-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- inventory
- add inventory code for use in decommission (not a submodule at this time)- Loading branch information
Showing
14 changed files
with
389 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| # .tf-control | ||
| # allows for setting a specific command to be used for tf-* commands under this git repo | ||
| # see tf-control.sh help for more info | ||
|
|
||
| TFCONTROL_VERSION="1.0.7" | ||
| #TFCOMMAND="terraform_latest" | ||
| TFCOMMAND="terraform_current" | ||
|
|
||
| # TF_CLI_CONFIG_FILE=PATH-TO-FILE/.tf-control.tfrc | ||
| # TFARGS="" | ||
| # TFNOLOG="" | ||
| # TFNOCOLOR="" | ||
|
|
||
| # from issue: https://github.com/hashicorp/terraform/issues/32901 | ||
| # to get to TF 1.4 and beyond in a shared cache environment | ||
| # this is currently in the tf-control.sh script explicitly | ||
| #TF_PLUGIN_CACHE_MAY_BREAK_DEPENDENCY_LOCK_FILE=1 | ||
|
|
||
| # use the following to force a specific version. An upgrade of an existing 0.12.31 to 1.x | ||
| # needs you to cycle through 0.13.17, 0.14.11, and then latest (0.15.5 not needed). Other | ||
| # steps in between. See https://github.e.it.census.gov/terraform/support/tree/master/docs/how-to/terraform-upgrade for details | ||
| # | ||
| #TFCOMMAND="terraform_0.12.31" | ||
| #TFCOMMAND="terraform_0.13.7" | ||
| #TFCOMMAND="terraform_0.14.11" | ||
| #TFCOMMAND="terraform_0.15.5" | ||
| #TFCOMMAND="terraform_1.3.10" | ||
| #TFCOMMAND="terraform_1.4.7" | ||
| #TFCOMMAND="terraform_1.5.7" | ||
| #TFCOMMAND="terraform_1.6.6" | ||
| #TFCOMMAND="terraform_1.7.5" | ||
| #TFCOMMAND="terraform_1.8.2" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| TFCONTROL_VERSION="1.0.5" | ||
|
|
||
| # https://www.terraform.io/docs/cli/config/config-file.html | ||
| plugin_cache_dir = "/data/terraform/terraform.d/plugin-cache" | ||
| #disable_checkpoint = true | ||
|
|
||
| provider_installation { | ||
| # filesystem_mirror { | ||
| # path = "/apps/terraform/terraform.d/providers" | ||
| # include = [ "*/*/*" ] | ||
| # } | ||
| filesystem_mirror { | ||
| path = "/data/terraform/terraform.d/providers" | ||
| include = [ "*/*/*" ] | ||
| } | ||
| # filesystem_mirror { | ||
| # path = "/apps/terraform/terraform.d/providers" | ||
| # include = [ "external.terraform.census.gov/*/*" ] | ||
| # } | ||
| direct { | ||
| include = [ "*/*/*" ] | ||
| } | ||
| } | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,3 @@ | ||
| locals { | ||
| _module_version = "2.6.2" | ||
| _module_version = "2.7.0" | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| #!/bin/bash | ||
|
|
||
| VERSION="1.0.1" | ||
| THIS=$(basename $0 .sh) | ||
|
|
||
| FILES=$@ | ||
| if [ -z "$FILES" ] | ||
| then | ||
| FILES=$(ls setup/cloud-nuke*.log) | ||
| fi | ||
|
|
||
| for f in $FILES | ||
| do | ||
| echo "# $f" | ||
| cat $f | grep -v securityhub | grep -v OrgConfig > $f.txt | ||
| replace-control-characters.sh $f.txt | ||
| sed -i -e 's/\r/\n/g' $f.txt | ||
| sed -i -e '0,/^# Found/d' $f.txt | ||
| done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| #!/bin/bash | ||
|
|
||
| VERSION="1.0.1" | ||
|
|
||
| caller=$(tf-aws sts get-caller-identity --query 'Arn' 2> /dev/null) | ||
| if [ $(echo $caller | grep -c aws-us-gov) != 0 ] | ||
| then | ||
| echo "# partition is not commercial, exiting" | ||
| exit 1 | ||
| fi | ||
| exit | ||
|
|
||
| lastmonth=$(date --date="-1 month" +%Y-%m-01) | ||
