aws_controltower

package

v0.0.0-...-d0f2575 Latest Latest Go to latest Published: Jul 16, 2024 License: Apache-2.0 Imports: 4 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/circleci/fork-lacework-go-sdk

Links

Open Source Insights

Documentation ¶

Index ¶

type AwsControlTowerTerraformModifier
type AwsSubAccount
- func NewAwsSubAccount(profile string, region string, alias ...string) AwsSubAccount
type GenerateAwsControlTowerTfConfigurationArgs
- func NewTerraform(s3BucketArn string, snsTopicArn string, ...) *GenerateAwsControlTowerTfConfigurationArgs
type OrgAccountMap
type OrgAccountMapping
- func (orgMap *OrgAccountMapping) IsEmpty() bool
- func (orgMap *OrgAccountMapping) ToMap() (map[string]any, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AwsControlTowerTerraformModifier ¶

type AwsControlTowerTerraformModifier func(c *GenerateAwsControlTowerTfConfigurationArgs)

func WithCrossAccountPolicyName ¶

func WithCrossAccountPolicyName(name string) AwsControlTowerTerraformModifier

func WithEnableLogFileValidation ¶

func WithEnableLogFileValidation() AwsControlTowerTerraformModifier

func WithExisitingIamRole ¶

func WithExisitingIamRole(arn string, name string, externalID string) AwsControlTowerTerraformModifier

func WithExternalIdLength ¶

func WithExternalIdLength(length int) AwsControlTowerTerraformModifier

func WithKmsKeyArn ¶

func WithKmsKeyArn(arn string) AwsControlTowerTerraformModifier

func WithLaceworkAccountID ¶

func WithLaceworkAccountID(account string) AwsControlTowerTerraformModifier

func WithLaceworkIntegrationName ¶

func WithLaceworkIntegrationName(name string) AwsControlTowerTerraformModifier

func WithLaceworkOrgLevel ¶

func WithLaceworkOrgLevel() AwsControlTowerTerraformModifier

func WithLaceworkProfile ¶

func WithLaceworkProfile(profile string) AwsControlTowerTerraformModifier

func WithOrgAccountMappings ¶

func WithOrgAccountMappings(mapping OrgAccountMapping) AwsControlTowerTerraformModifier

func WithPrefix ¶

func WithPrefix(prefix string) AwsControlTowerTerraformModifier

func WithSqsQueueName ¶

func WithSqsQueueName(name string) AwsControlTowerTerraformModifier

func WithSubaccounts ¶

func WithSubaccounts(subaccounts ...AwsSubAccount) AwsControlTowerTerraformModifier

func WithTags ¶

func WithTags(tags map[string]string) AwsControlTowerTerraformModifier

func WithWaitTime ¶

func WithWaitTime(waitTime int) AwsControlTowerTerraformModifier

type AwsSubAccount ¶

type AwsSubAccount struct {
	// The name of the AwsProfile to use (in AWS configuration)
	AwsProfile string

	// The AwsRegion this profile should use if any resources are created
	AwsRegion string

	// The Alias of the provider block
	Alias string
}

func NewAwsSubAccount ¶

func NewAwsSubAccount(profile string, region string, alias ...string) AwsSubAccount

type GenerateAwsControlTowerTfConfigurationArgs ¶

type GenerateAwsControlTowerTfConfigurationArgs struct {
	// For AWS Subaccounts in consolidated CT setups
	SubAccounts []AwsSubAccount

	// ARN for the S3 bucket for consolidated CloudTrail logging
	S3BucketArn string

	// The SNS topic ARN
	SNSTopicArn string

	// The Aws profile of the log archive account
	LogArchiveProfile string

	// The Aws region of the log archive account
	LogArchiveRegion string

	// The Aws profile of the audit account
	AuditProfile string

	// The Aws region of the audit account
	AuditRegion string

	// The audit account flag input in the format profile:region
	AuditAccount string

	// The log archive account flag input in the format profile:region
	LogArchiveAccount string

	// A name for the cross account policy
	CrossAccountPolicyName string

	// Whether cloudtrail log file integrity validation is enabled
	EnableLogFileValidation bool

	// The length of the external ID to generate. Max length is 1224. Ignored when use_existing_iam_role is set to true
	ExternalIdLength int

	// The IAM role ARN is required when setting use_existing_iam_role to true
	IamRoleArn string

	// The external ID configured inside the IAM role is required when setting use_existing_iam_role to true
	IamRoleExternalID string

	// The IAM role name. Required to match with iam_role_arn if use_existing_iam_role is set to true
	IamRoleName string

	//The Lacework AWS account that the IAM role will grant access
	LaceworkAwsAccountID string

	// The name of the integration in Lacework.
	LaceworkIntegrationName string

	// The prefix that will be used at the beginning of every generated resource
	Prefix string

	// The SQS queue name
	SqsQueueName string

	// A map/dictionary of Tags to be assigned to created resources
	Tags map[string]string

	// Set this to true to use an existing IAM role from the log_archive AWS Account
	UseExistingIamRole bool

	// Amount of time to wait before the next resource is provisioned
	WaitTime int

	// The KMS key arn, if Control Tower was deployed with custom KMS key
	KmsKeyArn string

	// Mapping of AWS accounts to Lacework accounts within a Lacework organization
	OrgAccountMappings OrgAccountMapping

	// OrgAccountMapping json used for flag input
	OrgAccountMappingsJson string

	// Lacework Profile to use
	LaceworkProfile string

	// Lacework Organization
	LaceworkOrganizationLevel bool

	// The Lacework AWS Root Account ID
	LaceworkAccountID string
}

func NewTerraform ¶

func NewTerraform(s3BucketArn string, snsTopicArn string,
	mods ...AwsControlTowerTerraformModifier) *GenerateAwsControlTowerTfConfigurationArgs

NewTerraform returns an instance of the GenerateAwsControlTowerTfConfigurationArgs struct.

Note: Additional configuration details may be set using modifiers of the AwsControlTowerTerraformModifier type

Basic usage: Initialize a new AwsControlTowerTerraformModifier struct, with a non-default AWS profile set. Then use generate to create a string output of the required HCL.

hcl, err := aws_controltower.NewTerraform("us-east-1")
  .WithAwsProfile("mycorp-profile")).Generate()

func (*GenerateAwsControlTowerTfConfigurationArgs) Generate ¶

func (args *GenerateAwsControlTowerTfConfigurationArgs) Generate() (string, error)

func (*GenerateAwsControlTowerTfConfigurationArgs) GetLaceworkProfile ¶

func (args *GenerateAwsControlTowerTfConfigurationArgs) GetLaceworkProfile() string

func (GenerateAwsControlTowerTfConfigurationArgs) GetSubAccounts ¶

func (args GenerateAwsControlTowerTfConfigurationArgs) GetSubAccounts() []AwsSubAccount

type OrgAccountMap ¶

type OrgAccountMap struct {
	LaceworkAccount string   `json:"lacework_account"`
	AwsAccounts     []string `json:"aws_accounts"`
}

type OrgAccountMapping ¶

type OrgAccountMapping struct {
	DefaultLaceworkAccount string          `json:"default_lacework_account"`
	Mapping                []OrgAccountMap `json:"mapping"`
}

func (*OrgAccountMapping) IsEmpty ¶

func (orgMap *OrgAccountMapping) IsEmpty() bool

func (*OrgAccountMapping) ToMap ¶

func (orgMap *OrgAccountMapping) ToMap() (map[string]any, error)

Source Files ¶

View all Source files

aws_controltower.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL