From 9f7ece99909f05e4772b13edbd4992dbc6442b65 Mon Sep 17 00:00:00 2001 From: Yogesh Gupta Date: Tue, 22 Mar 2022 09:39:45 +0000 Subject: [PATCH 01/19] update key_pair module --- main.tf | 21 +++++++++++++++++++++ output.tf | 9 +++++++++ providers.tf | 14 ++++++++++++++ variable.tf | 14 ++++++++++++++ 4 files changed, 58 insertions(+) create mode 100644 main.tf create mode 100644 output.tf create mode 100644 providers.tf create mode 100644 variable.tf diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..6e27d59 --- /dev/null +++ b/main.tf @@ -0,0 +1,21 @@ +resource "tls_private_key" "eks_keypair" { + algorithm = "RSA" +} + +module "key_pair" { + source = "terraform-aws-modules/key-pair/aws" + version = "0.6.0" + key_name = var.key_name + public_key = tls_private_key.eks_keypair.public_key_openssh +} + + +resource "aws_ssm_parameter" "secret" { + name = var.ssm_parameter + description = "The parameter description" + type = "SecureString" + value = tls_private_key.eks_keypair.private_key_pem + tags = { + environment = var.environment + } +} \ No newline at end of file diff --git a/output.tf b/output.tf new file mode 100644 index 0000000..bcf7a24 --- /dev/null +++ b/output.tf @@ -0,0 +1,9 @@ +output "_1_tls_private_key" { + description = "Warning!! ! Please Save this for future use !" + value = nonsensitive(tls_private_key.eks_keypair.private_key_pem) +} + +output "_2_public_key" { + description = "" + value = tls_private_key.eks_keypair.public_key_openssh +} \ No newline at end of file diff --git a/providers.tf b/providers.tf new file mode 100644 index 0000000..91cf3d2 --- /dev/null +++ b/providers.tf @@ -0,0 +1,14 @@ +## Terraform provider + +provider "aws" { + region = "us-east-2" + # default_tags { + # tags = var.additional_tags + # } +} + +# Using these data sources allows the configuration to be generic for any region. + +data "aws_region" "current" {} + +data "aws_availability_zones" "available" {} \ No newline at end of file diff --git a/variable.tf b/variable.tf new file mode 100644 index 0000000..d7d1df0 --- /dev/null +++ b/variable.tf @@ -0,0 +1,14 @@ +variable "key_name" { + default = "test-key" + type = string +} + +variable "environment" { + default = "dev" + type = string +} + +variable "ssm_parameter" { + default = "/test/ssm" + type = string +} \ No newline at end of file From fad5cc74b49fd9b59083920a206f1cd8ac5b0c87 Mon Sep 17 00:00:00 2001 From: Yogesh Gupta Date: Wed, 23 Mar 2022 11:36:55 +0000 Subject: [PATCH 02/19] update --- providers.tf | 2 +- variable.tf | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/providers.tf b/providers.tf index 91cf3d2..eccd5f3 100644 --- a/providers.tf +++ b/providers.tf @@ -1,7 +1,7 @@ ## Terraform provider provider "aws" { - region = "us-east-2" + region = var.region # default_tags { # tags = var.additional_tags # } diff --git a/variable.tf b/variable.tf index d7d1df0..1ddc1ba 100644 --- a/variable.tf +++ b/variable.tf @@ -11,4 +11,9 @@ variable "environment" { variable "ssm_parameter" { default = "/test/ssm" type = string +} + +variable "region" { + default = "us-east-2" + type = string } \ No newline at end of file From 5eb68b399b023f5ce34488c5c1a1121040a70e34 Mon Sep 17 00:00:00 2001 From: Nitin Yadav Date: Fri, 10 Jun 2022 17:01:29 +0530 Subject: [PATCH 03/19] changed keypair logical reference --- main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/main.tf b/main.tf index 6e27d59..06a749f 100644 --- a/main.tf +++ b/main.tf @@ -1,4 +1,4 @@ -resource "tls_private_key" "eks_keypair" { +resource "tls_private_key" "aws_keypair" { algorithm = "RSA" } @@ -6,7 +6,7 @@ module "key_pair" { source = "terraform-aws-modules/key-pair/aws" version = "0.6.0" key_name = var.key_name - public_key = tls_private_key.eks_keypair.public_key_openssh + public_key = tls_private_key.aws_keypair.public_key_openssh } @@ -14,7 +14,7 @@ resource "aws_ssm_parameter" "secret" { name = var.ssm_parameter description = "The parameter description" type = "SecureString" - value = tls_private_key.eks_keypair.private_key_pem + value = tls_private_key.aws_keypair.private_key_pem tags = { environment = var.environment } From f602a6f717b282e8f4f1b07caa0ef4571c2d35e5 Mon Sep 17 00:00:00 2001 From: Nitin Yadav Date: Fri, 10 Jun 2022 17:01:44 +0530 Subject: [PATCH 04/19] added linting and pre commit hooks config --- .pre-commit-config.yaml | 20 +++++++++++++++++++ .tflint.hcl | 44 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 64 insertions(+) create mode 100644 .pre-commit-config.yaml create mode 100644 .tflint.hcl diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..69db222 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,20 @@ +repos: + - repo: https://github.com/squareops/pre-commit + rev: v0.1.12 + hooks: + - id: terraform-fmt + - id: terraform-validate + - id: tflint + args: + - "--module" + - "--deep" + - "--config=.tflint.hcl" + - repo: https://github.com/squareops/pre-commit-terraform + rev: v1.47.0 + hooks: + - id: terraform_docs + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.1.0 + hooks: + - id: check-merge-conflict + - id: end-of-file-fixer diff --git a/.tflint.hcl b/.tflint.hcl new file mode 100644 index 0000000..044c78a --- /dev/null +++ b/.tflint.hcl @@ -0,0 +1,44 @@ +rule "terraform_deprecated_interpolation" { + enabled = true +} + +rule "terraform_documented_outputs" { + enabled = true +} + +rule "terraform_documented_variables" { + enabled = true +} + +rule "terraform_typed_variables" { + enabled = true +} + +rule "terraform_required_version" { + enabled = true +} + +rule "terraform_required_providers" { + enabled = true +} + +rule "terraform_unused_required_providers" { + enabled = true +} + +rule "aws_resource_missing_tags" { + enabled = true + tags = [ + "Name", + "Environment", + ] +} + +rule "terraform_naming_convention" { + enabled = true + format = "none" + + locals { + format = "snake_case" + } +} From f0d134290c5eaa5e3e66a5df812c83bca6780d20 Mon Sep 17 00:00:00 2001 From: Ajay Sahu Date: Tue, 5 Jul 2022 12:21:41 +0000 Subject: [PATCH 05/19] Code review v1 init --- .gitignore | 15 +++++++++++++++ main.tf | 9 +++++---- output.tf | 15 ++++++++++----- providers.tf | 14 -------------- variable.tf | 6 +++++- 5 files changed, 35 insertions(+), 24 deletions(-) create mode 100644 .gitignore delete mode 100644 providers.tf diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..75d062d --- /dev/null +++ b/.gitignore @@ -0,0 +1,15 @@ +*.tfstate +*.tfstate.* +.terraform* +*.out +*.lock +*.tfvars +*.pem +vars +**/.terraform/* +override.tf +override.tf.* +*_override.tf +*_override.tf.