stub for s3

SCT-Engineering · Feb 19, 2026 · 77b06a1 · 77b06a1
1 parent b512359
commit 77b06a1
Show file tree

Hide file tree

Showing 29 changed files with 529 additions and 20 deletions.
diff --git a/modules/ec2/data.tf b/modules/ec2/data.tf
@@ -61,9 +61,9 @@ data "aws_availability_zone" "zone" {
 }
 
 data "external" "portfolio" {
-  program = ["bash", "-c", "aws servicecatalog list-portfolios --region ${local.region} --query \"PortfolioDetails[?contains(DisplayName, 'Service Portfolio for')]|[0]|{id: Id}\" --output json"]
+  program = ["bash", "-c", "tf-aws servicecatalog list-portfolios --region ${local.region} --query \"PortfolioDetails[?contains(DisplayName, 'Service Portfolio for')]|[0]|{id: Id}\" --output json"]
 }
 
 data "external" "product" {
-  program = ["bash", "-c", "aws servicecatalog search-products --region ${local.region} --query \"ProductViewSummaries[?contains(Name, 'RHEL')]|[0]|{id: ProductId}\" --output json"]
+  program = ["bash", "-c", "tf-aws servicecatalog search-products --region ${local.region} --query \"ProductViewSummaries[?contains(Name, 'RHEL')]|[0]|{id: ProductId}\" --output json"]
 }
diff --git a/modules/s3/data.tf b/modules/s3/data.tf
@@ -0,0 +1,69 @@
+data "aws_caller_identity" "current" {}
+data "aws_partition" "current" {}
+data "aws_arn" "current" {
+  arn = data.aws_caller_identity.current.arn
+}
+
+data "aws_region" "current" {}
+
+data "aws_vpc" "vpc" {
+  filter {
+    name   = "tag:Name"
+    values = [var.vpc_name]
+  }
+}
+
+data "aws_subnets" "subnets" {
+  filter {
+    name   = "tag:Name"
+    values = [var.subnets_name]
+  }
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.vpc.id]
+  }
+}
+
+data "aws_subnet" "subnets" {
+  for_each = toset(data.aws_subnets.subnets.ids)
+  id       = each.key
+}
+
+// Get portfolio details if we resolved an ID
+data "aws_servicecatalog_portfolio" "by_id" {
+  count           = local.portfolio_id != null ? 1 : 0
+  id              = local.portfolio_id
+  accept_language = var.accept_language
+}
+
+// Get product details by ID (requires product_id)
+data "aws_servicecatalog_product" "by_id" {
+  count           = local.product_id != null ? 1 : 0
+  id              = local.product_id
+  accept_language = var.accept_language
+}
+
+// Get the latest provisioning artifact (product version)
+data "aws_servicecatalog_provisioning_artifacts" "this" {
+  count           = local.product_id != null ? 1 : 0
+  accept_language = var.accept_language
+  product_id      = local.product_id
+}
+
+data "aws_availability_zones" "zones" {
+  state = "available"
+}
+
+data "aws_availability_zone" "zone" {
+  for_each = toset(data.aws_availability_zones.zones.names)
+  state    = "available"
+  name     = each.key
+}
+
+data "external" "portfolio" {
+  program = ["bash", "-c", "tf-aws servicecatalog list-portfolios --region ${local.region} --query \"PortfolioDetails[?contains(DisplayName, 'Service Portfolio for')]|[0]|{id: Id}\" --output json"]
+}
+
+data "external" "product" {
+  program = ["bash", "-c", "tf-aws servicecatalog search-products --region ${local.region} --query \"ProductViewSummaries[?contains(Name, 'RHEL')]|[0]|{id: ProductId}\" --output json"]
+}
diff --git a/modules/s3/locals.tf b/modules/s3/locals.tf
@@ -0,0 +1,70 @@
+locals {
+  account_id = data.aws_caller_identity.current.account_id
+  az_name    = data.aws_subnet.subnets[sort(data.aws_subnets.subnets.ids)[0]].availability_zone
+  partition  = data.aws_partition.current.partition
+  region     = data.aws_region.current.id
+  vpc_id     = data.aws_vpc.vpc.id
+
+  # Use provided portfolio_id or fall back to external data source lookup
+  portfolio_id = var.portfolio_id != null ? var.portfolio_id : try(data.external.portfolio.result.id, null)
