Merge pull request MitocGroup#141 from TerraHubCorp/dev

Added tfvars and tfimport files into codebase, as well as refactored code for faster execution

.gitignore

@@ -20,8 +20,8 @@ package-lock.json
 # .tfplan files
 *.tfplan*
 
-# .tfvars files
-*.tfvars
-
 # .tfimport files
 *.tfimport
+
+# .tfvars files
+*.tfvars

.terrahub.yml

@@ -11,7 +11,7 @@ project:
 terraform:
   varFile:
     - default.tfvars
-  version: 0.12.12
+  version: 0.12.13
 template:
   provider:
     - aws:

README.md

@@ -35,7 +35,7 @@ To get started, simply include `main.tf` into your terraform codebase:
 ```hcl
 module "landing_zone" {
   source    = "TerraHubCorp/landing-zone/aws"
-  version   = "0.1.10"
+  version   = "0.1.11"
   root_path = path.module
   landing_zone_providers  = var.landing_zone_providers
   landing_zone_components = var.landing_zone_components
@@ -54,7 +54,7 @@ landing_zone_providers = {
   [...]
 }
 landing_zone_components = {
-  landing_zone_vpc = "s3://terraform-aws-landing-zone/mycompany/landing_zone_vpc/default.tfvars"
+  landing_zone_vpc = "s3://terraform-aws-landing-zone/components/landing_zone_vpc/default.tfvars"
   [...]
 }
 terraform_backend = {
@@ -95,6 +95,10 @@ After `landing_zone_reader_config` module configures everything, second step is
 ```hcl
 module "landing_zone_reader" {
   source = "./modules/landing_zone_reader"
+  terraform_backend_type   = "local"
+  terraform_backend_config = {
+    path = "/tmp/.terrahub/landing_zone/terrahub_load_outputs/terraform.tfstate"
+  }
 }
 ```
 

bin/s3_sync_down.sh

@@ -5,5 +5,5 @@ S3_PATH="s3://terraform-aws-landing-zone"
 LOCAL_PATH="$( cd "$( dirname "${BASH_SOURCE[0]}" )/../" >/dev/null 2>&1 && pwd )"
 
 for i in "${FOLDERS[@]}"; do
-  aws s3 sync --exclude "*" --include "*.tfvars" --include "*.tfimport" --include "*.xml" --content-type "text/plain" $S3_PATH/$i/ $LOCAL_PATH/$i/
+  aws s3 sync --exclude "*" --include "*.tfvars" --include "*.tfimport" --include "*.xml" --content-type "text/plain" ${S3_PATH}/${i}/ ${LOCAL_PATH}/${i}/
 done

bin/s3_sync_up.sh

@@ -5,5 +5,5 @@ S3_PATH="s3://terraform-aws-landing-zone"
 LOCAL_PATH="$( cd "$( dirname "${BASH_SOURCE[0]}" )/../" >/dev/null 2>&1 && pwd )"
 
 for i in "${FOLDERS[@]}"; do
-  aws s3 sync --exclude "*" --include "*.tfvars" --include "*.tfimport" --include "*.xml" --content-type "text/plain" $LOCAL_PATH/$i/ $S3_PATH/$i/
+  aws s3 sync --exclude "*" --include "*.tfvars" --include "*.tfimport" --include "*.xml" --content-type "text/plain" ${LOCAL_PATH}/${i}/ ${S3_PATH}/${i}/
 done

bin/tf_import.sh

@@ -1,90 +1,49 @@
 #!/usr/bin/env bash
 
-LOCAL_PATH="$( cd "$( dirname "${BASH_SOURCE[0]}" )/../components/" >/dev/null 2>&1 && pwd )"
-
-#############################
-# landing_zone_organization #
-#############################
-terrahub import --batch ${LOCAL_PATH}/landing_zone_organization/default.tfimport \
-  --include landing_zone_organization
-
-######################################
-# landing_zone_organization_accounts #
-######################################
-terrahub import --batch ${LOCAL_PATH}/landing_zone_organization_accounts/default.tfimport \
-  --include landing_zone_organization_accounts
-
-############################################
-# landing_zone_directory_service_directory #
-############################################
-terrahub import --batch ${LOCAL_PATH}/landing_zone_directory_service_directory/default.tfimport \
-  --include landing_zone_directory_service_directory
-
-###########################
-# landing_zone_cloudtrail # @todo
-###########################
-#terrahub import --batch ${LOCAL_PATH}/landing_zone_cloudtrail/default.tfimport \
