config

package
v0.0.0-...-1687775 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 28, 2024 License: MIT Imports: 8 Imported by: 0

Documentation

Overview

Package config provides configuration types and validation for AWS Organization and Control Tower setup. Version: 1.0.0

Index

Constants

View Source 
const (
	// Change from private to public constants
	StateTableName    = "aws-organization-state"
	StateBackupBucket = "aws-organization-state-backups"
	StateFilePrefix   = "state"
	BackupFilePrefix  = "backup"

	StateExpiryDays     = 30
	BackupRetentionDays = 90
	DefaultTimeout      = 30 * time.Second
	MaxRetries          = 3
	InitialBackoff      = time.Second

	// DynamoDB attributes
	PkAttribute      = "pk"
	SkAttribute      = "sk"
	StateAttribute   = "state"
	VersionAttribute = "version"
)

State-related types and constants

View Source 
const (
	MinLogRetentionDays = 7
	MaxLogRetentionDays = 3653
	MinNameLength       = 3
	MaxNameLength       = 128
	EmailRegexPattern   = `^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$`
)

Validation constants

View Source 
const (
	ConfigVersion = "1.0.0"
)

Version information

Variables

View Source 
var DefaultConfig = OrganizationConfig{
	Version: ConfigVersion,
	LandingZoneConfig: &LandingZoneConfig{
		GovernedRegions:   []string{"us-east-1", "us-west-2"},
		DefaultOUName:     "Sandbox",
		OrganizationUnits: map[string]*OUConfig{},
		LogRetentionDays:  90,
		Tags: map[string]string{
			"ManagedBy": "Pulumi",
			"Project":   "ControlTower",
		},
		RequireMFA:        true,
		EnableSSLRequests: true,
		EnableSecurityHub: true,
		EnableGuardDuty:   true,
		EnableConfig:      true,
		EnableCloudTrail:  true,
		VPCSettings: &VPCConfig{
			CIDR:               "10.0.0.0/16",
			EnableTransitGW:    true,
			EnableVPCFlowLogs:  true,
			EnableDNSHostnames: true,
			EnableDNSSupport:   true,
		},
	},
}

DefaultConfig provides default configuration values

Functions

This section is empty.

Types

type AccountConfig 

type AccountConfig struct {
	Name    string            `json:"name"`
	Email   string            `json:"email"`
	Tags    map[string]string `json:"tags,omitempty"`
	RoleArn string            `json:"roleArn,omitempty"`
}

type ConfigurationManager 

type ConfigurationManager interface {
	Load() (*OrganizationConfig, error)
	Save(config *OrganizationConfig) error
	Validate(config *OrganizationConfig) error
	Backup() error
	Restore(version string) error
}

ConfigurationManager handles configuration operations

type LandingZoneConfig 

type LandingZoneConfig struct {
	// Basic configurations
	GovernedRegions   []string             `json:"governedRegions"`
	DefaultOUName     string               `json:"defaultOUName"`
	OrganizationUnits map[string]*OUConfig `json:"organizationUnits"`
	LogBucketName     string               `json:"logBucketName"`
	LogRetentionDays  int                  `json:"logRetentionDays"`
	Tags              map[string]string    `json:"tags"`

	// Encryption configurations
	KMSKeyAlias string `json:"kmsKeyAlias"`
	KMSKeyArn   string `json:"kmsKeyArn"`
	KMSKeyId    string `json:"kmsKeyId"`

	// Account configurations
	AccountEmailDomain  string `json:"accountEmailDomain"`
	ManagementAccountId string `json:"managementAccountId"`
	LogArchiveAccountId string `json:"logArchiveAccountId"`
	AuditAccountId      string `json:"auditAccountId"`
	SecurityAccountId   string `json:"securityAccountId"`

	// Control Tower configurations
	CloudTrailRoleArn   string   `json:"cloudTrailRoleArn"`
	EnabledGuardrails   []string `json:"enabledGuardrails"`
	HomeRegion          string   `json:"homeRegion"`
	AllowedRegions      []string `json:"allowedRegions"`
	ManagementRoleArn   string   `json:"managementRoleArn"`
	StackSetRoleArn     string   `json:"stackSetRoleArn"`
	CloudWatchRoleArn   string   `json:"cloudWatchRoleArn"`
	VPCFlowLogsRoleArn  string   `json:"vpcFlowLogsRoleArn"`
	OrganizationRoleArn string   `json:"organizationRoleArn"`

