Documentation ¶
Index ¶
- Constants
- Variables
- func AWSProviderVersionConstraint() string
- func Apply(dirname string, autoApprove bool) error
- func Destroy(dirname string, autoApprove bool) error
- func EnsureStateManager(ctx context.Context, cfg *awscfg.Config) (*awsiam.Role, error)
- func Fmt(dirname string) error
- func Init(dirname string) error
- func InstalledVersion() (string, error)
- func Plan(dirname string) error
- func ProvidersLock(dirname string) error
- func RequiredVersion() string
- func Root(ctx context.Context, cfg *awscfg.Config, dirname, region string) (err error)
- func S3BucketName(region string) string
- func Scaffold(domain string, commonAndSubstrateModule bool) (err error)
- func ShortInstalledVersion() (string, error)
- func StateList(dirname string) error
- func StateRm(dirname string, address string) (err error)
- func Upgrade(dirname string) error
- type Block
- type DataSubnet
- type DataSubnets
- type DataVPC
- type Directory
- func IntranetGlobalModule() *Directory
- func IntranetRegionalModule() *Directory
- func LambdaFunctionGlobalModule() *Directory
- func LambdaFunctionRegionalModule() *Directory
- func NewDirectory() *Directory
- func PeeringConnectionModule() *Directory
- func SubstrateGlobalModule() *Directory
- func SubstrateRegionalModule() *Directory
- type EC2Tag
- type EIP
- type EgressOnlyInternetGateway
- type File
- type InternetGateway
- type Module
- type NATGateway
- type Organization
- type Output
- type PrincipalAssociation
- type Provider
- type ProviderAlias
- type RemoteState
- type RemoteStateConfig
- type ResourceAssociation
- type ResourceShare
- type Route
- type RouteTable
- type RouteTableAssociation
- type S3Bucket
- type S3BucketOwnershipControls
- type Subnet
- type Tags
- type TimeSleep
- type VPC
- type VPCEndpoint
- type Value
- type ValueSlice
Constants ¶
const ( ModulesDirname = "modules" RootModulesDirname = "root-modules" )
const ( DefaultProviderAlias = ProviderAlias("aws") NetworkProviderAlias = ProviderAlias("aws.network") UsEast1ProviderAlias = ProviderAlias("aws.us-east-1") )
const ( BucketOwnerPreferred = "BucketOwnerPreferred" ObjectWriter = "ObjectWriter" )
const ( AWSProviderVersionConstraintFilename = "terraform-aws.version-constraint" DefaultAWSProviderVersionConstraint = "~> 5.35" RequiredVersionFilename = "terraform.version" )
const DynamoDBTableName = "terraform-state-locks"
Variables ¶
var DefaultRequiredVersion = "" // replaced at build time with the contents of terraform.version; see Makefile
Functions ¶
func AWSProviderVersionConstraint ¶
func AWSProviderVersionConstraint() string
func EnsureStateManager ¶
EnsureStateManager manages an S3 bucket, a DynamoDB table, and an IAM role in the Substrate account that every other account in the organization can use to read, write, and lock Terraform state. This must be called in the Substrate account.
func InstalledVersion ¶
func ProvidersLock ¶
func RequiredVersion ¶
func RequiredVersion() string
func Root ¶
Root sets up the given directory as a root Terraform module by creating a few local files and AWS resources. Set it up to store remote Terraform state in the given region. It can only be called with a *Config with the Administrator role in an admin account or one already in the management account. It creates the following files: - Makefile, a convenience for running Terraform from other directories. - .gitignore, to avoid committing providers and Lambda zip files. - terraform.tf, for configuring DynamoDB/S3-backed Terraform state files. TODO factor all the code generation of providers, the shared-between-accounts module for a domain, etc. into a RootModule type
func S3BucketName ¶
func Scaffold ¶
Scaffold generates modules/domain/{global,regional}, both setup with both modules/{common,substrate} already instantiated if commonAndSubstrateModules is true. These are the best places to put your own Terraform code to make it domain-, environment-, quality-, and region-aware.
