Initial AWS Vendor Access Module Configuration #2
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
This PR moves the AWS Vendor Access Module out of the terraform-aws-cloud repo, in order to decouple the two modules for supporting granular versioning, reason version through updates more clearly, and allow for faster development of the two modules.
Notable Changes & Improvements
Some small changes have been made to the Terraform module and IAM policies themselves, both to enhance security and make the module code more readable, and to also support the future v3.0.0 release of the
terraform-aws-cloud
module.What's Changed
eks_cluster_pattern
,eks_nodepool_pattern
, and thes3_bucket_pattern
input variables have had their defaults changed fromsnc-*
to*snc*
. Going forward we may not always use the prefixsnc-*
for the resources we create (this was precipitated by changes to the community EKS module around default names for resources). But we will always anticipate resources we create to contain the string"snc"
, and we also needed to provide backwards compatibility for older resources created by our module, hence the shift to the double wildcard.aws_iam_policy_document
resource for management of theStreamNativeCloudRuntimePolicy
, and are instead using a template file in themodules/aws/files
directory. This makes the policy document easier to find and read, without having to dig through the Terraform module itself, and falls in line with the existing structure where the rest of the IAM policies were template files.Left Todo
Update the CloudFormation template file to match the Terraform module's outputWe will add the CF template at a later date.