	// Logging configurations
	CloudWatchLogGroup     string `json:"cloudWatchLogGroup"`
	CloudTrailLogGroup     string `json:"cloudTrailLogGroup"`
	CloudTrailBucketRegion string `json:"cloudTrailBucketRegion"`
	AccessLogBucketName    string `json:"accessLogBucketName"`
	FlowLogBucketName      string `json:"flowLogBucketName"`

	// Network configurations
	VPCSettings *VPCConfig `json:"vpcSettings,omitempty"`

	// Security configurations
	RequireMFA         bool     `json:"requireMFA"`
	EnableSSLRequests  bool     `json:"enableSSLRequests"`
	EnableSecurityHub  bool     `json:"enableSecurityHub"`
	EnableGuardDuty    bool     `json:"enableGuardDuty"`
	EnableConfig       bool     `json:"enableConfig"`
	EnableCloudTrail   bool     `json:"enableCloudTrail"`
	AllowedIPRanges    []string `json:"allowedIPRanges"`
	RestrictedServices []string `json:"restrictedServices"`
}

LandingZoneConfig defines the complete AWS Control Tower Landing Zone configuration

type OUConfig 

type OUConfig struct {
	Name        string            `json:"name"`
	Description string            `json:"description,omitempty"`
	Tags        map[string]string `json:"tags,omitempty"`
	Accounts    []AccountConfig   `json:"accounts,omitempty"`
}

type OrganizationConfig 

type OrganizationConfig struct {
	Version           string             `json:"version"`
	AWSProfile        string             `json:"awsProfile"`
	LandingZoneConfig *LandingZoneConfig `json:"LandingZoneConfig"`
	// contains filtered or unexported fields
}

OrganizationConfig represents the main configuration structure

func NewOrganizationConfig 

func NewOrganizationConfig() (*OrganizationConfig, error)

NewOrganizationConfig creates a new configuration instance

func (*OrganizationConfig) Backup 

func (c *OrganizationConfig) Backup() error

Backup creates a backup of the current configuration

func (*OrganizationConfig) Load 

func (c *OrganizationConfig) Load() error

Load retrieves the configuration from storage

func (*OrganizationConfig) Restore 

func (c *OrganizationConfig) Restore(version string) error

Restore restores configuration from a backup

func (*OrganizationConfig) Save 

func (c *OrganizationConfig) Save() error

Save persists the configuration to storage

func (*OrganizationConfig) Validate 

func (c *OrganizationConfig) Validate() error

Validate performs comprehensive configuration validation

type StateData 

type StateData struct {
	Version           string                 `json:"version"`
	Timestamp         time.Time              `json:"timestamp"`
	State             map[string]interface{} `json:"state"`
	StateTableName    string                 `json:"stateTableName"`
	StateBackupBucket string                 `json:"stateBackupBucket"`
	StateFilePrefix   string                 `json:"stateFilePrefix"`
	Component         string                 `json:"component"`
	Tags              map[string]string      `json:"tags,omitempty"`
	UpdatedBy         string                 `json:"updatedBy,omitempty"`
	BackupID          string                 `json:"backupId,omitempty"`
	Description       string                 `json:"description,omitempty"`
	DefaultTimeout    time.Duration          `json:"defaultTimeout,omitempty"`
	MaxRetries        int                    `json:"maxRetries,omitempty"`
	InitialBackoff    time.Duration          `json:"initialBackoff,omitempty"`
	BackupFilePrefix  string                 `json:"backupFilePrefix,omitempty"`
}

StateData represents the structure of stored state

type StateError 

type StateError struct {
	Operation string
	Message   string
	Err       error
}

StateError represents a state operation error

func (*StateError) Error 

func (e *StateError) Error() string

type Subnet 

type Subnet struct {
	Name             string            `json:"name"`
	CIDR             string            `json:"cidr"`
	AvailabilityZone string            `json:"availabilityZone"`
	Tags             map[string]string `json:"tags,omitempty"`
}

type VPCConfig 

type VPCConfig struct {
	CIDR               string   `json:"cidr"`
	EnableTransitGW    bool     `json:"enableTransitGw"`
	EnableVPCFlowLogs  bool     `json:"enableVpcFlowLogs"`
	EnableDNSHostnames bool     `json:"enableDnsHostnames"`
	EnableDNSSupport   bool     `json:"enableDnsSupport"`
	Subnets            []Subnet `json:"subnets,omitempty"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.