Make example AWS UUIDS follow a specific pattern (ansible-collections…

…#1539) Make example AWS UUIDS follow a specific pattern SUMMARY Various AWS IAM resources have UUID which follow a specific pattern. Similarly AWS accounts are all 12 digit numbers (text aliases in a couple of cases). To minimize the risk of accidental data leaks use a consistent Account ID in examples (123456789012), and a specific format for the UUIDS: (AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)12345EXAMPLE54321 While this does nothing about historic data, having consistency makes it easier to prevent future leaks. Note: We should follow this up with an update to the developer docs, however I'd like to get this in prior to 5.0.0 ISSUE TYPE Docs Pull Request COMPONENT NAME plugins/modules/acm_certificate_info.py plugins/modules/application_autoscaling_policy.py plugins/modules/autoscaling_launch_config.py plugins/modules/autoscaling_launch_config_info.py plugins/modules/codecommit_repository.py plugins/modules/directconnect_link_aggregation_group.py plugins/modules/dms_endpoint.py plugins/modules/dynamodb_table.py plugins/modules/ec2_transit_gateway_info.py plugins/modules/ec2_transit_gateway_vpc_attachment.py plugins/modules/ec2_transit_gateway_vpc_attachment_info.py plugins/modules/ec2_vpc_peer.py plugins/modules/ec2_vpc_peering_info.py plugins/modules/ec2_vpc_vpn_info.py plugins/modules/ecs_cluster.py plugins/modules/ecs_ecr.py plugins/modules/ecs_service.py plugins/modules/ecs_service_info.py plugins/modules/ecs_task.py plugins/modules/efs.py plugins/modules/efs_info.py plugins/modules/eks_cluster.py plugins/modules/elasticache_subnet_group.py plugins/modules/elb_network_lb.py plugins/modules/elb_target_group.py plugins/modules/elb_target_group_info.py plugins/modules/elb_target_info.py plugins/modules/iam_group.py plugins/modules/iam_managed_policy.py plugins/modules/iam_mfa_device_info.py plugins/modules/iam_server_certificate_info.py plugins/modules/lightsail.py plugins/modules/lightsail_static_ip.py plugins/modules/msk_cluster.py plugins/modules/s3_bucket_notification.py plugins/modules/sns_topic.py plugins/modules/sns_topic_info.py plugins/modules/sqs_queue.py plugins/modules/stepfunctions_state_machine.py plugins/modules/stepfunctions_state_machine_execution.py plugins/modules/storagegateway_info.py plugins/modules/wafv2_web_acl.py ADDITIONAL INFORMATION While the 'secret' nature of these UUIDs is debatable (they're closer to user names than passwords), deliberately mangling them makes it easier for InfoSec teams to spot when their secret counterparts may have been leaked in combination with a real 'public' part.
abikouo · Sep 18, 2023 · 0b8155f · 0b8155f
1 parent d599943
commit 0b8155f
Show file tree

Hide file tree

Showing 41 changed files with 94 additions and 89 deletions.
diff --git a/acm_certificate_info.py b/acm_certificate_info.py
@@ -70,7 +70,7 @@
 # The output is still a list of certificates, just one item long.
 - name: obtain information about a certificate with a particular ARN
   community.aws.aws_acm_info:
-    certificate_arn:  "arn:aws:acm:ap-southeast-2:123456789876:certificate/abcdeabc-abcd-1234-4321-abcdeabcde12"
+    certificate_arn:  "arn:aws:acm:ap-southeast-2:123456789012:certificate/abcdeabc-abcd-1234-4321-abcdeabcde12"
 