| nextmonth=$(date --date="+1 month" +%Y-%m-01) | ||
|
|
||
| test -d setup || mkdir setup | ||
|
|
||
| tf-aws ce get-cost-and-usage \ | ||
| --time-period Start=$lastmonth,End=$nextmonth \ | ||
| --granularity MONTHLY \ | ||
| --metrics "BlendedCost" "UnblendedCost" "UsageQuantity" \ | ||
| --group-by Type=DIMENSION,Key=SERVICE \ | ||
| > setup/cost-usage.${lastmonth}_${nextmonth}.json | ||
|
|
||
| tf-aws ce get-cost-and-usage \ | ||
| --time-period Start=$lastmonth,End=$nextmonth \ | ||
| --granularity MONTHLY \ | ||
| --metrics "BlendedCost" "UnblendedCost" "UsageQuantity" \ | ||
| --group-by Type=DIMENSION,Key=SERVICE \ | ||
| --output text \ | ||
| > setup/cost-usage.${lastmonth}_${nextmonth}.txt | ||
|
|
||
| grep ^BLEND setup/cost-usage.${lastmonth}_${nextmonth}.txt |\ | ||
| awk '{t+=$2} END {print NR,t}' > setup/cost-usage.${lastmonth}_${nextmonth}.summary | ||
|
|
||
| exit 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,87 @@ | ||
| # 1398 2024-10-10 15:58:38 DISABLE_TELEMETRY=true AWS_PROFILE=198886018595-ma24-gov cloud-nuke inspect-aws --region us-gov-west-1 |& tee nuke.us-gov-west-1.$(date +%s).log | ||
| # 1399 2024-10-10 15:59:39 DISABLE_TELEMETRY=true AWS_PROFILE=198886018595-ma24-gov cloud-nuke inspect-aws --region us-gov-east-1 |& tee nuke.us-gov-east-1.$(date +%s).log | ||
|
|
||
| resource "null_resource" "inspect_east-1" { | ||
| count = data.aws_arn.current.partition == "aws" ? 1 : 0 | ||
| triggers = { | ||
| region = "us-east-1" | ||
| directory = null_resource.setup_directory.triggers.directory | ||
| timestamp = local.timestamp | ||
| } | ||
|
|
||
| provisioner "local-exec" { | ||
| command = "cloud-nuke inspect-aws --region ${self.triggers.region} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1" | ||
| environment = { | ||
| DISABLE_TELEMETRY = true | ||
| AWS_PROFILE = var.profile | ||
| AWS_REGION = self.triggers.region | ||
| } | ||
| } | ||
| } | ||
|
|
||
| resource "null_resource" "inspect_east-2" { | ||
| count = data.aws_arn.current.partition == "aws" ? 1 : 0 | ||
| triggers = { | ||
| region = "us-east-2" | ||
| directory = null_resource.setup_directory.triggers.directory | ||
| timestamp = local.timestamp | ||
| } | ||
|
|
||
| provisioner "local-exec" { | ||
| command = "cloud-nuke inspect-aws --region ${self.triggers.region} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1" | ||
| environment = { | ||
| DISABLE_TELEMETRY = true | ||
| AWS_PROFILE = var.profile | ||
| AWS_REGION = self.triggers.region | ||
| } | ||
| } | ||
| } | ||
|
|
||
| resource "null_resource" "inspect_west-1" { | ||
| count = data.aws_arn.current.partition == "aws" ? 1 : 0 | ||
| triggers = { | ||
| region = "us-west-1" | ||
| directory = null_resource.setup_directory.triggers.directory | ||
| timestamp = local.timestamp | ||
| } | ||
|
|
||
| provisioner "local-exec" { | ||
| command = "cloud-nuke inspect-aws --region ${self.triggers.region} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1" | ||
| environment = { | ||
| DISABLE_TELEMETRY = true | ||
| AWS_PROFILE = var.profile | ||
| AWS_REGION = self.triggers.region | ||
| } | ||
| } | ||
| } | ||
|
|
||
| resource "null_resource" "inspect_west-2" { | ||
| count = data.aws_arn.current.partition == "aws" ? 1 : 0 | ||
| triggers = { | ||
| region = "us-west-2" | ||
| directory = null_resource.setup_directory.triggers.directory | ||
| timestamp = local.timestamp | ||
