The highest tagged major version is v2.

aws

package

v0.36.0 Latest Latest Go to latest Published: Jun 20, 2022 License: Apache-2.0 Imports: 4 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/lacework/go-sdk

Links

Open Source Insights

Documentation ¶

Index ¶

type AwsSubAccount
- func NewAwsSubAccount(profile string, region string) AwsSubAccount
type AwsTerraformModifier
type ExistingIamRoleDetails
- func NewExistingIamRoleDetails(name string, arn string, externalId string) *ExistingIamRoleDetails
- func (e *ExistingIamRoleDetails) IsPartial() bool
type GenerateAwsTfConfigurationArgs
- func NewTerraform(region string, enableConfig bool, enableCloudtrail bool, ...) *GenerateAwsTfConfigurationArgs
- func (args *GenerateAwsTfConfigurationArgs) Generate() (string, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AwsSubAccount ¶

type AwsSubAccount struct {
	// The name of the AwsProfile to use (in AWS configuration)
	AwsProfile string

	// The AwsRegion this profile should use if any resources are created
	AwsRegion string
}

func NewAwsSubAccount ¶

func NewAwsSubAccount(profile string, region string) AwsSubAccount

Create a new AWS sub account

A subaccount consists of the profile name (which needs to match the executing machines aws configuration) and a region for any new resources to be created in

type AwsTerraformModifier ¶

type AwsTerraformModifier func(c *GenerateAwsTfConfigurationArgs)

func EnableForceDestroyS3Bucket ¶

func EnableForceDestroyS3Bucket() AwsTerraformModifier

EnableForceDestroyS3Bucket Set the S3 ForceDestroy parameter to true for newly created buckets

func ExistingCloudtrailBucketArn ¶

func ExistingCloudtrailBucketArn(arn string) AwsTerraformModifier

ExistingCloudtrailBucketArn Set the bucket ARN of an existing Cloudtrail setup

func ExistingSnsTopicArn ¶

func ExistingSnsTopicArn(arn string) AwsTerraformModifier

ExistingSnsTopicArn Set the SNS Topic ARN of an existing Cloudtrail setup

func UseConsolidatedCloudtrail ¶

func UseConsolidatedCloudtrail() AwsTerraformModifier

UseConsolidatedCloudtrail Enable Consolidated Cloudtrail use

func UseExistingIamRole ¶

func UseExistingIamRole(iamDetails *ExistingIamRoleDetails) AwsTerraformModifier

UseExistingIamRole Set an existing IAM role configuration to use with the created Terraform code

func WithAwsProfile ¶

func WithAwsProfile(name string) AwsTerraformModifier

WithAwsProfile Set the AWS Profile to utilize for the main AWS provider

func WithLaceworkProfile ¶

func WithLaceworkProfile(name string) AwsTerraformModifier

WithLaceworkProfile Set the Lacework Profile to utilize when integrating

func WithSubaccounts ¶

func WithSubaccounts(subaccounts ...AwsSubAccount) AwsTerraformModifier

WithSubaccounts Supply additional AWS Profiles to integrate

type ExistingIamRoleDetails ¶

type ExistingIamRoleDetails struct {
	// Existing IAM Role ARN
	Arn string

	// Existing IAM Role Name
	Name string

	// Existing IAM Role External Id
	ExternalId string
}

func NewExistingIamRoleDetails ¶

func NewExistingIamRoleDetails(name string, arn string, externalId string) *ExistingIamRoleDetails

Create new existing IAM role details

func (*ExistingIamRoleDetails) IsPartial ¶ added in v0.24.0

func (e *ExistingIamRoleDetails) IsPartial() bool

type GenerateAwsTfConfigurationArgs ¶

type GenerateAwsTfConfigurationArgs struct {
	// Should we configure Cloudtrail integration in LW?
	Cloudtrail bool

	// Should we configure CSPM integration in LW?
	Config bool

	// Supply an AWS region for where to find the cloudtrail resources
	// TODO @ipcrm future: support split regions for resources (s3 one place, sns another, etc)
	AwsRegion string

	// Supply an AWS Profile name for the main account, only asked if configuring multiple
	AwsProfile string

	// Existing S3 Bucket ARN (Required when using existing cloudtrail)
	ExistingCloudtrailBucketArn string

	// Optionally supply existing IAM role details
	ExistingIamRole *ExistingIamRoleDetails

	// Existing SNS Topic
	ExistingSnsTopicArn string

	// Consolidated Trail
	ConsolidatedCloudtrail bool

	// Should we force destroy the bucket if it has stuff in it? (only relevant on new Cloudtrail creation)
	ForceDestroyS3Bucket bool

	// For AWS Subaccounts in consolidated CT setups
	// TODO @ipcrm future: what about many individual ct/config integrations together?
	SubAccounts []AwsSubAccount

	// Lacework Profile to use
	LaceworkProfile string
}

func NewTerraform ¶

func NewTerraform(region string, enableConfig bool, enableCloudtrail bool, mods ...AwsTerraformModifier) *GenerateAwsTfConfigurationArgs

NewTerraform returns an instance of the GenerateAwsTfConfigurationArgs struct with the provided region and enabled settings (config/cloudtrail).

Note: Additional configuration details may be set using modifiers of the AwsTerraformModifier type

Basic usage: Initialize a new AwsTerraformModifier struct, with a non-default AWS profile set. Then use generate to

           create a string output of the required HCL.

hcl, err := aws.NewTerraform("us-east-1", true, true,
  aws.WithAwsProfile("mycorp-profile")).Generate()

func (*GenerateAwsTfConfigurationArgs) Generate ¶

func (args *GenerateAwsTfConfigurationArgs) Generate() (string, error)

Generate new Terraform code based on the supplied args.

Source Files ¶

View all Source files

aws.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL