Merge pull request #7 from meshcloud/feature/match-output-to-meshstack-input

Feature/match output to meshstack input

Author: felixzieger

CHANGELOG.md

@@ -11,6 +11,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Added CHANGELOG.md
 - Added pre-commit hooks
+- Added ARNs of managed accounts roles to output
+- Added meshStack access role to output
+- Renamed metering related parts from kraken to metering
 
 ## [v0.1.0]
 

README.md

@@ -2,7 +2,7 @@
 
 meshStack is a Cloud Foundation Platform by meshcloud. AWS is a proprietary public cloud platform provided by Amazon Web Services. meshStack supports project and user management for AWS to include AWS services into cloud projects managed by meshStack.
 
-This terraform module is used to integrate AWS into a meshStack instance as a meshPlatform. The output of this module is a set of credentials that need to be configured in meshStack as described in [meshcloud public docs](https://docs.meshcloud.io/docs/meshstack.how-to.integrate-meshplatform.html). 
+This terraform module is used to integrate AWS into a meshStack instance as a meshPlatform. The output of this module is a set of credentials that need to be configured in meshStack as described in [meshcloud public docs](https://docs.meshcloud.io/docs/meshstack.how-to.integrate-meshplatform.html).
 
 <p align="center">
   <img src="/.github/Icon_AWS_Meshi_Hugs.png" width="250">
@@ -165,18 +165,18 @@ Before opening a Pull Request, we recommend following the below steps to get a f
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws.automation"></a> [aws.automation](#provider\_aws.automation) | 4.21.0 |
-| <a name="provider_aws.management"></a> [aws.management](#provider\_aws.management) | 4.21.0 |
-| <a name="provider_aws.meshcloud"></a> [aws.meshcloud](#provider\_aws.meshcloud) | 4.21.0 |
+| <a name="provider_aws.automation"></a> [aws.automation](#provider\_aws.automation) | 4.57.1 |
+| <a name="provider_aws.management"></a> [aws.management](#provider\_aws.management) | 4.57.1 |
+| <a name="provider_aws.meshcloud"></a> [aws.meshcloud](#provider\_aws.meshcloud) | 4.57.1 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_automation_account_replicator_access"></a> [automation\_account\_replicator\_access](#module\_automation\_account\_replicator\_access) | ./modules/meshcloud-replicator/replicator-automation-account-access | n/a |
-| <a name="module_management_account_kraken_access"></a> [management\_account\_kraken\_access](#module\_management\_account\_kraken\_access) | ./modules/meshcloud-cost-explorer/ce-management-account-access | n/a |
+| <a name="module_management_account_metering_access"></a> [management\_account\_metering\_access](#module\_management\_account\_metering\_access) | ./modules/meshcloud-cost-explorer/ce-management-account-access | n/a |
 | <a name="module_management_account_replicator_access"></a> [management\_account\_replicator\_access](#module\_management\_account\_replicator\_access) | ./modules/meshcloud-replicator/replicator-management-account-access | n/a |
-| <a name="module_meshcloud_account_kraken_access"></a> [meshcloud\_account\_kraken\_access](#module\_meshcloud\_account\_kraken\_access) | ./modules/meshcloud-cost-explorer/ce-meshcloud-account-access | n/a |
+| <a name="module_meshcloud_account_metering_access"></a> [meshcloud\_account\_metering\_access](#module\_meshcloud\_account\_metering\_access) | ./modules/meshcloud-cost-explorer/ce-meshcloud-account-access | n/a |
 | <a name="module_meshcloud_account_replicator_access"></a> [meshcloud\_account\_replicator\_access](#module\_meshcloud\_account\_replicator\_access) | ./modules/meshcloud-replicator/replicator-meshcloud-account-access | n/a |
 