| } | ||
|
|
||
| provisioner "local-exec" { | ||
| command = "cloud-nuke inspect-aws --region ${self.triggers.region} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1" | ||
| environment = { | ||
| DISABLE_TELEMETRY = true | ||
| AWS_PROFILE = var.profile | ||
| AWS_REGION = self.triggers.region | ||
| } | ||
| } | ||
| } | ||
|
|
||
| resource "null_resource" "filter_ew" { | ||
| count = data.aws_arn.current.partition == "aws" ? 1 : 0 | ||
| triggers = { | ||
| directory = null_resource.setup_directory.triggers.directory | ||
| timestamp = local.timestamp | ||
| inspect_complete = join(",", [null_resource.inspect_east-1[0].id, null_resource.inspect_east-2[0].id, null_resource.inspect_west-1[0].id, null_resource.inspect_west-2[0].id]) | ||
| } | ||
|
|
||
| provisioner "local-exec" { | ||
| command = "bash ${path.root}/filter-inspect.sh ${self.triggers.directory}/cloud-nuke.*.${self.triggers.timestamp}.log 2>&1" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| # 1398 2024-10-10 15:58:38 DISABLE_TELEMETRY=true AWS_PROFILE=198886018595-ma24-gov cloud-nuke inspect-aws --region us-gov-west-1 |& tee nuke.us-gov-west-1.$(date +%s).log | ||
| # 1399 2024-10-10 15:59:39 DISABLE_TELEMETRY=true AWS_PROFILE=198886018595-ma24-gov cloud-nuke inspect-aws --region us-gov-east-1 |& tee nuke.us-gov-east-1.$(date +%s).log | ||
|
|
||
| resource "null_resource" "inspect_east" { | ||
| count = data.aws_arn.current.partition == "aws-us-gov" ? 1 : 0 | ||
| triggers = { | ||
| region = "us-gov-east-1" | ||
| directory = null_resource.setup_directory.triggers.directory | ||
| timestamp = local.timestamp | ||
| } | ||
|
|
||
| provisioner "local-exec" { | ||
| command = "cloud-nuke inspect-aws --region ${self.triggers.region} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${local.timestamp}.log 2>&1" | ||
| environment = { | ||
| DISABLE_TELEMETRY = true | ||
| AWS_PROFILE = var.profile | ||
| AWS_REGION = self.triggers.region | ||
| } | ||
| } | ||
| } | ||
|
|
||
| resource "null_resource" "inspect_west" { | ||
| count = data.aws_arn.current.partition == "aws-us-gov" ? 1 : 0 | ||
| triggers = { | ||
| region = "us-gov-west-1" | ||
| directory = null_resource.setup_directory.triggers.directory | ||
| timestamp = local.timestamp | ||
| } | ||
|
|
||
| provisioner "local-exec" { | ||
| command = "cloud-nuke inspect-aws --region ${self.triggers.region} > ${self.triggers.directory}/cloud-nuke.${self.triggers.region}.${self.triggers.timestamp}.log 2>&1" | ||
| environment = { | ||
| DISABLE_TELEMETRY = true | ||
| AWS_PROFILE = var.profile | ||
| AWS_REGION = self.triggers.region | ||
| } | ||
| } | ||
| } | ||
|
|
||
| resource "null_resource" "filter_gov" { | ||
| count = data.aws_arn.current.partition == "aws-us-gov" ? 1 : 0 | ||
| triggers = { | ||
| directory = null_resource.setup_directory.triggers.directory | ||
| timestamp = local.timestamp | ||
| inspect_complete = join(",", [null_resource.inspect_east[0].id, null_resource.inspect_west[0].id]) | ||
| } | ||
|
|
||
| provisioner "local-exec" { | ||
| command = "bash ${path.root}/filter-inspect.sh ${self.triggers.directory}/cloud-nuke.*.${self.triggers.timestamp}.log 2>&1" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| # 1398 2024-10-10 15:58:38 DISABLE_TELEMETRY=true AWS_PROFILE=198886018595-ma24-gov cloud-nuke inspect-aws --region us-gov-west-1 |& tee nuke.us-gov-west-1.$(date +%s).log | ||
