This repository has been archived by the owner on Jan 30, 2021. It is now read-only.
Initialize #1
Merged
Initialize #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
osterman
suggested changes
Apr 20, 2018
LICENSE
Outdated
| same "printed page" as the copyright notice for easier | ||
| identification within third-party archives. | ||
|
|
||
| Copyright 2017-2018 Cloud Posse, LLC |
variables.tf
Outdated
|
|
||
| variable "policy" { | ||
| description = "User policy in json format" | ||
| default = "${data.aws_iam_policy_document.default.json}" |
There was a problem hiding this comment.
Interpolations are not valid as defaults
.travis.yml
Outdated
| - make init | ||
|
|
||
| script: | ||
| - make terraform:install |
README.md
Outdated
| # terraform-aws-iam-chamber-user [](https://travis-ci.org/cloudposse/terraform-aws-iam-chamber-user) | ||
|
|
||
| Terraform Module to provision a basic IAM system user with access to SSM parameters, suitable for CI/CD Systems |
There was a problem hiding this comment.
Link chamber to https://github.com/segmentio/chamber
README.md
Outdated
| source = "git::https://github.com/cloudposse/terraform-aws-iam-chamber-user.git?ref=master" | ||
| namespace = "cp" | ||
| stage = "circleci" |
README.md
Outdated
| source = "git::https://github.com/cloudposse/terraform-aws-iam-chamber-user.git?ref=master" | ||
| namespace = "cp" | ||
| stage = "circleci" |
| [erik_web]: https://github.com/osterman/ | ||
| [andriy_img]: https://avatars0.githubusercontent.com/u/7356997?v=4&u=ed9ce1c9151d552d985bdf5546772e14ef7ab617&s=144 | ||
| [andriy_web]: https://github.com/aknysh/ |
osterman
reviewed
Apr 20, 2018
README.md
Outdated
| ## Usage | ||
|
|
||
| ### Simple usage |
There was a problem hiding this comment.
We don't need 2 usages for this module. Only a single one.
osterman
reviewed
Apr 20, 2018
README.md
Outdated
| stage = "circleci" | ||
| name = "secrets" | ||
| kms_key_arn = "" |
osterman
reviewed
Apr 20, 2018
main.tf
Outdated
| name = "${var.name}" | ||
| enabled = "${var.enabled}" | ||
| namespace = "${var.namespace}" | ||
| stage = "${var.stage}" |
osterman
reviewed
Apr 20, 2018
main.tf
Outdated
| "ssm:GetParameters", | ||
| ] | ||
|
|
||
| resources = ["*"] |
There was a problem hiding this comment.
move this to a variable ssm_resources with a default value of ["*"]
osterman
reviewed
Apr 20, 2018
main.tf
Outdated
|
|
||
| data "aws_iam_policy_document" "default" { | ||
| statement { | ||
| actions = [ |
There was a problem hiding this comment.
Move this to a variable named ssm_actions with a default value of what you have here.
osterman
reviewed
Apr 20, 2018
README.md
Outdated
| namespace = "cp" | ||
| stage = "staging" | ||
| name = "chamber" |
There was a problem hiding this comment.
this will definitely need the kms_key_arn
osterman
reviewed
Apr 20, 2018
README.md
Outdated
| | `path` | `/` | Path in which to create the user | No | | ||
| | `enabled` | `true` | Set to `false` to prevent the module from creating any resources | No | | ||
| | `kms_key_arn` | `` | KMS key_arn used if Secure Strings are stored in Parameter Store to decrypt secrets. | No | |
osterman
reviewed
Apr 20, 2018
variables.tf
Outdated
| @@ -0,0 +1,50 @@ | |||
| variable "name" {} | |||
There was a problem hiding this comment.
Use the same variables we have in all of our other modules.
There was a problem hiding this comment.
https://github.com/cloudposse/terraform-aws-key-pair/blob/master/variables.tf#L1-L32
They are all well documented
osterman
reviewed
Apr 20, 2018
variables.tf
Outdated
| default = [] | ||
| } | ||
|
|
||
| variable "ssm_actions" { |
osterman
reviewed
Apr 21, 2018
README.md
Outdated
| stage = "staging" | ||
| name = "chamber" | ||
| kms_key_arn = "arn:aws:kms:region:account-id:key/CMK" |
There was a problem hiding this comment.
Add a realistic arn. It's hard to know what is a placeholder vs what is replaced.
osterman
approved these changes
Apr 21, 2018
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
what
Terraform module for creating an IAM user and access id/secret with access to SSM+KMS secrets.
why
Make it easier for SaaS CI/CD solutions to access secrets from SSM+KMS.