func ShortInstalledVersion ¶
Types ¶
type DataSubnet ¶
type DataSubnet struct {
ForEach, Id Value
Label Value
Provider ProviderAlias
}
func (DataSubnet) Ref ¶
func (d DataSubnet) Ref() Value
func (DataSubnet) Template ¶
func (DataSubnet) Template() string
type DataSubnets ¶
type DataSubnets struct { Label Value Provider ProviderAlias Tags Tags VpcId Value }
func (DataSubnets) Ref ¶
func (d DataSubnets) Ref() Value
func (DataSubnets) Template ¶
func (DataSubnets) Template() string
type DataVPC ¶
type DataVPC struct { Label Value Provider ProviderAlias Tags Tags }
type Directory ¶
type Directory struct { ConfigurationAliases []ProviderAlias // for replacing deprecated `provider "aws" { alias = "..." }` blocks Files map[string]string RemoveFiles []string // it's not enough to remove a file from terraform/modules/..., we must know to remove it from end-user systems VersionConstraints bool }
func IntranetGlobalModule ¶
func IntranetGlobalModule() *Directory
func IntranetRegionalModule ¶
func IntranetRegionalModule() *Directory
func LambdaFunctionGlobalModule ¶
func LambdaFunctionGlobalModule() *Directory
func LambdaFunctionRegionalModule ¶
func LambdaFunctionRegionalModule() *Directory
func NewDirectory ¶
func NewDirectory() *Directory
func PeeringConnectionModule ¶
func PeeringConnectionModule() *Directory
func SubstrateGlobalModule ¶
func SubstrateGlobalModule() *Directory
func SubstrateRegionalModule ¶
func SubstrateRegionalModule() *Directory
type EC2Tag ¶
type EC2Tag struct { DependsOn ValueSlice ForEach Value Key, Value Value Label Value Provider ProviderAlias ResourceId Value }
EC2Tag generates the aws_ec2_tag resource, useful for tagging VPCs created in another account and shared into this one (because their tags don't get shared along).
type EIP ¶
type EIP struct { Commented bool // set by a command-line flag to control costs incurred by NAT Gateways InternetGatewayRef Value Label Value Provider ProviderAlias Tags Tags }
type EgressOnlyInternetGateway ¶
type EgressOnlyInternetGateway struct { Label Value Provider ProviderAlias Tags Tags VpcId Value }
func (EgressOnlyInternetGateway) Ref ¶
func (egw EgressOnlyInternetGateway) Ref() Value
func (EgressOnlyInternetGateway) Template ¶
func (EgressOnlyInternetGateway) Template() string
type File ¶
type File struct {
// contains filtered or unexported fields
}
func (*File) WriteIfNotExists ¶
type InternetGateway ¶
type InternetGateway struct { Label Value Provider ProviderAlias Tags Tags VpcId Value }
func (InternetGateway) Ref ¶
func (igw InternetGateway) Ref() Value
func (InternetGateway) Template ¶
func (InternetGateway) Template() string
type Module ¶
type Module struct { Arguments map[string]Value DependsOn ValueSlice Label Value Provider ProviderAlias Providers map[ProviderAlias]ProviderAlias Source Value }
type NATGateway ¶
type NATGateway struct { Commented bool // set by a command-line flag to control costs InternetGatewayRef Value Label Value Provider ProviderAlias SubnetId Value Tags Tags }
func (NATGateway) Ref ¶
func (ngw NATGateway) Ref() Value
func (NATGateway) Template ¶
func (NATGateway) Template() string
type Organization ¶
type Organization struct { Label Value Provider ProviderAlias }
func (Organization) Ref ¶
func (o Organization) Ref() Value
func (Organization) Template ¶
func (Organization) Template() string
type PrincipalAssociation ¶
type PrincipalAssociation struct { Label Value Provider ProviderAlias }
func (PrincipalAssociation) Ref ¶
func (pa PrincipalAssociation) Ref() Value
func (PrincipalAssociation) Template ¶
func (PrincipalAssociation) Template() string
type Provider ¶
type Provider struct {
Alias, AliasPrefix, AliasSuffix, Region string // if unset, Alias is constructed from the other three
RoleArn string
SessionName, ExternalId string
}
func NetworkProviderFor ¶
NetworkProviderFor returns a Terraform provider for discovering the VPCs and subnets in the given region's network. The given sess must be in the management account (in any role).
func ProviderFor ¶
ProviderFor returns a Terraform provider that assumes the Administrator role in sess's account in the given region.
func UsEast1Provider ¶
UsEast1Provider returns a Terraform provider that assumes the Administrator role in sess's account in us-east-1 where it can configure services that are exclusively offered in us-east-1 such as ACM certificates for CloudFront distributions and Lambda@Edge.
