The highest tagged major version is
Documentation
¶
Index ¶
- type AwsSubAccount
- type AwsTerraformModifier
- func EnableForceDestroyS3Bucket() AwsTerraformModifier
- func ExistingCloudtrailBucketArn(arn string) AwsTerraformModifier
- func ExistingSnsTopicArn(arn string) AwsTerraformModifier
- func UseConsolidatedCloudtrail() AwsTerraformModifier
- func UseExistingIamRole(iamDetails *ExistingIamRoleDetails) AwsTerraformModifier
- func WithAwsProfile(name string) AwsTerraformModifier
- func WithBucketEncryptionEnabled(enableBucketEncryption bool) AwsTerraformModifier
- func WithBucketName(bucketName string) AwsTerraformModifier
- func WithBucketSSEKeyArn(bucketSseKeyArn string) AwsTerraformModifier
- func WithCloudtrailName(cloudtrailName string) AwsTerraformModifier
- func WithConfigName(configName string) AwsTerraformModifier
- func WithLaceworkProfile(name string) AwsTerraformModifier
- func WithSnsTopicEncryptionEnabled(snsTopicEncryptionEnabled bool) AwsTerraformModifier
- func WithSnsTopicEncryptionKeyArn(snsTopicEncryptionKeyArn string) AwsTerraformModifier
- func WithSnsTopicName(snsTopicName string) AwsTerraformModifier
- func WithSqsEncryptionEnabled(sqsEncryptionEnabled bool) AwsTerraformModifier
- func WithSqsEncryptionKeyArn(ssqEncryptionKeyArn string) AwsTerraformModifier
- func WithSqsQueueName(sqsQueueName string) AwsTerraformModifier
- func WithSubaccounts(subaccounts ...AwsSubAccount) AwsTerraformModifier
- type ExistingIamRoleDetails
- type GenerateAwsTfConfigurationArgs
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AwsSubAccount ¶
type AwsSubAccount struct {
// The name of the AwsProfile to use (in AWS configuration)
AwsProfile string
// The AwsRegion this profile should use if any resources are created
AwsRegion string
}
func NewAwsSubAccount ¶
func NewAwsSubAccount(profile string, region string) AwsSubAccount
Create a new AWS sub account
A subaccount consists of the profile name (which needs to match the executing machines aws configuration) and a region for any new resources to be created in
type AwsTerraformModifier ¶
type AwsTerraformModifier func(c *GenerateAwsTfConfigurationArgs)
func EnableForceDestroyS3Bucket ¶
func EnableForceDestroyS3Bucket() AwsTerraformModifier
EnableForceDestroyS3Bucket Set the S3 ForceDestroy parameter to true for newly created buckets
func ExistingCloudtrailBucketArn ¶
func ExistingCloudtrailBucketArn(arn string) AwsTerraformModifier
ExistingCloudtrailBucketArn Set the bucket ARN of an existing Cloudtrail setup
func ExistingSnsTopicArn ¶
func ExistingSnsTopicArn(arn string) AwsTerraformModifier
ExistingSnsTopicArn Set the SNS Topic ARN of an existing Cloudtrail setup
func UseConsolidatedCloudtrail ¶
func UseConsolidatedCloudtrail() AwsTerraformModifier
UseConsolidatedCloudtrail Enable Consolidated Cloudtrail use
func UseExistingIamRole ¶
func UseExistingIamRole(iamDetails *ExistingIamRoleDetails) AwsTerraformModifier
UseExistingIamRole Set an existing IAM role configuration to use with the created Terraform code
func WithAwsProfile ¶
func WithAwsProfile(name string) AwsTerraformModifier
WithAwsProfile Set the AWS Profile to utilize for the main AWS provider
func WithBucketEncryptionEnabled ¶ added in v0.41.0
func WithBucketEncryptionEnabled(enableBucketEncryption bool) AwsTerraformModifier
WithBucketEncryptionEnabled Enable encryption on a newly created bucket
func WithBucketName ¶ added in v0.41.0
func WithBucketName(bucketName string) AwsTerraformModifier
WithBucketName add bucket name for CloudTrail integration
func WithBucketSSEKeyArn ¶ added in v0.41.0
func WithBucketSSEKeyArn(bucketSseKeyArn string) AwsTerraformModifier
WithBucketSSEKeyArn Set existing KMS encryption key arn for bucket
func WithCloudtrailName ¶ added in v0.41.0
func WithCloudtrailName(cloudtrailName string) AwsTerraformModifier
WithCloudtrailName add optional name for CloudTrail integration
func WithConfigName ¶ added in v0.41.0
func WithConfigName(configName string) AwsTerraformModifier
WithConfigName add optional name for Config integration
func WithLaceworkProfile ¶
func WithLaceworkProfile(name string) AwsTerraformModifier
WithLaceworkProfile Set the Lacework Profile to utilize when integrating
func WithSnsTopicEncryptionEnabled ¶ added in v0.43.0
func WithSnsTopicEncryptionEnabled(snsTopicEncryptionEnabled bool) AwsTerraformModifier
WithSnsTopicEncryptionEnabled Enable encryption on SNS Topic when created
func WithSnsTopicEncryptionKeyArn ¶ added in v0.43.0
func WithSnsTopicEncryptionKeyArn(snsTopicEncryptionKeyArn string) AwsTerraformModifier
WithSnsTopicEncryptionKeyArn Set existing KMS encryption key arn for SNS topic
func WithSnsTopicName ¶ added in v0.41.0
func WithSnsTopicName(snsTopicName string) AwsTerraformModifier
