fix changes to cloudtrail, config

terraform-modules · Jul 15, 2022 · c729c46 · c729c46
1 parent 081da34
commit c729c46
Show file tree

Hide file tree

Showing 7 changed files with 15 additions and 12 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -212,3 +212,6 @@
     - config
     - configrules
     - description
+
+* 2.2.1 -- 2022-07-15
+  - fix updates to cloudtrail, config
diff --git a/cloudtrail/generate_splunk.cloudtrail.tf b/cloudtrail/generate_splunk.cloudtrail.tf
@@ -20,11 +20,11 @@ data "template_file" "splunk_cloudtrail" {
 # }
 
 resource "null_resource" "splunk_cloudtrail" {
+  count = var.enable_sqs ? 1 : 0
   triggers = {
     filename  = format("inputs.%v.%v-%v.%v.conf", local.splunk_name, local.account_id, local.account_alias, local.region)
     directory = format("%v/setup", path.root)
   }
-  count = var.enable_sqs ? 1 : 0
 
   provisioner "local-exec" {
     command = "test -d ${self.triggers.directory} || mkdir ${self.triggers.directory}"
@@ -41,5 +41,5 @@ resource "local_file" "splunk_cloudtrail" {
 
   content         = data.template_file.splunk_cloudtrail.rendered
   file_permission = "0644"
-  filename        = format("%v/%v", null_resource.splunk_cloudtrail.triggers.directory, null_resource.splunk_cloudtrail.triggers.filename)
+  filename        = var.enable_sqs ? format("%v/%v", null_resource.splunk_cloudtrail[0].triggers.directory, null_resource.splunk_cloudtrail[0].triggers.filename) : null
 }
diff --git a/common/version.tf b/common/version.tf
@@ -1,3 +1,3 @@
 locals {
-  _module_version = "2.2.0"
+  _module_version = "2.2.1"
 }
diff --git a/config/generate_splunk.config.tf b/config/generate_splunk.config.tf
@@ -7,7 +7,7 @@ data "template_file" "splunk_config" {
     account_id    = local.account_id
     account_alias = local.account_alias
     #    entry_uuid    = random_uuid.splunk_config.result
-    region    = local.config_region
+    region    = local.region
     queue_url = aws_sqs_queue.config.id
   }
 }
@@ -24,7 +24,7 @@ data "template_file" "splunk_config" {
 #   }
 #   provisioner "local-exec" {
 #     working_dir = "setup"
-#     command     = "echo '${data.template_file.splunk_config.rendered}' > inputs.config.${local.account_id}.${local.config_region}.conf"
+#     command     = "echo '${data.template_file.splunk_config.rendered}' > inputs.config.${local.account_id}.${local.region}.conf"
 #   }
 # }
 

diff --git a/config/generate_splunk.config_rules.tf b/config/generate_splunk.config_rules.tf
@@ -7,7 +7,7 @@ data "template_file" "splunk_configrules" {
     account_id    = local.account_id
     account_alias = local.account_alias
     #    entry_uuid    = random_uuid.splunk_configrules.result
-    region = local.config_region
+    region = local.region
   }
 }
 
@@ -23,7 +23,7 @@ data "template_file" "splunk_configrules" {
 #   }
 #   provisioner "local-exec" {
 #     working_dir = "setup"
-#     command     = "echo '${data.template_file.splunk_configrules.rendered}' > aws_config_rules_tasks.${local.account_id}.${local.config_region}.conf"
+#     command     = "echo '${data.template_file.splunk_configrules.rendered}' > aws_config_rules_tasks.${local.account_id}.${local.region}.conf"
 #   }
 # }
 

diff --git a/config/main.tf b/config/main.tf
@@ -28,14 +28,14 @@
 
 locals {
   account_id          = var.account_id != "" ? var.account_id : data.aws_caller_identity.current.account_id
-  config_region       = data.aws_region.current.name
+  region              = data.aws_region.current.name
   account_environment = data.aws_arn.current.partition == "aws-us-gov" ? "gov" : "ew"
   # remap do2 to do1 for govcloud (undo this later when accounts are renamed in splunk)
   account_alias = replace(var.account_alias, "do2", "do1")
 
   # inf-config-{region}
-  name        = var.name != "" ? var.name : format("%v-%v", lookup(local._defaults["config"], "name"), local.config_region)
-  bucket_name = format("%v-%v-%v", lookup(local._defaults["config"], "name"), local.account_id, local.config_region)
+  name        = var.name != "" ? var.name : format("%v-%v", lookup(local._defaults["config"], "name"), local.region)
+  bucket_name = format("%v-%v-%v", lookup(local._defaults["config"], "name"), local.account_id, local.region)
   role_name   = format("%v%v", local._prefixes["role"], local.name)
   policy_name = format("%v%v", local._prefixes["policy"], local.name)
 

diff --git a/config/role.tf b/config/role.tf
@@ -20,7 +20,7 @@ resource "aws_iam_role" "config" {
   name = local.role_name
 
   assume_role_policy    = data.aws_iam_policy_document.config_assume.json
-  description           = "AWS Config Role for ${local.config_region}"
+  description           = "AWS Config Role for ${local.region}"
   force_detach_policies = false
   max_session_duration  = 3600
   path                  = "/service-role/"
@@ -57,7 +57,7 @@ data "aws_iam_policy_document" "config_assume" {
 resource "aws_iam_policy" "config" {
   name        = local.policy_name
   path        = "/service-role/"
-  description = "Policy for AWS Config for ${local.config_region}"
+  description = "Policy for AWS Config for ${local.region}"
   policy      = data.aws_iam_policy_document.config.json
 }