Documentation ¶
Index ¶
- type AwsEksAuditTerraformModifier
- func EnableBucketEncryption(enable bool) AwsEksAuditTerraformModifier
- func EnableBucketMfaDelete() AwsEksAuditTerraformModifier
- func EnableBucketVersioning(enable bool) AwsEksAuditTerraformModifier
- func EnableFirehoseEncryption(enable bool) AwsEksAuditTerraformModifier
- func EnableKmsKeyMultiRegion(enable bool) AwsEksAuditTerraformModifier
- func EnableKmsKeyRotation(enable bool) AwsEksAuditTerraformModifier
- func EnableSnsTopicEncryption(enable bool) AwsEksAuditTerraformModifier
- func EnableUseExistingBucket() AwsEksAuditTerraformModifier
- func WithAwsProfile(name string) AwsEksAuditTerraformModifier
- func WithBucketLifecycleExpirationDays(days int) AwsEksAuditTerraformModifier
- func WithBucketSseAlgorithm(algorithm string) AwsEksAuditTerraformModifier
- func WithBucketSseKeyArn(arn string) AwsEksAuditTerraformModifier
- func WithEksAuditIntegrationName(name string) AwsEksAuditTerraformModifier
- func WithExistingBucketArn(name string) AwsEksAuditTerraformModifier
- func WithExistingCloudWatchIamRoleArn(arn string) AwsEksAuditTerraformModifier
- func WithExistingCrossAccountIamRole(iamDetails *ExistingCrossAccountIamRoleDetails) AwsEksAuditTerraformModifier
- func WithExistingFirehoseIamRoleArn(arn string) AwsEksAuditTerraformModifier
- func WithFilterPattern(pattern string) AwsEksAuditTerraformModifier
- func WithFirehoseEncryptionKeyArn(arn string) AwsEksAuditTerraformModifier
- func WithKmsKeyDeletionDays(days int) AwsEksAuditTerraformModifier
- func WithLaceworkAccountID(accountID string) AwsEksAuditTerraformModifier
- func WithLaceworkProfile(name string) AwsEksAuditTerraformModifier
- func WithParsedRegionClusterMap(regionClusterMap map[string][]string) AwsEksAuditTerraformModifier
- func WithPrefix(prefix string) AwsEksAuditTerraformModifier
- func WithSnsTopicEncryptionKeyArn(arn string) AwsEksAuditTerraformModifier
- type ExistingCrossAccountIamRoleDetails
- type GenerateAwsEksAuditTfConfigurationArgs
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AwsEksAuditTerraformModifier ¶
type AwsEksAuditTerraformModifier func(c *GenerateAwsEksAuditTfConfigurationArgs)
func EnableBucketEncryption ¶
func EnableBucketEncryption(enable bool) AwsEksAuditTerraformModifier
EnableBucketEncryption Set the S3 Encryption parameter to true for newly created buckets
func EnableBucketMfaDelete ¶
func EnableBucketMfaDelete() AwsEksAuditTerraformModifier
EnableBucketMfaDelete Set the S3 MfaDelete parameter to true for newly created buckets
func EnableBucketVersioning ¶
func EnableBucketVersioning(enable bool) AwsEksAuditTerraformModifier
EnableBucketVersioning Set the S3 Bucket versioning parameter to true for newly created buckets
func EnableFirehoseEncryption ¶
func EnableFirehoseEncryption(enable bool) AwsEksAuditTerraformModifier
EnableFirehoseEncryption Set the firehose encryption parameter to true for newly created firehose
func EnableKmsKeyMultiRegion ¶
func EnableKmsKeyMultiRegion(enable bool) AwsEksAuditTerraformModifier
EnableKmsKeyMultiRegion Set whether the KMS key is a multi-region or regional key
func EnableKmsKeyRotation ¶
func EnableKmsKeyRotation(enable bool) AwsEksAuditTerraformModifier
EnableKmsKeyRotation Set KMS automatic key rotation to true
func EnableSnsTopicEncryption ¶
func EnableSnsTopicEncryption(enable bool) AwsEksAuditTerraformModifier
EnableSnsTopicEncryption Set whether encryption should be enabled for the sns topic
func EnableUseExistingBucket ¶ added in v1.18.0
func EnableUseExistingBucket() AwsEksAuditTerraformModifier
EnableUseExistingBucket Set the S3 ForceDestroy parameter to true for newly created buckets
func WithAwsProfile ¶
func WithAwsProfile(name string) AwsEksAuditTerraformModifier