WithSnsTopicName Set SNS Topic Name if creating new one
func WithSqsEncryptionEnabled ¶ added in v0.41.0
func WithSqsEncryptionEnabled(sqsEncryptionEnabled bool) AwsTerraformModifier
WithSqsEncryptionEnabled Enable encryption on SQS queue when created
func WithSqsEncryptionKeyArn ¶ added in v0.41.0
func WithSqsEncryptionKeyArn(ssqEncryptionKeyArn string) AwsTerraformModifier
WithSqsEncryptionKeyArn Set existing KMS encryption key arn for SQS queue
func WithSqsQueueName ¶ added in v0.41.0
func WithSqsQueueName(sqsQueueName string) AwsTerraformModifier
WithSqsQueueName Set SQS Queue Name if creating new one
func WithSubaccounts ¶
func WithSubaccounts(subaccounts ...AwsSubAccount) AwsTerraformModifier
WithSubaccounts Supply additional AWS Profiles to integrate
type ExistingIamRoleDetails ¶
type ExistingIamRoleDetails struct {
// Existing IAM Role ARN
Arn string
// Existing IAM Role Name
Name string
// Existing IAM Role External Id
ExternalId string
}
func NewExistingIamRoleDetails ¶
func NewExistingIamRoleDetails(name string, arn string, externalId string) *ExistingIamRoleDetails
NewExistingIamRoleDetails Create new existing IAM role details
func (*ExistingIamRoleDetails) IsPartial ¶ added in v0.24.0
func (e *ExistingIamRoleDetails) IsPartial() bool
type GenerateAwsTfConfigurationArgs ¶
type GenerateAwsTfConfigurationArgs struct {
// Should we configure Cloudtrail integration in LW?
Cloudtrail bool
// Optional name for CloudTrail
CloudtrailName string
// Should we configure CSPM integration in LW?
Config bool
// Optional name for config
ConfigName string
// Supply an AWS region for where to find the cloudtrail resources
// TODO @ipcrm future: support split regions for resources (s3 one place, sns another, etc)
AwsRegion string
// Supply an AWS Profile name for the main account, only asked if configuring multiple
AwsProfile string
// Existing S3 Bucket ARN (Required when using existing cloudtrail)
ExistingCloudtrailBucketArn string
// Optionally supply existing IAM role details
ExistingIamRole *ExistingIamRoleDetails
// Existing SNS Topic
ExistingSnsTopicArn string
// Consolidated Trail
ConsolidatedCloudtrail bool
// Should we force destroy the bucket if it has stuff in it? (only relevant on new Cloudtrail creation)
ForceDestroyS3Bucket bool
// Enable encryption of bucket if it is created
BucketEncryptionEnabled bool
// Indicates that the Bucket Encryption flag has been actively set
// this is needed to show this it was set actively to false, rather
// than default value for bool
BucketEncryptionEnabledSet bool
// Optional name of bucket if creating a new one
BucketName string
// Arn of the KMS encryption key for S3, required when bucket encryption in enabled
BucketSseKeyArn string
// SNS Topic name if creating one and not using an existing one
SnsTopicName string
// Enable encryption of SNS if it is created
SnsTopicEncryptionEnabled bool
// Indicates that the SNS Encryption flag has been actively set
// this is needed to show this it was set actively to false, rather
// than default value for bool
SnsEncryptionEnabledSet bool
// Arn of the KMS encryption key for SNS, required when SNS encryption in enabled
SnsTopicEncryptionKeyArn string
// SSQ Queue name if creating one and not using an existing one
SqsQueueName string
// Enable encryption of SQS if it is created
SqsEncryptionEnabled bool
// Indicates that the SQS Encryption flag has been actively set
// this is needed to show this it was set actively to false, rather
// than default value for bool
SqsEncryptionEnabledSet bool
// Arn of the KMS encryption key for SQS, required when SQS encryption in enabled
SqsEncryptionKeyArn string
// For AWS Subaccounts in consolidated CT setups
// TODO @ipcrm future: what about many individual ct/config integrations together?
SubAccounts []AwsSubAccount
// Lacework Profile to use
LaceworkProfile string
}
func NewTerraform ¶
func NewTerraform(region string, enableConfig bool, enableCloudtrail bool, mods ...AwsTerraformModifier) *GenerateAwsTfConfigurationArgs
NewTerraform returns an instance of the GenerateAwsTfConfigurationArgs struct with the provided region and enabled settings (config/cloudtrail).
Note: Additional configuration details may be set using modifiers of the AwsTerraformModifier type
Basic usage: Initialize a new AwsTerraformModifier struct, with a non-default AWS profile set. Then use generate to
create a string output of the required HCL.
hcl, err := aws.NewTerraform("us-east-1", true, true,
aws.WithAwsProfile("mycorp-profile")).Generate()
func (*GenerateAwsTfConfigurationArgs) Generate ¶
func (args *GenerateAwsTfConfigurationArgs) Generate() (string, error)
Generate new Terraform code based on the supplied args.
Source Files