Skip to content

Commit

Permalink
Merge pull request #23 from lacework/alannix-lw/doc-updates
Browse files Browse the repository at this point in the history 
docs: updated example doc structure and version constraints
  • Loading branch information
@afiune
afiune authored Jun 15, 2021
2 parents 4adb912 + e7aab4c commit 891636d
Show file tree
Hide file tree
Showing 8 changed files with 74 additions and 23 deletions.
2 changes: 1 addition & 1 deletion .gitignore
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# Local .terraform directories
**/.terraform/*
**/.terraform*

# .tfstate files
*.tfstate
Expand Down
22 changes: 22 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,25 @@
[![Codefresh build status]( https://g.codefresh.io/api/badges/pipeline/lacework/terraform-modules%2Ftest-compatibility?type=cf-1&key=eyJhbGciOiJIUzI1NiJ9.NWVmNTAxOGU4Y2FjOGQzYTkxYjg3ZDEx.RJ3DEzWmBXrJX7m38iExJ_ntGv4_Ip8VTa-an8gBwBo)]( https://g.codefresh.io/pipelines/edit/new/builds?id=607e25e6728f5a6fba30431b&pipeline=test-compatibility&projects=terraform-modules&projectId=607db54b728f5a5f8930405d)

Terraform module for configuring an integration with Lacework and AWS for cloud resource configruation assessment.

## Inputs

| Name | Description | Type | Default | Required |
| ------------------------- | ------------------------------------------------------------------------------------------------------------------ | ------------- | ---------------- | :------: |
| external_id_length | The length of the external ID to generate. Max length is 1224. Ignored when use_existing_iam_role is set to `true` | `number` | `16` | no |
| iam_role_arn | The IAM role ARN is required when setting use_existing_iam_role to `true` | `string` | `""` | no |
| iam_role_external_id | The external ID configured inside the IAM role is required when setting use_existing_iam_role to `true` | `string` | `""` | no |
| iam_role_name | The IAM role name. Required to match with iam_role_arn if use_existing_iam_role is set to `true` | `string` | `""` | no |
| lacework_aws_account_id | The Lacework AWS account that the IAM role will grant access | `string` | `"434813966438"` | no |
| lacework_integration_name | The name of the integration in Lacework | `string` | `"TF config"` | no |
| tags | A map/dictionary of Tags to be assigned to created resources | `map(string)` | `{}` | no |
| use_existing_iam_role | Set this to true to use an existing IAM role | `bool` | `false` | no |
| wait_time | Amount of time to wait before the next resource is provisioned | `string` | `"10s"` | no |

## Outputs

| Name | Description |
| ------------- | -------------------------------------------- |
| external_id | The External ID configured into the IAM role |
| iam_role_arn | The IAM Role ARN |
| iam_role_name | The IAM Role name |
21 changes: 14 additions & 7 deletions examples/custom-config/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,17 @@
# Customized AWS Configuration Assessment with Lacework
This scenario integrates an AWS account with Lacework for cloud resource configuration assessment. The following example customizes the name of the IAM role used to provide Lacework access to the account, the integration display name in Lacework, and the external_id length for generating a external ID.

| Name | Description | Type |
|------|-------------|------|
| `iam_role_name` | The IAM role name. Required to match with iam_role_arn if use_existing_iam_role is set to true | `string` |
| `lacework_integration_name` | Specifies the name of the integration in Lacework | `string` |
| `external_id_length` | The length of the external ID to generate. Max length is 1224. Ignored when use_existing_iam_role is set to `true` | `number` |
This scenario integrates an AWS account with Lacework for cloud resource configuration assessment. The following example customizes the name of the IAM role used to provide Lacework access to the account, the integration
display name in Lacework, and the external_id length for generating a external ID.

## Inputs

| Name | Description | Type |
| --------------------------- | ------------------------------------------------------------------------------------------------------------------ | -------- |
| `iam_role_name` | The IAM role name. Required to match with iam_role_arn if use_existing_iam_role is set to `true` | `string` |
| `lacework_integration_name` | Specifies the name of the integration in Lacework | `string` |
| `external_id_length` | The length of the external ID to generate. Max length is 1224. Ignored when use_existing_iam_role is set to `true` | `number` |

