tfctl 1.0.0.rc1 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7851ad9d647739e471f8d430dace8564f16f403f3a7e7ffb98e21384db641f53
4
- data.tar.gz: d52713addc4006e2e67f5c3fce56941697d4a9edfb6bea08953c76eeb673c2f1
3
+ metadata.gz: 6d47682cf9949db840c18d07b6f06907a9d36e2a75d0a5255b4c57f3603c0dbf
4
+ data.tar.gz: d5a81e877943fff53e903a104249e1147a827c593430bc91c0b78d5cc467fc4b
5
5
  SHA512:
6
- metadata.gz: 10f6a9bce18e905d787783a6f61a3f93724b4809d1c7f2c7e7c1edc155ba2c14b17a97096140f790c9b7e250dc4fd24f7af5c86fefea8139d25e1b15dddc65d3
7
- data.tar.gz: 9e81ab6abbc15df5917ea6b23a1b167a2cd745e057d462ce0e28db47b27c6f12477c62293893c59f1977c5c406df31dbb797818fc27978b5bd9255a12bd86370
6
+ metadata.gz: 03b7d69b7a7bbf296b0b1ab3aa8794d8b91e51559a1e2ee1d450396615aeba495b63993f84866c6fe5997d34c760da143cb66ca0cabc2a1a5a1266b701676bac
7
+ data.tar.gz: f9ebdae72fd58473c3a8cc5015fd2d2e32092488218b52efa79e2d625802ccdf4447298e45497d4ec0e03583b0edbd3a31b51e92f76a5981a5f3819f9cee1e4a
@@ -1,6 +1,6 @@
1
1
  = Changelog
2
2
 
3
- == 1.0.0-rc1 (unreleased)
3
+ == 1.0.0
4
4
 
5
5
  * feat(config): JSON schema config validation
6
6
  * feat(config): added 'data' parameter
@@ -1,4 +1,28 @@
1
- == Configuration
1
+ // Settings:
2
+ :idprefix:
3
+ :idseparator: -
4
+ ifndef::env-github[:icons: font]
5
+ ifdef::env-github,env-browser[]
6
+ :toc: macro
7
+ :toclevels: 1
8
+ endif::[]
9
+ ifdef::env-github[]
10
+ :branch: master
11
+ :status:
12
+ :outfilesuffix: .adoc
13
+ :!toc-title:
14
+ :caution-caption: :fire:
15
+ :important-caption: :exclamation:
16
+ :note-caption: :paperclip:
17
+ :tip-caption: :bulb:
18
+ :warning-caption: :warning:
19
+ endif::[]
20
+
21
+ = Configuration
22
+
23
+ toc::[]
24
+
25
+ == Overview
2
26
 
3
27
  Tfctl retrieves initial account configuration from AWS Organizations and merges
4
28
  it with configuration specified in a yaml file.
@@ -48,7 +72,7 @@ TIP: You can display the fully merged configuration by running `tfctl -c
48
72
  conf/CONFIG_FILE.yaml -s`. It's safe to run as it doesn't make any changes to
49
73
  AWS resources. It's a good way to test your configuration.
50
74
 
51
- === Defining arbitrary data
75
+ == Defining arbitrary data
52
76
 
53
77
  You can define arbitrary data under the `data:` parameter, both in the root of
54
78
  the config and in the organization sections. It will be available in Terraform
@@ -57,7 +81,7 @@ subnet ranges, s3 bucket names and so on. `data:` in organization sections
57
81
  will be merged with accounts following the usual merge order as described
58
82
  above.
59
83
 
60
- === Handling secrets
84
+ == Handling secrets
61
85
 
62
86
  No secrets should be committed into Terraform or tfctl configuration. Use AWS
63
87
  Secrets Manager instead and retrieve in Terraform profiles using
@@ -1,12 +1,32 @@
1
- :toc:
2
-
3
- == Control Tower integration guide
1
+ // Settings:
2
+ :idprefix:
3
+ :idseparator: -
4
+ ifndef::env-github[:icons: font]
5
+ ifdef::env-github,env-browser[]
6
+ :toc: macro
7
+ :toclevels: 1
8
+ endif::[]
9
+ ifdef::env-github[]
10
+ :branch: master
11
+ :status:
12
+ :outfilesuffix: .adoc
13
+ :!toc-title:
14
+ :caution-caption: :fire:
15
+ :important-caption: :exclamation:
16
+ :note-caption: :paperclip:
17
+ :tip-caption: :bulb:
18
+ :warning-caption: :warning:
19
+ endif::[]
20
+
21
+ = Control Tower integration guide
4
22
 
5
23
  This guide will help you integrate Terraform with AWS Control Tower using the
6
24
  tfctl wrapper. This involves setting up resources for remote state tracking,
7
25
  necessary IAM roles and a tfctl project.
8
26
 
9
- === Overview
27
+ toc::[]
28
+
29
+ == Overview
10
30
 
11
31
  For state tracking we're going to create a dedicated `shared-services` account
12
32
  under a `mgmt` organization unit. We'll use S3 for state storage and DynamoDB
@@ -26,7 +46,7 @@ account factory and can be assumed from the primary account.
26
46
  We're going to create a `live` and `test` organization units in Control Tower
27
47
  and provision a couple of accounts for testing.
28
48
 
29
- === Prerequisites
49
+ == Prerequisites
30
50
 
31
51
  Before starting you'll need:
32
52
 
@@ -35,7 +55,7 @@ Before starting you'll need:
35
55
  * AWS CLI tools installed on your machine.
36
56
  * Terraform 0.12 or higher.
37
57
 
38
- === Configure Control Tower
58
+ == Configure Control Tower
39
59
 
40
60
  Create the following organization units in Control Tower:
41
61
 
@@ -52,14 +72,14 @@ Then provision accounts:
52
72
  NOTE: Control Tower accounts need to be provisioned one at a time. It takes
53
73
  approximately 20 mins to provision one.
54
74
 
55
- === Install tfctl
75
+ == Install tfctl
56
76
 
57
77
  ----
58
78
  git clone git@github.com:scalefactory/tfctl.git
59
79
  cd tfctl/ && sudo make install
60
80
  ----
61
81
 
62
- === Set up AWS resources
82
+ == Set up AWS resources
63
83
 
64
84
  It's assumed you have configured AWS CLI access to the primary account.
65
85
 
@@ -128,7 +148,7 @@ aws cloudformation describe-stacks --stack-name TfctlOrgAccess
128
148
 
129
149
  NOTE: Successful status should read: `CREATE_COMPLETE`.
130
150
 
131
- === Configure tfctl
151
+ == Configure tfctl
132
152
 
133
153
  Copy the example project directory `examples/control_tower` somewhere convenient
134
154
  and edit `conf/example.yaml`.
@@ -142,7 +162,7 @@ You need to modify the following parameters:
142
162
 
143
163
  TIP: You should keep your project directory under version control.
144
164
 
145
- === Deploy example tfctl profile
165
+ == Deploy example tfctl profile
146
166
 
147
167
  The example profile will create an S3 bucket in accounts under `test`, `live`
148
168
  and `mgmt` OUs.
@@ -1,9 +1,31 @@
1
- == Creating and deploying a tfctl profile
1
+ // Settings:
2
+ :idprefix:
3
+ :idseparator: -
4
+ ifndef::env-github[:icons: font]
5
+ ifdef::env-github,env-browser[]
6
+ :toc: macro
7
+ :toclevels: 1
8
+ endif::[]
9
+ ifdef::env-github[]
10
+ :branch: master
11
+ :status:
12
+ :outfilesuffix: .adoc
13
+ :!toc-title:
14
+ :caution-caption: :fire:
15
+ :important-caption: :exclamation:
16
+ :note-caption: :paperclip:
17
+ :tip-caption: :bulb:
18
+ :warning-caption: :warning:
19
+ endif::[]
20
+
21
+ = Creating and deploying a tfctl profile
2
22
 
3
23
  This guide will show you how to create a tfctl profile, declare some resources
4
24
  in it and deploy it to to a group of accounts in an organization unit.
5
25
 
6
- === Create a new profile
26
+ toc::[]
27
+
28
+ == Create a new profile
7
29
 
8
30
  In your tfctl project directory create a new profile:
9
31
 
@@ -87,7 +109,7 @@ resource "aws_s3_bucket" "example" {
87
109
  This will create an S3 bucket with a name containing the current account name
88
110
  (which will vary depending on which account it's deployed to).
89
111
 
