mark unfinished

iam-cloud-admin/README.md → iam-cloud-admin.unfinished/README.md

@@ -50,7 +50,9 @@ No requirements.
 
 ## Modules
 
-No Modules.
+| Name | Source | Version |
+|------|--------|---------|
+| test-role | git@github.e.it.census.gov:terraform-modules/aws-iam-role.git |  |
 
 ## Resources
 
@@ -62,9 +64,6 @@ No Modules.
 | [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) |
 | [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) |
 | [aws_region](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) |
-| [aws_s3_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) |
-| [aws_s3_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) |
-| [aws_s3_bucket_public_access_block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) |
 
 ## Inputs
 

iam-cloud-admin/main.tf → iam-cloud-admin.unfinished/main.tf

@@ -54,57 +54,22 @@ locals {
   }
 }
 
-#---
-# s3
-#---
-resource "aws_s3_bucket" "flowlogs" {
-  bucket = local.bucket_name
-  acl    = "log-delivery-write"
+module "test-role" {
+  source = "git@github.e.it.census.gov:terraform-modules/aws-iam-role.git"
 
-  # need to create the inf_ key used for infrastucture things like
-  # vpc flow, cloudtrail, config, sns, sqs
+  role_name              = "test-role"
+  saml_provider_arn      = data.terraform_remote_state.common.outputs.inf_saml_provider
+  enable_ldap_creation   = true
+  assume_policy_document = data.terraform_remote_state.common.outputs.inf_saml_assume_policy_document
+  #  attached_policies          = ["arn1", "arn2"]
+  ldap_user     = var.edir_ldap_user
+  ldap_password = var.edir_ldap_password
 
-  server_side_encryption_configuration {
-    rule {
-      apply_server_side_encryption_by_default {
-        #        kms_master_key_id = local.inf_key_arn
-        sse_algorithm = "aws:kms"
-      }
-    }
-  }
-
-  versioning {
-    enabled = false
-  }
-
-  lifecycle {
-    prevent_destroy = true
-  }
-
-  # probably want some migration of old data to some other location
-  # like glacier
-
-  tags = merge(
-    var.tags,
-    local.base_tags,
-    lookup(var.component_tags, "s3", {}),
-    map("Name", local.bucket_name),
-  )
-
-  provisioner "local-exec" {
-    command = "sleep 30"
-  }
-}
-
-resource "aws_s3_bucket_public_access_block" "flowlogs" {
-  bucket                  = aws_s3_bucket.flowlogs.id
-  block_public_acls       = true
-  block_public_policy     = true
-  ignore_public_acls      = true
-  restrict_public_buckets = true
-}
-
-resource "aws_s3_bucket_policy" "flowlogs" {
-  bucket = aws_s3_bucket.flowlogs.id
-  policy = data.aws_iam_policy_document.flowlogs_s3.json
+  #  # optional
+  #  ec2_role_name         = "my-role-other"
+  #  enable_instance_role  = false
+  #  ec2_assume_policy_document = "X"
+  #  ec2_attached_policies = []
+  #  ldap_host             = "ldap.e.tco.census.gov"
+  #  ldap_port             = 389
 }