Merge pull request #2 from TerraHubCorp/dev

AWS Demo

Author: avozicov

.gitignore

@@ -5,5 +5,3 @@
 *.tfstate
 *.tfstate.*
 
-# .tfvars files
-*.tfvars

.terrahub.yml

@@ -0,0 +1,18 @@
+## project config
+project:
+  name: demo-terraform-aws
+  code: 7356626c
+  provider: aws
+  include:
+  - '.'
+  exclude:
+  - '**/.terraform/*'
+  - '**/node_modules/*'
+
+## terraform config
+terraform:
+  varFile:
+  - default.tfvars
+  var:
+    account_id: 123456789012
+    region: us-east-1

README.md

@@ -1,2 +1,150 @@
-# terraform-demo-aws
-Terraform Demo using AWS provider
+# Terraform Demo using AWS provider
+
+## Create IAM User
+1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/
+2. In the navigation pane, choose Users and then choose Add user
+3. Type the user name for the new user
+4. Select the type of access: `Programmatic access`
+5. Choose `Next`: Permissions
+6. On the Set permissions page, choose `Attach existing policies to user directly` and select `IAMFullAccess`
+7. Choose Next: Review to see all of the choices you made up to this point
+8. Choose `Create`
+
+## Get Access Key ID and Secret Access Key for IAM User
+1. Open the IAM console
+2. In the navigation pane of the console, choose Users
+3. Choose your IAM user name (not the check box)
+4. Choose the Security credentials tab and then choose Create access key
+5. To see the new access key, choose Show. Your credentials will look something like this:
+  - Access Key ID: AKIAIOSFODNEXAMPLEID
+  - Secret Access Key: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+
+## Configure AWS CLI with IAM Credentials
+
+Run the following command in terminal:
+```shell
+aws configure
+```
+
+Your output should be similar to the one below:
+```
+AWS Access Key ID [None]: AKIAIOSFODNEXAMPLEID
+AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+Default region name [None]: us-east-1
+Default output format [None]: json
+```
+
+> NOTE: If you don't have AWS CLI, check out
+[installation guide](https://docs.aws.amazon.com/cli/latest/userguide/installing.html)
+
+## Setup Environment Variables (Will Be Used Later)
+
+Manual Setup (set values in double quotes and run the following command in terminal):
+```shell
+export AWS_ACCOUNT_ID=""     ## e.g. 123456789012
+export AWS_DEFAULT_REGION="" ## e.g. us-east-1
+```
+
+### Setup AWS_ACCOUNT_ID Programmatically
+
+Automated Setup (run the following command in terminal):
+```shell
+export AWS_ACCOUNT_ID="$(aws sts get-caller-identity --output=text --query='Account')"
+```
+
+### Setup AWS_DEFAULT_REGION Programmatically
+
+Automated Setup (run the following command in terminal):
+```shell
+export AWS_DEFAULT_REGION="$(aws configure get region --output=text)"
+```
+
+## Create Terraform Configurations Using TerraHub
+
+Run the following commands in terminal:
+```shell
+terrahub --help | head -3
+```
+
+Your output should be similar to the one below:
+```
+Usage: terrahub [command] [options]
+
+[email protected] (built: 2018-10-11T12:33:57.775Z)
+```
+
+> NOTE: If you don't have TerraHub CLI, check out
+[installation guide](https://www.npmjs.com/package/terrahub)
+
+Run the following commands in terminal:
+```shell
+mkdir demo-terraform-aws
+cd demo-terraform-aws
+terrahub project -n demo-terraform-aws
+```
+
+Your output should be similar to the one below:
+```
+✅ Project successfully initialized
+```
+
+## Create TerraHub Components
+
+Run the following command in terminal:
+```shell
+terrahub component -t aws_iam_role -n iam_role
+terrahub component -t aws_iam_policy -n iam_policy -o ../iam_role
+terrahub component -t aws_iam_role_policy_attachment -n iam_role_policy_attachment_to_role -o ../iam_policy
+terrahub component -t aws_iam_group -n iam_group -o ../iam_policy
+terrahub component -t aws_iam_group_policy_attachment -n iam_role_policy_attachment_to_group  -o ../iam_group
+terrahub component -t aws_iam_user -n iam_user -o ../iam_group
+terrahub component -t aws_iam_user_group_membership -n iam_user_group_membership -o ../iam_user
+```
+
+Your output should be similar to the one below:
+```
+✅ Done
+```
+
+## Visualize TerraHub Components
+
+Run the following command in terminal:
+```shell
+terrahub graph
+```
+
+Your output should be similar to the one below:
+```
+Project: demo-terraform-aws
+ └─ iam_role [path: ./iam_role]
+    └─ iam_policy [path: ./iam_policy]
+       ├─ iam_group [path: ./iam_group]
+       │  ├─ iam_role_policy_attachment_to_group [path: ./iam_role_policy_attachment_to_group]
+       │  └─ iam_user [path: ./iam_user]
+       │     └─ iam_user_group_membership [path: ./iam_user_group_membership]
+       └─ iam_role_policy_attachment_to_role [path: ./iam_role_policy_attachment_to_role]
+```
+
+## Update Project Config
+
+Run the following command in terminal:
+```shell
+terrahub configure -c terraform.var.account_id="${AWS_ACCOUNT_ID}"
+terrahub configure -c terraform.var.region="${AWS_DEFAULT_REGION}"
+```
+
+Your output should be similar to the one below:
+```
+✅ Done
+```
+
+## Run TerraHub Automation
+
+Run the following command in terminal:
+```shell
+terrahub run -a -y
+```
+
+Your output should be similar to the one below:
+```
+```

