aws

package
v1.29.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 18, 2023 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Overview

A package that generates Lacework deployment code for Amazon Web Services.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AwsSubAccount

type AwsSubAccount struct {
	// The name of the AwsProfile to use (in AWS configuration)
	AwsProfile string

	// The AwsRegion this profile should use if any resources are created
	AwsRegion string

	// The Alias of the provider block
	Alias string
}

func NewAwsSubAccount

func NewAwsSubAccount(profile string, region string, alias ...string) AwsSubAccount

Create a new AWS sub account

A subaccount consists of the profile name (which needs to match the executing machines aws configuration) and a region for any new resources to be created in

type AwsTerraformModifier

type AwsTerraformModifier func(c *GenerateAwsTfConfigurationArgs)

func ExistingCloudtrailBucketArn

func ExistingCloudtrailBucketArn(arn string) AwsTerraformModifier

ExistingCloudtrailBucketArn Set the bucket ARN of an existing Cloudtrail setup

func ExistingSnsTopicArn

func ExistingSnsTopicArn(arn string) AwsTerraformModifier

ExistingSnsTopicArn Set the SNS Topic ARN of an existing Cloudtrail setup

func UseConsolidatedCloudtrail

func UseConsolidatedCloudtrail() AwsTerraformModifier

UseConsolidatedCloudtrail Enable Consolidated Cloudtrail use

func UseExistingIamRole

func UseExistingIamRole(iamDetails *ExistingIamRoleDetails) AwsTerraformModifier

UseExistingIamRole Set an existing IAM role configuration to use with the created Terraform code

func WithAwsProfile

func WithAwsProfile(name string) AwsTerraformModifier

WithAwsProfile Set the AWS Profile to utilize for the main AWS provider

func WithBucketEncryptionEnabled added in v0.41.0

func WithBucketEncryptionEnabled(enableBucketEncryption bool) AwsTerraformModifier

WithBucketEncryptionEnabled Enable encryption on a newly created bucket

func WithBucketName added in v0.41.0

func WithBucketName(bucketName string) AwsTerraformModifier

WithBucketName add bucket name for CloudTrail integration

func WithBucketSSEKeyArn added in v0.41.0

func WithBucketSSEKeyArn(bucketSseKeyArn string) AwsTerraformModifier

WithBucketSSEKeyArn Set existing KMS encryption key arn for bucket

func WithCloudtrailName added in v0.41.0

func WithCloudtrailName(cloudtrailName string) AwsTerraformModifier

WithCloudtrailName add optional name for CloudTrail integration

func WithConfigName added in v0.41.0

func WithConfigName(configName string) AwsTerraformModifier

WithConfigName add optional name for Config integration

func WithLaceworkAccountID added in v1.7.0

func WithLaceworkAccountID(accountID string) AwsTerraformModifier

WithLaceworkAccountID Set the Lacework AWS root account ID to use

func WithLaceworkProfile

func WithLaceworkProfile(name string) AwsTerraformModifier

WithLaceworkProfile Set the Lacework Profile to utilize when integrating

func WithS3BucketNotification added in v1.19.0

func WithS3BucketNotification(s3BucketNotifiaction bool) AwsTerraformModifier

func WithSnsTopicEncryptionEnabled added in v0.43.0

func WithSnsTopicEncryptionEnabled(snsTopicEncryptionEnabled bool) AwsTerraformModifier

WithSnsTopicEncryptionEnabled Enable encryption on SNS Topic when created

func WithSnsTopicEncryptionKeyArn added in v0.43.0

func WithSnsTopicEncryptionKeyArn(snsTopicEncryptionKeyArn string) AwsTerraformModifier

WithSnsTopicEncryptionKeyArn Set existing KMS encryption key arn for SNS topic

func WithSnsTopicName added in v0.41.0

func WithSnsTopicName(snsTopicName string) AwsTerraformModifier

WithSnsTopicName Set SNS Topic Name if creating new one

func WithSqsEncryptionEnabled added in v0.41.0

func WithSqsEncryptionEnabled(sqsEncryptionEnabled bool) AwsTerraformModifier

WithSqsEncryptionEnabled Enable encryption on SQS queue when created

func WithSqsEncryptionKeyArn added in v0.41.0

func WithSqsEncryptionKeyArn(ssqEncryptionKeyArn string) AwsTerraformModifier

WithSqsEncryptionKeyArn Set existing KMS encryption key arn for SQS queue

func WithSqsQueueName added in v0.41.0

func WithSqsQueueName(sqsQueueName string) AwsTerraformModifier

WithSqsQueueName Set SQS Queue Name if creating new one

func WithSubaccounts

func WithSubaccounts(subaccounts ...AwsSubAccount) AwsTerraformModifier

WithSubaccounts Supply additional AWS Profiles to integrate

type ExistingIamRoleDetails

type ExistingIamRoleDetails struct {
	// Existing IAM Role ARN
	Arn string

	// Existing IAM Role Name
	Name string

	// Existing IAM Role External Id
	ExternalId string
}

func NewExistingIamRoleDetails

func NewExistingIamRoleDetails(name string, arn string, externalId string) *ExistingIamRoleDetails

NewExistingIamRoleDetails Create new existing IAM role details

func (*ExistingIamRoleDetails) IsPartial added in v0.24.0

func (e *ExistingIamRoleDetails) IsPartial() bool

type GenerateAwsTfConfigurationArgs

type GenerateAwsTfConfigurationArgs struct {
	// Should we configure Cloudtrail integration in LW?
	Cloudtrail bool

	// Optional name for CloudTrail
	CloudtrailName string

	// Should we configure CSPM integration in LW?
	Config bool

	// Optional name for config
	ConfigName string

	// Supply an AWS region for where to find the cloudtrail resources
	// TODO @ipcrm future: support split regions for resources (s3 one place, sns another, etc)
	AwsRegion string

	// Supply an AWS Profile name for the main account, only asked if configuring multiple
	AwsProfile string

	// Existing S3 Bucket ARN (Required when using existing cloudtrail)
	ExistingCloudtrailBucketArn string

	// Optionally supply existing IAM role details
	ExistingIamRole *ExistingIamRoleDetails

	// Existing SNS Topic
	ExistingSnsTopicArn string

	// Consolidated Trail
	ConsolidatedCloudtrail bool

	// Should we force destroy the bucket if it has stuff in it? (only relevant on new Cloudtrail creation)
	// DEPRECATED
	ForceDestroyS3Bucket bool

	// Enable encryption of bucket if it is created
	BucketEncryptionEnabled bool

	// Indicates that the Bucket Encryption flag has been actively set
	// this is needed to show this it was set actively to false, rather
	// than default value for bool
	BucketEncryptionEnabledSet bool

	// Optional name of bucket if creating a new one
	BucketName string

	// Arn of the KMS encryption key for S3, required when bucket encryption in enabled
	BucketSseKeyArn string

	// SNS Topic name if creating one and not using an existing one
	SnsTopicName string

	// Enable encryption of SNS if it is created
	SnsTopicEncryptionEnabled bool

	// Indicates that the SNS Encryption flag has been actively set
	// this is needed to show this it was set actively to false, rather
	// than default value for bool
	SnsEncryptionEnabledSet bool

	// Arn of the KMS encryption key for SNS, required when SNS encryption in enabled
	SnsTopicEncryptionKeyArn string

	// SSQ Queue name if creating one and not using an existing one
	SqsQueueName string

	// Enable encryption of SQS if it is created
	SqsEncryptionEnabled bool

	// Indicates that the SQS Encryption flag has been actively set
	// this is needed to show this it was set actively to false, rather
	// than default value for bool
	SqsEncryptionEnabledSet bool

	// Arn of the KMS encryption key for SQS, required when SQS encryption in enabled
	SqsEncryptionKeyArn string

	// For AWS Subaccounts in consolidated CT setups
	// TODO @ipcrm future: what about many individual ct/config integrations together?
	SubAccounts []AwsSubAccount

	// Lacework Profile to use
	LaceworkProfile string

	// The Lacework AWS Root Account ID
	LaceworkAccountID string

	S3BucketNotification bool
}

func NewTerraform

func NewTerraform(
	region string, enableConfig bool, enableCloudtrail bool, mods ...AwsTerraformModifier,
) *GenerateAwsTfConfigurationArgs

NewTerraform returns an instance of the GenerateAwsTfConfigurationArgs struct with the provided region and enabled settings (config/cloudtrail).

Note: Additional configuration details may be set using modifiers of the AwsTerraformModifier type

Basic usage: Initialize a new AwsTerraformModifier struct, with a non-default AWS profile set. Then use generate to

           create a string output of the required HCL.

hcl, err := aws.NewTerraform("us-east-1", true, true,
  aws.WithAwsProfile("mycorp-profile")).Generate()

func (*GenerateAwsTfConfigurationArgs) Generate

func (args *GenerateAwsTfConfigurationArgs) Generate() (string, error)

Generate new Terraform code based on the supplied args.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL