Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/terraform deployment stacks #93

Open
wants to merge 35 commits into
base: dev
Choose a base branch
from
Open

Feature/terraform deployment stacks #93

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
35 commits
Select commit Hold shift + click to select a range
ed83dbb
Updated with Terraform templates for DDB and Identification.
vigneswararaomacharla Jul 15, 2019
1c8890c
Updated with deployment issue changes.
vigneswararaomacharla Jul 15, 2019
eaebee8
Updated with path issues.
vigneswararaomacharla Jul 15, 2019
eded302
Updated with path issue changes.
vigneswararaomacharla Jul 15, 2019
ff045d3
Updated deployment issues fixes.
vigneswararaomacharla Jul 15, 2019
f2f51b4
Updated with deployment issue fixes.
vigneswararaomacharla Jul 15, 2019
94dd006
Updated with deployment issue fixes.
vigneswararaomacharla Jul 16, 2019
4439ebe
Updated with deployment issue fixes.
vigneswararaomacharla Jul 16, 2019
fd92643
Updated with deployment template changes.
vigneswararaomacharla Jul 17, 2019
15c1112
Updated with deployment template changes.
vigneswararaomacharla Jul 17, 2019
27f2f0a
Updated with deployment template changes.
vigneswararaomacharla Jul 17, 2019
66a0607
Updated with Identification Terraform template changes.
vigneswararaomacharla Jul 17, 2019
13aed64
Updated with terraform template changes.
vigneswararaomacharla Jul 17, 2019
80f4c87
Updated with terraform template changes.
vigneswararaomacharla Jul 17, 2019
67845a3
Updated with deployment template changes.
vigneswararaomacharla Jul 17, 2019
2eed883
Updated with template deployment changes.
vigneswararaomacharla Jul 17, 2019
c30866c
Updated with terraform deployment changes.
vigneswararaomacharla Jul 17, 2019
83e6658
Updated with terraform deployment changes.
vigneswararaomacharla Jul 17, 2019
505c589
Updated with identification terraform changes.
vigneswararaomacharla Jul 17, 2019
c7a3ab5
Updated with terraform template changes.
vigneswararaomacharla Jul 17, 2019
d74cbd2
Updated with nested terraform template changes.
vigneswararaomacharla Jul 17, 2019
e40143d
Updated with terraform template changes.
vigneswararaomacharla Jul 17, 2019
7dabf77
Updated with terraform template updates.
vigneswararaomacharla Jul 17, 2019
5dfe66f
Updated with terraform changes.
vigneswararaomacharla Jul 17, 2019
6b0c72f
Updated with terraform deployment changes.
vigneswararaomacharla Jul 17, 2019
552e4c4
Updated with deployment issue fixes.
vigneswararaomacharla Jul 17, 2019
df8484b
Updated with terraform template changes.
vigneswararaomacharla Jul 17, 2019
980b22c
Updated with terraform template changes.
vigneswararaomacharla Jul 17, 2019
fe5e1f5
Updated with terraform template changes.
vigneswararaomacharla Jul 17, 2019
b8a491a
Updated with environment variables setting.
vigneswararaomacharla Jul 18, 2019
b9e7f55
Added S3acl terraform deployment changes.
vigneswararaomacharla Jul 18, 2019
ee3e53a
Updated with nested template changes.
vigneswararaomacharla Jul 18, 2019
8b644f4
Updated with ddb changes.
vigneswararaomacharla Jul 18, 2019
83a6524
Updated with ddb table changes.
vigneswararaomacharla Jul 18, 2019
0b7e5af
Merge branch 'dev' into feature/terraform-deployment-stacks
vigneswararaomacharla Jul 18, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
348 changes: 341 additions & 7 deletions deployment/terraform/modules/ddb/ddb.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,345 @@
resource "aws_cloudformation_stack" "hammer_ddb" {
name = "hammer-ddb-creation"
resource "aws_dynamodb_table" "credentials" {

tags = "${var.tags}"
name = "${var.resources-prefix}credentials"
read_capacity = 25
write_capacity = 2
hash_key = "service"

parameters {
ResourcesPrefix = "${var.resources-prefix}"
attribute {
name = "service"
type = "S"
}

template_url = "https://${var.s3bucket}.s3.amazonaws.com/${aws_s3_bucket_object.ddb-cfn.id}"
}
server_side_encryption {
enabled = true
}
}

resource "aws_dynamodb_table" "cloudtrails" {
depends_on = ["aws_dynamodb_table.credentials" ]

name = "${var.resources-prefix}cloudtrails"
read_capacity = 20
write_capacity = 4
hash_key = "account_id"
range_key = "issue_id"

attribute {
name = "account_id"
type = "S"
}

attribute {
name = "issue_id"
type = "S"
}
}

resource "aws_dynamodb_table" "insecure-sg-dynamodb-table" {

depends_on = ["aws_dynamodb_table.credentials" ]

name = "${var.resources-prefix}security-groups-unrestricted"
read_capacity = 20
write_capacity = 4
hash_key = "account_id"
range_key = "issue_id"

attribute {
name = "account_id"
type = "S"
}

attribute {
name = "issue_id"
type = "S"
}
}

resource "aws_dynamodb_table" "s3-public-bucket-acl" {

depends_on = ["aws_dynamodb_table.credentials" ]