90
- === Assign profile to accounts
112
+ == Assign profile to accounts
91
113
 
92
114
  Before you can deploy the new profile you need to tell `tfctl` which accounts
93
115
  to deploy it to.
@@ -113,7 +135,7 @@ organization_units:
113
135
  ----
114
136
 
115
137
 
116
- === Plan
138
+ == Plan
117
139
 
118
140
  To see what would happen when the change is applied run:
119
141
 
@@ -161,7 +183,7 @@ what went wrong.
161
183
  tfctl will generate a plan file automatically and use it with `apply` in the
162
184
  next step.
163
185
 
164
- === Apply
186
+ == Apply
165
187
 
166
188
  Once you're happy with the plan, apply it.
167
189
  ----
@@ -1,4 +1,24 @@
1
- == IAM roles
1
+ // Settings:
2
+ :idprefix:
3
+ :idseparator: -
4
+ ifndef::env-github[:icons: font]
5
+ ifdef::env-github,env-browser[]
6
+ :toc: macro
7
+ :toclevels: 1
8
+ endif::[]
9
+ ifdef::env-github[]
10
+ :branch: master
11
+ :status:
12
+ :outfilesuffix: .adoc
13
+ :!toc-title:
14
+ :caution-caption: :fire:
15
+ :important-caption: :exclamation:
16
+ :note-caption: :paperclip:
17
+ :tip-caption: :bulb:
18
+ :warning-caption: :warning:
19
+ endif::[]
20
+
21
+ = IAM roles
2
22
 
3
23
  Tfctl usually requires three IAM roles to be configured:
4
24
 
@@ -1,4 +1,24 @@
1
- == Project layout
1
+ // Settings:
2
+ :idprefix:
3
+ :idseparator: -
4
+ ifndef::env-github[:icons: font]
5
+ ifdef::env-github,env-browser[]
6
+ :toc: macro
7
+ :toclevels: 1
8
+ endif::[]
9
+ ifdef::env-github[]
10
+ :branch: master
11
+ :status:
12
+ :outfilesuffix: .adoc
13
+ :!toc-title:
14
+ :caution-caption: :fire:
15
+ :important-caption: :exclamation:
16
+ :note-caption: :paperclip:
17
+ :tip-caption: :bulb:
18
+ :warning-caption: :warning:
19
+ endif::[]
20
+
21
+ = Project layout
2
22
 
3
23
  Example project structure
4
24
  ----
@@ -16,7 +36,9 @@ project_dir/
16
36
  └── variables.tf
17
37
  ----
18
38
 
19
- === tfctl configuration file
39
+ toc::[]
40
+
41
+ == tfctl configuration file
20
42
 
21
43
  Assigns Terraform profiles and configuration to accounts based on:
22
44
 
@@ -29,7 +51,7 @@ The configuration data is exposed to terraform via a profile `config` variable.
29
51
  It also defines Terraform and tfctl configuration such as state tracking and
30
52
  what IAM roles to use.
31
53
 
32
- === profiles
54
+ == profiles
33
55
 
34
56
  Profiles are re-usable collections of resources which can be applied to
35
57
  accounts. They are implemented just like usual modules but provide an
@@ -38,6 +60,6 @@ other data sources). Profiles often compose multiple modules and provide
38
60
  configuration data to them. This approach makes it possible to re-use standard
39
61
  modules (e.g. Terraform module registry).
40
62
 
41
- === modules
63
+ == modules
42
64
 
43
65
  Standard Terraform modules.
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Tfctl
4
- VERSION = '1.0.0.rc1'
4
+ VERSION = '1.0.0'
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: tfctl
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0.rc1
4
+ version: 1.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Wasilczuk
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-11-10 00:00:00.000000000 Z
11
+ date: 2019-11-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-organizations
@@ -167,9 +167,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
167
167
  version: '0'
168
168
  required_rubygems_version: !ruby/object:Gem::Requirement
169
169
  requirements:
170
- - - ">"
170
+ - - ">="
171
171
  - !ruby/object:Gem::Version
172
- version: 1.3.1
172
+ version: '0'
173
173
  requirements: []
174
174
  rubyforge_project:
175
175
  rubygems_version: 2.7.7