 ## Resources
@@ -208,10 +208,14 @@ Before opening a Pull Request, we recommend following the below steps to get a f
 | Name | Description |
 |------|-------------|
 | <a name="output_automation_account_id"></a> [automation\_account\_id](#output\_automation\_account\_id) | Automation Account ID |
+| <a name="output_cost_explorer_management_account_role_arn"></a> [cost\_explorer\_management\_account\_role\_arn](#output\_cost\_explorer\_management\_account\_role\_arn) | Amazon Resource Name (ARN) of Management Account Role for replicator |
 | <a name="output_cost_explorer_privileged_external_id"></a> [cost\_explorer\_privileged\_external\_id](#output\_cost\_explorer\_privileged\_external\_id) | Cost explorer privileged\_external\_id |
-| <a name="output_kraken_aws_iam_keys"></a> [kraken\_aws\_iam\_keys](#output\_kraken\_aws\_iam\_keys) | You can access your credentials when you execute `terraform output kraken_aws_iam_keys` command |
 | <a name="output_management_account_id"></a> [management\_account\_id](#output\_management\_account\_id) | Management Account ID |
 | <a name="output_meshcloud_account_id"></a> [meshcloud\_account\_id](#output\_meshcloud\_account\_id) | Meshcloud Account ID |
+| <a name="output_meshstack_access_role_name"></a> [meshstack\_access\_role\_name](#output\_meshstack\_access\_role\_name) | The name for the Account Access Role that will be rolled out to all managed accounts. |
+| <a name="output_metering_aws_iam_keys"></a> [metering\_aws\_iam\_keys](#output\_metering\_aws\_iam\_keys) | You can access your credentials when you execute `terraform output metering_aws_iam_keys` command |
+| <a name="output_replicator_automation_account_role_arn"></a> [replicator\_automation\_account\_role\_arn](#output\_replicator\_automation\_account\_role\_arn) | Amazon Resource Name (ARN) of Automation Account Role for replicator |
 | <a name="output_replicator_aws_iam_keys"></a> [replicator\_aws\_iam\_keys](#output\_replicator\_aws\_iam\_keys) | You can access your credentials when you execute `terraform output replicator_aws_iam_keys` command |
+| <a name="output_replicator_management_account_role_arn"></a> [replicator\_management\_account\_role\_arn](#output\_replicator\_management\_account\_role\_arn) | Amazon Resource Name (ARN) of Management Account Role for replicator |
 | <a name="output_replicator_privileged_external_id"></a> [replicator\_privileged\_external\_id](#output\_replicator\_privileged\_external\_id) | Replicator privileged\_external\_id |
 <!-- END_TF_DOCS -->

examples/basic-aws-integration/main.tf

@@ -5,9 +5,12 @@
 # Remove/comment the backend block below if you are only testing the module.
 # Please be aware that you cannot destroy the created resources via terraform if you lose the state file.
 terraform {
-  backend "gcs" {
-    prefix = "meshplatforms/aws"
-    bucket = "my-terraform-states"
+  backend "s3" {
+    region  = "eu-west-1"
+    profile = "myprofile"
+    bucket  = "cloudfoundation-tfstates"
+    key     = "meshstack/platforms/aws"
+    encrypt = true
   }
 }
 
@@ -42,4 +45,5 @@ module "meshplatform" {
   aws_enrollment_enabled               = true
   replicator_privileged_external_id    = "replace with random UUID v4"
   cost_explorer_privileged_external_id = "replace with random UUID v4"
+  landing_zone_ou_arns                 = ["arn:aws:organizations::*:ou/o-*/ou-*"]
 }

examples/basic-aws-integration/outputs.tf

@@ -19,18 +19,38 @@ output "replicator_aws_iam_keys" {
   sensitive   = true
 }
 
+output "replicator_management_account_role_arn" {
+  description = "Amazon Resource Name (ARN) of Management Account Role for replicator"
+  value       = module.meshplatform.replicator_management_account_role_arn
+}
+
+output "replicator_automation_account_role_arn" {
+  description = "Amazon Resource Name (ARN) of Automation Account Role for replicator"
+  value       = module.meshplatform.replicator_automation_account_role_arn
+}
+
 output "replicator_privileged_external_id" {
   value       = module.meshplatform.replicator_privileged_external_id
   description = "Replicator privileged_external_id"
   sensitive   = true
 }
 