+
+  # Use provided product_id or fall back to external data source lookup
+  product_id = var.product_id != null ? var.product_id : try(data.external.product.result.id, null)
+
+  # Get the latest provisioning artifact ID
+  latest_artifact_id = local.product_id == null ? null : try(
+    [for artifact in data.aws_servicecatalog_provisioning_artifacts.this[0].provisioning_artifact_details :
+      artifact.id if artifact.active
+    ][0],
+    null
+  )
+
+  # Use provided path_id or default to latest
+  provisioning_artifact_id = var.path_id != null ? var.path_id : local.latest_artifact_id
+
+  # Build default parameters from module variables
+  default_parameters = {
+    ProjectName    = var.project_name
+    VpcId          = local.vpc_id
+    AZName         = local.az_name
+    InstanceType   = var.instance_type
+    NameTag        = var.provisioned_product_name
+    OSName         = var.os_name
+    Creator        = var.creator
+    ContactEmail   = var.contact_email
+    IncPocEmail    = var.inc_poc_email
+    RequiresBackup = var.requires_backup
+    PowerSchedule  = var.power_schedule
+    FISMAID        = var.fisma_id
+  }
+
+  # Merge defaults with user-provided parameters (user params override defaults)
+  parameters = merge(
+    local.default_parameters,
+    var.parameters
+  )
+
+  # Convert parameters map to the format expected by aws_servicecatalog_provisioned_product
+  provisioning_parameters = [
+    for key, value in local.parameters : {
+      key   = key
+      value = tostring(value)
+    }
+    if value != "" # Only include non-empty values
+  ]
+
+  standard_tags = {
+    ManagedBy = "Terraform"
+    Module    = local.module_name
+  }
+
+  enforced_tags = merge(
+    local.standard_tags,
+    var.enforced_tags
+  )
+
+  tags = merge(
+    local.enforced_tags,
+    var.tags
+  )
+}
diff --git a/modules/s3/main.tf b/modules/s3/main.tf
@@ -0,0 +1,48 @@
+# Product Submodule
+#
+# Provisions a Service Catalog product
+# using a pre-configured portfolio and product
+
+resource "aws_servicecatalog_provisioned_product" "this" {
+  name                      = var.provisioned_product_name
+  product_id                = local.product_id
+  provisioning_artifact_id  = local.provisioning_artifact_id
+  region                    = local.region
+  path_id                   = var.path_id
+  accept_language           = var.accept_language
+  ignore_errors             = var.ignore_errors
+  notification_arns         = var.notification_arns
+  retain_physical_resources = var.retain_physical_resources
+
+  dynamic "provisioning_parameters" {
+    for_each = local.provisioning_parameters
+    content {
+      key   = provisioning_parameters.value.key
+      value = provisioning_parameters.value.value
+    }
+  }
+
+  dynamic "stack_set_provisioning_preferences" {
+    for_each = var.stack_set_provisioning_preferences != null ? [var.stack_set_provisioning_preferences] : []
+    content {
+      accounts                     = try(stack_set_provisioning_preferences.value.accounts, null)
+      failure_tolerance_count      = try(stack_set_provisioning_preferences.value.failure_tolerance_count, null)
+      failure_tolerance_percentage = try(stack_set_provisioning_preferences.value.failure_tolerance_percentage, null)
+      max_concurrency_count        = try(stack_set_provisioning_preferences.value.max_concurrency_count, null)
+      max_concurrency_percentage   = try(stack_set_provisioning_preferences.value.max_concurrency_percentage, null)
+      regions                      = try(stack_set_provisioning_preferences.value.regions, null)
+    }
+  }
+
+  tags = local.tags
+
+  timeouts {
+    create = var.timeout
