Merge pull request #1 from clouddrove/CD-147

fix labels managedby variables
clouddrove · Mar 25, 2020 · 4284e2c · 4284e2c
2 parents 6fddf3d + b6c6ba2
commit 4284e2c
Show file tree

Hide file tree

Showing 6 changed files with 52 additions and 35 deletions.
diff --git a/README.md b/README.md
@@ -38,7 +38,7 @@
 <hr>
 
 
-We eat, drink, sleep and most importantly love **DevOps**. We are working towards stratergies for standardizing architecture while ensuring security for the infrastructure. We are strong believer of the philosophy <b>Bigger problems are always solved by breaking them into smaller manageable problems</b>. Resonating with microservices architecture, it is considered best-practice to run database, cluster, storage in smaller <b>connected yet manageable pieces</b> within the infrastructure.
+We eat, drink, sleep and most importantly love **DevOps**. We are working towards strategies for standardizing architecture while ensuring security for the infrastructure. We are strong believer of the philosophy <b>Bigger problems are always solved by breaking them into smaller manageable problems</b>. Resonating with microservices architecture, it is considered best-practice to run database, cluster, storage in smaller <b>connected yet manageable pieces</b> within the infrastructure.
 
 This module is basically combination of [Terraform open source](https://www.terraform.io/) and includes automatation tests and examples. It also helps to create and improve your infrastructure with minimalistic code instead of maintaining the whole infrastructure code yourself.
 
@@ -72,14 +72,14 @@ This module has a few dependencies:
 Here are an example of how you can use this module in your inventory structure:
 ```hcl
   module "cross-access-role" {
-        source = "git::https://github.com/clouddrove/terraform-aws-multi-account-peering.git?ref=tags/0.12.0"
-        name                   = "iam-role"
-        application            = "clouddrove"
-        environment            = "test"
-        label_order            = ["environment", "name", "application"]
-        master_account_id      = "XXXXXXXXXXX"
-        policy_arn             = "arn:aws:iam::aws:policy/AdministratorAccess"
-       }
+    source            = "git::https://github.com/clouddrove/terraform-aws-cross-account-role.git?ref=tags/0.12.1"
+    name              = "iam-role"
+    application       = "clouddrove"
+    environment       = "test"
+    label_order       = ["environment", "name", "application"]
+    master_account_id = "xxxxxxxxxx"
+    policy_arn        = "arn:aws:iam::aws:policy/AdministratorAccess"
+  }
 ```
 
 
@@ -91,22 +91,24 @@ Here are an example of how you can use this module in your inventory structure:
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
-| application | Application (e.g. `cd` or `clouddrove`). | string | `` | no |
-| description | Description of IAM Role. | string | `The role to grant permissions to this account to delegated IAM users in the master account.` | no |
-| environment | Environment (e.g. `prod`, `dev`, `staging`). | string | `` | no |
-| label_order | Label order, e.g. `name`,`application`. | list | `<list>` | no |
-| master_account_id | The ID of the master account to Read Only Access the current account. | string | - | yes |
-| name | Name  (e.g. `app` or `cluster`). | string | `` | no |
-| policy_arn | Policy ARN to attach to the role. By default it attaches `AdministratorAccess` managed policy to grant full access to AWS services and resources in the current account. | string | - | yes |
-| tags | Additional tags (e.g. map(`BusinessUnit`,`XYZ`). | map(string) | `<map>` | no |
+| application | Application \(e.g. `cd` or `clouddrove`\). | string | `""` | no |
+| description | Description of IAM Role. | string | `"The role to grant permissions to this account to delegated IAM users in the master account."` | no |
+| enabled | Enabled to create module or not. | bool | `"true"` | no |
+| environment | Environment \(e.g. `prod`, `dev`, `staging`\). | string | `""` | no |
+| label\_order | Label order, e.g. `name`,`application`. | list | `<list>` | no |
+| managedby | ManagedBy, eg 'CloudDrove' or 'AnmolNagpal'. | string | `"anmol@clouddrove.com"` | no |
+| master\_account\_id | The ID of the master account to Read Only Access the current account. | string | n/a | yes |
+| name | Name  \(e.g. `app` or `cluster`\). | string | `""` | no |
+| policy\_arn | Policy ARN to attach to the role. By default it attaches `AdministratorAccess` managed policy to grant full access to AWS services and resources in the current account. | string | n/a | yes |
+| tags | Additional tags \(e.g. map\(`BusinessUnit`,`XYZ`\). | map(string) | `<map>` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| role_arn | The Amazon Resource Name (ARN) specifying the role. |
-| role_id | The stable and unique string identifying the role. |
-| role_name | The name of the crated role. |
+| role\_arn | The Amazon Resource Name \(ARN\) specifying the role. |
+| role\_id | The stable and unique string identifying the role. |
+| role\_name | The name of the crated role. |
 | tags | A mapping of tags to assign to the resource. |
 