-#  --include landing_zone_cloudtrail_s3_bucket,landing_zone_cloudtrail_s3_bucket_policy,landing_zone_cloudtrail,landing_zone_directory_service_directory
-
-###########################
-# landing_zone_vpc_subnet #
-###########################
-terrahub import --batch ${LOCAL_PATH}/landing_zone_vpc_subnet/default.tfimport \
-  --include landing_zone_gateway_igw,landing_zone_gateway_nat,landing_zone_network_acl,landing_zone_route,landing_zone_route_igw,landing_zone_route_ipv6,landing_zone_route_pcx,landing_zone_route_table,landing_zone_route_table_association,landing_zone_subnet,landing_zone_vpc,landing_zone_vpc_endpoint_gateway,landing_zone_vpc_endpoint_interface,landing_zone_vpc_peering_connection
-
-###############################
-# landing_zone_security_group #
-###############################
-terrahub import --batch ${LOCAL_PATH}/landing_zone_security_group/default.tfimport \
-  --include landing_zone_security_group,landing_zone_security_group_rule_egress,landing_zone_security_group_rule_ingress
-
-#########################
-# landing_zone_iam_role #
-#########################
-terrahub import --batch ${LOCAL_PATH}/landing_zone_iam_role/default.tfimport \
-  --include landing_zone_iam_role
-
-###########################
-# landing_zone_iam_policy #
-###########################
-terrahub import --batch ${LOCAL_PATH}/landing_zone_iam_policy/default.tfimport \
-  --include landing_zone_iam_policy
-
-###########################################
-# landing_zone_iam_role_policy_attachment #
-###########################################
-terrahub import --batch ${LOCAL_PATH}/landing_zone_iam_role_policy_attachment/default.tfimport \
-  --include landing_zone_iam_role_policy_attachment
-terrahub import --batch ${LOCAL_PATH}/landing_zone_iam_role_policy_attachment/bloomingaprons.tfimport \
-  --include landing_zone_iam_role_policy_attachment
-terrahub import --batch ${LOCAL_PATH}/landing_zone_iam_role_policy_attachment/mitocgroup.tfimport \
-  --include landing_zone_iam_role_policy_attachment
-terrahub import --batch ${LOCAL_PATH}/landing_zone_iam_role_policy_attachment/terrahub.tfimport \
-  --include landing_zone_iam_role_policy_attachment
-terrahub import --batch ${LOCAL_PATH}/landing_zone_iam_role_policy_attachment/eurechean.tfimport \
-  --include landing_zone_iam_role_policy_attachment
-terrahub import --batch ${LOCAL_PATH}/landing_zone_iam_role_policy_attachment/vcalmic.tfimport \
-  --include landing_zone_iam_role_policy_attachment
-terrahub import --batch ${LOCAL_PATH}/landing_zone_iam_role_policy_attachment/aluchianic.tfimport \
-  --include landing_zone_iam_role_policy_attachment
-
-##################################
-# landing_zone_iam_saml_provider #
-##################################
-terrahub import --batch ${LOCAL_PATH}/landing_zone_iam_saml_provider/default.tfimport \
-  --include landing_zone_iam_saml_provider
-
-#####################################
-# landing_zone_iam_instance_profile #
-#####################################
-terrahub import --batch ${LOCAL_PATH}/landing_zone_iam_instance_profile/default.tfimport \
-  --include landing_zone_iam_instance_profile
-
-####################
-# landing_zone_eip #
-####################
-terrahub import --batch ${LOCAL_PATH}/landing_zone_eip/default.tfimport \
-  --include landing_zone_eip
+LZ_LOCAL_PATH="./components"
+LZ_TFIMPORT_FILENAME="default.tfimport"
+LZ_COMPONENTS=(
+  "landing_zone_eip"
+  "landing_zone_gateway_igw"
+  "landing_zone_gateway_nat"
+  "landing_zone_iam_instance_profile"
+  "landing_zone_iam_policy"
+  "landing_zone_iam_role"
+  "landing_zone_iam_role_policy_attachment"