WithAwsProfile Set the AWS Profile to utilize when integrating
func WithBucketLifecycleExpirationDays ¶
func WithBucketLifecycleExpirationDays(days int) AwsEksAuditTerraformModifier
WithBucketLifecycleExpirationDays Set the S3 Lifecycle Expiration Days parameter for newly created buckets
func WithBucketSseAlgorithm ¶
func WithBucketSseAlgorithm(algorithm string) AwsEksAuditTerraformModifier
WithBucketSseAlgorithm Set the encryption algorithm to use for S3 bucket server-side encryption
func WithBucketSseKeyArn ¶
func WithBucketSseKeyArn(arn string) AwsEksAuditTerraformModifier
WithBucketSseKeyArn Set the ARN of the KMS encryption key to be used for S3 (Required when bucket_sse_algorithm is aws:kms and using an existing aws_kms_key)
func WithEksAuditIntegrationName ¶
func WithEksAuditIntegrationName(name string) AwsEksAuditTerraformModifier
WithEksAuditIntegrationName Set the name of the EKS audit integration
func WithExistingBucketArn ¶ added in v1.18.0
func WithExistingBucketArn(name string) AwsEksAuditTerraformModifier
WithExistingBucketArn Set the Lacework Profile to utilize when integrating
func WithExistingCloudWatchIamRoleArn ¶
func WithExistingCloudWatchIamRoleArn(arn string) AwsEksAuditTerraformModifier
WithExistingCloudWatchIamRoleArn Set an existing cloudwatch IAM role ARN
func WithExistingCrossAccountIamRole ¶
func WithExistingCrossAccountIamRole(iamDetails *ExistingCrossAccountIamRoleDetails) AwsEksAuditTerraformModifier
WithExistingCrossAccountIamRole Set an existing cross account IAM role configuration to use with the created Terraform code
func WithExistingFirehoseIamRoleArn ¶
func WithExistingFirehoseIamRoleArn(arn string) AwsEksAuditTerraformModifier
WithExistingFirehoseIamRoleArn Set an existing firehose IAM role ARN
func WithFilterPattern ¶
func WithFilterPattern(pattern string) AwsEksAuditTerraformModifier
WithFilterPattern Set the filter pattern for the Cloudwatch subscription filter
func WithFirehoseEncryptionKeyArn ¶
func WithFirehoseEncryptionKeyArn(arn string) AwsEksAuditTerraformModifier
WithFirehoseEncryptionKeyArn Set the ARN of an existing KMS encryption key to be used with the Kinesis Firehose
func WithKmsKeyDeletionDays ¶
func WithKmsKeyDeletionDays(days int) AwsEksAuditTerraformModifier
WithKmsKeyDeletionDays Set the KMS deletion waiting period, specified in number of days
func WithLaceworkAccountID ¶ added in v1.7.0
func WithLaceworkAccountID(accountID string) AwsEksAuditTerraformModifier
WithLaceworkAccountID Set the Lacework AWS root account ID to use
func WithLaceworkProfile ¶
func WithLaceworkProfile(name string) AwsEksAuditTerraformModifier
WithLaceworkProfile Set the Lacework Profile to utilize when integrating
func WithParsedRegionClusterMap ¶
func WithParsedRegionClusterMap(regionClusterMap map[string][]string) AwsEksAuditTerraformModifier
WithParsedRegionClusterMap Set the region cluster map. This is a list of clusters per AWS region
func WithPrefix ¶
func WithPrefix(prefix string) AwsEksAuditTerraformModifier
WithPrefix Set the prefix that will be used at the beginning of every generated resource
func WithSnsTopicEncryptionKeyArn ¶
func WithSnsTopicEncryptionKeyArn(arn string) AwsEksAuditTerraformModifier
WithSnsTopicEncryptionKeyArn Set the ARN of an existing KMS encryption key to be used with the SNS Topic
type ExistingCrossAccountIamRoleDetails ¶
type ExistingCrossAccountIamRoleDetails struct { // Existing IAM Role ARN Arn string // Existing IAM Role External ID ExternalId string }
func NewExistingCrossAccountIamRoleDetails ¶
func NewExistingCrossAccountIamRoleDetails(arn string, externalId string) *ExistingCrossAccountIamRoleDetails
NewExistingCrossAccountIamRoleDetails Create new existing IAM role details
