From 9899de52d08b9053a1931328d5d319ca636abdfe Mon Sep 17 00:00:00 2001 From: mamraj yadav <80300065+mamrajyadav@users.noreply.github.com> Date: Fri, 20 Oct 2023 19:47:09 +0530 Subject: [PATCH] fix: update github action and tf code (#4) --- .github/dependabot.yml | 26 ++++ .github/workflows/auto_assignee.yml | 12 ++ .github/workflows/changelog.yml | 4 +- .github/workflows/readme.yml | 28 ++-- .github/workflows/terraform.yml | 86 ------------- .github/workflows/terratest.yml | 69 ---------- .github/workflows/tf-checks.yml | 26 ++++ .github/workflows/tflint.yml | 11 ++ .github/workflows/tfsec.yml | 2 +- README.yaml | 121 ++++++++++++------ .../main.tf | 19 ++- .../outputs.tf | 2 +- .../provider.tf | 3 - .../versions.tf | 4 +- .../main.tf | 26 +++- .../output.tf | 2 +- .../provider.tf | 3 - .../versions.tf | 4 +- .../main.tf | 23 +++- .../output.tf | 2 +- .../provider.tf | 3 - .../versions.tf | 4 +- .../main.tf | 26 +++- .../output.tf | 2 +- .../provider.tf | 3 - .../versions.tf | 4 +- .../aws_cloudwatch_alarm_test.go | 32 ----- .../cloudwatch_billing_to_alert_sns-test.go | 32 ----- ...atch-billing-alert-to-pre-existing-test.go | 32 ----- ...-billing-alert-to-pre-existing-sns-test.go | 32 ----- main.tf | 46 ++++--- variables.tf | 78 ++++------- versions.tf | 4 +- 33 files changed, 315 insertions(+), 456 deletions(-) create mode 100644 .github/workflows/auto_assignee.yml delete mode 100644 .github/workflows/terraform.yml delete mode 100644 .github/workflows/terratest.yml create mode 100644 .github/workflows/tf-checks.yml create mode 100644 .github/workflows/tflint.yml delete mode 100644 _example/cloudwatch-billing-alert-to-new-sns-consolidated-acct/provider.tf delete mode 100644 _example/cloudwatch-billing-alert-to-new-sns-with-acct-id/provider.tf delete mode 100644 _example/cloudwatch-billing-alert-to-pre-existing-sns-consolidated-acct/provider.tf delete mode 100644 _example/cloudwatch-billing-alert-to-pre-existing-sns-with-acct-id/provider.tf delete mode 100644 _test/cloudwatch-billing-alert-to-new-sns-consolidated-acct/aws_cloudwatch_alarm_test.go delete mode 100644 _test/cloudwatch-billing-alert-to-new-sns-with-acct-id/cloudwatch_billing_to_alert_sns-test.go delete mode 100644 _test/cloudwatch-billing-alert-to-pre-existing-sns-consolidated-acct/cloudwatch-billing-alert-to-pre-existing-test.go delete mode 100644 _test/cloudwatch-billing-alert-to-pre-existing-sns-with-acct-id/cloudwatch-billing-alert-to-pre-existing-sns-test.go diff --git a/.github/dependabot.yml b/.github/dependabot.yml index c08cefc..abfee59 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -2,8 +2,20 @@ # package ecosystems to update and where the package manifests are located. # Please see the documentation for all configuration options: # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + version: 2 updates: + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + open-pull-requests-limit: 3 + assignees: + - "clouddrove-ci" + reviewers: + - "approvers" + - package-ecosystem: "terraform" # See documentation for possible values directory: "/" # Location of package manifests schedule: @@ -14,6 +26,9 @@ updates: # Add reviewer reviewers: - "approvers" + # Allow up to 3 open pull requests for pip dependencies + open-pull-requests-limit: 3 + - package-ecosystem: "terraform" # See documentation for possible values directory: "_example/cloudwatch-billing-alert-to-new-sns-consolidated-acct" # Location of package manifests schedule: @@ -24,6 +39,9 @@ updates: # Add reviewer reviewers: - "approvers" + # Allow up to 3 open pull requests for pip dependencies + open-pull-requests-limit: 3 + - package-ecosystem: "terraform" # See documentation for possible values directory: "_example/cloudwatch-billing-alert-to-new-sns-with-acct-id" # Location of package manifests schedule: @@ -34,6 +52,9 @@ updates: # Add reviewer reviewers: - "approvers" + # Allow up to 3 open pull requests for pip dependencies + open-pull-requests-limit: 3 + - package-ecosystem: "terraform" # See documentation for possible values directory: "_example/cloudwatch-billing-alert-to-pre-existing-sns-consolidated-acct" # Location of package manifests schedule: @@ -44,6 +65,9 @@ updates: # Add reviewer reviewers: - "approvers" + # Allow up to 3 open pull requests for pip dependencies + open-pull-requests-limit: 3 + - package-ecosystem: "terraform" # See documentation for possible values directory: "_example/cloudwatch-billing-alert-to-pre-existing-sns-with-acct-id" # Location of package manifests schedule: @@ -54,3 +78,5 @@ updates: # Add reviewer reviewers: - "approvers" + # Allow up to 3 open pull requests for pip dependencies + open-pull-requests-limit: 3 diff --git a/.github/workflows/auto_assignee.yml b/.github/workflows/auto_assignee.yml new file mode 100644 index 0000000..88ebb73 --- /dev/null +++ b/.github/workflows/auto_assignee.yml @@ -0,0 +1,12 @@ +name: Auto Assign PRs +on: + pull_request: + types: [opened, reopened] + workflow_dispatch: +jobs: + assignee: + uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@1.0.6 + secrets: + GITHUB: ${{ secrets.GITHUB }} + with: + assignees: 'clouddrove-ci' diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index 4b735f5..7d9ffdf 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -7,7 +7,7 @@ on: workflow_dispatch: jobs: changelog: - uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@1.0.6 secrets: inherit with: - branch: 