| # 1399 2024-10-10 15:59:39 DISABLE_TELEMETRY=true AWS_PROFILE=198886018595-ma24-gov cloud-nuke inspect-aws --region us-gov-east-1 |& tee nuke.us-gov-east-1.$(date +%s).log | ||
|
|
||
| locals { | ||
| timestamp = try((provider::time::rfc3339_parse(time_static.inspect.rfc3339)).unix, time_static.inspect.rfc3339) | ||
| } | ||
|
|
||
| resource "time_static" "inspect" {} | ||
|
|
||
| resource "null_resource" "setup_directory" { | ||
| triggers = { | ||
| directory = format("%v/setup", path.root) | ||
| } | ||
|
|
||
| provisioner "local-exec" { | ||
| command = "test -d ${self.triggers.directory} || mkdir ${self.triggers.directory}" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| #!/bin/sh | ||
|
|
||
| LIST="" | ||
| #LIST+=" list-access-keys" | ||
| LIST+=" list-account-aliases" | ||
| #LIST+=" list-attached-group-policies" | ||
| #LIST+=" list-attached-role-policies" | ||
| #LIST+=" list-attached-user-policies" | ||
| #LIST+=" list-entities-for-policy" | ||
| #LIST+=" list-group-policies" | ||
| LIST+=" list-groups" | ||
| #LIST+=" list-groups-for-user" | ||
| #LIST+=" list-instance-profile-tags" | ||
| LIST+=" list-instance-profiles" | ||
| #LIST+=" list-instance-profiles-for-role" | ||
| #LIST+=" list-mfa-device-tags" | ||
| #LIST+=" list-mfa-devices" | ||
| #LIST+=" list-open-id-connect-provider-tags" | ||
| LIST+=" list-open-id-connect-providers" | ||
| LIST+=" list-policies" | ||
| #LIST+=" list-policies-granting-service-access" | ||
| #LIST+=" list-policy-tags" | ||
| #LIST+=" list-policy-versions" | ||
| #LIST+=" list-role-policies" | ||
| #LIST+=" list-role-tags" | ||
| LIST+=" list-roles" | ||
| #LIST+=" list-saml-provider-tags" | ||
| LIST+=" list-saml-providers" | ||
| #LIST+=" list-server-certificate-tags" | ||
| LIST+=" list-server-certificates" | ||
| #LIST+=" list-service-specific-credentials" | ||
| #LIST+=" list-signing-certificates" | ||
| #LIST+=" list-ssh-public-keys" | ||
| #LIST+=" list-user-policies" | ||
| #LIST+=" list-user-tags" | ||
| LIST+=" list-users" | ||
| LIST+=" list-virtual-mfa-devices" | ||
|
|
||
| for f in $LIST | ||
| do | ||
| echo "# $f" | ||
| tf-aws iam $f > setup/$f.json | ||
| done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| locals { | ||
| base_tags = { | ||
| "boc:created_by" = "terraform" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| locals { | ||
| region = var.region | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| VERSION 2.1.2 | ||
| TAG setup | ||
| REMOTE-STATE | ||
| COMMAND tf-directory-setup.py -l none -f | ||
| COMMAND setup-new-directory.sh | ||
| COMMAND rm remote_state.common.tf | ||
|
|
||
| TAG links | ||
| LINKTOP includes.d/variables.account_tags.tf | ||
| LINKTOP includes.d/variables.account_tags.auto.tfvars | ||
| LINKTOP includes.d/variables.infrastructure_tags.tf | ||
| LINKTOP includes.d/variables.infrastructure_tags.auto.tfvars | ||
| LINKTOP includes.d/variables.application_tags.tf | ||
| LINKTOP includes.d/variables.application_tags.auto.tfvars | ||
| # LINKTOP provider_configs.d/provider.ldap_new.auto.tfvars | ||
| # LINKTOP provider_configs.d/provider.ldap_new.tf | ||
| # LINKTOP provider_configs.d/provider.ldap_new.variables.tf | ||
| COMMAND rm -f provider.ldap.* | ||
|
|
||
| TAG init | ||
| COMMAND tf-init | ||
|
|
||
| TAG start | ||
| #POLICY | ||
| ALL | ||
|
|
||
| TAG state-link | ||
| COMMAND tf-directory-setup.py -l s3 |
Oops, something went wrong.