From 65b288f59afd96fa611df7771a9ff4a338c44c23 Mon Sep 17 00:00:00 2001 From: badra001 Date: Mon, 29 Mar 2021 12:35:40 -0400 Subject: [PATCH] v1.8.0: add feature iam-account-settings --- CHANGELOG.md | 3 ++ common/version.tf | 2 +- iam-account-setings/data.tf | 1 + iam-account-setings/defaults.tf | 1 + iam-account-setings/main.tf | 46 +++++++++++++++++++++++++ iam-account-setings/outputs.tf | 4 +++ iam-account-setings/prefixes.tf | 1 + iam-account-setings/variables.common.tf | 1 + iam-account-setings/variables.tf | 5 +++ iam-account-setings/version.tf | 1 + 10 files changed, 64 insertions(+), 1 deletion(-) create mode 120000 iam-account-setings/data.tf create mode 120000 iam-account-setings/defaults.tf create mode 100644 iam-account-setings/main.tf create mode 100644 iam-account-setings/outputs.tf create mode 120000 iam-account-setings/prefixes.tf create mode 120000 iam-account-setings/variables.common.tf create mode 100644 iam-account-setings/variables.tf create mode 120000 iam-account-setings/version.tf diff --git a/CHANGELOG.md b/CHANGELOG.md index 01fe6fb..7973725 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -52,3 +52,6 @@ - ses-domain - add code to enable mail_from - change `ses_enable_production` to `enable_production` + +* v1.8.0 -- 20210329 + - iam-account-settings created diff --git a/common/version.tf b/common/version.tf index 7226ec0..c36b41b 100644 --- a/common/version.tf +++ b/common/version.tf @@ -1,3 +1,3 @@ locals { - _module_version = "1.7.5" + _module_version = "1.8.0" } diff --git a/iam-account-setings/data.tf b/iam-account-setings/data.tf new file mode 120000 index 0000000..995624d --- /dev/null +++ b/iam-account-setings/data.tf @@ -0,0 +1 @@ +../common/data.tf \ No newline at end of file diff --git a/iam-account-setings/defaults.tf b/iam-account-setings/defaults.tf new file mode 120000 index 0000000..a5556ac --- /dev/null +++ b/iam-account-setings/defaults.tf @@ -0,0 +1 @@ +../common/defaults.tf \ No newline at end of file diff --git a/iam-account-setings/main.tf b/iam-account-setings/main.tf new file mode 100644 index 0000000..c11f6a4 --- /dev/null +++ b/iam-account-setings/main.tf @@ -0,0 +1,46 @@ +/* +* # aws-inf-setup :: iam-account-settings +* +* # Usage +* Here is a simple example, the one most commonly expected to be used. +* +* ```hcl +* module "settings" { +* source = "git@github.e.it.census.gov:terraform-modules/aws-inf-setup.git//iam-account-settings" +* +* account_alias = "ma5-gov" +* account_usage = "GovCloud Management Account" +* } +* ``` +*/ + +locals { + account_id = var.account_id != "" ? var.account_id : data.aws_caller_identity.current.account_id + account_environment = data.aws_arn.current.partition == "aws-us-gov" ? "gov" : "ew" + console_url_selector = local.account_environment == "gov" ? "-us-gov" : "" + console_url = format("https://%v.signin.amazonaws%v.com/console", var.account_alias, local.console_url_selector) + + base_tags = { + "boc:tf_module_version" = local._module_version + "boc:created_by" = "terraform" + } +} + +#--- +# IAM account specific configurations +#--- +resource "aws_iam_account_alias" "alias" { + account_alias = var.account_alias +} + +resource "aws_iam_account_password_policy" "account_settings" { + allow_users_to_change_password = true + hard_expiry = false + max_password_age = 89 + minimum_password_length = 14 + password_reuse_prevention = 24 + require_lowercase_characters = true + require_numbers = true + require_symbols = true + require_uppercase_characters = true +} diff --git a/iam-account-setings/outputs.tf b/iam-account-setings/outputs.tf new file mode 100644 index 0000000..71caeb3 --- /dev/null +++ b/iam-account-setings/outputs.tf @@ -0,0 +1,4 @@ +output "console_url" { + description = "AWS Console URL" + value = local.console_url +} diff --git a/iam-account-setings/prefixes.tf b/iam-account-setings/prefixes.tf new file mode 120000 index 0000000..7e265d5 --- /dev/null +++ b/iam-account-setings/prefixes.tf @@ -0,0 +1 @@ +../common/prefixes.tf \ No newline at end of file diff --git a/iam-account-setings/variables.common.tf b/iam-account-setings/variables.common.tf new file mode 120000 index 0000000..7439ed8 --- /dev/null +++ b/iam-account-setings/variables.common.tf @@ -0,0 +1 @@ +../common/variables.common.tf \ No newline at end of file diff --git a/iam-account-setings/variables.tf b/iam-account-setings/variables.tf new file mode 100644 index 0000000..1d1338b --- /dev/null +++ b/iam-account-setings/variables.tf @@ -0,0 +1,5 @@ +variable "account_usage" { + description = "AWS Account Usage (what we are using it for)" + type = string + default = "" +} diff --git a/iam-account-setings/version.tf b/iam-account-setings/version.tf new file mode 120000 index 0000000..b83c5b7 --- /dev/null +++ b/iam-account-setings/version.tf @@ -0,0 +1 @@ +../common/version.tf \ No newline at end of file