'master' \ No newline at end of file + branch: 'master' diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml index cb49f18..34377d8 100644 --- a/.github/workflows/readme.yml +++ b/.github/workflows/readme.yml @@ -3,44 +3,42 @@ on: push: branches: - master - jobs: - readme-create: + readme: name: 'readme-create' runs-on: ubuntu-latest steps: - name: 'Checkout' - uses: actions/checkout@v2.3.4 + uses: actions/checkout@master - - name: Set up Python 3.7 - uses: actions/setup-python@v2 + - name: 'Set up Python 3.7' + uses: actions/setup-python@v4 with: python-version: '3.x' - name: 'create readme' - uses: 'clouddrove/github-actions@v9.0.2' + uses: 'clouddrove/github-actions@9.0.3' with: actions_subcommand: 'readme' - github_token: '${{ secrets.GITHUB}}' + github_token: '${{ secrets.GITHUB }}' env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}} - + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: pre-commit check errors - uses: pre-commit/action@v2.0.0 + - name: 'pre-commit check errors' + uses: pre-commit/action@v3.0.0 continue-on-error: true - - name: pre-commit fix erros - uses: pre-commit/action@v2.0.0 + - name: 'pre-commit fix erros' + uses: pre-commit/action@v3.0.0 continue-on-error: true - name: 'push readme' - uses: 'clouddrove/github-actions@v9.0.2' + uses: 'clouddrove/github-actions@9.0.3' continue-on-error: true with: actions_subcommand: 'push' env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: 'Slack Notification' uses: clouddrove/action-slack@v2 diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml deleted file mode 100644 index 73398b3..0000000 --- a/.github/workflows/terraform.yml +++ /dev/null @@ -1,86 +0,0 @@ -name: static-checks - -on: - pull_request: - -jobs: - versionExtract: - name: Get min/max versions - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Terraform min/max versions - id: minMax - uses: clowdhaus/terraform-min-max@main - outputs: - minVersion: ${{ steps.minMax.outputs.minVersion }} - maxVersion: ${{ steps.minMax.outputs.maxVersion }} - - - versionEvaluate: - name: Evaluate Terraform versions - runs-on: ubuntu-latest - needs: versionExtract - strategy: - fail-fast: false - matrix: - version: - - ${{ needs.versionExtract.outputs.minVersion }} - - ${{ needs.versionExtract.outputs.maxVersion }} - directory: - - _example/cloudwatch-billing-alert-to-new-sns-consolidated-acct - - _example/cloudwatch-billing-alert-to-new-sns-with-acct-id - - _example/cloudwatch-billing-alert-to-pre-existing-sns-consolidated-acct - - _example/cloudwatch-billing-alert-to-pre-existing-sns-with-acct-id - - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Install Terraform v${{ matrix.version }} - uses: hashicorp/setup-terraform@v1 - with: - terraform_version: ${{ matrix.version }} - - - name: 'Configure AWS Credentials' - uses: clouddrove/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }} - aws-region: us-east-2 - - - name: Init & validate v${{ matrix.version }} - run: | - cd ${{ matrix.directory }} - terraform init - terraform validate - terraform plan -input=false -no-color - - - name: tflint - uses: reviewdog/action-tflint@master - with: - tflint_version: v0.29.0 - github_token: ${{ secrets.GITHUB }} - working_directory: ${{ matrix.directory }} - fail_on_error: 'true' - filter_mode: 'nofilter' - flags: '--module' - format: - name: Check code format - runs-on: ubuntu-latest - needs: versionExtract - - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Install Terraform v${{ needs.versionExtract.outputs.maxVersion }} - uses: hashicorp/setup-terraform@v1 - with: - terraform_version: ${{ needs.versionExtract.outputs.maxVersion }} - - - name: Check Terraform format changes - run: terraform fmt --recursive diff --git a/.github/workflows/terratest.yml b/.github/workflows/terratest.yml deleted file mode 100644 index 2c8c142..0000000 --- a/.github/workflows/terratest.yml +++ /dev/null @@ -1,69 +0,0 @@ -name: 'Terratest GitHub Actions' -on: - pull_request: - branches: - - master - types: [labeled] - -jobs: - terraform: - name: 'Terraform' - runs-on: ubuntu-latest - steps: - - - name: 'Checkout' - uses: actions/checkout@master - - - name: Configure AWS Credentials - uses: clouddrove/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }} - aws-region: us-east-2 - - - name: 'Terratest new-sns-consolidated-acct' - if: ${{ github.event.label.name == 'terratest' }} - uses: 'clouddrove/github-actions@v9.0.2' - with: - actions_subcommand: 'terratest' - tf_actions_working_dir: '_test/cloudwatch-billing-alert-to-new-sns-consolidated-acct' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: 'Terratest new-sns-with-acct-id' - if: ${{ github.event.label.name == 'terratest' }} - uses: 'clouddrove/github-actions@v9.0.2' - with: - actions_subcommand: 'terratest' - tf_actions_working_dir: '_test/cloudwatch-billing-alert-to-new-sns-with-acct-id' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: 'Terratest pre-existing-sns-consolidated-acct' - if: ${{ github.event.label.name == 'terratest' }} - uses: 'clouddrove/github-actions@v9.0.2' - with: - actions_subcommand: 'terratest' - tf_actions_working_dir: '_test/cloudwatch-billing-alert-to-pre-existing-sns-consolidated-acct' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: 'Terratest pre-existing-sns-with-acct-id' - if: ${{ github.event.label.name == 'terratest' }} - uses: 'clouddrove/github-actions@v9.0.2' - with: - actions_subcommand: 