+    update = var.timeout
+    delete = var.timeout
+  }
+
+  depends_on = [
+    data.aws_servicecatalog_provisioning_artifacts.this
+  ]
+}
diff --git a/modules/s3/module_name.tf b/modules/s3/module_name.tf
@@ -0,0 +1,3 @@
+locals {
+  module_name = "aws-servicecatalog/ec2"
+}
diff --git a/modules/s3/outputs.tf b/modules/s3/outputs.tf
@@ -0,0 +1,79 @@
+output "provisioned_product_id" {
+  description = "The ID of the provisioned product"
+  value       = aws_servicecatalog_provisioned_product.this.id
+}
+
+output "provisioned_product_name" {
+  description = "The name of the provisioned product"
+  value       = aws_servicecatalog_provisioned_product.this.name
+}
+
+output "provisioned_product_arn" {
+  description = "The ARN of the provisioned product"
+  value       = aws_servicecatalog_provisioned_product.this.arn
+}
+
+output "provisioned_product_type" {
+  description = "The type of the provisioned product"
+  value       = aws_servicecatalog_provisioned_product.this.type
+}
+
+output "provisioned_product_status" {
+  description = "The status of the provisioned product"
+  value       = aws_servicecatalog_provisioned_product.this.status
+}
+
+output "provisioned_product_status_message" {
+  description = "The status message for the provisioned product"
+  value       = aws_servicecatalog_provisioned_product.this.status_message
+}
+
+output "launch_role_arn" {
+  description = "The ARN of the launch role"
+  value       = aws_servicecatalog_provisioned_product.this.launch_role_arn
+}
+
+output "portfolio_id" {
+  description = "The ID of the portfolio used"
+  value       = local.portfolio_id
+}
+
+output "product_id" {
+  description = "The ID of the product used"
+  value       = local.product_id
+}
+
+output "provisioning_artifact_id" {
+  description = "The ID of the provisioning artifact used"
+  value       = local.provisioning_artifact_id
+}
+
+output "vpc_id" {
+  description = "The VPC ID where the instance will be provisioned"
+  value       = data.aws_vpc.vpc.id
+}
+
+output "subnet_ids" {
+  description = "The subnet IDs where the instance can be provisioned"
+  value       = data.aws_subnets.subnets.ids
+}
+
+output "availability_zone" {
+  description = "The availability zone of the first selected subnet"
+  value       = data.aws_subnet.subnets[sort(data.aws_subnets.subnets.ids)[0]].availability_zone
+}
+
+output "availability_zone_names" {
+  description = "VPC Availability zone name list"
+  value       = data.aws_availability_zones.zones.names
+}
+
+output "availability_zone_ids" {
+  description = "VPC Availability zone id list"
+  value       = data.aws_availability_zones.zones.zone_ids
+}
+
+output "availability_zone_suffixes" {
+  description = "VPC Availability zone suffix list"
+  value       = [for k, v in data.aws_availability_zone.zone : v.name_suffix]
+}
diff --git a/modules/s3/prefixes.tf b/modules/s3/prefixes.tf
@@ -0,0 +1,28 @@
+locals {
+  _prefixes = {
+    "efs"            = "v-efs-"
+    "s3"             = "v-s3-"
+    "ebs"            = "v-ebs-"
+    "kms"            = "k-kms-"
+    "role"           = "r-"
+    "policy"         = "p-"
+    "group"          = "g-"
+    "security-group" = "" # "sg-"
+    # VPC
+    "vpc"              = ""
+    "dhcp-options"     = ""
+    "vpc-peer"         = "vpcp-"
+    "route-table"      = "route-"
+    "subnet"           = ""
+    "vpc-endpoint"     = "vpce-"
+    "elastic-ip"       = "eip-"
+    "nat-gateway"      = "nat-"
+    "internet-gateway" = "igw-"
+    "network-acl"      = "nacl-"
+    "customer-gateway" = "cgw-"
+    "vpn-gateway"      = "vpcg-"
+    "vpn-connection"   = "vpn_"
+    "log-group"        = "lg-"
+    "log-stream"       = "lgs-"
+  }
+}