See also GlobalProvider, which is for all the other global services that may be configured anywhere.
type ProviderAlias ¶
type ProviderAlias string
func ProviderAliasFor ¶
func ProviderAliasFor(region string) ProviderAlias
type RemoteState ¶
type RemoteState struct { Config RemoteStateConfig Label Value Provider ProviderAlias }
func (RemoteState) Ref ¶
func (rs RemoteState) Ref() Value
func (RemoteState) Template ¶
func (RemoteState) Template() string
type RemoteStateConfig ¶
type RemoteStateConfig struct {
Bucket, DynamoDBTable, Key, Region, RoleArn string
}
type ResourceAssociation ¶
type ResourceAssociation struct { ForEach Value Label Value Provider ProviderAlias }
func (ResourceAssociation) Ref ¶
func (ra ResourceAssociation) Ref() Value
func (ResourceAssociation) Template ¶
func (ResourceAssociation) Template() string
type ResourceShare ¶
type ResourceShare struct {}
func (ResourceShare) Ref ¶
func (rs ResourceShare) Ref() Value
func (ResourceShare) Template ¶
func (ResourceShare) Template() string
type Route ¶
type RouteTable ¶
type RouteTable struct { Label Value Provider ProviderAlias Tags Tags VpcId Value }
func (RouteTable) Ref ¶
func (rt RouteTable) Ref() Value
func (RouteTable) Template ¶
func (RouteTable) Template() string
type RouteTableAssociation ¶
type RouteTableAssociation struct { Label Value Provider ProviderAlias RouteTableId, SubnetId Value }
func (RouteTableAssociation) Ref ¶
func (rta RouteTableAssociation) Ref() Value
func (RouteTableAssociation) Template ¶
func (RouteTableAssociation) Template() string
type S3Bucket ¶
type S3Bucket struct { Bucket Value Label Value Policy Value Provider ProviderAlias Tags Tags }
type S3BucketOwnershipControls ¶
type S3BucketOwnershipControls struct { Bucket Value Label Value ObjectOwnership Value Provider ProviderAlias }
func (S3BucketOwnershipControls) Ref ¶
func (boc S3BucketOwnershipControls) Ref() Value
func (S3BucketOwnershipControls) Template ¶
func (S3BucketOwnershipControls) Template() string
type Subnet ¶
type Tags ¶
type TimeSleep ¶
type TimeSleep struct { CreateDuration Value DependsOn ValueSlice ForEach Value Label Value Provider ProviderAlias }
type VPC ¶
type VPC struct { CidrBlock Value Label Value Provider ProviderAlias Tags Tags }
func (VPC) CidrsubnetIPv4 ¶
func (VPC) CidrsubnetIPv6 ¶
type VPCEndpoint ¶
type VPCEndpoint struct { Label Value Provider ProviderAlias RouteTableIds ValueSlice ServiceName Value Tags Tags VpcId Value }
func (VPCEndpoint) Ref ¶
func (vpce VPCEndpoint) Ref() Value
func (VPCEndpoint) Template ¶
func (VPCEndpoint) Template() string
type Value ¶
type ValueSlice ¶
type ValueSlice []Value
func QSlice ¶
func QSlice(ss []string) ValueSlice
func USlice ¶
func USlice(ss []string) ValueSlice
func (ValueSlice) Empty ¶
func (vs ValueSlice) Empty() bool
func (ValueSlice) Raw ¶
func (vs ValueSlice) Raw() string
func (ValueSlice) Value ¶
func (vs ValueSlice) Value() string