func (*ExistingCrossAccountIamRoleDetails) IsPartial ¶
func (e *ExistingCrossAccountIamRoleDetails) IsPartial() bool
type GenerateAwsEksAuditTfConfigurationArgs ¶
type GenerateAwsEksAuditTfConfigurationArgs struct { // Supply an AWS Profile name AwsProfile string // Should we require MFA for object deletion? BucketEnableMfaDelete bool // Should we enable bucket encryption? BucketEnableEncryption bool // Should we force destroy the bucket if it has stuff in it? // DEPRECATED BucketForceDestroy bool // The lifetime, in days, of the bucket objects. The value must be a non-zero positive integer BucketLifecycleExpirationDays int // The encryption algorithm to use for S3 bucket server-side encryption BucketSseAlgorithm string // Should we use an existing KMS key for the bucket? ExistingBucketKmsKey bool // The ARN of the KMS encryption key to be used for S3 // (Required when bucket_sse_algorithm is aws:kms and using an existing kms key) BucketSseKeyArn string // Should we enable bucket versioning? BucketVersioning bool // The name of the AWS EKS Audit Log integration in Lacework. Defaults to "TF AWS EKS Audit Log" EksAuditIntegrationName string // Optionally supply existing cloudwatch IAM role ARN ExistingCloudWatchIamRoleArn string // Optionally supply existing cross account IAM role details ExistingCrossAccountIamRole *ExistingCrossAccountIamRoleDetails // Should we allow the user to configure an existing Firehose IAM role? ExistingFirehoseIam bool // Optionally supply existing firehose role ARN if ExistingFirehoseIam is true ExistingFirehoseIamRoleArn string // The Cloudwatch Log Subscription Filter pattern FilterPattern string // Should encryption be enabled on the created firehose? Defaults to true. FirehoseEncryptionEnabled bool // The ARN of an existing KMS encryption key to be used for the Kinesis Firehose FirehoseEncryptionKeyArn string // The waiting period, specified in number of days. Defaults to 30. KmsKeyDeletionDays int // Whether the KMS key is a multi-region or regional key KmsKeyMultiRegion bool // Enable KMS automatic key rotation KmsKeyRotation bool // The prefix that will be used at the beginning of every generated resource. Defaults to "lw-eks-al" Prefix string // Parsed version of RegionClusterMap RegionClusterMap map[string]string // Parsed version of RegionClusterMap ParsedRegionClusterMap map[string][]string // Parsed Regions list ParsedRegionsList []string // Should encryption be enabled for the sns topic? Defaults to true SnsTopicEncryptionEnabled bool // The ARN of an existing KMS encryption key to be used for the SNS topic SnsTopicEncryptionKeyArn string // Lacework Profile to use LaceworkProfile string // The Lacework AWS Root Account ID LaceworkAccountID string // Should we use an existing customer supplied bucket? Defaults to false UseExistinglBucket bool // Existing S3 Bucket ARN (Required when using existing bucket) ExistinglBucketArn string }
func NewTerraform ¶
func NewTerraform(mods ...AwsEksAuditTerraformModifier) *GenerateAwsEksAuditTfConfigurationArgs
NewTerraform returns an instance of the GenerateAwsEksAuditTfConfigurationArgs struct.
Note: Additional configuration details may be set using modifiers of the AwsEksAuditTerraformModifier type
Basic usage: Initialize a new AwsEksAuditTerraformModifier struct, with a non-default AWS profile set. Then use generate to create a string output of the required HCL.
hcl, err := aws.NewTerraform({"us-east-1": ["cluster1", "cluster2"], "us-east-2": ["cluster3"]} aws.WithAwsProfile("mycorp-profile")).Generate()
func (*GenerateAwsEksAuditTfConfigurationArgs) Generate ¶
func (args *GenerateAwsEksAuditTfConfigurationArgs) Generate() (string, error)
Generate new Terraform code based on the supplied args.