'terratest' - tf_actions_working_dir: '_test/cloudwatch-billing-alert-to-pre-existing-sns-with-acct-id' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: 'Slack Notification' - uses: clouddrove/action-slack@v2 - with: - status: ${{ job.status }} - fields: repo,author - author_name: 'CloudDrove' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required - if: always() \ No newline at end of file diff --git a/.github/workflows/tf-checks.yml b/.github/workflows/tf-checks.yml new file mode 100644 index 0000000..2b4a8da --- /dev/null +++ b/.github/workflows/tf-checks.yml @@ -0,0 +1,26 @@ +name: tf-checks +on: + push: + branches: [ master ] + pull_request: + workflow_dispatch: +jobs: + cloudwatch-billing-alert-to-new-sns-consolidated-acct-example: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.6 + with: + working_directory: './_example/cloudwatch-billing-alert-to-new-sns-consolidated-acct/' + + cloudwatch-billing-alert-to-new-sns-with-acct-id-example: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.6 + with: + working_directory: './_example/cloudwatch-billing-alert-to-new-sns-with-acct-id/' + + cloudwatch-billing-alert-to-pre-existing-sns-consolidated-acct-example: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.6 + with: + working_directory: './_example/cloudwatch-billing-alert-to-pre-existing-sns-consolidated-acct/' + + cloudwatch-billing-alert-to-pre-existing-sns-with-acct-id-example: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.6 + with: + working_directory: './_example/cloudwatch-billing-alert-to-pre-existing-sns-with-acct-id/' diff --git a/.github/workflows/tflint.yml b/.github/workflows/tflint.yml new file mode 100644 index 0000000..7c664c9 --- /dev/null +++ b/.github/workflows/tflint.yml @@ -0,0 +1,11 @@ +name: tf-lint +on: + push: + branches: [ master ] + pull_request: + workflow_dispatch: +jobs: + tf-lint: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@1.0.6 + secrets: + GITHUB: ${{ secrets.GITHUB }} diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml index c203751..e5e4394 100644 --- a/.github/workflows/tfsec.yml +++ b/.github/workflows/tfsec.yml @@ -5,7 +5,7 @@ on: workflow_dispatch: jobs: tfsec: - uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@1.0.6 secrets: inherit with: working_directory: '.' diff --git a/README.yaml b/README.yaml index 8613b79..3740c77 100644 --- a/README.yaml +++ b/README.yaml @@ -15,18 +15,19 @@ github_repo: clouddrove/terraform-aws-cost-billing-alarm # Badges to display badges: - - name: "Terraform" - image: "https://img.shields.io/badge/Terraform-v1.1.7-green" - url: "https://www.terraform.io" - - name: "Licence" - image: "https://img.shields.io/badge/License-APACHE-blue.svg" - url: "LICENSE.md" + - name: "Latest Release" + image: "https://img.shields.io/github/release/clouddrove/terraform-aws-cost-billing-alarm.svg" + url: "https://github.com/clouddrove/terraform-aws-cost-billing-alarm/releases/latest" - name: "tfsec" image: "https://github.com/clouddrove/terraform-aws-cost-billing-alarm/actions/workflows/tfsec.yml/badge.svg" url: "https://github.com/clouddrove/terraform-aws-cost-billing-alarm/actions/workflows/tfsec.yml" - - name: "static-checks" - image: "https://github.com/clouddrove/terraform-aws-cost-billing-alarm/actions/workflows/terraform.yml/badge.svg" - url: "https://github.com/clouddrove/terraform-aws-cost-billing-alarm/actions/workflows/terraform.yml" + - name: "Licence" + image: "https://img.shields.io/badge/License-APACHE-blue.svg" + url: "LICENSE.md" + +prerequesties: + - name: Terraform 1.5.6 + url: https://learn.hashicorp.com/terraform/getting-started/install.html # description of this project # yamllint disable rule:line-length @@ -44,53 +45,93 @@ usage: |- ### cloudwatch-billing-alert-to-new-sns-consolidated-acct ```hcl module "billing_cloudwatch_alert" { - source = "clouddrove/terraform-aws-cost-billing-alarm/aws" - name = "billing/aws" - environment = "test" - label_order = ["name", "environment"] - monthly_billing_threshold = 10 - currency = "USD" + source = "clouddrove/terraform-aws-cost-billing-alarm/aws" + name = "billing/aws" + environment = "test" + monthly_billing_threshold = 10 + currency = "USD" + subscribers = { + sms = { + protocol = "email" + endpoint = "xxxxxxx@clouddrove.com" + endpoint_auto_confirms = false + raw_message_delivery = false + filter_policy = "" + delivery_policy = "" + confirmation_timeout_in_minutes = "60" + } + } } ``` ### cloudwatch-billing-alert-to-new-sns-with-acct-id ```hcl module "billing_cloudwatch_alert" { - source = "clouddrove/terraform-aws-cost-billing-alarm/aws" - name = "billing/aws" - environment = "test" - label_order = ["name", "environment"] - aws_env = var.aws_profile - aws_account_id = 111111111111 - monthly_billing_threshold = 500 - currency = "USD" + source = "clouddrove/terraform-aws-cost-billing-alarm/aws" + name = "billing/aws" + environment = "test" + aws_account_id = 11111111111 + monthly_billing_threshold = 100 + currency = "USD" + + subscribers = { + sms = { + protocol = "email" + endpoint = "xxxxxxxxclouddrove.com" + endpoint_auto_confirms = false + raw_message_delivery = false + filter_policy = "" + delivery_policy = "" + confirmation_timeout_in_minutes = "60" + } + } } ``` ### cloudwatch-billing-alert-to-pre-existing-sns-consolidated-acct ```hcl module "billing_cloudwatch_alert" { - source = "clouddrove/terraform-aws-cost-billing-alarm/aws" - name = "billing/aws" - environment = "test" - label_order = ["name", "environment"] - aws_env = var.aws_profile - monthly_billing_threshold = 500 - currency = "USD" - aws_sns_topic_arn = ["arn:aws:lambda:us-east-1:111111111111:function:bb-root-org-notify_slack"] + source = "clouddrove/terraform-aws-cost-billing-alarm/aws" + name = "billing/aws" + environment = "test" + monthly_billing_threshold = 500 + currency = "USD" + #sns_topic_arns = ["arn:aws:lambda:us-east-1:111111111111:function:bb-root-org-notify_slack"] + subscribers = { + sms = { + protocol = "email" + endpoint = "xxxxxclouddrove.com" + endpoint_auto_confirms = false + raw_message_delivery = false + filter_policy = "" + delivery_policy = "" + confirmation_timeout_in_minutes = "60" + } + } } ``` ### cloudwatch-billing-alert-to-pre-existing-sns-with-acct-id ```hcl module "billing_cloudwatch_alert" { - source = "clouddrove/terraform-aws-cost-billing-alarm/aws" - name = "billing/aws" - environment = "test" - label_order = ["name", "environment"] - aws_account_id = 111111111111 - monthly_billing_threshold = 500 - currency = "USD" - aws_sns_topic_arn = ["arn:aws:lambda:us-east-1:111111111111:function:bb-root-org-notify_slack"] + source = "clouddrove/terraform-aws-cost-billing-alarm/aws" + name = "billing/aws" + environment = "test" + aws_account_id = 111111111111 + monthly_billing_threshold = 500 + currency = "USD" + #sns_topic_arns = ["arn:aws:lambda:us-east-1:111111111111:function:bb-root-org-notify_slack"] + + subscribers = { + sms = { + protocol = "email" + endpoint = "clouddrove.com" + endpoint_auto_confirms = false + raw_message_delivery = false + filter_policy = "" + delivery_policy = "" + confirmation_timeout_in_minutes = "60" + } + } } - ``` \ No newline at end of file + ``` diff --git a/_example/cloudwatch-billing-alert-to-new-sns-consolidated-acct/main.tf b/_example/cloudwatch-billing-alert-to-new-sns-consolidated-acct/main.tf index 8ac454f..4ec7a76 100644 --- a/_example/cloudwatch-billing-alert-to-new-sns-consolidated-acct/main.tf +++ b/_example/cloudwatch-billing-alert-to-new-sns-consolidated-acct/main.tf @@ -1,9 +1,22 @@ -module "billing_cloudwatch_alert" { - source = "../../../terraform-aws-cost-billing-alarm" +provider "aws" { + region = "us-east-1" +} +module "billing_cloudwatch_alert" { + source = "../.././" name = "billing/aws" environment = "test" - label_order = ["name", "environment"] monthly_billing_threshold = 10 currency = "USD" + subscribers = { + sms = { + protocol = "email" + endpoint = "xxxxxxx@clouddrove.com" + endpoint_auto_confirms = false + raw_message_delivery = false + filter_policy = "" + delivery_policy = "" + confirmation_timeout_in_minutes = "60" + } + } } diff --git a/_example/cloudwatch-billing-alert-to-new-sns-consolidated-acct/outputs.tf b/_example/cloudwatch-billing-alert-to-new-sns-consolidated-acct/outputs.tf index d468874..1bca2a7 100644 --- a/_example/cloudwatch-billing-alert-to-new-sns-consolidated-acct/outputs.tf +++ b/_example/cloudwatch-billing-alert-to-new-sns-consolidated-acct/outputs.tf @@ -1,4 +1,4 @@ output "sns_topic" { - value = [module.billing_cloudwatch_alert.sns_topic_arns] + value = [module.billing_cloudwatch_alert.sns_topic_arns] description = "List of SNS Topic ARNs to be subscribed to in order to delivery the clodwatch billing alarms." } diff --git a/_example/cloudwatch-billing-alert-to-new-sns-consolidated-acct/provider.tf b/_example/cloudwatch-billing-alert-to-new-sns-consolidated-acct/provider.tf deleted file mode 100644 index e70fb2f..0000000 --- a/_example/cloudwatch-billing-alert-to-new-sns-consolidated-acct/provider.tf +++ /dev/null @@ -1,3 +0,0 @@ -provider "aws" { - region = "us-east-1" -} \ No newline at end of file diff --git a/_example/cloudwatch-billing-alert-to-new-sns-consolidated-acct/versions.tf b/_example/cloudwatch-billing-alert-to-new-sns-consolidated-acct/versions.tf index 87b6d15..ef355e6 100644 --- a/_example/cloudwatch-billing-alert-to-new-sns-consolidated-acct/versions.tf +++ b/_example/cloudwatch-billing-alert-to-new-sns-consolidated-acct/versions.tf @@ -1,11 +1,11 @@ # Terraform version terraform { - required_version = ">= 1.3.6" + required_version = ">= 1.6.1" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.48.0" + version = ">= 5.20.1" } } } diff --git a/_example/cloudwatch-billing-alert-to-new-sns-with-acct-id/main.tf b/_example/cloudwatch-billing-alert-to-new-sns-with-acct-id/main.tf index 6d0d179..fc75c9e 100644 --- a/_example/cloudwatch-billing-alert-to-new-sns-with-acct-id/main.tf +++ b/_example/cloudwatch-billing-alert-to-new-sns-with-acct-id/main.tf @@ -1,10 +1,24 @@ -module "billing_cloudwatch_alert" { - source = "../../../terraform-aws-cost-billing-alarm" +provider "aws" { + region = "us-east-1" +} +module "billing_cloudwatch_alert" { + source = "../.././" name = "billing/aws" environment = "test" - label_order = ["name", "environment"] - aws_account_id = 111111111111 - monthly_billing_threshold = 500 + aws_account_id = 11111111111 + monthly_billing_threshold = 10 currency = "USD" -} \ No newline at end of file + + subscribers = { + sms = { + protocol = "email" + endpoint = "xxxxxxx@clouddrove.com" + endpoint_auto_confirms = false + raw_message_delivery = false + filter_policy = "" + delivery_policy = "" + confirmation_timeout_in_minutes = "60" + } + } +} diff --git a/_example/cloudwatch-billing-alert-to-new-sns-with-acct-id/output.tf