* +terraform.rc +*.txt \ No newline at end of file diff --git a/main.tf b/main.tf index 06a749f..d40967e 100644 --- a/main.tf +++ b/main.tf @@ -4,7 +4,7 @@ resource "tls_private_key" "aws_keypair" { module "key_pair" { source = "terraform-aws-modules/key-pair/aws" - version = "0.6.0" + version = "1.0.1" key_name = var.key_name public_key = tls_private_key.aws_keypair.public_key_openssh } @@ -12,10 +12,11 @@ module "key_pair" { resource "aws_ssm_parameter" "secret" { name = var.ssm_parameter - description = "The parameter description" + description = "Stores the private key of ec2 key pair" type = "SecureString" value = tls_private_key.aws_keypair.private_key_pem tags = { - environment = var.environment + Environment = var.environment + Name = var.ssm_parameter } -} \ No newline at end of file +} diff --git a/output.tf b/output.tf index bcf7a24..15a8013 100644 --- a/output.tf +++ b/output.tf @@ -1,9 +1,14 @@ output "_1_tls_private_key" { - description = "Warning!! ! Please Save this for future use !" - value = nonsensitive(tls_private_key.eks_keypair.private_key_pem) + description = "Warning!! ! Please Save the private key data for future use !" + value = nonsensitive(tls_private_key.aws_keypair.private_key_pem) } output "_2_public_key" { - description = "" - value = tls_private_key.eks_keypair.public_key_openssh -} \ No newline at end of file + description = "The Public key data" + value = tls_private_key.aws_keypair.public_key_openssh +} + +output "_3_key_pair_key_name" { + description = "The key pair name." + value = module.key_pair.key_pair_key_name +} diff --git a/providers.tf b/providers.tf deleted file mode 100644 index eccd5f3..0000000 --- a/providers.tf +++ /dev/null @@ -1,14 +0,0 @@ -## Terraform provider - -provider "aws" { - region = var.region - # default_tags { - # tags = var.additional_tags - # } -} - -# Using these data sources allows the configuration to be generic for any region. - -data "aws_region" "current" {} - -data "aws_availability_zones" "available" {} \ No newline at end of file diff --git a/variable.tf b/variable.tf index 1ddc1ba..e5d7cba 100644 --- a/variable.tf +++ b/variable.tf @@ -1,19 +1,23 @@ variable "key_name" { + description = "The name for the key pair to be generated" default = "test-key" type = string } variable "environment" { + description = "Environment identifier for the key pair" default = "dev" type = string } variable "ssm_parameter" { + description = "The name of the ssm parameter for storing the keypair" default = "/test/ssm" type = string } variable "region" { + description = "Specify the region in which key needs to be generate" default = "us-east-2" type = string -} \ No newline at end of file +} From 8a6960316d9d128d3caef6ed309a6c64b0b04d38 Mon Sep 17 00:00:00 2001 From: AjaySahu7 Date: Fri, 8 Jul 2022 15:38:32 +0530 Subject: [PATCH 06/19] removed numeric part from output --- output.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/output.tf b/output.tf index 15a8013..9f7db29 100644 --- a/output.tf +++ b/output.tf @@ -1,14 +1,14 @@ -output "_1_tls_private_key" { +output "tls_private_key" { description = "Warning!! ! Please Save the private key data for future use !" value = nonsensitive(tls_private_key.aws_keypair.private_key_pem) } -output "_2_public_key" { +output "public_key" { description = "The Public key data" value = tls_private_key.aws_keypair.public_key_openssh } -output "_3_key_pair_key_name" { +output "key_pair_key_name" { description = "The key pair name." value = module.key_pair.key_pair_key_name } From eb3cd7f4e330c9dae5cd8d7291d0c6da5e5e19ed Mon Sep 17 00:00:00 2001 From: Ajay Sahu Date: Fri, 15 Jul 2022 12:59:19 +0000 Subject: [PATCH 07/19] Code review v1 init --- README.md | 112 ++++++++++++++++++++---------------------------------- 1 file changed, 41 insertions(+), 71 deletions(-) diff --git a/README.md b/README.md index a767c88..0c71cfa 100644 --- a/README.md +++ b/README.md @@ -1,92 +1,62 @@ # AWS EC2 Keypair +Terraform module which creates EC2 key pair on AWS. +## Usage Example -## Getting started +```hcl +module "key_pair" { + source = "git::https://{GIT_USER}:{GIT_TOKEN}@gitlab.com/squareops/sal/terraform/aws/ec2-keypair.git?ref=dev" -To make it easy for you to get started with GitLab, here's a list of recommended next steps. + region = var.region + environment = var.environment + key_name = var.key_name + ssm_parameter = var.ssm_parameter +} -Already a pro? Just edit this README.md and make it your own. Want to make it easy? [Use the template at the bottom](#editing-this-readme)! - -## Add your files - -- [ ] [Create](https://docs.gitlab.com/ee/user/project/repository/web_editor.html#create-a-file) or [upload](https://docs.gitlab.com/ee/user/project/repository/web_editor.html#upload-a-file) files -- [ ] [Add files using the command line](https://docs.gitlab.com/ee/gitlab-basics/add-file.html#add-a-file-using-the-command-line) or push an existing Git repository with the following command: - -``` -cd existing_repo -git remote add origin https://gitlab.com/squareops/sal/terraform/aws/aws-ec2-keypair.git -git branch -M main -git push -uf origin main ``` -## Integrate with your tools - -- [ ] [Set up project integrations](https://gitlab.com/squareops/sal/terraform/aws/aws-ec2-keypair/-/settings/integrations) - -## Collaborate with your team - -- [ ] [Invite team members and collaborators](https://docs.gitlab.com/ee/user/project/members/) -- [ ] [Create a new merge request](https://docs.gitlab.com/ee/user/project/merge_requests/creating_merge_requests.html) -- [ ] [Automatically close issues from merge requests](https://docs.gitlab.com/ee/user/project/issues/managing_issues.html#closing-issues-automatically) -- [ ] [Enable merge request approvals](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/) -- [ ] [Automatically merge when pipeline succeeds](https://docs.gitlab.com/ee/user/project/merge_requests/merge_when_pipeline_succeeds.html) - -## Test and Deploy - -Use the built-in continuous integration in GitLab. - -- [ ] [Get started with GitLab CI/CD](https://docs.gitlab.com/ee/ci/quick_start/index.html) -- [ ] [Analyze your code for known vulnerabilities with Static Application Security Testing(SAST)](https://docs.gitlab.com/ee/user/application_security/sast/) -- [ ] [Deploy to Kubernetes, Amazon EC2, or Amazon ECS using Auto Deploy](https://docs.gitlab.com/ee/topics/autodevops/requirements.html) -- [ ] [Use pull-based deployments for improved Kubernetes management](https://docs.gitlab.com/ee/user/clusters/agent/) -- [ ] [Set up protected environments](https://docs.gitlab.com/ee/ci/environments/protected_environments.html) - -*** - -# Editing this README - -When you're ready to make this README your own, just edit this file and use the handy template below (or feel free to structure it however you want - this is just a starting point!). Thank you to [makeareadme.com](https://www.makeareadme.com/) for this template. - -## Suggestions for a good README -Every project is different, so consider which of these sections apply to yours. The sections used in the template are suggestions for most open source projects. Also keep in mind that while a README can be too long and detailed, too long is better than too short. If you think your README is too long, consider utilizing another form of documentation rather than cutting out information. - -## Name -Choose a self-explaining name for your project. -## Description -Let people know what your project can do specifically. Provide context and add a link to any reference visitors might be unfamiliar with. A list of Features or a Background subsection can also be added here. If there are alternatives to your project, this is a good place to list differentiating factors. -## Badges -On some READMEs, you may see small images that convey