 
@@ -140,4 +142,4 @@ At [CloudDrove][website], we offer expert guidance, implementation support and s
   [linkedin]: https://cpco.io/linkedin
   [twitter]: https://twitter.com/clouddrove/
   [email]: https://clouddrove.com/contact-us.html
-  [terraform_modules]: https://github.com/clouddrove?utf8=%E2%9C%93&q=terraform-&type=&language=
+  [terraform_modules]: https://github.com/clouddrove?utf8=%E2%9C%93&q=terraform-&type=&language=
diff --git a/README.yaml b/README.yaml
@@ -35,12 +35,12 @@ usage : |-
   Here are an example of how you can use this module in your inventory structure:
   ```hcl
     module "cross-access-role" {
-          source = "git::https://github.com/clouddrove/terraform-aws-multi-account-peering.git?ref=tags/0.12.0"
-          name                   = "iam-role"
-          application            = "clouddrove"
-          environment            = "test"
-          label_order            = ["environment", "name", "application"]
-          master_account_id      = "XXXXXXXXXXX"
-          policy_arn             = "arn:aws:iam::aws:policy/AdministratorAccess"
-         }
+      source            = "git::https://github.com/clouddrove/terraform-aws-cross-account-role.git?ref=tags/0.12.1"
+      name              = "iam-role"
+      application       = "clouddrove"
+      environment       = "test"
+      label_order       = ["environment", "name", "application"]
+      master_account_id = "xxxxxxxxxx"
+      policy_arn        = "arn:aws:iam::aws:policy/AdministratorAccess"
+    }
   ```
diff --git a/_example/example.tf b/_example/example.tf
@@ -3,13 +3,13 @@ provider "aws" {
 }
 
 module "cross-access-role" {
-  source = "git::https://github.com/clouddrove/terraform-aws-multi-account-peering.git?ref=tags/0.12.0"
+  source = "../"
 
   name        = "iam-role"
   application = "clouddrove"
   environment = "test"
   label_order = ["environment", "name", "application"]
 
-  master_account_id = "XXXXXXXXXXX"
+  master_account_id = "924144197303"
   policy_arn        = "arn:aws:iam::aws:policy/AdministratorAccess"
 }
diff --git a/main.tf b/main.tf
@@ -9,9 +9,11 @@
 module "labels" {
   source = "git::https://github.com/clouddrove/terraform-labels.git?ref=tags/0.12.0"
 
+  enabled     = var.enabled
   name        = var.name
   application = var.application
   environment = var.environment
+  managedby   = var.managedby
   label_order = var.label_order
 }
 
@@ -31,6 +33,7 @@ data "aws_iam_policy_document" "assume_role" {
 #Module      : AWS IAM ROLE
 #Description : Provides an IAM role.
 resource "aws_iam_role" "default" {
+  count              = var.enabled ? 1 : 0
   name               = module.labels.id
   assume_role_policy = data.aws_iam_policy_document.assume_role.json
   description        = var.description
@@ -40,7 +43,8 @@ resource "aws_iam_role" "default" {
 #Module      : AWS IAM ROLE POLICY ATTACHMENT
 #Description : PAttaches a Managed IAM Policy to an IAM role.
 resource "aws_iam_role_policy_attachment" "default" {
-  role       = aws_iam_role.default.name
+  count      = var.enabled ? 1 : 0
+  role       = aws_iam_role.default[count.index].name
   policy_arn = var.policy_arn
 }
 
diff --git a/outputs.tf b/outputs.tf
@@ -1,17 +1,17 @@
 #Module      : AWS IAM ROLE
 #Description : Provides an IAM role.
 output "role_name" {
-  value       = aws_iam_role.default.name
+  value       = aws_iam_role.default.*.name
   description = "The name of the crated role."
 }
 
 output "role_id" {
-  value       = aws_iam_role.default.unique_id
+  value       = aws_iam_role.default.*.unique_id
   description = "The stable and unique string identifying the role."
 }
 
 output "role_arn" {
-  value       = aws_iam_role.default.arn
+  value       = aws_iam_role.default.*.arn
   description = "The Amazon Resource Name (ARN) specifying the role."
 }
 

diff --git a/variables.tf b/variables.tf
@@ -30,6 +30,12 @@ variable "tags" {
   description = "Additional tags (e.g. map(`BusinessUnit`,`XYZ`)."
 }
 
+variable "managedby" {
+  type        = string
+  default     = "anmol@clouddrove.com"
+  description = "ManagedBy, eg 'CloudDrove' or 'AnmolNagpal'."
+}
+
 
 variable "master_account_id" {
   type        = string
@@ -48,3 +54,8 @@ variable "policy_arn" {
   description = "Policy ARN to attach to the role. By default it attaches `AdministratorAccess` managed policy to grant full access to AWS services and resources in the current account."
 }
 
+variable "enabled" {
+  type        = bool
+  default     = true
+  description = "Enabled to create module or not."
+}