Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/sourcefuse/terraform-aws-arc-cloud-custodian


https://github.com/sourcefuse/terraform-aws-arc-cloud-custodian

Last synced: about 1 month ago
JSON representation

Awesome Lists containing this project

README 

          
# [Terraform AWS: Cloud Custodian](https://github.com/sourcefuse/terraform-aws-cloud-custodian)



[![Quality gate](https://sonarcloud.io/api/project_badges/quality_gate?project=sourcefuse_terraform-aws-arc-cloud-custodian)](https://sonarcloud.io/summary/new_code?id=sourcefuse_terraform-aws-arc-cloud-custodian)



[![Known Vulnerabilities](https://github.com/sourcefuse/terraform-aws-cloud-custodian/actions/workflows/snyk.yaml/badge.svg)](https://github.com/sourcefuse/terraform-aws-cloud-custodian/actions/workflows/snyk.yaml)

## Overview



The purpose of this module is to provide a Terraform based interface for administering Cloud Custodian to assist with managing the state of template files and to allow for easier runtime interpolation via Terraform.



For more information about this repository and its usage, please see [Terraform AWS ARC GitHub CLOUD CUSTODIAN Module Usage Guide](https://github.com/sourcefuse/terraform-aws-arc-cloud-custodian/blob/main/docs/module-usage-guide/README.md).



## Requirements 



```shell

Terraform >= 1.0.5  

Pip >= 20.0.2   

Python >= 3.8 

``` 



## Getting started 

You must have Python 3.8 or above installed.



To install Cloud Custodian, you can download it using Pip:



```shell

pip install c7n 

```

* Pip package notes

  * c7n is for AWS

  * c7n_azure us for Azure

  * c7n_gcp is for Google Compute  



## Usage

```hcl

terraform {

  required_version = "~> 1.0.5"

  required_providers {

    aws = {

      source  = "hashicorp/aws"

      version = "~> 4.0"

    }

  }

}



provider "aws" {

  region = "us-east-1"

}



resource "aws_iam_policy" "ec2" {

  name        = "cloud-custodian-allow-ec2-management"

  description = "Cloud Custodian EC2 policy."



  # This policy is for example purposes only

  policy = <

## Requirements



| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | ~> 1.3 |

|  [aws](#requirement\_aws) | ~> 4.0 |

|  [local](#requirement\_local) | >= 2.0 |

|  [null](#requirement\_null) | >= 2.0 |

|  [random](#requirement\_random) | >= 2.0 |



## Providers



| Name | Version |

|------|---------|

|  [aws](#provider\_aws) | 3.68.0 |

|  [local](#provider\_local) | 2.1.0 |

|  [null](#provider\_null) | 3.1.0 |



## Modules



| Name | Source | Version |

|------|--------|---------|

|  [cloudtrail](#module\_cloudtrail) | git::https://github.com/cloudposse/terraform-aws-cloudtrail.git | 0.20.1 |

|  [cloudtrail\_s3\_bucket](#module\_cloudtrail\_s3\_bucket) | git::https://github.com/cloudposse/terraform-aws-cloudtrail-s3-bucket.git | 0.26.2 |

|  [cloudtrail\_sqs\_queue](#module\_cloudtrail\_sqs\_queue) | git::https://github.com/terraform-aws-modules/terraform-aws-sqs.git | v3.1.0 |



## Resources



| Name | Type |

|------|------|

| [aws_iam_policy.custodian_output_s3_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |

| [aws_iam_role.role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |

| [aws_iam_role_policy_attachment.cloudtrail](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |

| [aws_iam_role_policy_attachment.cloudwatchlogs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |

| [aws_iam_role_policy_attachment.iam](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |

| [aws_iam_role_policy_attachment.s3_output](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |

| [aws_iam_role_policy_attachment.sqs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |

| [aws_iam_role_policy_attachment.tags](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |

| [aws_s3_bucket.custodian_output](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |

| [aws_s3_bucket_server_side_encryption_configuration.server_side_encryption](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource |

| [local_file.cc_files](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |

| [null_resource.run_custodian](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |



## Inputs



| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [cloudtrail\_enabled](#input\_cloudtrail\_enabled) | Set to false to prevent the module from creating any resources. | `bool` | `true` | no |

|  [cloudtrail\_s3\_bucket\_enabled](#input\_cloudtrail\_s3\_bucket\_enabled) | Set to false to prevent the module from creating any resources. | `bool` | `true` | no |

|  [cloudtrail\_sqs\_enabled](#input\_cloudtrail\_sqs\_enabled) | Set to false to prevent the module from creating any resources. | `bool` | `true` | no |

|  [custodian\_files\_path](#input\_custodian\_files\_path) | Path to where the custodian files are located. | `string` | `null` | no |

|  [custodian\_templates\_path](#input\_custodian\_templates\_path) | Path to where the custodian template files are located. | `string` | `null` | no |

|  [name](#input\_name) | Name of invocation. | `string` | n/a | yes |

|  [namespace](#input\_namespace) | A namespace for all the resources to live in. | `string` | n/a | yes |

|  [region](#input\_region) | AWS Region to create objects in. | `string` | n/a | yes |

|  [stage](#input\_stage) | Stage of pipeline (Eg. sbx, dev, staging, uat, prod). | `string` | n/a | yes |

|  [tags](#input\_tags) | Additional tags to assign resources. | `map(string)` | n/a | yes |

|  [template\_file\_vars](#input\_template\_file\_vars) | Variable name and value maps. | `map(string)` | `{}` | no |



## Outputs



| Name | Description |

|------|-------------|

|  [bucket\_arn](#output\_bucket\_arn) | ARN of the bucket. |

|  [bucket\_id](#output\_bucket\_id) | Name of the bucket. |

|  [role\_arn](#output\_role\_arn) | ARN of the role created. |

|  [role\_name](#output\_role\_name) | Name of the role created. |

|  [sqs\_arn](#output\_sqs\_arn) | ARN of the SQS queue |



## Versioning  

This project uses a `.version` file at the root of the repo which the pipeline reads from and does a git tag.  



On commits to `main`, you will need to increment this version. Once the project is merged, the pipeline will kick off and tag the latest git commit.  



## Development



### Prerequisites



Install the prerequisites:

* [pre-commit](https://pre-commit.com/#install)

* [terraform](https://learn.hashicorp.com/terraform/getting-started/install#installing-terraform)

* [terraform-docs](https://github.com/segmentio/terraform-docs)



Then run `pre-commit` on the repo:  



```shell

pre-commit install

pre-commit run --all-files

```



## Authors



This project is authored by:  

* SourceFuse ARC Team