Merge pull request #2 from schijioke-uche/no-sso

Merge No sso into Main

README.md

@@ -18,17 +18,24 @@ This code snippet will test four distinct parts within the tools machine:
 ## AWS Provider block expected on the root module.
 ```bash
   provider "aws" {
-    region  = var.region
-    shared_credentials_file = var.aws_shared_credentials_file
-    profile  = var.aws_profile
+  region = var.region
+  shared_config_files  = [var.aws_shared_config_file]
+  shared_credentials_files = [var.aws_shared_credentials_file]
+  profile  = var.aws_profile
 }
 ```
 ## AWS Keys & Token expected in "~/.aws/credentials"
 ```bash
     [default]
-    aws_access_key_id = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-    aws_secret_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-    aws_session_token = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+    aws_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+    aws_secret_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+
+OR, if SSO
+
+    [yourcustomprofile]
+    aws_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+    aws_secret_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+    aws_access_token = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 ```
 
 ## Testing Steps
@@ -40,14 +47,18 @@ This code snippet will test four distinct parts within the tools machine:
         i. aws configure,
         ii. aws configure sso, or 
         iii. running your own corporate configured script for AWS STS initiation.
-   Then, locate aws_access_key_id, aws_secret_access_key,and aws_session_token in ~/.aws/credentials
+   Locate aws_access_key & aws_secret_key in ~/.aws/credentials
+   Run this to view it: cat ~/.aws/credentials
+
+   OR, if SSO
+
+   Locate it in ~/.aws/sso
 ```
 
 2. Step-2: Edit these two files
 ```bash
    a. cd aws-shared-credentials-test
-   b. Edit "test.tfvars" : add values for aws_access_key_id, aws_secret_access_key, and aws_session_token
-   c. Edit "variable.tf" : add values for aws_access_key_id, aws_secret_access_key, and aws_session_token
+   b. Edit "test.tfvars" : add values for aws_access_key, aws_secret_key, aws_region;  and (if SSO, you may add aws_token value)
 ```
 3. Step-3: Run the test. 
 ```bash

main.tf

@@ -1,8 +1,25 @@
+/*  Depricated - March 2022
 provider "aws" {
   region  = var.region
   shared_credentials_file = var.aws_shared_credentials_file
   profile  = var.aws_profile
 }
+*/
+
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.5"
+    }
+  }
+}
+provider "aws" {
+  region  = var.aws_region
+  shared_config_files      = [var.aws_shared_config_file]
+  shared_credentials_files = [var.aws_shared_credentials_file]
+  profile                  = var.aws_profile
+}
 
 resource "random_id" "buc" {
   keepers = {
@@ -13,6 +30,7 @@ resource "random_id" "buc" {
   byte_length = 8
 }
 
+
 resource "aws_s3_bucket" "buc" {
   bucket = "test-s3-${random_id.buc.hex}"
 

test-create.sh

@@ -1,9 +1,19 @@
  #!/bin/bash
 
+
+var=$(date +"%FORMAT_STRING")
+now=$(date +"%m-%d-%Y")
+printf "Process date: %s\n" $now
+today=$(date +"%Y-%m-%d")
+
+
  terraform init
   echo "please wait.."
  sleep 5
 terraform plan -var-file=test.tfvars
   echo "please wait.."
 sleep 5
 terraform apply -auto-approve -input=false -var-file=test.tfvars
+echo "Terraform IaC Create Confirmation:"
+printf "AWS Access & Terraform Test Successfully Completed Today: '%s'\n" "${now}"
+ echo 'Goodbye!'

test-destroy.sh

@@ -1,3 +1,11 @@
  #!/bin/bash
 
+ var=$(date +"%FORMAT_STRING")
+now=$(date +"%m-%d-%Y")
+printf "Process date: %s\n" $now
+today=$(date +"%Y-%m-%d")
+
  terraform destroy -var-file=test.tfvars -auto-approve
+ echo "Terraform IaC Destroy Confirmation:"
+ printf "AWS Access & Terraform Test Successfully Completed Today: '%s'\n" "${now}"
+ echo 'Goodbye!'

test.tfvars

@@ -1,6 +1,17 @@
-aws_access_key_id = ""
-aws_secret_access_key = ""
-aws_session_token =  ""
+# OPTIONAL |  You can leave "token" empty if your AWS config is not SSO
+#---------------------------------------------------------------------------
+#aws_access_key = ""
+#aws_secret_key = ""
+#------------------------
+#aws_token =  ""
+#---------------------------------------------------------------------------
+
+
+
+#REQUIRED   |  Default profile is:  "default"
+#---------------------------------------------------------------------------
+aws_profile  = ""
+aws_region  = ""
+aws_shared_config_file  = "~/.aws/config"
 aws_shared_credentials_file  = "~/.aws/credentials"
-aws_profile  = "default"
-region  = "us-east-1"
+#----------------------------------------------------------------------------

variable.tf

@@ -1,14 +1,14 @@
-variable "aws_access_key_id" {
+variable "aws_access_key" {
      type        = string
      description = "AWS access key for the AWS account.(User should supply value for the test)"
      default = ""
 }
-variable "aws_secret_access_key" {
+variable "aws_secret_key" {
     type        = string
     description = "AWS Secret key for the AWS account.(User should supply value for the test)"
     default = ""
  }
-variable "aws_session_token" {
+variable "aws_token" {
   type        = string
   description = "AWS Session token for the AWS account.(User should supply value for the test)"
   default     = ""
@@ -18,12 +18,18 @@ variable "aws_session_token" {
      description = "DO NOT CHANGE"
      default = "default"
  }
+
+  variable "aws_shared_config_file" {
+       type        = string
+       description = "DO NOT CHANGE"
+       default = "~/.aws/config"
+ }
  variable "aws_shared_credentials_file" {
        type        = string
        description = "DO NOT CHANGE"
        default = "~/.aws/credentials"
  }
-variable "region" {
+variable "aws_region" {
      type        = string
      description = "DO NOT CHANGE unless YOUR REGION CHANGED"
      default = "us-east-1"