diff --git a/README.md b/README.md index 10d5362..941647a 100644 --- a/README.md +++ b/README.md @@ -18,17 +18,24 @@ This code snippet will test four distinct parts within the tools machine: ## AWS Provider block expected on the root module. ```bash provider "aws" { - region = var.region - shared_credentials_file = var.aws_shared_credentials_file - profile = var.aws_profile + region = var.region + shared_config_files = [var.aws_shared_config_file] + shared_credentials_files = [var.aws_shared_credentials_file] + profile = var.aws_profile } ``` ## AWS Keys & Token expected in "~/.aws/credentials" ```bash [default] - aws_access_key_id = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx - aws_secret_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx - aws_session_token = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx + aws_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx + aws_secret_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx + +OR, if SSO + + [yourcustomprofile] + aws_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx + aws_secret_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx + aws_access_token = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ``` ## Testing Steps @@ -40,14 +47,18 @@ This code snippet will test four distinct parts within the tools machine: i. aws configure, ii. aws configure sso, or iii. running your own corporate configured script for AWS STS initiation. - Then, locate aws_access_key_id, aws_secret_access_key,and aws_session_token in ~/.aws/credentials + Locate aws_access_key & aws_secret_key in ~/.aws/credentials + Run this to view it: cat ~/.aws/credentials + + OR, if SSO + + Locate it in ~/.aws/sso ``` 2. Step-2: Edit these two files ```bash a. cd aws-shared-credentials-test - b. Edit "test.tfvars" : add values for aws_access_key_id, aws_secret_access_key, and aws_session_token - c. Edit "variable.tf" : add values for aws_access_key_id, aws_secret_access_key, and aws_session_token + b. Edit "test.tfvars" : add values for aws_access_key, aws_secret_key, aws_region; and (if SSO, you may add aws_token value) ``` 3. Step-3: Run the test. ```bash diff --git a/main.tf b/main.tf index 1b099a9..babc6fa 100644 --- a/main.tf +++ b/main.tf @@ -1,8 +1,25 @@ +/* Depricated - March 2022 provider "aws" { region = var.region shared_credentials_file = var.aws_shared_credentials_file profile = var.aws_profile } +*/ + +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4.5" + } + } +} +provider "aws" { + region = var.aws_region + shared_config_files = [var.aws_shared_config_file] + shared_credentials_files = [var.aws_shared_credentials_file] + profile = var.aws_profile +} resource "random_id" "buc" { keepers = { @@ -13,6 +30,7 @@ resource "random_id" "buc" { byte_length = 8 } + resource "aws_s3_bucket" "buc" { bucket = "test-s3-${random_id.buc.hex}" diff --git a/test-create.sh b/test-create.sh index 5825fb9..ce5ecac 100644 --- a/test-create.sh +++ b/test-create.sh @@ -1,5 +1,12 @@ #!/bin/bash + +var=$(date +"%FORMAT_STRING") +now=$(date +"%m-%d-%Y") +printf "Process date: %s\n" $now +today=$(date +"%Y-%m-%d") + + terraform init echo "please wait.." sleep 5 @@ -7,3 +14,6 @@ terraform plan -var-file=test.tfvars echo "please wait.." sleep 5 terraform apply -auto-approve -input=false -var-file=test.tfvars +echo "Terraform IaC Create Confirmation:" +printf "AWS Access & Terraform Test Successfully Completed Today: '%s'\n" "${now}" + echo 'Goodbye!' diff --git a/test-destroy.sh b/test-destroy.sh index cabb307..3a7e33e 100644 --- a/test-destroy.sh +++ b/test-destroy.sh @@ -1,3 +1,11 @@ #!/bin/bash + var=$(date +"%FORMAT_STRING") +now=$(date +"%m-%d-%Y") +printf "Process date: %s\n" $now +today=$(date +"%Y-%m-%d") + terraform destroy -var-file=test.tfvars -auto-approve + echo "Terraform IaC Destroy Confirmation:" + printf "AWS Access & Terraform Test Successfully Completed Today: '%s'\n" "${now}" + echo 'Goodbye!' diff --git a/test.tfvars b/test.tfvars index f146323..83a8081 100644 --- a/test.tfvars +++ b/test.tfvars @@ -1,6 +1,17 @@ -aws_access_key_id = "" -aws_secret_access_key = "" -aws_session_token = "" +# OPTIONAL | You can leave "token" empty if your AWS config is not SSO +#--------------------------------------------------------------------------- +#aws_access_key = "" +#aws_secret_key = "" +#------------------------ +#aws_token = "" +#--------------------------------------------------------------------------- + + + +#REQUIRED | Default profile is: "default" +#--------------------------------------------------------------------------- +aws_profile = "" +aws_region = "" +aws_shared_config_file = "~/.aws/config" aws_shared_credentials_file = "~/.aws/credentials" -aws_profile = "default" -region = "us-east-1" \ No newline at end of file +#---------------------------------------------------------------------------- diff --git a/variable.tf b/variable.tf index 0d0e49e..29bfcf7 100644 --- a/variable.tf +++ b/variable.tf @@ -1,14 +1,14 @@ -variable "aws_access_key_id" { +variable "aws_access_key" { type = string description = "AWS access key for the AWS account.(User should supply value for the test)" default = "" } -variable "aws_secret_access_key" { +variable "aws_secret_key" { type = string description = "AWS Secret key for the AWS account.(User should supply value for the test)" default = "" } -variable "aws_session_token" { +variable "aws_token" { type = string description = "AWS Session token for the AWS account.(User should supply value for the test)" default = "" @@ -18,12 +18,18 @@ variable "aws_session_token" { description = "DO NOT CHANGE" default = "default" } + + variable "aws_shared_config_file" { + type = string + description = "DO NOT CHANGE" + default = "~/.aws/config" + } variable "aws_shared_credentials_file" { type = string description = "DO NOT CHANGE" default = "~/.aws/credentials" } -variable "region" { +variable "aws_region" { type = string description = "DO NOT CHANGE unless YOUR REGION CHANGED" default = "us-east-1"