aboutsummaryrefslogtreecommitdiffstats
path: root/fdio.infra.terraform/terraform-vault-aws-secret-backend
diff options
context:
space:
mode:
Diffstat (limited to 'fdio.infra.terraform/terraform-vault-aws-secret-backend')
-rw-r--r--fdio.infra.terraform/terraform-vault-aws-secret-backend/fdio/main.tf23
-rw-r--r--fdio.infra.terraform/terraform-vault-aws-secret-backend/fdio/providers.tf5
-rw-r--r--fdio.infra.terraform/terraform-vault-aws-secret-backend/fdio/variables.tf29
-rw-r--r--fdio.infra.terraform/terraform-vault-aws-secret-backend/fdio/versions.tf13
-rw-r--r--fdio.infra.terraform/terraform-vault-aws-secret-backend/main.tf28
-rw-r--r--fdio.infra.terraform/terraform-vault-aws-secret-backend/variables.tf5
6 files changed, 11 insertions, 92 deletions
diff --git a/fdio.infra.terraform/terraform-vault-aws-secret-backend/fdio/main.tf b/fdio.infra.terraform/terraform-vault-aws-secret-backend/fdio/main.tf
deleted file mode 100644
index 08c3ca8b73..0000000000
--- a/fdio.infra.terraform/terraform-vault-aws-secret-backend/fdio/main.tf
+++ /dev/null
@@ -1,23 +0,0 @@
-module "fdio-logs" {
- # fdio logs iam
- source = "../"
- name = "dynamic-aws-creds-vault-fdio-logs"
- aws_access_key = var.aws_access_key
- aws_secret_key = var.aws_secret_key
-}
-
-module "fdio-docs" {
- # fdio docs iam
- source = "../"
- name = "dynamic-aws-creds-vault-fdio-docs"
- aws_access_key = var.aws_access_key
- aws_secret_key = var.aws_secret_key
-}
-
-module "fdio-csit-jenkins" {
- # fdio csit jenkins iam
- source = "../"
- name = "dynamic-aws-creds-vault-fdio-csit-jenkins"
- aws_access_key = var.aws_access_key
- aws_secret_key = var.aws_secret_key
-}
diff --git a/fdio.infra.terraform/terraform-vault-aws-secret-backend/fdio/providers.tf b/fdio.infra.terraform/terraform-vault-aws-secret-backend/fdio/providers.tf
deleted file mode 100644
index 102fd31b87..0000000000
--- a/fdio.infra.terraform/terraform-vault-aws-secret-backend/fdio/providers.tf
+++ /dev/null
@@ -1,5 +0,0 @@
-provider "vault" {
- address = var.vault_provider_address
- skip_tls_verify = var.vault_provider_skip_tls_verify
- token = var.vault_provider_token
-} \ No newline at end of file
diff --git a/fdio.infra.terraform/terraform-vault-aws-secret-backend/fdio/variables.tf b/fdio.infra.terraform/terraform-vault-aws-secret-backend/fdio/variables.tf
deleted file mode 100644
index b1f64eccf2..0000000000
--- a/fdio.infra.terraform/terraform-vault-aws-secret-backend/fdio/variables.tf
+++ /dev/null
@@ -1,29 +0,0 @@
-variable "vault_provider_address" {
- description = "Vault cluster address."
- type = string
- default = "http://10.30.51.26:8200"
-}
-
-variable "vault_provider_skip_tls_verify" {
- description = "Verification of the Vault server's TLS certificate."
- type = bool
- default = false
-}
-
-variable "vault_provider_token" {
- description = "Vault root token."
- type = string
- sensitive = true
-}
-
-variable "aws_access_key" {
- description = "AWS access key"
- type = string
- sensitive = true
-}
-
-variable "aws_secret_key" {
- description = "AWS secret key"
- type = string
- sensitive = true
-} \ No newline at end of file
diff --git a/fdio.infra.terraform/terraform-vault-aws-secret-backend/fdio/versions.tf b/fdio.infra.terraform/terraform-vault-aws-secret-backend/fdio/versions.tf
deleted file mode 100644
index c573731d65..0000000000
--- a/fdio.infra.terraform/terraform-vault-aws-secret-backend/fdio/versions.tf
+++ /dev/null
@@ -1,13 +0,0 @@
-terraform {
- backend "consul" {
- address = "10.30.51.26:8500"
- scheme = "http"
- path = "terraform/aws-secret-backend"
- }
- required_providers {
- vault = {
- version = "4.3.0"
- }
- }
- required_version = ">= 1.5.4"
-}
diff --git a/fdio.infra.terraform/terraform-vault-aws-secret-backend/main.tf b/fdio.infra.terraform/terraform-vault-aws-secret-backend/main.tf
index 814121986f..6a2d42e681 100644
--- a/fdio.infra.terraform/terraform-vault-aws-secret-backend/main.tf
+++ b/fdio.infra.terraform/terraform-vault-aws-secret-backend/main.tf
@@ -1,4 +1,4 @@
-resource "vault_aws_secret_backend" "aws" {
+resource "vault_aws_secret_backend" "aws_secret_backend" {
access_key = var.aws_access_key
secret_key = var.aws_secret_key
path = "${var.name}-path"
@@ -7,34 +7,18 @@ resource "vault_aws_secret_backend" "aws" {
max_lease_ttl_seconds = "0"
}
-resource "vault_aws_secret_backend_role" "admin" {
- backend = vault_aws_secret_backend.aws.path
+resource "vault_aws_secret_backend_role" "aws_secret_backend_role" {
+ backend = vault_aws_secret_backend.aws_secret_backend.path
name = "${var.name}-role"
credential_type = "iam_user"
- policy_document = <<EOF
-{
- "Version": "2012-10-17",
- "Statement": [
- {
- "Effect": "Allow",
- "Action": [
- "iam:*",
- "ec2:*",
- "s3:*",
- "elasticbeanstalk:*"
- ],
- "Resource": "*"
- }
- ]
-}
-EOF
+ policy_document = var.policy_document
}
output "backend" {
- value = vault_aws_secret_backend.aws.path
+ value = vault_aws_secret_backend.aws_secret_backend.path
}
output "role" {
- value = vault_aws_secret_backend_role.admin.name
+ value = vault_aws_secret_backend_role.aws_secret_backend_role.name
}
diff --git a/fdio.infra.terraform/terraform-vault-aws-secret-backend/variables.tf b/fdio.infra.terraform/terraform-vault-aws-secret-backend/variables.tf
index 2545345185..d7a2f4a987 100644
--- a/fdio.infra.terraform/terraform-vault-aws-secret-backend/variables.tf
+++ b/fdio.infra.terraform/terraform-vault-aws-secret-backend/variables.tf
@@ -15,3 +15,8 @@ variable "name" {
description = "Vault path"
type = string
}
+
+variable "policy_document" {
+ description = "AWS policy document"
+ type = string
+}