+  "landing_zone_iam_saml_provider"
+  "landing_zone_network_acl"
+  "landing_zone_organization"
+  "landing_zone_organization_accounts"
+  "landing_zone_route"
+  "landing_zone_route_igw"
+  "landing_zone_route_ipv6"
+  "landing_zone_route_pcx"
+  "landing_zone_route_table"
+  "landing_zone_route_table_association"
+  "landing_zone_security_group"
+  "landing_zone_security_group_rule_egress"
+  "landing_zone_security_group_rule_ingress"
+  "landing_zone_subnet"
+  "landing_zone_vpc"
+  "landing_zone_vpc_endpoint_gateway"
+  "landing_zone_vpc_endpoint_interface"
+  "landing_zone_vpc_peering_connection"
+)
+
+###################
+# terrahub import #
+###################
+for LZ_COMPONENT in "${LZ_COMPONENTS[@]}"; do
+  SEARCH_PATH="${LZ_LOCAL_PATH}/${LZ_COMPONENT}"
+
+  shopt -s nullglob
+  LZ_IMPORT_FILES=(${SEARCH_PATH}/*.tfimport)
+
+  for LZ_IMPORT_FILE in "${LZ_IMPORT_FILES[@]}"; do
+    terrahub import --batch ${LZ_IMPORT_FILE}  --include ${LZ_COMPONENT}
+  done
+
+done
 
 #######################
 # delete remote state #
@@ -99,3 +58,5 @@ terrahub state -D aws_security_group_rule.landing_zone_security_group --include
   && terrahub state -D aws_security_group_rule.landing_zone_security_group_terrahub-2 --include landing_zone_security_group \
   && terrahub state -D aws_security_group_rule.landing_zone_security_group_terrahub-3 --include landing_zone_security_group \
   && terrahub state -D aws_security_group_rule.landing_zone_security_group_terrahub-4 --include landing_zone_security_group
+
+# terrahub run -i $(printf ",%s" "${LZ_COMPONENTS[@]}")

components/landing_zone_cloudtrail/.terrahub.yml

@@ -14,7 +14,8 @@ component:
       aws_cloudtrail:
         landing_zone_cloudtrail:
           provider: 'aws.${tfvar.terrahub["landing_zone_providers"]["0"]}'
-          s3_bucket_name: data.terraform_remote_state.landing_zone_cloudtrail_s3_bucket.bucket
+          s3_bucket_name: >-
+            data.terraform_remote_state.landing_zone_cloudtrail_s3_bucket.outputs.bucket
           name: var.landing_zone_cloudtrail_name
           is_multi_region_trail: var.landing_zone_cloudtrail_is_multi_region_trail
           is_organization_trail: var.landing_zone_cloudtrail_is_organization_trail

components/landing_zone_cloudtrail/default.tfimport

@@ -0,0 +1 @@
+landing_zone_cloudtrail,aws_cloudtrail.landing_zone_cloudtrail,Default

components/landing_zone_cloudtrail/default.tfvars

@@ -0,0 +1,13 @@
+landing_zone_providers = [
+  "default"
+]
+
+landing_zone_cloudtrail_name                   = "Default"
+landing_zone_cloudtrail_is_multi_region_trail  = true
+landing_zone_cloudtrail_is_organization_trail  = true
+landing_zone_event_selector_data_resource_type = "AWS::Lambda::Function"
+landing_zone_event_selector_data_resource_values = [
+  "arn:aws:lambda:us-east-1:123456789012:function:DeepProdSayHelloCreateDb",
+  "arn:aws:lambda:us-east-1:123456789012:function:DeepProdSayHelloCreateFs",
+  "arn:aws:lambda:us-east-1:123456789012:function:DeepProdSayHelloCreateMsg"
+]

components/landing_zone_cloudtrail_s3_bucket/default.tfimport

@@ -0,0 +1 @@
+landing_zone_cloudtrail_s3_bucket,aws_s3_bucket.landing_zone_cloudtrail_s3_bucket,data-lake-cloudtrail

components/landing_zone_cloudtrail_s3_bucket/default.tfvars

@@ -0,0 +1,6 @@
+landing_zone_providers = [
+  "default"
+]
+
+landing_zone_cloudtrail_s3_bucket_name       = "data-lake-cloudtrail"
+landing_zone_cloudtrail_s3_bucket_versioning = true

components/landing_zone_cloudtrail_s3_bucket_policy/default.tfimport

@@ -0,0 +1 @@
+landing_zone_cloudtrail_s3_bucket_policy,aws_s3_bucket_policy.landing_zone_cloudtrail_s3_bucket_policy,data-lake-cloudtrail

