From c1aeee92d8eebf55310c345ad903d15473cc4e5d Mon Sep 17 00:00:00 2001 From: badra001 Date: Thu, 8 Apr 2021 12:40:38 -0400 Subject: [PATCH] update docs --- vpc-remove-defaults/README.md | 24 ++++++++----- vpc-remove-defaults/main.tf | 61 ++++++++++++++------------------ vpc-remove-defaults/variables.tf | 10 +++--- 3 files changed, 48 insertions(+), 47 deletions(-) diff --git a/vpc-remove-defaults/README.md b/vpc-remove-defaults/README.md index f1f77ab..761ee38 100644 --- a/vpc-remove-defaults/README.md +++ b/vpc-remove-defaults/README.md @@ -9,9 +9,7 @@ module "vpc_defaults" { account_alias = "ma5-gov" ## optional - # enable_delete = true # enable_igw_check = true - # region = "us-gov-west-1" # profile = "myprofile" } @@ -32,17 +30,29 @@ On a new account, a number of default things are set up: These can be somewhat managed by Terraform, but destroying the resources does not remove them. This module generates a script which uses the `aws` CLI to remove all the resources. It is in -`setup/delete-defaults.sh`. Run it like this for dry-run: +`setup/delete-defaults.sh`. It is run like so: ```console % setup/delete-defaults.sh ``` - To execute it not in dry-run mode, pass any argument: +To execute it not in dry-run mode, pass any argument: ```console -% setup/delete-defaults.sh 1 +% setup/delete-defaults.sh true +``` + +To remove all the defaults, which is what we are required to do, you need a few steps: +1. plan +1. apply +1. destroy +1. run script + +```shell +tf-plan -target=module.vpc_defaults +tf-apply -target=module.vpc_defaults +tf-destory -target=module.vpc_defaults +setup/delete-defaults.sh true |& tee setup/delete-defaults.sh.log ``` -If the module is set with `enable_delete` set to true, this will be run automatically. ## Requirements @@ -69,7 +79,6 @@ No modules. | [aws_default_subnet.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_subnet) | resource | | [aws_default_vpc.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_vpc) | resource | | [aws_default_vpc_dhcp_options.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_vpc_dhcp_options) | resource | -| [null_resource.execute_script](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | | [null_resource.script](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source | | [aws_availability_zones.zones](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | @@ -83,7 +92,6 @@ No modules. |------|-------------|------|---------|:--------:| | [account\_alias](#input\_account\_alias) | AWS Account Alias | `string` | `""` | no | | [account\_id](#input\_account\_id) | AWS Account ID (default will pull from current user) | `string` | `""` | no | -| [enable\_delete](#input\_enable\_delete) | Execute delete-defaults.sh script at the end of apply | `bool` | `false` | no | | [enable\_igw\_check](#input\_enable\_igw\_check) | Enable check of Internet Gateway (IGW) as part of default detection | `bool` | `true` | no | | [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component (efs, s3, ebs, kms, role, policy, security-group). This should be used primarily for common infrastructure things | `map(string)` | `{}` | no | | [profile](#input\_profile) | AWS Config profile (required for calling the aws cli; assumed to be {account\_id}-{account\_alias}) | `string` | `""` | no | diff --git a/vpc-remove-defaults/main.tf b/vpc-remove-defaults/main.tf index 5aafac7..265b54a 100644 --- a/vpc-remove-defaults/main.tf +++ b/vpc-remove-defaults/main.tf @@ -10,9 +10,7 @@ * account_alias = "ma5-gov" * * ## optional -* # enable_delete = true * # enable_igw_check = true -* * # region = "us-gov-west-1" * # profile = "myprofile" * } @@ -33,17 +31,29 @@ * * These can be somewhat managed by Terraform, but destroying the resources does not remove them. * This module generates a script which uses the `aws` CLI to remove all the resources. It is in -* `setup/delete-defaults.sh`. Run it like this for dry-run: +* `setup/delete-defaults.sh`. It is run like so: * * ```console * % setup/delete-defaults.sh * ``` * -* To execute it not in dry-run mode, pass any argument: +* To execute it not in dry-run mode, pass any argument: * ```console -* % setup/delete-defaults.sh 1 +* % setup/delete-defaults.sh true +* ``` +* +* To remove all the defaults, which is what we are required to do, you need a few steps: +* 1. plan +* 1. apply +* 1. destroy +* 1. run script +* +* ```shell +* tf-plan -target=module.vpc_defaults +* tf-apply -target=module.vpc_defaults +* tf-destory -target=module.vpc_defaults +* setup/delete-defaults.sh true |& tee setup/delete-defaults.sh.log * ``` -* If the module is set with `enable_delete` set to true, this will be run automatically. */ locals { @@ -76,8 +86,7 @@ locals { route_table = aws_default_route_table.default.id vpc_dhcp_options = aws_default_vpc_dhcp_options.default.id vpc = aws_default_vpc.default.id - # igw = var.enable_igw_check ? concat(data.aws_internet_gateway.default[*].id, list(""))[0] : "" - igw = join("", data.aws_internet_gateway.default[*].id) + igw = join("", data.aws_internet_gateway.default[*].id) }) } @@ -169,21 +178,6 @@ data "aws_internet_gateway" "default" { } } -# import this, then remove it -# resource "aws_internet_gateway" "default" { -# vpc_id = local.vpc_id -# } - -# resource "null_resource" "default_igw" { -# count = local.enable_defaults -# triggers = { -# igw_id = data.aws_internet_gateway.default.id -# } -# # provisioner "local-exec" { -# # command = "echo 'remove internet-gateway id ${data.aws_internet_gateway.default.id}'" -# # } -# } - resource "null_resource" "script" { triggers = {} @@ -198,15 +192,15 @@ resource "null_resource" "script" { } } -resource "null_resource" "execute_script" { - count = var.enable_delete ? 1 : 0 - triggers = { - script_created = null_resource.script.id - } - provisioner "local-exec" { - command = "./${local.defaults_script} delete |& tee -a ${local.defaults_script}.log" - } -} +# resource "null_resource" "execute_script" { +# count = var.enable_delete ? 1 : 0 +# triggers = { +# script_created = null_resource.script.id +# } +# provisioner "local-exec" { +# command = "./${local.defaults_script} delete |& tee -a ${local.defaults_script}.log" +# } +# } output "defaults" { description = "AWS VPC Defaults" @@ -217,7 +211,6 @@ output "defaults" { "route_table" = aws_default_route_table.default.id "vpc_dhcp_options" = aws_default_vpc_dhcp_options.default.id "vpc" = aws_default_vpc.default.id - # "igw" = var.enable_igw_check ? concat(data.aws_internet_gateway.default[*].id, list(""))[0] : "" - "igw" = join("", data.aws_internet_gateway.default[*].id) + "igw" = join("", data.aws_internet_gateway.default[*].id) } } diff --git a/vpc-remove-defaults/variables.tf b/vpc-remove-defaults/variables.tf index 02bfe33..5250d03 100644 --- a/vpc-remove-defaults/variables.tf +++ b/vpc-remove-defaults/variables.tf @@ -1,8 +1,8 @@ -variable "enable_delete" { - description = "Execute delete-defaults.sh script at the end of apply" - type = bool - default = false -} +# variable "enable_delete" { +# description = "Execute delete-defaults.sh script at the end of apply" +# type = bool +# default = false +# } variable "enable_igw_check" { description = "Enable check of Internet Gateway (IGW) as part of default detection"