b/_example/cloudwatch-billing-alert-to-new-sns-with-acct-id/output.tf index f1e9b94..c9f777d 100644 --- a/_example/cloudwatch-billing-alert-to-new-sns-with-acct-id/output.tf +++ b/_example/cloudwatch-billing-alert-to-new-sns-with-acct-id/output.tf @@ -1,4 +1,4 @@ output "sns_topic" { - value = [module.billing_cloudwatch_alert.sns_topic_arns] + value = [module.billing_cloudwatch_alert.sns_topic_arns] description = "List of SNS Topic ARNs to be subscribed to in order to delivery the clodwatch billing alarms." } \ No newline at end of file diff --git a/_example/cloudwatch-billing-alert-to-new-sns-with-acct-id/provider.tf b/_example/cloudwatch-billing-alert-to-new-sns-with-acct-id/provider.tf deleted file mode 100644 index e70fb2f..0000000 --- a/_example/cloudwatch-billing-alert-to-new-sns-with-acct-id/provider.tf +++ /dev/null @@ -1,3 +0,0 @@ -provider "aws" { - region = "us-east-1" -} \ No newline at end of file diff --git a/_example/cloudwatch-billing-alert-to-new-sns-with-acct-id/versions.tf b/_example/cloudwatch-billing-alert-to-new-sns-with-acct-id/versions.tf index 87b6d15..ef355e6 100644 --- a/_example/cloudwatch-billing-alert-to-new-sns-with-acct-id/versions.tf +++ b/_example/cloudwatch-billing-alert-to-new-sns-with-acct-id/versions.tf @@ -1,11 +1,11 @@ # Terraform version terraform { - required_version = ">= 1.3.6" + required_version = ">= 1.6.1" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.48.0" + version = ">= 5.20.1" } } } diff --git a/_example/cloudwatch-billing-alert-to-pre-existing-sns-consolidated-acct/main.tf b/_example/cloudwatch-billing-alert-to-pre-existing-sns-consolidated-acct/main.tf index 2de3287..64a531c 100644 --- a/_example/cloudwatch-billing-alert-to-pre-existing-sns-consolidated-acct/main.tf +++ b/_example/cloudwatch-billing-alert-to-pre-existing-sns-consolidated-acct/main.tf @@ -1,10 +1,23 @@ -module "billing_cloudwatch_alert" { - source = "../../../terraform-aws-cost-billing-alarm" +provider "aws" { + region = "us-east-1" +} +module "billing_cloudwatch_alert" { + source = "../.././" name = "billing/aws" environment = "test" - label_order = ["name", "environment"] monthly_billing_threshold = 500 currency = "USD" - # aws_sns_topic_arn = ["arn:aws:lambda:us-east-1:111111111111:function:bb-root-org-notify_slack"] -} \ No newline at end of file + #sns_topic_arns = ["arn:aws:lambda:us-east-1:111111111111:function:bb-root-org-notify_slack"] + subscribers = { + sms = { + protocol = "email" + endpoint = "xxxxxclouddrove.com" + endpoint_auto_confirms = false + raw_message_delivery = false + filter_policy = "" + delivery_policy = "" + confirmation_timeout_in_minutes = "60" + } + } +} diff --git a/_example/cloudwatch-billing-alert-to-pre-existing-sns-consolidated-acct/output.tf b/_example/cloudwatch-billing-alert-to-pre-existing-sns-consolidated-acct/output.tf index f1e9b94..c9f777d 100644 --- a/_example/cloudwatch-billing-alert-to-pre-existing-sns-consolidated-acct/output.tf +++ b/_example/cloudwatch-billing-alert-to-pre-existing-sns-consolidated-acct/output.tf @@ -1,4 +1,4 @@ output "sns_topic" { - value = [module.billing_cloudwatch_alert.sns_topic_arns] + value = [module.billing_cloudwatch_alert.sns_topic_arns] description = "List of SNS Topic ARNs to be subscribed to in order to delivery the clodwatch billing alarms." } \ No newline at end of file diff --git a/_example/cloudwatch-billing-alert-to-pre-existing-sns-consolidated-acct/provider.tf b/_example/cloudwatch-billing-alert-to-pre-existing-sns-consolidated-acct/provider.tf deleted file mode 100644 index e70fb2f..0000000 --- a/_example/cloudwatch-billing-alert-to-pre-existing-sns-consolidated-acct/provider.tf +++ /dev/null @@ -1,3 +0,0 @@ -provider "aws" { - region = "us-east-1" -} \ No newline at end of file diff --git a/_example/cloudwatch-billing-alert-to-pre-existing-sns-consolidated-acct/versions.tf b/_example/cloudwatch-billing-alert-to-pre-existing-sns-consolidated-acct/versions.tf index 87b6d15..ef355e6 100644 --- a/_example/cloudwatch-billing-alert-to-pre-existing-sns-consolidated-acct/versions.tf +++ b/_example/cloudwatch-billing-alert-to-pre-existing-sns-consolidated-acct/versions.tf @@ -1,11 +1,11 @@ # Terraform version terraform { - required_version = ">= 1.3.6" + required_version = ">= 1.6.1" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.48.0" + version = ">= 5.20.1" } } } diff --git a/_example/cloudwatch-billing-alert-to-pre-existing-sns-with-acct-id/main.tf b/_example/cloudwatch-billing-alert-to-pre-existing-sns-with-acct-id/main.tf index 17c349c..00ba7fc 100644 --- a/_example/cloudwatch-billing-alert-to-pre-existing-sns-with-acct-id/main.tf +++ b/_example/cloudwatch-billing-alert-to-pre-existing-sns-with-acct-id/main.tf @@ -1,11 +1,25 @@ -module "billing_cloudwatch_alert" { - source = "../../../terraform-aws-cost-billing-alarm" +provider "aws" { + region = "us-east-1" +} +module "billing_cloudwatch_alert" { + source = "../.././" name = "billing/aws" environment = "test" - label_order = ["name", "environment"] - aws_account_id = 111111111111 + aws_account_id = 11111111111 monthly_billing_threshold = 500 currency = "USD" - # aws_sns_topic_arn = ["arn:aws:lambda:us-east-1:111111111111:function:bb-root-org-notify_slack"] -} \ No newline at end of file + #sns_topic_arns = ["arn:aws:lambda:us-east-1:111111111111:function:bb-root-org-notify_slack"] + + subscribers = { + sms = { + protocol = "email" + endpoint = "xxxxxxx@clouddrove.com" + endpoint_auto_confirms = false + raw_message_delivery = false + filter_policy = "" + delivery_policy = "" + confirmation_timeout_in_minutes = "60" + } + } +} diff --git a/_example/cloudwatch-billing-alert-to-pre-existing-sns-with-acct-id/output.tf b/_example/cloudwatch-billing-alert-to-pre-existing-sns-with-acct-id/output.tf index f1e9b94..c9f777d 100644 --- a/_example/cloudwatch-billing-alert-to-pre-existing-sns-with-acct-id/output.tf +++ b/_example/cloudwatch-billing-alert-to-pre-existing-sns-with-acct-id/output.tf @@ -1,4 +1,4 @@ output "sns_topic" { - value = [module.billing_cloudwatch_alert.sns_topic_arns] + value = [module.billing_cloudwatch_alert.sns_topic_arns] description = "List of SNS Topic ARNs to be subscribed to in order to delivery the clodwatch billing alarms." } \ No newline at end of file diff --git a/_example/cloudwatch-billing-alert-to-pre-existing-sns-with-acct-id/provider.tf b/_example/cloudwatch-billing-alert-to-pre-existing-sns-with-acct-id/provider.tf deleted file mode 100644 index e70fb2f..0000000 --- a/_example/cloudwatch-billing-alert-to-pre-existing-sns-with-acct-id/provider.tf +++ /dev/null @@ -1,3 +0,0 @@ -provider "aws" { - region = "us-east-1" -} \ No newline at end of file diff --git a/_example/cloudwatch-billing-alert-to-pre-existing-sns-with-acct-id/versions.tf b/_example/cloudwatch-billing-alert-to-pre-existing-sns-with-acct-id/versions.tf index 87b6d15..ef355e6 100644 --- a/_example/cloudwatch-billing-alert-to-pre-existing-sns-with-acct-id/versions.tf +++ b/_example/cloudwatch-billing-alert-to-pre-existing-sns-with-acct-id/versions.tf @@ -1,11 +1,11 @@ # Terraform version terraform { - required_version = ">= 1.3.6" + required_version = ">= 1.6.1" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.48.0" + version = ">= 5.20.1" } } } diff --git a/_test/cloudwatch-billing-alert-to-new-sns-consolidated-acct/aws_cloudwatch_alarm_test.go b/_test/cloudwatch-billing-alert-to-new-sns-consolidated-acct/aws_cloudwatch_alarm_test.go deleted file mode 100644 index 08bbe7d..0000000 --- a/_test/cloudwatch-billing-alert-to-new-sns-consolidated-acct/aws_cloudwatch_alarm_test.go +++ /dev/null @@ -1,32 +0,0 @@ -// Managed By : CloudDrove -// Description : This Terratest is used to test the Terraform terraform-aws-cost-billing-alarm module. -// Copyright @ CloudDrove. All Right Reserved. -package test - -import ( - "testing" - "github.com/gruntwork-io/terratest/modules/terraform" - "github.com/stretchr/testify/assert" -) - -func Test(t *testing.T) { - t.Parallel() - - terraformOptions := &terraform.Options{ - // Source path of Terraform directory. - TerraformDir: "../../_example/cloudwatch-billing-alert-to-new-sns-consolidated-acct", - Upgrade: true, - } - - // This will run 'terraform init' and 'terraform application' and will fail the test if any errors occur - terraform.InitAndApply(t, terraformOptions) - - // To clean up any resources that have been created, run 'terraform destroy' towards the end of the test - defer terraform.Destroy(t, terraformOptions) - - // To get the value of an output variable, run 'terraform output' - Tags := terraform.OutputMap(t, terraformOptions, "tags") - - // Check that we get back the outputs that we expect - assert.Equal(t, "aws_cloudwatch__billing_alarm-test", Tags["Name"]) -} \ No newline at end of file diff --git a/_test/cloudwatch-billing-alert-to-new-sns-with-acct-id/cloudwatch_billing_to_alert_sns-test.go b/_test/cloudwatch-billing-alert-to-new-sns-with-acct-id/cloudwatch_billing_to_alert_sns-test.go deleted file mode 100644 index d95d974..0000000 --- a/_test/cloudwatch-billing-alert-to-new-sns-with-acct-id/cloudwatch_billing_to_alert_sns-test.go +++ /dev/null @@ -1,32 +0,0 @@ -// Managed By : CloudDrove -// Description : This Terratest is used to test the Terraform EC2 module. -// Copyright @ CloudDrove. All Right Reserved. -package test - -import ( - "testing" - "github.com/gruntwork-io/terratest/modules/terraform" - "github.com/stretchr/testify/assert" -) - -func Test(t *testing.T) { - t.Parallel() - - terraformOptions := &terraform.Options{ - // Source path of Terraform directory. - TerraformDir: "../../_example/cloudwatch-billing-alert-to-new-sns-with-acct-id", - Upgrade: true, - } - - // This will run 'terraform init' and 'terraform application' and will fail the test if any errors occur - terraform.InitAndApply(t, terraformOptions) - - // To clean up any resources that have been created, run 'terraform destroy' towards the end of the test - defer terraform.Destroy(t, terraformOptions) - - // To get the value of an output variable, run 'terraform output' - Tags := terraform.OutputMap(t, terraformOptions, "tags") - - // Check that we get back the outputs that we expect - assert.Equal(t, "aws/billing_clouwatch-test", Tags["Name"]) -} \ No newline at end of file diff --git a/_test/cloudwatch-billing-alert-to-pre-existing-sns-consolidated-acct/cloudwatch-billing-alert-to-pre-existing-test.go b/_test/cloudwatch-billing-alert-to-pre-existing-sns-consolidated-acct/cloudwatch-billing-alert-to-pre-existing-test.go deleted file mode 100644 index b6c82a6..0000000 --- a/_test/cloudwatch-billing-alert-to-pre-existing-sns-consolidated-acct/cloudwatch-billing-alert-to-pre-existing-test.go +++ /dev/null @@ -1,32 +0,0 @@ -// Managed By : CloudDrove -// Description : This Terratest is used to test the Terraform EC2 module. -// Copyright @ CloudDrove. All Right Reserved. -package test - -import ( - "testing" - "github.com/gruntwork-io/terratest/modules/terraform" - "github.com/stretchr/testify/assert" -) - -func Test(t *testing.T) { - t.Parallel() - - terraformOptions := &terraform.Options{ - // Source path of Terraform directory. - TerraformDir: "../../_example/cloudwatch-billing-alert-to-pre-existing-sns-consolidated-acct", - Upgrade: true, - } - - // This will run 'terraform init' and 'terraform application' and will fail the test if any errors occur - terraform.InitAndApply(t, terraformOptions) - - // To clean up any resources that have been created, run 'terraform destroy' towards the end of the test - defer terraform.Destroy(t, terraformOptions) - - // To get the value of an output variable, run 'terraform output' - Tags := terraform.OutputMap(t, terraformOptions, "tags") - - // Check that we get back the outputs that we expect - assert.Equal(t, "aws/billing_cloudwatch-test", Tags["Name"]) -} \ No newline at end of file diff --git a/_test/cloudwatch-billing-alert-to-pre-existing-sns-with-acct-id/cloudwatch-billing-alert-to-pre-existing-sns-test.go b/_test/cloudwatch-billing-alert-to-pre-existing-sns-with-acct-id/cloudwatch-billing-alert-to-pre-existing-sns-test.go deleted file mode 100644 index ab6fe46..0000000 --- a/_test/cloudwatch-billing-alert-to-pre-existing-sns-with-acct-id/cloudwatch-billing-alert-to-pre-existing-sns-test.go +++ /dev/null @@ -1,32 +0,0 @@ -// Managed By : CloudDrove -// Description : This Terratest is used to test the Terraform terraform-aws-cost-billing-alarm module. -// Copyright @ CloudDrove. All Right Reserved. -package test - -import ( - "testing" - "github.com/gruntwork-io/terratest/modules/terraform" - "github.com/stretchr/testify/assert" -) - -func Test(t *testing.T) { - t.Parallel() - - terraformOptions := &terraform.Options{ - // Source path of Terraform directory. - TerraformDir: "../../_example/cloudwatch-billing-alert-to-pre-existing-sns-with-acct-id", - Upgrade: true, - } - - // This will run 'terraform init' and 'terraform application' and will fail the test if any errors occur - terraform.InitAndApply(t, terraformOptions) - - // To clean up any resources that have been created, run 'terraform destroy' towards the end of the test - defer terraform.Destroy(t, terraformOptions) - - // To get the value of an output variable, run 'terraform output' - Tags := terraform.OutputMap(t, terraformOptions, "tags") - - // Check that we get back the outputs that we expect - assert.Equal(t, "billing_cloudwatch-test", Tags["Name"]) -} \ No newline at end of file diff --git a/main.tf b/main.tf index d68ed37..7e408a2 100644 --- a/main.tf +++ b/main.tf @@ -1,11 +1,6 @@ -# Managed By : CloudDrove -# Description : This Script is used to create Elasticsearch. -# Copyright @ CloudDrove. All Right Reserved. - -#Module : Label -#Description : This terraform module is designed to generate consistent label names and -# tags for resources. You can use terraform-labels to implement a strict -# naming convention. +##----------------------------------------------------------------------------- +## Labels module callled that will be used for naming and tags. +##----------------------------------------------------------------------------- module "labels" { source = "clouddrove/labels/aws" version = "1.3.0" @@ -15,13 +10,11 @@ module "labels" { repository = var.repository environment = var.environment managedby = var.managedby - attributes = var.attributes label_order = var.label_order } #Module : locals #Description : This terraform module to creat account-billing alarm - locals { alarm = { @@ -41,12 +34,13 @@ locals { linked_account = var.aws_account_id } } - } -# Alarm +##----------------------------------------------------------------------------- +## Cloudwatch alarm is used to monitor a single cloud watch metric or the result of Match expression using cloud watch metrics. +##----------------------------------------------------------------------------- resource "aws_cloudwatch_metric_alarm" "account_billing_alarm" { - count = var.enable ? 1 : 0 + count = var.enable ? 1 : 0 alarm_name = lookup(local.alarm, "name") alarm_description = lookup(local.alarm, "description") comparison_operator = lookup(local.alarm, "comparison_operator") @@ -66,13 +60,12 @@ resource "aws_cloudwatch_metric_alarm" "account_billing_alarm" { tags = module.labels.tags } - -#Module : SNS TOPIC -#Description : Terraform module which creates SNS Topic resources on AWS - +##----------------------------------------------------------------------------- +## Amazon Simple Notification Service (Amazon SNS) coordinates and manages the delivery or sending of messages to subscribing endpoints or clients. +##----------------------------------------------------------------------------- +#tfsec:ignore:aws-sns-enable-topic-encryption resource "aws_sns_topic" "default" { - count = var.enable ? 1 : 0 - + count = var.enable ? 1 : 0 name = "billing-alarm-notification-${lower(var.currency)}-${var.environment}" display_name = var.display_name policy = var.policy @@ -92,3 +85,18 @@ resource "aws_sns_topic" "default" { sqs_failure_feedback_role_arn = var.sqs_failure_feedback_role_arn tags = module.labels.tags } + +##----------------------------------------------------------------------------- +## provides a resource for subscribing to SNS topics. Requires that an SNS topic exist for the subscription to attach to. +##----------------------------------------------------------------------------- +resource "aws_sns_topic_subscription" "this" { + for_each = var.subscribers + topic_arn = join("", aws_sns_topic.default[*].arn) + protocol = var.subscribers[each.key].protocol + endpoint = var.subscribers[each.key].endpoint + endpoint_auto_confirms = var.subscribers[each.key].endpoint_auto_confirms + raw_message_delivery = var.subscribers[each.key].raw_message_delivery + filter_policy = var.subscribers[each.key].filter_policy + delivery_policy = var.subscribers[each.key].delivery_policy + confirmation_timeout_in_minutes = var.subscribers[each.key].confirmation_timeout_in_minutes +} diff --git a/variables.tf b/variables.tf index 1062e45..8bffc8f 100644 --- a/variables.tf +++ b/variables.tf @@ -6,16 +6,10 @@ variable "name" { description = "Name (e.g. `app` or `cluster`)." } -variable "name_prefix" { - type = string - default = "" - description = "Name (e.g. `app` or `cluster`)." -} - variable "enabled" { type = bool - description = "Set to false to prevent the module from creating any resources." default = true + description = "Set to false to prevent the module from creating any resources." } variable "repository" { @@ -37,28 +31,10 @@ variable "environment" { variable "label_order" { type = list(any) - default = [] + default = ["name", "environment"] description = "Label order, e.g. `name`,`application`." } -variable "attributes" { - type = list(any) - default = [] - description = "Additional attributes (e.g. `1`)." -} - -variable "delimiter" { - type = string - default = "-" - description = "Delimiter to be used between `organization`, `environment`, `name` and `attributes`." -} - -variable "tags" { - type = map(any) - default = {} - description = "Additional tags (e.g. map(`BusinessUnit`,`XYZ`)." -} - variable "managedby" { type = string default = "hello@clouddrove.com" @@ -69,44 +45,25 @@ variable "managedby" { #Description : Terraform Cloudwatch Billing Alarm module variables. variable "monthly_billing_threshold" { - description = "The threshold for which estimated monthly charges will trigger the metric alarm." type = string + description = "The threshold for which estimated monthly charges will trigger the metric alarm." } variable "currency" { - description = "Short notation for currency type (e.g. USD, CAD, EUR)" type = string default = "USD" + description = "Short notation for currency type (e.g. USD, CAD, EUR)" } variable "aws_account_id" { - description = "AWS account id" type = string default = null + description = "AWS account id" } #Module : SNS TOPIC #Description : Terraform SNS TOPIC module variables. -variable "topic_name" { - type = string - default = "" - description = "The friendly name for the SNS topic. By default generated by Terraform." -} - -variable "enable_topic" { - type = bool - default = false - description = "Boolean indicating whether or not to create topic." -} - -variable "enable_sns" { - type = bool - default = false - description = "Boolean indicating whether or not to create sns." -} - - variable "display_name" { type = string default = "" @@ -126,9 +83,9 @@ variable "delivery_policy" { } variable "sns_topic_arns" { - description = "List of SNS topic ARNs to be used. If `create_sns_topic` is `true`, it merges the created SNS Topic by this module with this list of ARNs" type = list(string) default = [] + description = "List of SNS topic ARNs to be used. If `create_sns_topic` is `true`, it merges the created SNS Topic by this module with this list of ARNs" } variable "application_success_feedback_role_arn" { @@ -214,4 +171,25 @@ variable "enable" { type = bool default = "true" description = "Boolean indicating whether or not to create sns module." -} \ No newline at end of file +} + +variable "subscribers" { + type = map(object({ + protocol = string + # The protocol to use. The possible values for this are: sqs, sms, lambda, application. (http or https are partially supported, see below) (email is an option but is unsupported, see below). + endpoint = string + # The endpoint to send data to, the contents will vary with the protocol. (see below for more information) + endpoint_auto_confirms = bool + # Boolean indicating whether the end point is capable of auto confirming subscription e.g., PagerDuty (default is false) + raw_message_delivery = bool + # Boolean indicating whether or not to enable raw message delivery (the original message is directly passed, not wrapped in JSON with the original message in the message property) (default is false) + filter_policy = string + # JSON String with the filter policy that will be used in the subscription to filter messages seen by the target resource. + delivery_policy = string + # The SNS delivery policy + confirmation_timeout_in_minutes = string + # Integer indicating number of minutes to wait in retying mode for fetching subscription arn before marking it as failure. Only applicable for http and https protocols. + })) + description = "Required configuration for subscibres to SNS topic." + default = {} +} diff --git a/versions.tf b/versions.tf index 87b6d15..ef355e6 100644 --- a/versions.tf +++ b/versions.tf @@ -1,11 +1,11 @@ # Terraform version terraform { - required_version = ">= 1.3.6" + required_version = ">= 1.6.1" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.48.0" + version = ">= 5.20.1" } } }