diff options
| author |   pmikus <pmikus@cisco.com> | 2021-05-18 13:30:08 +0000 |
|---|---|---|
| committer | Peter Mikus <pmikus@cisco.com> | 2021-08-09 11:51:31 +0000 |
| commit | 73440ab332c51eb11405767d320bc496d9ebdbe7 (patch) | |
| tree | 003e06b7ab75c311009516a9872e77fdb00e47a8 /fdio.infra.terraform/1n_nmd/aws | |
| parent | bbfe9b5ba82a3998687909a833c2646bccbb6aa6 (diff) | |
Infra: Vault
Signed-off-by: pmikus <pmikus@cisco.com>
Change-Id: Ia6e728f98d20144c3771405b32933a77fe15b19b
Diffstat (limited to 'fdio.infra.terraform/1n_nmd/aws')
| -rw-r--r-- | fdio.infra.terraform/1n_nmd/aws/main.tf | 37 | ||||
| -rw-r--r-- | fdio.infra.terraform/1n_nmd/aws/providers.tf | 14 | ||||
| -rw-r--r-- | fdio.infra.terraform/1n_nmd/aws/variables.tf | 9 |
3 files changed, 60 insertions, 0 deletions
diff --git a/fdio.infra.terraform/1n_nmd/aws/main.tf b/fdio.infra.terraform/1n_nmd/aws/main.tf new file mode 100644 index 0000000000..6768203441 --- /dev/null +++ b/fdio.infra.terraform/1n_nmd/aws/main.tf @@ -0,0 +1,37 @@ +resource "vault_aws_secret_backend" "aws" { + access_key = var.aws_access_key + secret_key = var.aws_secret_key + path = "${var.name}-path" + + default_lease_ttl_seconds = "120" + max_lease_ttl_seconds = "240" +} + +resource "vault_aws_secret_backend_role" "admin" { + backend = vault_aws_secret_backend.aws.path + name = "${var.name}-role" + credential_type = "iam_user" + + policy_document = <<EOF +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "iam:*", "ec2:*" + ], + "Resource": "*" + } + ] +} +EOF +} + +output "backend" { + value = vault_aws_secret_backend.aws.path +} + +output "role" { + value = vault_aws_secret_backend_role.admin.name +}
\ No newline at end of file diff --git a/fdio.infra.terraform/1n_nmd/aws/providers.tf b/fdio.infra.terraform/1n_nmd/aws/providers.tf new file mode 100644 index 0000000000..49922fd78f --- /dev/null +++ b/fdio.infra.terraform/1n_nmd/aws/providers.tf @@ -0,0 +1,14 @@ +terraform { + required_providers { + vault = { + version = ">=2.22.1" + } + } + required_version = ">= 1.0.3" +} + +provider "vault" { + address = "http://10.30.51.28:8200" + skip_tls_verify = true + token = "s.4z5PsufFwV3sHbCzK9Y2Cojd" +}
\ No newline at end of file diff --git a/fdio.infra.terraform/1n_nmd/aws/variables.tf b/fdio.infra.terraform/1n_nmd/aws/variables.tf new file mode 100644 index 0000000000..11c3535266 --- /dev/null +++ b/fdio.infra.terraform/1n_nmd/aws/variables.tf @@ -0,0 +1,9 @@ +variable "aws_access_key" { +} + +variable "aws_secret_key" { +} + +variable "name" { + default = "dynamic-aws-creds-vault-admin" +}
\ No newline at end of file |