diff options
Diffstat (limited to 'fdio.infra.terraform/terraform-vault-fdio-creds')
4 files changed, 133 insertions, 0 deletions
diff --git a/fdio.infra.terraform/terraform-vault-fdio-creds/main.tf b/fdio.infra.terraform/terraform-vault-fdio-creds/main.tf new file mode 100644 index 0000000000..4469bb131c --- /dev/null +++ b/fdio.infra.terraform/terraform-vault-fdio-creds/main.tf @@ -0,0 +1,86 @@ +module "fdio-logs" { + # fdio logs iam + source = "../terraform-vault-aws-secret-backend" + name = "dynamic-aws-creds-vault-fdio-logs" + aws_access_key = var.aws_access_key + aws_secret_key = var.aws_secret_key + policy_document = jsonencode({ + Statement = [ + { + Action = [ + "iam:*", + "ec2:*", + "s3:*", + "elasticbeanstalk:*", + "ssm:*", + "cloudformation:*", + "logs:*", + "elasticloadbalancing:*", + "autoscaling:*", + "cloudwatch:*" + ] + Effect = "Allow" + Resource = "*" + }, + ] + Version = "2012-10-17" + }) +} + +module "csit-cdash" { + # csit cdash iam + source = "../terraform-vault-aws-secret-backend" + name = "dynamic-aws-creds-vault-cdash" + aws_access_key = var.aws_access_key + aws_secret_key = var.aws_secret_key + policy_document = jsonencode({ + Statement = [ + { + Action = [ + "iam:*", + "ec2:*", + "s3:*", + "elasticbeanstalk:*", + "ssm:*", + "cloudformation:*", + "logs:*", + "elasticloadbalancing:*", + "autoscaling:*", + "cloudwatch:*" + ] + Effect = "Allow" + Resource = "*" + }, + ] + Version = "2012-10-17" + }) +} + +module "fdio-csit-jenkins" { + # fdio csit jenkins iam + source = "../terraform-vault-aws-secret-backend" + name = "dynamic-aws-creds-vault-fdio-csit-jenkins" + aws_access_key = var.aws_access_key + aws_secret_key = var.aws_secret_key + policy_document = jsonencode({ + Statement = [ + { + Action = [ + "iam:*", + "ec2:*", + "s3:*", + "elasticbeanstalk:*", + "ssm:*", + "cloudformation:*", + "logs:*", + "elasticloadbalancing:*", + "autoscaling:*", + "cloudwatch:*" + ] + Effect = "Allow" + Resource = "*" + }, + ] + Version = "2012-10-17" + }) +} diff --git a/fdio.infra.terraform/terraform-vault-fdio-creds/providers.tf b/fdio.infra.terraform/terraform-vault-fdio-creds/providers.tf new file mode 100644 index 0000000000..102fd31b87 --- /dev/null +++ b/fdio.infra.terraform/terraform-vault-fdio-creds/providers.tf @@ -0,0 +1,5 @@ +provider "vault" { + address = var.vault_provider_address + skip_tls_verify = var.vault_provider_skip_tls_verify + token = var.vault_provider_token +}
\ No newline at end of file diff --git a/fdio.infra.terraform/terraform-vault-fdio-creds/variables.tf b/fdio.infra.terraform/terraform-vault-fdio-creds/variables.tf new file mode 100644 index 0000000000..b1f64eccf2 --- /dev/null +++ b/fdio.infra.terraform/terraform-vault-fdio-creds/variables.tf @@ -0,0 +1,29 @@ +variable "vault_provider_address" { + description = "Vault cluster address." + type = string + default = "http://10.30.51.26:8200" +} + +variable "vault_provider_skip_tls_verify" { + description = "Verification of the Vault server's TLS certificate." + type = bool + default = false +} + +variable "vault_provider_token" { + description = "Vault root token." + type = string + sensitive = true +} + +variable "aws_access_key" { + description = "AWS access key" + type = string + sensitive = true +} + +variable "aws_secret_key" { + description = "AWS secret key" + type = string + sensitive = true +}
\ No newline at end of file diff --git a/fdio.infra.terraform/terraform-vault-fdio-creds/versions.tf b/fdio.infra.terraform/terraform-vault-fdio-creds/versions.tf new file mode 100644 index 0000000000..c573731d65 --- /dev/null +++ b/fdio.infra.terraform/terraform-vault-fdio-creds/versions.tf @@ -0,0 +1,13 @@ +terraform { + backend "consul" { + address = "10.30.51.26:8500" + scheme = "http" + path = "terraform/aws-secret-backend" + } + required_providers { + vault = { + version = "4.3.0" + } + } + required_version = ">= 1.5.4" +} |