## Sample Code

```hcl
terraform {
Expand All @@ -22,7 +28,8 @@ provider "aws" {}
module "aws_config" {
source = "lacework/config/aws"
version = "~> 0.1.3"
version = "~> 0.1"
iam_role_name = "lw-custom-role"
lacework_integration_name = "account-abc"
external_id_length = 1000
Expand Down
3 changes: 2 additions & 1 deletion examples/custom-config/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,8 @@ provider "lacework" {}
provider "aws" {}

module "aws_config" {
source = "../../"
source = "../../"

iam_role_name = "lw-custom-role"
lacework_integration_name = "account-abc"
external_id_length = 1000
Expand Down
5 changes: 4 additions & 1 deletion examples/default-config/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
# Default AWS Configuration Assessment with Lacework

This scenario integrates an AWS account with Lacework for cloud resource configuration assessment.

## Sample Code

```hcl
terraform {
required_providers {
Expand All @@ -16,7 +19,7 @@ provider "aws" {}
module "aws_config" {
source = "lacework/config/aws"
version = "~> 0.1.3"
version = "~> 0.1"
}
```

Expand Down
17 changes: 16 additions & 1 deletion examples/existing-iam-role-config/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,19 @@
# AWS Configuration Assessment with Lacework using Existing IAM Role

This scenario integrates an AWS account with Lacework for cloud resource configuration assessment.

## Inputs

| Name | Description | Type |
| --------------------------- | ------------------------------------------------------------------------------------------------------------------ | -------- |
| `external_id_length` | The length of the external ID to generate. Max length is 1224. Ignored when use_existing_iam_role is set to `true` | `number` |
| `iam_role_arn` | The IAM role ARN is required when setting use_existing_iam_role to `true` | `string` |
| `iam_role_external_id` | The external ID configured inside the IAM role is required when setting use_existing_iam_role to `true` | `string` |
| `iam_role_name` | The IAM role name. Required to match with iam_role_arn if use_existing_iam_role is set to `true` | `string` |
| `lacework_integration_name` | The name of the integration in Lacework | `string` |

## Sample Code

```hcl
terraform {
required_providers {
Expand All @@ -16,11 +29,13 @@ provider "aws" {}
module "aws_config" {
source = "lacework/config/aws"
version = "~> 0.1.3"
version = "~> 0.1"
use_existing_iam_role = true
iam_role_arn = "arn:aws:iam::123456789012:role/lw-existing-role"
iam_role_name = "lw-existing-role"
iam_role_external_id = "H12d0TE22ab"
lacework_integration_name = "account-abc"
}
```
Expand Down
12 changes: 7 additions & 5 deletions examples/existing-iam-role-config/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,12 @@ provider "lacework" {}
provider "aws" {}

module "aws_config" {
source = "../../"
use_existing_iam_role = true
iam_role_arn = "arn:aws:iam::123456789012:role/lw-existing-role"
iam_role_name = "lw-existing-role"
iam_role_external_id = "H12d0TE22ab"
source = "../../"

use_existing_iam_role = true
iam_role_arn = "arn:aws:iam::123456789012:role/lw-existing-role"
iam_role_name = "lw-existing-role"
iam_role_external_id = "H12d0TE22ab"

lacework_integration_name = "account-abc"
}
15 changes: 8 additions & 7 deletions variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,25 +7,25 @@ variable "use_existing_iam_role" {
variable "iam_role_arn" {
type = string
default = ""
description = "The IAM role ARN is required when setting use_existing_iam_role to true"
description = "The IAM role ARN is required when setting use_existing_iam_role to `true`"
}

variable "iam_role_external_id" {
type = string
default = ""
description = "The external ID configured inside the IAM role is required when setting use_existing_iam_role to true"
description = "The external ID configured inside the IAM role is required when setting use_existing_iam_role to `true`"
}

variable "iam_role_name" {
type = string
default = ""
description = "The IAM role name. Required to match with iam_role_arn if use_existing_iam_role is set to true"
description = "The IAM role name. Required to match with iam_role_arn if use_existing_iam_role is set to `true`"
}

variable "external_id_length" {
type = number
default = 16
description = "The length of the external ID to generate. Max length is 1224. Ignored when use_existing_iam_role is set to true"
description = "The length of the external ID to generate. Max length is 1224. Ignored when use_existing_iam_role is set to `true`"
}

variable "lacework_aws_account_id" {
Expand All @@ -35,14 +35,15 @@ variable "lacework_aws_account_id" {
}

variable "lacework_integration_name" {
type = string
default = "TF config"
type = string
default = "TF config"
description = "The name of the integration in Lacework"
}

variable "wait_time" {
type = string
default = "10s"
description = "Amount of time to wait before the next resource is provisioned."
description = "Amount of time to wait before the next resource is provisioned"
}

variable "tags" {
Expand Down

0 comments on commit 891636d

Please sign in to comment.