components/landing_zone_cloudtrail_s3_bucket_policy/default.tfvars

@@ -0,0 +1,3 @@
+landing_zone_providers = [
+  "default"
+]

components/landing_zone_code_build/default.tfvars

@@ -0,0 +1,10 @@
+landing_zone_providers = [
+  "default"
+]
+
+landing_zone_code_build_name                     = "AWS-Landing-Zone-CodeBuild"
+landing_zone_code_build_artifacts_type           = "CODEPIPELINE"
+landing_zone_code_build_source_type              = "CODEPIPELINE"
+landing_zone_code_build_environment_compute_type = "BUILD_GENERAL1_SMALL"
+landing_zone_code_build_environment_image        = "aws/codebuild/nodejs:8.11.0"
+landing_zone_code_build_environment_type         = "LINUX_CONTAINER"

components/landing_zone_code_build_role/default.tfvars

@@ -0,0 +1,8 @@
+landing_zone_providers = [
+  "default"
+]
+
+landing_zone_code_build_role_name                  = "LandingZoneCodeBuildRole"
+landing_zone_code_build_role_description           = "Managed by TerraHub"
+landing_zone_code_build_role_force_detach_policies = false
+landing_zone_code_build_role_path                  = "/"

components/landing_zone_code_build_role_policy/default.tfvars

@@ -0,0 +1,5 @@
+landing_zone_providers = [
+  "default"
+]
+
+landing_zone_code_build_role_policy_name = "AWS-Landing-Zone-CodePipeline-Policy"

components/landing_zone_code_pipeline/default.tfvars

@@ -0,0 +1,5 @@
+landing_zone_providers = [
+  "default"
+]
+
+landing_zone_code_pipeline_name = "AWS-Landing-Zone-CodePipeline"

components/landing_zone_code_pipeline_role/default.tfvars

@@ -0,0 +1,8 @@
+landing_zone_providers = [
+  "default"
+]
+
+landing_zone_code_pipeline_role_name                  = "LandingZoneCodePipelineRole"
+landing_zone_code_pipeline_role_description           = "Managed by TerraHub"
+landing_zone_code_pipeline_role_force_detach_policies = false
+landing_zone_code_pipeline_role_path                  = "/"

components/landing_zone_code_pipeline_role_policy/default.tfvars

@@ -0,0 +1,5 @@
+landing_zone_providers = [
+  "default"
+]
+
+landing_zone_code_pipeline_role_policy_name = "AWS-Landing-Zone-CodePipeline-Policy"

components/landing_zone_config_aggregate_authorization/.terrahub.yml

@@ -2,27 +2,27 @@ component:
   name: landing_zone_config_configuration_aggregator
   template:
     locals:
-      elements_config_configuration_aggregator_tag_map: >-
-        var.${tfvar.terrahub["landing_zone_providers"]["0"]}_provider["landing_zone_config_configuration_aggregator_tags_resource"]
-      elements_config_configuration_aggregator_map: >-
+      elements_landing_zone_config_configuration_aggregator_tags_map: >-
+        var.${tfvar.terrahub["landing_zone_providers"]["0"]}_provider["landing_zone_config_configuration_aggregator_tags"]
+      elements_landing_zone_config_configuration_aggregator_map: >-
         var.${tfvar.terrahub["landing_zone_providers"]["0"]}_provider["landing_zone_config_configuration_aggregator_resource"]
     resource:
       aws_config_configuration_aggregator:
         landing_zone_config_configuration_aggregator:
           provider: 'aws.${tfvar.terrahub["landing_zone_providers"]["0"]}'
           count: >-
-            length(var.${tfvar.terrahub["landing_zone_providers"]["0"]}_provider["landing_zone_config_configuration_aggregator_tags_resource"])
+            length(var.${tfvar.terrahub["landing_zone_providers"]["0"]}_provider["landing_zone_config_configuration_aggregator_tags"])
           name: >-
-            local.elements_config_configuration_aggregator_map["config_${count.index}"]["name"]
+            local.elements_landing_zone_config_configuration_aggregator_map["config_${count.index}"]["name"]