iam_group/.terrahub.yml

@@ -0,0 +1,10 @@
+## local config
+component:
+  name: 'iam_group'
+  dependsOn:
+  - '../iam_policy'
+
+## ci config
+ci:
+  mapping:
+  - '.'

iam_group/README.md

@@ -0,0 +1,25 @@
+# iam_group
+
+Provides an IAM group.
+
+## input variables
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+|account_id|The id of AWS account.|string||Yes|
+|region|This is the AWS region.|string|us-east-1|Yes|
+|iam_group_name|The group's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. group names are not distinguished by case.|string|{{ name }}|No|
+|iam_group_path|Path in which to create the group.|string|/|No|
+|custom_tags|Custom tags.|map||No|
+|default_tags|Default tags.|map|{"ThubName"= "{{ name }}","ThubCode"= "{{ code }}","ThubEnv"= "default","Description" = "Managed by TerraHub"}|No|
+
+## output parameters
+
+| Name | Description | Type |
+|------|-------------|:----:|
+|id|The group's ID.|string|
+|thub_id|The group's ID (hotfix for issue hashicorp/terraform#[7982]).|string|
+|arn|The ARN assigned by AWS for this group.|string|
+|name|The group's name.|string|
+|path|The path of the group in IAM.|string|
+|unique_id|The unique ID assigned by AWS.|string|

iam_group/default.tfvars

@@ -0,0 +1,17 @@
+# Specify default values for variables defined in variables.tf
+
+############
+# provider #
+############
+account_id = "123456789012"
+region     = "us-east-1"
+
+#############
+# top level #
+#############
+iam_group_name = "iam_group"
+iam_group_path = "/"
+
+##########
+# custom #
+##########

iam_group/main.tf

@@ -0,0 +1,4 @@
+resource "aws_iam_group" "iam_group" {
+  name     = "${var.iam_group_name}"
+  path     = "${var.iam_group_path}"
+}

iam_group/output.tf

@@ -0,0 +1,25 @@
+# Define list of variables to be output
+
+output "id" {
+  value = "${aws_iam_group.iam_group.id}"
+}
+
+output "thub_id" {
+  value = "${aws_iam_group.iam_group.id}"
+}
+
+output "arn" {
+  value = "${aws_iam_group.iam_group.arn}"
+}
+
+output "name" {
+  value = "${aws_iam_group.iam_group.name}"
+}
+
+output "path" {
+  value = "${aws_iam_group.iam_group.path}"
+}
+
+output "unique_id" {
+  value = "${aws_iam_group.iam_group.unique_id}"
+}

iam_group/provider.tf

@@ -0,0 +1,6 @@
+provider "aws" {
+  version = "~> 1.0"
+  region  = "${var.region}"
+
+  allowed_account_ids = ["${var.account_id}"]
+}

iam_group/variables.tf

@@ -0,0 +1,23 @@
+# Define list of variables to be used in main.tf
+
+############
+# provider #
+############
+variable "account_id" {
+  description = "Allowed AWS account ID, to prevent you from mistakenly using an incorrect one (and potentially end up destroying a live environment)."
+}
+
+variable "region" {
+  description = "This is the AWS region."
+}
+
+#############
+# top level #
+#############
+variable "iam_group_name" {
+  description = "he group's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. Group names are not distinguished by case."
+}
+
+variable "iam_group_path" {
+  description = "Path in which to create the group."
+}