metadata, such as whether or not all the tests are passing for the project. You can use Shields to add some to your README. Many services also have instructions for adding a badge. + +## Requirements -## Visuals -Depending on what you are making, it can be a good idea to include screenshots or even a video (you'll frequently see GIFs rather than actual videos). Tools like ttygif can help, but check out Asciinema for a more sophisticated method. +No requirements. -## Installation -Within a particular ecosystem, there may be a common way of installing things, such as using Yarn, NuGet, or Homebrew. However, consider the possibility that whoever is reading your README is a novice and would like more guidance. Listing specific steps helps remove ambiguity and gets people to using your project as quickly as possible. If it only runs in a specific context like a particular programming language version or operating system or has dependencies that have to be installed manually, also add a Requirements subsection. +## Providers -## Usage -Use examples liberally, and show the expected output if you can. It's helpful to have inline the smallest example of usage that you can demonstrate, while providing links to more sophisticated examples if they are too long to reasonably include in the README. +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | 4.20.1 | +| [tls](#provider\_tls) | 3.4.0 | -## Support -Tell people where they can go to for help. It can be any combination of an issue tracker, a chat room, an email address, etc. +## Modules -## Roadmap -If you have ideas for releases in the future, it is a good idea to list them in the README. +| Name | Source | Version | +|------|--------|---------| +| [key\_pair](#module\_key\_pair) | terraform-aws-modules/key-pair/aws | 1.0.1 | -## Contributing -State if you are open to contributions and what your requirements are for accepting them. +## Resources -For people who want to make changes to your project, it's helpful to have some documentation on how to get started. Perhaps there is a script that they should run or some environment variables that they need to set. Make these steps explicit. These instructions could also be useful to your future self. +| Name | Type | +|------|------| +| [aws_ssm_parameter.secret](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_parameter) | resource | +| [tls_private_key.aws_keypair](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource | -You can also document commands to lint the code or run tests. These steps help to ensure high code quality and reduce the likelihood that the changes inadvertently break something. Having instructions for running tests is especially helpful if it requires external setup, such as starting a Selenium server for testing in a browser. +## Inputs -## Authors and acknowledgment -Show your appreciation to those who have contributed to the project. +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [environment](#input\_environment) | Environment identifier for the key pair | `string` | `"dev"` | no | +| [key\_name](#input\_key\_name) | The name for the key pair to be generated | `string` | `"test-key"` | no | +| [region](#input\_region) | Specify the region in which key needs to be generate | `string` | `"us-east-2"` | no | +| [ssm\_parameter](#input\_ssm\_parameter) | The name of the ssm parameter for storing the keypair | `string` | `"/test/ssm"` | no | -## License -For open source projects, say how it is licensed. +## Outputs -## Project status -If you have run out of energy or time for your project, put a note at the top of the README saying that development has slowed down or stopped completely. Someone may choose to fork your project or volunteer to step in as a maintainer or owner, allowing your project to keep going. You can also make an explicit request for maintainers. +| Name | Description | +|------|-------------| +| [\_1\_tls\_private\_key](#output\_\_1\_tls\_private\_key) | Warning!! ! Please Save the private key data for future use ! | +| [\_2\_public\_key](#output\_\_2\_public\_key) | The Public key data | +| [\_3\_key\_pair\_key\_name](#output\_\_3\_key\_pair\_key\_name) | The key pair name. | + From c5a25b374fbbeb081eb1c099feff4deb2283dab1 Mon Sep 17 00:00:00 2001 From: AjaySahu7 Date: Mon, 18 Jul 2022 15:03:54 +0530 Subject: [PATCH 08/19] changed ssm reference name --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index d40967e..f02c56c 100644 --- a/main.tf +++ b/main.tf @@ -10,7 +10,7 @@ module "key_pair" { } -resource "aws_ssm_parameter" "secret" { +resource "aws_ssm_parameter" "ssm_ec2_keypair" { name = var.ssm_parameter description = "Stores the private key of ec2 key pair" type = "SecureString" From 2474aa0705fdb282c474256f947bca541a27a9f8 Mon Sep 17 00:00:00 2001 From: AjaySahu7 Date: Fri, 22 Jul 2022 12:59:42 +0530 Subject: [PATCH 09/19] updated Readme with IAM permisssions required --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 0c71cfa..6ce86e4 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,9 @@ +## IAM permission Required to run this module + +- AmazonEC2FullAccess +- AmazonSSMFullAccess +- AmazonVPCFullAccess + # AWS EC2 Keypair Terraform module which creates EC2 key pair on AWS. From 3e0782cc95dbf9d8eb626761d97b5560935ad067 Mon Sep 17 00:00:00 2001 From: Shibra Amin Date: Mon, 25 Jul 2022 22:18:33 +0530 Subject: [PATCH 10/19] fixes for stable --- .gitignore | 31 ++++++++++++++++++++++++------- main.tf | 4 ++-- output.tf | 16 ++++++---------- variable.tf | 2 +- version.tf | 14 ++++++++++++++ 5 files changed, 47 insertions(+), 20 deletions(-) create mode 100644 version.tf diff --git a/.gitignore b/.gitignore index 75d062d..bdf3c65 100644 --- a/.gitignore +++ b/.gitignore @@ -1,15 +1,32 @@ -*.tfstate -*.tfstate.* -.terraform* +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan *.out *.lock *.tfvars *.pem -vars +*.txt + +# Local .terraform directories **/.terraform/* +.terraform* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in override.tf -override.tf.* +override.tf.json *_override.tf -*_override.tf.* +*_override.tf.json + +# Ignore CLI configuration files +.terraformrc terraform.rc -*.txt \ No newline at end of file diff --git a/main.tf b/main.tf index f02c56c..070d9c5 100644 --- a/main.tf +++ b/main.tf @@ -11,12 +11,12 @@ module "key_pair" { resource "aws_ssm_parameter" "ssm_ec2_keypair" { - name = var.ssm_parameter + name = var.ssm_parameter_path description = "Stores the private key of ec2 key pair" type = "SecureString" value = tls_private_key.aws_keypair.private_key_pem tags = { Environment = var.environment - Name = var.ssm_parameter + Name = var.ssm_parameter_path } } diff --git a/output.tf b/output.tf index 9f7db29..01ac2aa 100644 --- a/output.tf +++ b/output.tf @@ -1,14 +1,10 @@ -output "tls_private_key" { - description = "Warning!! ! Please Save the private key data for future use !" - value = nonsensitive(tls_private_key.aws_keypair.private_key_pem) +output "key_pair_name" { + description = "The key pair name." + value = module.key_pair.key_pair_key_name } -output "public_key" { - description = "The Public key data" - value = tls_private_key.aws_keypair.public_key_openssh +output "key_pair_arn" { + description = "The key pair ARN." + value = module.key_pair.key_pair_arn } -output "key_pair_key_name" { - description = "The key pair name." - value = module.key_pair.key_pair_key_name -} diff --git a/variable.tf b/variable.tf index e5d7cba..80cb21f 100644 --- a/variable.tf +++ b/variable.tf @@ -10,7 +10,7 @@ variable "environment" { type = string } -variable "ssm_parameter" { +variable "ssm_parameter_path" { description = "The name of the ssm parameter for storing the keypair" default = "/test/ssm" type = string diff --git a/version.tf b/version.tf new file mode 100644 index 0000000..6b83f06 --- /dev/null +++ b/version.tf @@ -0,0 +1,14 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.21" + } + tls = { + source = "hashicorp/tls" + version = ">= 3.4" + } + } +} \ No newline at end of file From 8b1939c73d451ea739101d0274a014ec0c884e60 Mon Sep 17 00:00:00 2001 From: Shibra Amin Date: Mon, 25 Jul 2022 22:49:43 +0530 Subject: [PATCH 11/19] fixes for stable --- .tflint.hcl | 6 ++++++ README.md | 19 +++++++++++-------- output.tf | 5 ++--- version.tf | 2 +- 4 files changed, 20 insertions(+), 12 deletions(-) diff --git a/.tflint.hcl b/.tflint.hcl index 044c78a..e7d3c4d 100644 --- a/.tflint.hcl +++ b/.tflint.hcl @@ -41,4 +41,10 @@ rule "terraform_naming_convention" { locals { format = "snake_case" } +} + +plugin "aws" { + enabled = true + version = "0.14.0" + source = "github.com/terraform-linters/tflint-ruleset-aws" } diff --git a/README.md b/README.md index 6ce86e4..2b7cd6d 100644 --- a/README.md +++ b/README.md @@ -27,14 +27,18 @@ module "key_pair" { ## Requirements -No requirements. +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.0 | +| [aws](#requirement\_aws) | >= 4.21 | +| [tls](#requirement\_tls) | >= 3.4 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | 4.20.1 | -| [tls](#provider\_tls) | 3.4.0 | +| [aws](#provider\_aws) | 4.23.0 | +| [tls](#provider\_tls) | 4.0.1 | ## Modules @@ -46,7 +50,7 @@ No requirements. | Name | Type | |------|------| -| [aws_ssm_parameter.secret](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_parameter) | resource | +| [aws_ssm_parameter.ssm_ec2_keypair](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_parameter) | resource | | [tls_private_key.aws_keypair](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource | ## Inputs @@ -56,13 +60,12 @@ No requirements. | [environment](#input\_environment) | Environment identifier for the key pair | `string` | `"dev"` | no | | [key\_name](#input\_key\_name) | The name for the key pair to be generated | `string` | `"test-key"` | no | | [region](#input\_region) | Specify the region in which key needs to be generate | `string` | `"us-east-2"` | no | -| [ssm\_parameter](#input\_ssm\_parameter) | The name of the ssm parameter for storing the keypair | `string` | `"/test/ssm"` | no | +| [ssm\_parameter\_path](#input\_ssm\_parameter\_path) | The name of the ssm parameter for storing the keypair | `string` | `"/test/ssm"` | no | ## Outputs | Name | Description | |------|-------------| -| [\_1\_tls\_private\_key](#output\_\_1\_tls\_private\_key) | Warning!! ! Please Save the private key data for future use ! | -| [\_2\_public\_key](#output\_\_2\_public\_key) | The Public key data | -| [\_3\_key\_pair\_key\_name](#output\_\_3\_key\_pair\_key\_name) | The key pair name. | +| [key\_pair\_name](#output\_key\_pair\_name) | The key pair name. | +| [ssm\_parameter\_arn](#output\_ssm\_parameter\_arn) | The key pair ARN. | diff --git a/output.tf b/output.tf index 01ac2aa..f695a9c 100644 --- a/output.tf +++ b/output.tf @@ -3,8 +3,7 @@ output "key_pair_name" { value = module.key_pair.key_pair_key_name } -output "key_pair_arn" { +output "ssm_parameter_arn" { description = "The key pair ARN." - value = module.key_pair.key_pair_arn + value = aws_ssm_parameter.ssm_ec2_keypair.arn } - diff --git a/version.tf b/version.tf index 6b83f06..c2da4bc 100644 --- a/version.tf +++ b/version.tf @@ -11,4 +11,4 @@ terraform { version = ">= 3.4" } } -} \ No newline at end of file +} From 17b3cb44f99019ebadef34e9fc4d3e4f69468e42 Mon Sep 17 00:00:00 2001 From: Ajay Sahu Date: Thu, 28 Jul 2022 10:51:59 +0000 Subject: [PATCH 12/19] added examples directory --- examples/complete/README.md | 47 +++++++++++++++++++++++++++++++++++ examples/complete/main.tf | 21 ++++++++++++++++ examples/complete/outputs.tf | 4 +++ examples/complete/versions.tf | 14 +++++++++++ 4 files changed, 86 insertions(+) create mode 100644 examples/complete/README.md create mode 100644 examples/complete/main.tf create mode 100644 examples/complete/outputs.tf create mode 100644 examples/complete/versions.tf diff --git a/examples/complete/README.md b/examples/complete/README.md new file mode 100644 index 0000000..030a859 --- /dev/null +++ b/examples/complete/README.md @@ -0,0 +1,47 @@ +# AWS EC2 key pair + +Configuration in this directory creates EC2 key pair + +## Usage + +To run this example you need to execute: + +```bash +$ terraform init +$ terraform plan +$ terraform apply +``` + +Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. + + +## Requirements + +| Name | Version | +|------|---------| +| [aws](#requirement\_aws) | 3.43.0 | + +## Providers + +No providers. + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [key\_pair](#module\_key\_pair) | ../../ | n/a | + +## Resources + +No resources. + +## Inputs + +No inputs. + +## Outputs + +| Name | Description | +|------|-------------| +| [key\_pair\_name](#output\_key\_pair\_name) | The key pair name. | + \ No newline at end of file diff --git a/examples/complete/main.tf b/examples/complete/main.tf new file mode 100644 index 0000000..2444618 --- /dev/null +++ b/examples/complete/main.tf @@ -0,0 +1,21 @@ +provider "aws" { + region = local.region +} + +locals { + environment = "dev" + region = "us-east-1" + name = "skaf" +} + +################################################################################ +# Key Pair Module +################################################################################ + +module "key_pair" { + source = "../../" + + key_name = format("%s-%s-kp", local.environment, local.name) + ssm_parameter = format("%s-%s-ssm", local.environment, local.name) #SSM parameter secret name + +} diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf new file mode 100644 index 0000000..657804b --- /dev/null +++ b/examples/complete/outputs.tf @@ -0,0 +1,4 @@ +output "key_pair_name" { + description = "The key pair name." + value = module.key_pair.key_pair_name +} diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf new file mode 100644 index 0000000..6b83f06 --- /dev/null +++ b/examples/complete/versions.tf @@ -0,0 +1,14 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.21" + } + tls = { + source = "hashicorp/tls" + version = ">= 3.4" + } + } +} \ No newline at end of file From 5dbc158aea4e8af03b36a70c8c7b021cca3d0695 Mon Sep 17 00:00:00 2001 From: Shibra Amin Date: Wed, 3 Aug 2022 11:05:03 +0000 Subject: [PATCH 13/19] Update .tflint.hcl --- .tflint.hcl | 160 ++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 111 insertions(+), 49 deletions(-) diff --git a/.tflint.hcl b/.tflint.hcl index e7d3c4d..e5bbb80 100644 --- a/.tflint.hcl +++ b/.tflint.hcl @@ -1,50 +1,112 @@ -rule "terraform_deprecated_interpolation" { - enabled = true -} - -rule "terraform_documented_outputs" { - enabled = true -} - -rule "terraform_documented_variables" { - enabled = true -} - -rule "terraform_typed_variables" { - enabled = true -} - -rule "terraform_required_version" { - enabled = true -} - -rule "terraform_required_providers" { - enabled = true -} - -rule "terraform_unused_required_providers" { - enabled = true -} - -rule "aws_resource_missing_tags" { - enabled = true - tags = [ - "Name", - "Environment", - ] -} - -rule "terraform_naming_convention" { - enabled = true - format = "none" - - locals { - format = "snake_case" - } -} - -plugin "aws" { - enabled = true - version = "0.14.0" - source = "github.com/terraform-linters/tflint-ruleset-aws" +plugin "aws" { + enabled = true + version = "0.14.0" + source = "github.com/terraform-linters/tflint-ruleset-aws" +} + +config { +#Enables module inspection +module = true +force = false +} + +# Required that all AWS resources have specified tags. +rule "aws_resource_missing_tags" { + enabled = true + tags = [ + "Name", + "Environment", + ] +} + +# Disallow deprecated (0.11-style) interpolation +rule "terraform_deprecated_interpolation" { +enabled = true +} + +# Disallow legacy dot index syntax. +rule "terraform_deprecated_index" { +enabled = true +} + +# Disallow variables, data sources, and locals that are declared but never used. +rule "terraform_unused_declarations" { +enabled = true +} + +# Disallow // comments in favor of #. +rule "terraform_comment_syntax" { +enabled = false +} + +# Disallow output declarations without description. +rule "terraform_documented_outputs" { +enabled = true +} + +# Disallow variable declarations without description. +rule "terraform_documented_variables" { +enabled = true +} + +# Disallow variable declarations without type. +rule "terraform_typed_variables" { +enabled = true +} + +# Disallow specifying a git or mercurial repository as a module source without pinning to a version. +rule "terraform_module_pinned_source" { +enabled = true +} + +# Enforces naming conventions +rule "terraform_naming_convention" { +enabled = true + +#Require specific naming structure +variable { +format = "snake_case" +} + +locals { +format = "snake_case" +} + +output { +format = "snake_case" +} + +#Allow any format +resource { +format = "none" +} + +module { +format = "none" +} + +data { +format = "none" +} + +} + +# Disallow terraform declarations without require_version. +rule "terraform_required_version" { +enabled = true +} + +# Require that all providers have version constraints through required_providers. +rule "terraform_required_providers" { +enabled = true +} + +# Ensure that a module complies with the Terraform Standard Module Structure +rule "terraform_standard_module_structure" { +enabled = true +} + +# terraform.workspace should not be used with a "remote" backend with remote execution. +rule "terraform_workspace_remote" { +enabled = true } From 587737d3c08c9c1450b50af5039ab8d3c6ca6ff2 Mon Sep 17 00:00:00 2001 From: Shibra Amin Date: Mon, 19 Sep 2022 06:39:38 +0000 Subject: [PATCH 14/19] Update main.tf, output.tf --- main.tf | 10 +++------- output.tf | 2 +- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/main.tf b/main.tf index 070d9c5..271ade2 100644 --- a/main.tf +++ b/main.tf @@ -1,12 +1,8 @@ -resource "tls_private_key" "aws_keypair" { - algorithm = "RSA" -} - module "key_pair" { source = "terraform-aws-modules/key-pair/aws" - version = "1.0.1" + version = "2.0.0" key_name = var.key_name - public_key = tls_private_key.aws_keypair.public_key_openssh + create_private_key = true } @@ -14,7 +10,7 @@ resource "aws_ssm_parameter" "ssm_ec2_keypair" { name = var.ssm_parameter_path description = "Stores the private key of ec2 key pair" type = "SecureString" - value = tls_private_key.aws_keypair.private_key_pem + value = module.key_pair.private_key_pem tags = { Environment = var.environment Name = var.ssm_parameter_path diff --git a/output.tf b/output.tf index f695a9c..caabf14 100644 --- a/output.tf +++ b/output.tf @@ -1,6 +1,6 @@ output "key_pair_name" { description = "The key pair name." - value = module.key_pair.key_pair_key_name + value = module.key_pair.key_pair_name } output "ssm_parameter_arn" { From 62ff2287ebe58111fa9aee9a7742532c79a565aa Mon Sep 17 00:00:00 2001 From: RohitSquareops Date: Wed, 26 Oct 2022 11:03:33 +0530 Subject: [PATCH 15/19] updated readme.md file --- README.md | 6 ++---- examples/complete/README.md | 4 +++- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 2b7cd6d..2848bc8 100644 --- a/README.md +++ b/README.md @@ -37,21 +37,19 @@ module "key_pair" { | Name | Version | |------|---------| -| [aws](#provider\_aws) | 4.23.0 | -| [tls](#provider\_tls) | 4.0.1 | +| [aws](#provider\_aws) | >= 4.21 | ## Modules | Name | Source | Version | |------|--------|---------| -| [key\_pair](#module\_key\_pair) | terraform-aws-modules/key-pair/aws | 1.0.1 | +| [key\_pair](#module\_key\_pair) | terraform-aws-modules/key-pair/aws | 2.0.0 | ## Resources | Name | Type | |------|------| | [aws_ssm_parameter.ssm_ec2_keypair](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_parameter) | resource | -| [tls_private_key.aws_keypair](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource | ## Inputs diff --git a/examples/complete/README.md b/examples/complete/README.md index 030a859..8b3e7f6 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -19,7 +19,9 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#requirement\_aws) | 3.43.0 | +| [terraform](#requirement\_terraform) | >= 1.0 | +| [aws](#requirement\_aws) | >= 4.21 | +| [tls](#requirement\_tls) | >= 3.4 | ## Providers From 35505ae0a5e132ddb8142999a44d35da0520febf Mon Sep 17 00:00:00 2001 From: Shibra Amin Date: Mon, 16 Jan 2023 20:30:39 +0530 Subject: [PATCH 16/19] update readmes and pre-commit hooks --- .pre-commit-config.yaml | 39 ++++++++++++++--------- .tflint.hcl | 40 +++++++++++------------ README.md | 60 ++++++++++++++++++++++++++++++++--- examples/complete/README.md | 59 ++++++++++++++++++++++++++++++++-- examples/complete/main.tf | 6 ++-- examples/complete/versions.tf | 2 +- main.tf | 8 ++--- output.tf => outputs.tf | 0 variable.tf => variables.tf | 18 ++++------- 9 files changed, 171 insertions(+), 61 deletions(-) rename output.tf => outputs.tf (100%) rename variable.tf => variables.tf (51%) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 69db222..3d0e215 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,20 +1,29 @@ repos: - - repo: https://github.com/squareops/pre-commit - rev: v0.1.12 - hooks: - - id: terraform-fmt - - id: terraform-validate - - id: tflint - args: - - "--module" - - "--deep" - - "--config=.tflint.hcl" - - repo: https://github.com/squareops/pre-commit-terraform - rev: v1.47.0 - hooks: - - id: terraform_docs - repo: https://github.com/pre-commit/pre-commit-hooks rev: v4.1.0 hooks: - - id: check-merge-conflict + - id: trailing-whitespace + args: ['--markdown-linebreak-ext=md'] - id: end-of-file-fixer + - id: check-merge-conflict + - id: detect-private-key + - id: detect-aws-credentials + args: ['--allow-missing-credentials'] + - repo: https://github.com/antonbabenko/pre-commit-terraform + rev: v1.77.0 + hooks: + - id: terraform_fmt + - id: terraform_docs + args: + - '--args=--lockfile=false' + - --hook-config=--add-to-existing-file=true + - --hook-config=--create-file-if-not-exist=true + + - id: terraform_tflint + args: + - --args=--config=.tflint.hcl + - id: terraform_tfsec + files: ^examples/ # only scan `examples/*` which are the implementation + args: + #- --args=--config-file=__GIT_WORKING_DIR__/tfsec.yaml + - --args=--concise-output diff --git a/.tflint.hcl b/.tflint.hcl index e5bbb80..7690662 100644 --- a/.tflint.hcl +++ b/.tflint.hcl @@ -6,7 +6,7 @@ plugin "aws" { config { #Enables module inspection -module = true +module = false force = false } @@ -23,89 +23,89 @@ rule "aws_resource_missing_tags" { rule "terraform_deprecated_interpolation" { enabled = true } - + # Disallow legacy dot index syntax. rule "terraform_deprecated_index" { enabled = true } - + # Disallow variables, data sources, and locals that are declared but never used. rule "terraform_unused_declarations" { enabled = true } - + # Disallow // comments in favor of #. rule "terraform_comment_syntax" { enabled = false } - + # Disallow output declarations without description. rule "terraform_documented_outputs" { enabled = true } - + # Disallow variable declarations without description. rule "terraform_documented_variables" { enabled = true } - + # Disallow variable declarations without type. rule "terraform_typed_variables" { enabled = true } - + # Disallow specifying a git or mercurial repository as a module source without pinning to a version. rule "terraform_module_pinned_source" { enabled = true } - + # Enforces naming conventions rule "terraform_naming_convention" { enabled = true - + #Require specific naming structure variable { format = "snake_case" } - + locals { format = "snake_case" } - + output { format = "snake_case" } - + #Allow any format resource { format = "none" } - + module { format = "none" } - + data { format = "none" } - + } - + # Disallow terraform declarations without require_version. rule "terraform_required_version" { enabled = true } - + # Require that all providers have version constraints through required_providers. rule "terraform_required_providers" { enabled = true } - + # Ensure that a module complies with the Terraform Standard Module Structure rule "terraform_standard_module_structure" { enabled = true } - + # terraform.workspace should not be used with a "remote" backend with remote execution. rule "terraform_workspace_remote" { enabled = true diff --git a/README.md b/README.md index 2848bc8..19d8e64 100644 --- a/README.md +++ b/README.md @@ -21,10 +21,63 @@ module "key_pair" { } ``` +## IAM Permission + + +The Policy required is: + +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "VisualEditor0", + "Effect": "Allow", + "Action": [ + "ec2:CreateKeyPair", + "ec2:CreateTags", + "ec2:DeleteKeyPair", + "ec2:DeleteTags", + "ec2:DescribeKeyPairs", + "ec2:ImportKeyPair" + ], + "Resource": [ + "*" + ] + }, + { + "Sid": "VisualEditor1", + "Effect": "Allow", + "Action": [ + "kms:Decrypt" + ], + "Resource": [ + "*" + ] + }, + { + "Sid": "VisualEditor2", + "Effect": "Allow", + "Action": [ + "ssm:AddTagsToResource", + "ssm:DeleteParameter", + "ssm:DescribeParameters", + "ssm:GetParameter", + "ssm:GetParameters", + "ssm:ListTagsForResource", + "ssm:PutParameter" + ], + "Resource": [ + "*" + ] + } + ] +} - - +``` + + ## Requirements | Name | Version | @@ -57,7 +110,6 @@ module "key_pair" { |------|-------------|------|---------|:--------:| | [environment](#input\_environment) | Environment identifier for the key pair | `string` | `"dev"` | no | | [key\_name](#input\_key\_name) | The name for the key pair to be generated | `string` | `"test-key"` | no | -| [region](#input\_region) | Specify the region in which key needs to be generate | `string` | `"us-east-2"` | no | | [ssm\_parameter\_path](#input\_ssm\_parameter\_path) | The name of the ssm parameter for storing the keypair | `string` | `"/test/ssm"` | no | ## Outputs @@ -66,4 +118,4 @@ module "key_pair" { |------|-------------| | [key\_pair\_name](#output\_key\_pair\_name) | The key pair name. | | [ssm\_parameter\_arn](#output\_ssm\_parameter\_arn) | The key pair ARN. | - + diff --git a/examples/complete/README.md b/examples/complete/README.md index 8b3e7f6..f91bd79 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -14,7 +14,62 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - +## IAM Permission + +The Policy required is: + +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "VisualEditor0", + "Effect": "Allow", + "Action": [ + "ec2:CreateKeyPair", + "ec2:CreateTags", + "ec2:DeleteKeyPair", + "ec2:DeleteTags", + "ec2:DescribeKeyPairs", + "ec2:ImportKeyPair" + ], + "Resource": [ + "*" + ] + }, + { + "Sid": "VisualEditor1", + "Effect": "Allow", + "Action": [ + "kms:Decrypt" + ], + "Resource": [ + "*" + ] + }, + { + "Sid": "VisualEditor2", + "Effect": "Allow", + "Action": [ + "ssm:AddTagsToResource", + "ssm:DeleteParameter", + "ssm:DescribeParameters", + "ssm:GetParameter", + "ssm:GetParameters", + "ssm:ListTagsForResource", + "ssm:PutParameter" + ], + "Resource": [ + "*" + ] + } + ] +} + + +``` + + ## Requirements | Name | Version | @@ -46,4 +101,4 @@ No inputs. | Name | Description | |------|-------------| | [key\_pair\_name](#output\_key\_pair\_name) | The key pair name. | - \ No newline at end of file + diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 2444618..5727077 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -15,7 +15,7 @@ locals { module "key_pair" { source = "../../" - key_name = format("%s-%s-kp", local.environment, local.name) - ssm_parameter = format("%s-%s-ssm", local.environment, local.name) #SSM parameter secret name - + key_name = format("%s-%s-kp", local.environment, local.name) + ssm_parameter = format("%s-%s-ssm", local.environment, local.name) #SSM parameter secret name + } diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 6b83f06..c2da4bc 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -11,4 +11,4 @@ terraform { version = ">= 3.4" } } -} \ No newline at end of file +} diff --git a/main.tf b/main.tf index 271ade2..a937119 100644 --- a/main.tf +++ b/main.tf @@ -1,7 +1,7 @@ module "key_pair" { - source = "terraform-aws-modules/key-pair/aws" - version = "2.0.0" - key_name = var.key_name + source = "terraform-aws-modules/key-pair/aws" + version = "2.0.0" + key_name = var.key_name create_private_key = true } @@ -13,6 +13,6 @@ resource "aws_ssm_parameter" "ssm_ec2_keypair" { value = module.key_pair.private_key_pem tags = { Environment = var.environment - Name = var.ssm_parameter_path + Name = var.ssm_parameter_path } } diff --git a/output.tf b/outputs.tf similarity index 100% rename from output.tf rename to outputs.tf diff --git a/variable.tf b/variables.tf similarity index 51% rename from variable.tf rename to variables.tf index 80cb21f..bf1493e 100644 --- a/variable.tf +++ b/variables.tf @@ -1,23 +1,17 @@ variable "key_name" { description = "The name for the key pair to be generated" - default = "test-key" - type = string + default = "test-key" + type = string } variable "environment" { description = "Environment identifier for the key pair" - default = "dev" - type = string + default = "dev" + type = string } variable "ssm_parameter_path" { description = "The name of the ssm parameter for storing the keypair" - default = "/test/ssm" - type = string -} - -variable "region" { - description = "Specify the region in which key needs to be generate" - default = "us-east-2" - type = string + default = "/test/ssm" + type = string } From 17037a0bc7027709d24015f3b44758ada2d5f0ed Mon Sep 17 00:00:00 2001 From: Shibra Amin Date: Tue, 17 Jan 2023 06:59:36 +0000 Subject: [PATCH 17/19] Update file README.md --- README.md | 6 ------ 1 file changed, 6 deletions(-) diff --git a/README.md b/README.md index 19d8e64..f476437 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,3 @@ -## IAM permission Required to run this module - -- AmazonEC2FullAccess -- AmazonSSMFullAccess -- AmazonVPCFullAccess - # AWS EC2 Keypair Terraform module which creates EC2 key pair on AWS. From e0e34e1c6a140fc579082a1e69ac971caff29059 Mon Sep 17 00:00:00 2001 From: Siddharth Barhate Date: Tue, 24 Jan 2023 12:28:29 +0530 Subject: [PATCH 18/19] standardization for v1.0.0 --- .pre-commit-config.yaml | 1 - .tflint.hcl | 62 ++++------- IAM.md | 52 ++++++++++ LICENSE | 201 ++++++++++++++++++++++++++++++++++++ README.md | 84 ++++----------- examples/complete/README.md | 59 +---------- examples/complete/main.tf | 8 +- outputs.tf | 2 +- variables.tf | 6 +- 9 files changed, 303 insertions(+), 172 deletions(-) create mode 100644 IAM.md create mode 100644 LICENSE diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 3d0e215..c225856 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -25,5 +25,4 @@ repos: - id: terraform_tfsec files: ^examples/ # only scan `examples/*` which are the implementation args: - #- --args=--config-file=__GIT_WORKING_DIR__/tfsec.yaml - --args=--concise-output diff --git a/.tflint.hcl b/.tflint.hcl index 7690662..b69498f 100644 --- a/.tflint.hcl +++ b/.tflint.hcl @@ -1,15 +1,13 @@ plugin "aws" { enabled = true - version = "0.14.0" + version = "0.21.1" source = "github.com/terraform-linters/tflint-ruleset-aws" } - config { #Enables module inspection module = false force = false } - # Required that all AWS resources have specified tags. rule "aws_resource_missing_tags" { enabled = true @@ -18,95 +16,75 @@ rule "aws_resource_missing_tags" { "Environment", ] } - # Disallow deprecated (0.11-style) interpolation rule "terraform_deprecated_interpolation" { -enabled = true + enabled = true } - # Disallow legacy dot index syntax. rule "terraform_deprecated_index" { -enabled = true + enabled = true } - # Disallow variables, data sources, and locals that are declared but never used. rule "terraform_unused_declarations" { -enabled = true + enabled = true } - # Disallow // comments in favor of #. rule "terraform_comment_syntax" { -enabled = false + enabled = false } - # Disallow output declarations without description. rule "terraform_documented_outputs" { -enabled = true + enabled = true } - # Disallow variable declarations without description. rule "terraform_documented_variables" { -enabled = true + enabled = true } - # Disallow variable declarations without type. rule "terraform_typed_variables" { -enabled = true + enabled = true } - # Disallow specifying a git or mercurial repository as a module source without pinning to a version. rule "terraform_module_pinned_source" { -enabled = true + enabled = true } - # Enforces naming conventions rule "terraform_naming_convention" { -enabled = true - + enabled = true #Require specific naming structure variable { -format = "snake_case" + format = "snake_case" } - locals { -format = "snake_case" + format = "snake_case" } - output { -format = "snake_case" + format = "snake_case" } - #Allow any format resource { -format = "none" + format = "none" } - module { -format = "none" + format = "none" } - data { -format = "none" + format = "none" } - } - # Disallow terraform declarations without require_version. rule "terraform_required_version" { -enabled = true + enabled = true } - # Require that all providers have version constraints through required_providers. rule "terraform_required_providers" { -enabled = true + enabled = true } - # Ensure that a module complies with the Terraform Standard Module Structure rule "terraform_standard_module_structure" { -enabled = true + enabled = true } - # terraform.workspace should not be used with a "remote" backend with remote execution. rule "terraform_workspace_remote" { -enabled = true + enabled = true } diff --git a/IAM.md b/IAM.md new file mode 100644 index 0000000..2964368 --- /dev/null +++ b/IAM.md @@ -0,0 +1,52 @@ +## IAM Permission + +The Policy required to deploy this module: + +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "VisualEditor0", + "Effect": "Allow", + "Action": [ + "ec2:CreateKeyPair", + "ec2:CreateTags", + "ec2:DeleteKeyPair", + "ec2:DeleteTags", + "ec2:DescribeKeyPairs", + "ec2:ImportKeyPair" + ], + "Resource": [ + "*" + ] + }, + { + "Sid": "VisualEditor1", + "Effect": "Allow", + "Action": [ + "kms:Decrypt" + ], + "Resource": [ + "*" + ] + }, + { + "Sid": "VisualEditor2", + "Effect": "Allow", + "Action": [ + "ssm:AddTagsToResource", + "ssm:DeleteParameter", + "ssm:DescribeParameters", + "ssm:GetParameter", + "ssm:GetParameters", + "ssm:ListTagsForResource", + "ssm:PutParameter" + ], + "Resource": [ + "*" + ] + } + ] +} +``` diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..0c7f267 --- /dev/null +++ b/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2023 SquareOps Technologies Pvt. Ltd. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/README.md b/README.md index f476437..dc22428 100644 --- a/README.md +++ b/README.md @@ -1,76 +1,32 @@ # AWS EC2 Keypair +![squareops_avatar] -Terraform module which creates EC2 key pair on AWS. +[squareops_avatar]: https://squareops.com/wp-content/uploads/2022/12/squareops-logo.png + +### [SquareOps Technologies](https://squareops.com/) Provide end to end solution for all your DevOps needs + +
+ +Terraform module which creates EC2 key pair on AWS. The private key will be stored on SSM. ## Usage Example ```hcl module "key_pair" { - source = "git::https://{GIT_USER}:{GIT_TOKEN}@gitlab.com/squareops/sal/terraform/aws/ec2-keypair.git?ref=dev" + source = "squareops/terraform-aws-keypair" - region = var.region - environment = var.environment - key_name = var.key_name - ssm_parameter = var.ssm_parameter + environment = production + key_name = example-key + ssm_parameter = production-example-key } - ``` -## IAM Permission +Refer [examples](https://github.com/squareops/terraform-aws-keypair/tree/main/examples) for all examples. - -The Policy required is: - -```json -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": [ - "ec2:CreateKeyPair", - "ec2:CreateTags", - "ec2:DeleteKeyPair", - "ec2:DeleteTags", - "ec2:DescribeKeyPairs", - "ec2:ImportKeyPair" - ], - "Resource": [ - "*" - ] - }, - { - "Sid": "VisualEditor1", - "Effect": "Allow", - "Action": [ - "kms:Decrypt" - ], - "Resource": [ - "*" - ] - }, - { - "Sid": "VisualEditor2", - "Effect": "Allow", - "Action": [ - "ssm:AddTagsToResource", - "ssm:DeleteParameter", - "ssm:DescribeParameters", - "ssm:GetParameter", - "ssm:GetParameters", - "ssm:ListTagsForResource", - "ssm:PutParameter" - ], - "Resource": [ - "*" - ] - } - ] -} + +## IAM Permission +The required IAM permissions to create resources from this module can be found [here](https://github.com/squareops/terraform-aws-keypair/blob/main/IAM.md) -``` - ## Requirements @@ -102,14 +58,14 @@ The Policy required is: | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [environment](#input\_environment) | Environment identifier for the key pair | `string` | `"dev"` | no | -| [key\_name](#input\_key\_name) | The name for the key pair to be generated | `string` | `"test-key"` | no | -| [ssm\_parameter\_path](#input\_ssm\_parameter\_path) | The name of the ssm parameter for storing the keypair | `string` | `"/test/ssm"` | no | +| [environment](#input\_environment) | Environment identifier for the key pair | `string` | `""` | no | +| [key\_name](#input\_key\_name) | The name for the key pair to be generated | `string` | `""` | no | +| [ssm\_parameter\_path](#input\_ssm\_parameter\_path) | The name of the ssm parameter for storing the keypair | `string` | `"/example/ssm"` | no | ## Outputs | Name | Description | |------|-------------| | [key\_pair\_name](#output\_key\_pair\_name) | The key pair name. | -| [ssm\_parameter\_arn](#output\_ssm\_parameter\_arn) | The key pair ARN. | +| [ssm\_parameter\_arn](#output\_ssm\_parameter\_arn) | The SSM parameter ARN of key pair. | diff --git a/examples/complete/README.md b/examples/complete/README.md index f91bd79..c1ca2fc 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -1,6 +1,6 @@ # AWS EC2 key pair -Configuration in this directory creates EC2 key pair +Configuration in this directory creates EC2 key pair. ## Usage @@ -14,61 +14,6 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. -## IAM Permission - -The Policy required is: - -```json -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": [ - "ec2:CreateKeyPair", - "ec2:CreateTags", - "ec2:DeleteKeyPair", - "ec2:DeleteTags", - "ec2:DescribeKeyPairs", - "ec2:ImportKeyPair" - ], - "Resource": [ - "*" - ] - }, - { - "Sid": "VisualEditor1", - "Effect": "Allow", - "Action": [ - "kms:Decrypt" - ], - "Resource": [ - "*" - ] - }, - { - "Sid": "VisualEditor2", - "Effect": "Allow", - "Action": [ - "ssm:AddTagsToResource", - "ssm:DeleteParameter", - "ssm:DescribeParameters", - "ssm:GetParameter", - "ssm:GetParameters", - "ssm:ListTagsForResource", - "ssm:PutParameter" - ], - "Resource": [ - "*" - ] - } - ] -} - - -``` - ## Requirements @@ -86,7 +31,7 @@ No providers. | Name | Source | Version | |------|--------|---------| -| [key\_pair](#module\_key\_pair) | ../../ | n/a | +| [key\_pair](#module\_key\_pair) | squareops/terraform-aws-keypair | n/a | ## Resources diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 5727077..a8a65c4 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -3,7 +3,7 @@ provider "aws" { } locals { - environment = "dev" + environment = "prod" region = "us-east-1" name = "skaf" } @@ -13,9 +13,9 @@ locals { ################################################################################ module "key_pair" { - source = "../../" + source = "squareops/terraform-aws-keypair" - key_name = format("%s-%s-kp", local.environment, local.name) - ssm_parameter = format("%s-%s-ssm", local.environment, local.name) #SSM parameter secret name + key_name = format("%s-%s-kp", local.environment, local.name) + ssm_parameter_path = format("%s-%s-ssm", local.environment, local.name) #SSM parameter secret name } diff --git a/outputs.tf b/outputs.tf index caabf14..6f99269 100644 --- a/outputs.tf +++ b/outputs.tf @@ -4,6 +4,6 @@ output "key_pair_name" { } output "ssm_parameter_arn" { - description = "The key pair ARN." + description = "The SSM parameter ARN of key pair." value = aws_ssm_parameter.ssm_ec2_keypair.arn } diff --git a/variables.tf b/variables.tf index bf1493e..d5d0f70 100644 --- a/variables.tf +++ b/variables.tf @@ -1,17 +1,17 @@ variable "key_name" { description = "The name for the key pair to be generated" - default = "test-key" + default = "" type = string } variable "environment" { description = "Environment identifier for the key pair" - default = "dev" + default = "" type = string } variable "ssm_parameter_path" { description = "The name of the ssm parameter for storing the keypair" - default = "/test/ssm" + default = "/example/ssm" type = string } From d5add2bb1700b9e9895811a592a5d593a63f9989 Mon Sep 17 00:00:00 2001 From: Siddharth Barhate Date: Wed, 25 Jan 2023 13:08:05 +0530 Subject: [PATCH 19/19] Update README and fix module source --- README.md | 14 +++++++++++++- examples/complete/README.md | 15 ++++++--------- examples/complete/main.tf | 2 +- 3 files changed, 20 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index dc22428..ea2c2db 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ Terraform module which creates EC2 key pair on AWS. The private key will be stor ```hcl module "key_pair" { - source = "squareops/terraform-aws-keypair" + source = "squareops/keypair/aws" environment = production key_name = example-key @@ -23,6 +23,18 @@ module "key_pair" { Refer [examples](https://github.com/squareops/terraform-aws-keypair/tree/main/examples) for all examples. +## Retrieve Private Key + +To Retrieve the Private key from SSM: +```bash +aws ssm get-parameter --region=us-east-1 --name "production-example-key" --with-decryption --output text --query Parameter.Value +``` + +Additionally, to save the private to a file: +```bash +aws ssm get-parameter --region=us-east-1 --name "production-example-key" --with-decryption --output text --query Parameter.Value > private-key.pem +``` + ## IAM Permission The required IAM permissions to create resources from this module can be found [here](https://github.com/squareops/terraform-aws-keypair/blob/main/IAM.md) diff --git a/examples/complete/README.md b/examples/complete/README.md index 923d62f..57d79b7 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -14,10 +14,11 @@ $ terraform apply Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. -<<<<<<< HEAD -## IAM Permission - -The Policy required is: + + +## Requirements + +| Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | | [aws](#requirement\_aws) | >= 4.21 | @@ -31,11 +32,7 @@ No providers. | Name | Source | Version | |------|--------|---------| -<<<<<<< HEAD -| [key\_pair](#module\_key\_pair) | ../../ | n/a | -======= -| [key\_pair](#module\_key\_pair) | squareops/terraform-aws-keypair | n/a | ->>>>>>> e0e34e1c6a140fc579082a1e69ac971caff29059 +| [key\_pair](#module\_key\_pair) | squareops/keypair/aws | n/a | ## Resources diff --git a/examples/complete/main.tf b/examples/complete/main.tf index a8a65c4..3d829c5 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -13,7 +13,7 @@ locals { ################################################################################ module "key_pair" { - source = "squareops/terraform-aws-keypair" + source = "squareops/keypair/aws" key_name = format("%s-%s-kp", local.environment, local.name) ssm_parameter_path = format("%s-%s-ssm", local.environment, local.name) #SSM parameter secret name