-output "kraken_aws_iam_keys" {
-  value       = module.meshplatform.kraken_aws_iam_keys
-  description = "You can access your credentials when you execute `terraform output kraken_aws_iam_keys` command"
+output "meshstack_access_role_name" {
+  value       = module.meshplatform.meshstack_access_role_name
+  description = "The name for the Account Access Role that will be rolled out to all managed accounts."
+}
+
+output "metering_aws_iam_keys" {
+  value       = module.meshplatform.metering_aws_iam_keys
+  description = "You can access your credentials when you execute `terraform output metering_aws_iam_keys` command"
   sensitive   = true
 }
 
+output "cost_explorer_management_account_role_arn" {
+  description = "Amazon Resource Name (ARN) of Management Account Role for replicator"
+  value       = module.meshplatform.cost_explorer_management_account_role_arn
+}
+
 output "cost_explorer_privileged_external_id" {
   value       = module.meshplatform.cost_explorer_privileged_external_id
   description = "Cost explorer privileged_external_id"

main.tf

@@ -8,7 +8,7 @@ data "aws_caller_identity" "automation" {
   provider = aws.automation
 }
 
-module "meshcloud_account_kraken_access" {
+module "meshcloud_account_metering_access" {
   source = "./modules/meshcloud-cost-explorer/ce-meshcloud-account-access"
   providers = {
     aws = aws.meshcloud
@@ -32,7 +32,7 @@ module "meshcloud_account_replicator_access" {
   automation_account_service_role_name = var.automation_account_service_role_name
 }
 
-module "management_account_kraken_access" {
+module "management_account_metering_access" {
   source = "./modules/meshcloud-cost-explorer/ce-management-account-access"
   providers = {
     aws = aws.management
@@ -43,7 +43,7 @@ module "management_account_kraken_access" {
   meshcloud_account_service_user_name  = var.cost_explorer_meshcloud_account_service_user_name
 
   depends_on = [
-    module.meshcloud_account_kraken_access
+    module.meshcloud_account_metering_access
   ]
 }
 

modules/meshcloud-cost-explorer/ce-management-account-access/README.md

@@ -9,7 +9,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.21.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 2.7.0 |
 
 ## Modules
 
@@ -37,5 +37,7 @@ No modules.
 
 ## Outputs
 
-No outputs.
+| Name | Description |
+|------|-------------|
+| <a name="output_management_account_role_arn"></a> [management\_account\_role\_arn](#output\_management\_account\_role\_arn) | Amazon Resource Name (ARN) of Management Account Role |
 <!-- END_TF_DOCS -->

modules/meshcloud-cost-explorer/ce-management-account-access/outputs.tf

@@ -0,0 +1,4 @@
+output "management_account_role_arn" {
+  description = "Amazon Resource Name (ARN) of Management Account Role"
+  value       = aws_iam_role.cost_explorer_service.arn
+}

modules/meshcloud-replicator/replicator-automation-account-access/README.md

@@ -9,7 +9,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.21.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 2.7.0 |
 
 ## Modules
 
@@ -42,5 +42,7 @@ No modules.
 
 ## Outputs
 
-No outputs.
+| Name | Description |
+|------|-------------|
+| <a name="output_automation_account_role_arn"></a> [automation\_account\_role\_arn](#output\_automation\_account\_role\_arn) | Amazon Resource Name (ARN) of Automation Account Role |
 <!-- END_TF_DOCS -->

modules/meshcloud-replicator/replicator-automation-account-access/outsputs.tf

@@ -0,0 +1,4 @@
+output "automation_account_role_arn" {
+  description = "Amazon Resource Name (ARN) of Automation Account Role"
+  value       = aws_iam_role.meshfed_automation.arn
+}

modules/meshcloud-replicator/replicator-management-account-access/README.md

@@ -9,7 +9,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.21.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 2.7.0 |
 
 ## Modules
 
@@ -47,5 +47,8 @@ No modules.
 
 ## Outputs
 
-No outputs.
+| Name | Description |
+|------|-------------|
+| <a name="output_management_account_role_arn"></a> [management\_account\_role\_arn](#output\_management\_account\_role\_arn) | Amazon Resource Name (ARN) of Management Account Role |
+| <a name="output_meshstack_access_role_name"></a> [meshstack\_access\_role\_name](#output\_meshstack\_access\_role\_name) | The name for the Account Access Role that will be rolled out to all managed accounts. |
 <!-- END_TF_DOCS -->