name = "${var.resources-prefix}s3-public-bucket-acl"
read_capacity = 20
write_capacity = 4
hash_key = "account_id"
range_key = "issue_id"

attribute {
name = "account_id"
type = "S"
}

attribute {
name = "issue_id"
type = "S"
}
}

resource "aws_dynamodb_table" "s3-public-bucket-policy" {

depends_on = ["aws_dynamodb_table.credentials" ]

name = "${var.resources-prefix}s3-public-bucket-policy"
read_capacity = 20
write_capacity = 4
hash_key = "account_id"
range_key = "issue_id"

attribute {
name = "account_id"
type = "S"
}

attribute {
name = "issue_id"
type = "S"
}
}

resource "aws_dynamodb_table" "iam-user-keys-rotation" {

depends_on = ["aws_dynamodb_table.credentials" ]

name = "${var.resources-prefix}iam-user-keys-rotation"
read_capacity = 20
write_capacity = 4
hash_key = "account_id"
range_key = "issue_id"

attribute {
name = "account_id"
type = "S"
}

attribute {
name = "issue_id"
type = "S"
}
}

resource "aws_dynamodb_table" "iam-user-keys-inactive" {

depends_on = ["aws_dynamodb_table.credentials" ]

name = "${var.resources-prefix}iam-user-keys-inactive"
read_capacity = 20
write_capacity = 4
hash_key = "account_id"
range_key = "issue_id"

attribute {
name = "account_id"
type = "S"
}

attribute {
name = "issue_id"
type = "S"
}
}

resource "aws_dynamodb_table" "ebs-volumes-unencrypted" {

depends_on = ["aws_dynamodb_table.credentials" ]

name = "${var.resources-prefix}ebs-volumes-unencrypted"
read_capacity = 20
write_capacity = 4
hash_key = "account_id"
range_key = "issue_id"

attribute {
name = "account_id"
type = "S"
}

attribute {
name = "issue_id"
type = "S"
}
}

resource "aws_dynamodb_table" "ebs-snapshots-public" {

depends_on = ["aws_dynamodb_table.credentials" ]

name = "${var.resources-prefix}ebs-snapshots-public"
read_capacity = 20
write_capacity = 4
hash_key = "account_id"
range_key = "issue_id"

attribute {
name = "account_id"
type = "S"
}

attribute {
name = "issue_id"
type = "S"
}
}

resource "aws_dynamodb_table" "rds-public-snapshots" {

depends_on = ["aws_dynamodb_table.credentials" ]

name = "${var.resources-prefix}rds-public-snapshots"
read_capacity = 20
write_capacity = 4
hash_key = "account_id"
range_key = "issue_id"

attribute {
name = "account_id"
type = "S"
}

attribute {
name = "issue_id"
type = "S"
}
}

resource "aws_dynamodb_table" "sqs-public-access" {

depends_on = ["aws_dynamodb_table.credentials" ]

name = "${var.resources-prefix}sqs-public-access"
read_capacity = 20
write_capacity = 4
hash_key = "account_id"
range_key = "issue_id"

attribute {
name = "account_id"
type = "S"
}

attribute {
name = "issue_id"
type = "S"
}
}

resource "aws_dynamodb_table" "s3-unencrypted" {

depends_on = ["aws_dynamodb_table.credentials" ]

name = "${var.resources-prefix}s3-unencrypted"
read_capacity = 20
write_capacity = 4
hash_key = "account_id"
range_key = "issue_id"

attribute {
name = "account_id"
type = "S"
}

attribute {
name = "issue_id"
type = "S"
}
}

resource "aws_dynamodb_table" "rds-unencrypted" {

depends_on = ["aws_dynamodb_table.credentials" ]

name = "${var.resources-prefix}rds-unencrypted"
read_capacity = 20
write_capacity = 4
hash_key = "account_id"
range_key = "issue_id"

attribute {
name = "account_id"
type = "S"
}

attribute {
name = "issue_id"
type = "S"
}
}

resource "aws_dynamodb_table" "ec2-public-ami" {

depends_on = ["aws_dynamodb_table.credentials" ]

name = "${var.resources-prefix}ec2-public-ami"
read_capacity = 20
write_capacity = 4
hash_key = "account_id"
range_key = "issue_id"

attribute {
name = "account_id"
type = "S"
}

attribute {
name = "issue_id"
type = "S"
}
}

resource "aws_dynamodb_table" "api-requests" {

depends_on = ["aws_dynamodb_table.credentials" ]

name = "${var.resources-prefix}api-requests"
read_capacity = 20
write_capacity = 4
hash_key = "request_id"

attribute {
name = "request_id"
type = "S"
}
}

resource "aws_dynamodb_table" "ecs-privileged-access" {

depends_on = ["aws_dynamodb_table.credentials" ]

name = "${var.resources-prefix}ecs-privileged-access"
read_capacity = 20
write_capacity = 4
hash_key = "account_id"
range_key = "issue_id"

attribute {
name = "account_id"
type = "S"
}

attribute {
name = "issue_id"
type = "S"
}
}

resource "aws_dynamodb_table" "ecs-logging" {

depends_on = ["aws_dynamodb_table.credentials" ]

name = "${var.resources-prefix}ecs-logging"
read_capacity = 20
write_capacity = 4
hash_key = "account_id"
range_key = "issue_id"

attribute {
name = "account_id"
type = "S"
}

attribute {
name = "issue_id"
type = "S"
}
}
Loading