           account_aggregation_source:
             account_ids: >-
               split("|",
-              local.elements_config_configuration_aggregator_map["config_${count.index}"]["account_ids"])
+              local.elements_landing_zone_config_configuration_aggregator_map["config_${count.index}"]["account_ids"])
             regions: >-
               split("|",
-              local.elements_config_configuration_aggregator_map["config_${count.index}"]["regions"])
+              local.elements_landing_zone_config_configuration_aggregator_map["config_${count.index}"]["regions"])
           tags: >-
-            local.elements_config_configuration_aggregator_tag_map["config_${count.index}"]
+            local.elements_landing_zone_config_configuration_aggregator_tags_map["config_${count.index}"]
     output:
       arns:
         value: >-

components/landing_zone_config_aggregate_authorization/default.tfvars

@@ -0,0 +1,14 @@
+landing_zone_providers = [
+  "default"
+]
+
+default_provider = {
+  landing_zone_config_aggregate_authorization_tags = {
+    config_0 = {
+      Description = "Managed by TerraHub"
+      ThubCode    = "1234abcd"
+      ThubEnv     = "Prod"
+      Name        = "Landing Zone Configuration Aggregator Auth"
+    }
+  }
+}

components/landing_zone_config_config_rule/.terrahub.yml

@@ -2,25 +2,27 @@ component:
   name: landing_zone_config_config_rule
   template:
     locals:
-      elements_config_rule_tag_map: >-
-        var.${tfvar.terrahub["landing_zone_providers"]["0"]}_provider["config_rule_tags_resource"]
-      elements_config_rule_map: >-
-        var.${tfvar.terrahub["landing_zone_providers"]["0"]}_provider["config_rule_resource"]
+      elements_landing_zone_config_config_rule_tags_map: >-
+        var.${tfvar.terrahub["landing_zone_providers"]["0"]}_provider["landing_zone_config_config_rule_tags"]
+      elements_landing_zone_config_config_rule_map: >-
+        var.${tfvar.terrahub["landing_zone_providers"]["0"]}_provider["landing_zone_config_config_rule_resource"]
     resource:
       aws_config_config_rule:
         landing_zone_config_config_rule:
           provider: 'aws.${tfvar.terrahub["landing_zone_providers"]["0"]}'
           count: >-
-            length(var.${tfvar.terrahub["landing_zone_providers"]["0"]}_provider["config_rule_resource"])
-          name: 'local.elements_config_rule_map["config_${count.index}"]["name"]'
+            length(var.${tfvar.terrahub["landing_zone_providers"]["0"]}_provider["landing_zone_config_config_rule_resource"])
+          name: >-
+            local.elements_landing_zone_config_config_rule_map["config_${count.index}"]["name"]
           description: >-
-            local.elements_config_rule_map["config_${count.index}"]["description"]
+            local.elements_landing_zone_config_config_rule_map["config_${count.index}"]["description"]
           source:
             owner: >-
-              local.elements_config_rule_map["config_${count.index}"]["source_owner"]
+              local.elements_landing_zone_config_config_rule_map["config_${count.index}"]["source_owner"]
             source_identifier: >-
-              local.elements_config_rule_map["config_${count.index}"]["source_identifier"]
-          tags: 'local.elements_config_rule_tag_map["config_${count.index}"]'
+              local.elements_landing_zone_config_config_rule_map["config_${count.index}"]["source_identifier"]
+          tags: >-
+            local.elements_landing_zone_config_config_rule_tags_map["config_${count.index}"]
     output:
       arns:
         value: >-