### Eclipse template + +.metadata +bin/ +tmp/ +*.tmp +*.bak +*.swp +*~.nib +local.properties +.settings/ +.loadpath +.recommenders + +# External tool builders +.externalToolBuilders/ + +# Locally stored "Eclipse launch configurations" +*.launch + +# PyDev specific (Python IDE for Eclipse) +*.pydevproject + +# CDT-specific (C/C++ Development Tooling) +.cproject + +# Java annotation processor (APT) +.factorypath + +# PDT-specific (PHP Development Tools) +.buildpath + +# sbteclipse plugin +.target + +# Tern plugin +.tern-project + +# TeXlipse plugin +.texlipse + +# STS (Spring Tool Suite) +.springBeans + +# Code Recommenders +.recommenders/ + +# Scala IDE specific (Scala & Java development for Eclipse) +.cache-main +.scala_dependencies +.worksheet +### Windows template +# Windows thumbnail cache files +Thumbs.db +ehthumbs.db +ehthumbs_vista.db + +# Dump file +*.stackdump + +# Folder config file +[Dd]esktop.ini + +# Recycle Bin used on file shares +$RECYCLE.BIN/ + +# Windows Installer files +*.cab +*.msi +*.msm +*.msp + +# Windows shortcuts +*.lnk +### Ansible template +*.retry +### macOS template +# General +.DS_Store +.AppleDouble +.LSOverride + +# Icon must end with two \r +Icon + +# Thumbnails +._* + +# Files that might appear in the root of a volume +.DocumentRevisions-V100 +.fseventsd +.Spotlight-V100 +.TemporaryItems +.Trashes +.VolumeIcon.icns +.com.apple.timemachine.donotpresent + +# Directories potentially created on remote AFP share +.AppleDB +.AppleDesktop +Network Trash Folder +Temporary Items +.apdisk +### Archives template +# It's better to unpack these files and commit the raw source because +# git has its own built in compression methods. +*.7z +*.jar +*.rar +*.zip +*.gz +*.tgz +*.bzip +*.bz2 +*.xz +*.lzma +*.cab + +# Packing-only formats +*.iso +*.tar + +# Package management formats +*.dmg +*.xpi +*.gem +*.egg +*.deb +*.rpm +*.msi +*.msm +*.msp +### JetBrains template +# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm +# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839 + +/.idea/ +# User-specific stuff: +.idea/**/workspace.xml +.idea/**/tasks.xml +.idea/dictionaries + +# Sensitive or high-churn files: +.idea/**/dataSources/ +.idea/**/dataSources.ids +.idea/**/dataSources.xml +.idea/**/dataSources.local.xml +.idea/**/sqlDataSources.xml +.idea/**/dynamic.xml +.idea/**/uiDesigner.xml + +# Gradle: +.idea/**/gradle.xml +.idea/**/libraries + +# CMake +cmake-build-debug/ + +# Mongo Explorer plugin: +.idea/**/mongoSettings.xml + +## File-based project format: +*.iws + +## Plugin-specific files: + +# IntelliJ +out/ + +# mpeltonen/sbt-idea plugin +.idea_modules/ +# User-specific stuff: +.idea/* +# JIRA plugin +atlassian-ide-plugin.xml + +# Cursive Clojure plugin +.idea/replstate.xml + +# TFstste +*.tfstate* + +deployment/_logs/ansible-log.json +deployment/_logs/ansible-log.log +deployment/_logs/facts/* +deployment/_logs/retry/* +_app/* +ansible-log.json +.terraform +terraform.tfstate + *.tfstate *.tfstate.backup -.terraform -.idea *.iml *.terraform.lock.hcl -/_test/go.mod -/_test/go.sum +*.lock.hcl \ No newline at end of file diff --git a/_example/public/example.tf b/_example/public/example.tf index 0f7e9c3..09ff309 100644 --- a/_example/public/example.tf +++ b/_example/public/example.tf @@ -8,16 +8,15 @@ provider "aws" { module "s3_bucket" { source = "clouddrove/s3/aws" - version = "1.3.0" + version = "2.0.0" name = "clouddrove-sftp-bucket01" environment = "test" label_order = ["environment", "name"] - versioning = true - logging = true - acl = "private" - force_destroy = true + versioning = true + logging = false + acl = "private" } ################################################################################ @@ -29,7 +28,6 @@ module "sftp" { name = "sftp" environment = "test" label_order = ["environment", "name"] - enable_sftp = true s3_bucket_name = module.s3_bucket.id workflow_details = { on_upload = { diff --git a/_example/vpc/example.tf b/_example/vpc/example.tf index c659d70..4028f1b 100644 --- a/_example/vpc/example.tf +++ b/_example/vpc/example.tf @@ -14,9 +14,6 @@ module "vpc" { cidr_block = "10.0.0.0/16" enable_flow_log = true # Flow logs will be stored in cloudwatch log group. Variables passed in default. create_flow_log_cloudwatch_iam_role = true - additional_cidr_block = ["172.3.0.0/16", "172.2.0.0/16"] - dhcp_options_domain_name = "service.consul" - dhcp_options_domain_name_servers = ["127.0.0.1", "10.10.0.2"] } ################################################################################ @@ -25,21 +22,20 @@ module "vpc" { module "subnets" { source = "clouddrove/subnet/aws" - version = "1.0.1" - - name = "subnets" - environment = "test" - label_order = ["environment", "name"] - # tags = local.tags - enabled = true + version = "2.0.1" nat_gateway_enabled = true single_nat_gateway = true + name = "subnets" + environment = "test" + label_order = ["environment", "name"] availability_zones = ["eu-west-1a", "eu-west-1b", "eu-west-1c"] vpc_id = module.vpc.vpc_id + type = "public-private" + igw_id = module.vpc.igw_id cidr_block = module.vpc.vpc_cidr_block ipv6_cidr_block = module.vpc.ipv6_cidr_block - type = "public-private" + enable_ipv6 = false } ################################################################################ @@ -97,16 +93,13 @@ module "security_group_sftp" { module "s3_bucket" { source = "clouddrove/s3/aws" - version = "1.3.0" + version = "2.0.0" name = "clouddrove-sftp-bucket" environment = "test" label_order = ["environment", "name"] - - versioning = true - logging = true - acl = "private" - force_destroy = true + versioning = true + acl = "private" } ################################################################################ diff --git a/main.tf b/main.tf index 6f89b2a..6503f9b 100644 --- a/main.tf +++ b/main.tf @@ -128,7 +128,7 @@ data "aws_iam_policy_document" "assume_role_policy" { resource "aws_iam_role" "s3_access_for_sftp_users" { for_each = var.enabled ? local.user_names_map : {} - name = module.labels.id + name = "${module.labels.id}-${each.value.user_name}" assume_role_policy = join("", data.aws_iam_policy_document.assume_role_policy[*].json) managed_policy_arns = [aws_iam_policy.s3_access_for_sftp_users[each.value.user_name].arn] } @@ -136,7 +136,7 @@ resource "aws_iam_role" "s3_access_for_sftp_users" { resource "aws_iam_policy" "s3_access_for_sftp_users" { for_each = var.enabled ? local.user_names_map : {} - name = module.labels.id + name = "${module.labels.id}-${each.value.user_name}" policy = data.aws_iam_policy_document.s3_access_for_sftp_users[each.value.user_name].json tags = module.labels.tags @@ -149,7 +149,7 @@ resource "aws_iam_policy" "s3_access_for_sftp_users" { resource "aws_iam_policy" "logging" { count = var.enabled ? 1 : 0 - name = module.labels.id + name = "${module.labels.id}-logging" policy = join("", data.aws_iam_policy_document.logging[*].json) tags = module.labels.tags @@ -158,7 +158,7 @@ resource "aws_iam_policy" "logging" { resource "aws_iam_role" "logging" { count = var.enabled ? 1 : 0 - name = module.labels.id + name = "${module.labels.id}-logging" assume_role_policy = join("", data.aws_iam_policy_document.assume_role_policy[*].json) managed_policy_arns = [join("", aws_iam_policy.logging[*].arn)] @@ -171,7 +171,7 @@ resource "aws_iam_role" "logging" { ##---------------------------------------------------------------------------------- resource "aws_transfer_server" "transfer_server" { - count = var.enable_sftp ? 1 : 0 + count = var.enabled ? 1 : 0 identity_provider_type = var.identity_provider_type protocols = ["SFTP"] domain = var.domain @@ -240,10 +240,10 @@ resource "aws_transfer_user" "transfer_server_user" { ##---------------------------------------------------------------------------------- resource "aws_transfer_ssh_key" "transfer_server_ssh_key" { - count = var.enabled ? length(var.sftp_users) : 0 + for_each = var.enabled ? { for user in var.sftp_users : user.user_name => user } : {} server_id = join("", aws_transfer_server.transfer_server[*].id) - user_name = aws_transfer_user.transfer_server_user[count.index].user_name - body = aws_transfer_user.transfer_server_user[count.index].public_key + user_name = aws_transfer_user.transfer_server_user[each.value.user_name].user_name + body = each.value.public_key } @@ -262,6 +262,12 @@ resource "aws_eip" "sftp" { # Module : Custom Domain # Description : Provides a Custom Domain ##---------------------------------------------------------------------------------- +resource "aws_transfer_tag" "custom_hostname" { + count = var.enabled && length(var.domain_name) > 0 ? 1 : 0 + resource_arn = aws_transfer_server.transfer_server[0].arn + key = "aws:transfer:customHostname" + value = var.domain_name +} resource "aws_route53_record" "custom_domain" { count = var.enabled && length(var.domain_name) > 0 && length(var.zone_id) > 0 ? 1 : 0 diff --git a/variables.tf b/variables.tf index 9c18fb2..87640c8 100644 --- a/variables.tf +++ b/variables.tf @@ -48,11 +48,6 @@ variable "enabled" { #Module : SFTP #Description : Terraform sftp module variables. ##---------------------------------------------------------------------------------- -variable "enable_sftp" { - type = bool - default = true - description = "Set to false to prevent the module from creating any resources." -} variable "identity_provider_type" { type = string