 '''
 

diff --git a/application_autoscaling_policy.py b/application_autoscaling_policy.py
@@ -216,7 +216,7 @@
     description: The ARN of an IAM role that allows Application Auto Scaling to modify the scalable target on your behalf. Required if I(state) is C(present).
     returned: when state present
     type: str
-    sample: arn:aws:iam::123456789123:role/roleName
+    sample: arn:aws:iam::123456789012:role/roleName
 step_scaling_policy_configuration:
     description: The step scaling policy.
     returned: when state present and the policy type is StepScaling

diff --git a/autoscaling_launch_config.py b/autoscaling_launch_config.py
@@ -259,7 +259,7 @@
   description: The Amazon Resource Name of the launch configuration.
   returned: when I(state=present)
   type: str
-  sample: arn:aws:autoscaling:us-east-1:148830907657:launchConfiguration:888d9b58-d93a-40c4-90cf-759197a2621a:launchConfigurationName/launch_config_name
+  sample: arn:aws:autoscaling:us-east-1:123456789012:launchConfiguration:888d9b58-d93a-40c4-90cf-759197a2621a:launchConfigurationName/launch_config_name
 changed:
   description: Whether the state of the launch configuration has changed.
   returned: always
@@ -391,7 +391,7 @@
       description: The Amazon Resource Name (ARN) of the launch configuration.
       returned: when I(state=present)
       type: str
-      sample: arn:aws:autoscaling:us-east-1:148830907657:launchConfiguration:888d9b58-d93a-40c4-90cf-759197a2621a:launchConfigurationName/launch_config_name
+      sample: arn:aws:autoscaling:us-east-1:123456789012:launchConfiguration:888d9b58-d93a-40c4-90cf-759197a2621a:launchConfigurationName/launch_config_name
     member:
       description: ""
       returned: when I(state=present)

diff --git a/autoscaling_launch_config_info.py b/autoscaling_launch_config_info.py
@@ -126,7 +126,7 @@
     description: Amazon Resource Name (ARN) of the launch configuration.
     type: str
     returned: always
-    sample: "arn:aws:autoscaling:us-east-1:666612345678:launchConfiguration:ba785e3a-dd42-6f02-4585-ea1a2b458b3d:launchConfigurationName/lc-app"
+    sample: "arn:aws:autoscaling:us-east-1:123456798012:launchConfiguration:ba785e3a-dd42-6f02-4585-ea1a2b458b3d:launchConfigurationName/lc-app"
 launch_configuration_name:
     description: Name of the launch configuration.
     type: str

diff --git a/codecommit_repository.py b/codecommit_repository.py
@@ -52,12 +52,12 @@
       description: "The ID of the AWS account associated with the repository."
       returned: when state is present
       type: str
-      sample: "268342293637"
+      sample: "123456789012"
     arn:
       description: "The Amazon Resource Name (ARN) of the repository."
       returned: when state is present
       type: str
-      sample: "arn:aws:codecommit:ap-northeast-1:268342293637:username"
+      sample: "arn:aws:codecommit:ap-northeast-1:123456789012:username"
     clone_url_http:
       description: "The URL to use for cloning the repository over HTTPS."
       returned: when state is present

diff --git a/directconnect_link_aggregation_group.py b/directconnect_link_aggregation_group.py
@@ -115,7 +115,7 @@
          "connection_state": "down",
          "lag_id": "dxlag-fgnsp4rq",
          "location": "EqSe2",
-         "owner_account": "448830907657",
+         "owner_account": "123456789012",
          "region": "us-west-2"
       }
       ]

diff --git a/dms_endpoint.py b/dms_endpoint.py
@@ -183,7 +183,7 @@
         - The ARN that uniquely identifies the endpoint.
       type: str
       returned: success
-      example: "arn:aws:dms:us-east-1:012345678901:endpoint:1234556789ABCDEFGHIJKLMNOPQRSTUVWXYZ012"
+      example: "arn:aws:dms:us-east-1:123456789012:endpoint:1234556789ABCDEFGHIJKLMNOPQRSTUVWXYZ012"
     endpoint_identifier:
       description:
         - The database endpoint identifier.
@@ -213,7 +213,7 @@
         - An KMS key ID that is used to encrypt the connection parameters for the endpoint.
       type: str
       returned: success
-      example: "arn:aws:kms:us-east-1:012345678901:key/01234567-abcd-12ab-98fe-123456789abc"
+      example: "arn:aws:kms:us-east-1:123456789012:key/01234567-abcd-12ab-98fe-123456789abc"
     port:
       description:
         - The port used to access the endpoint.

diff --git a/ec2_transit_gateway_info.py b/ec2_transit_gateway_info.py
@@ -136,7 +136,7 @@
             description: The AWS account number ID which owns the transit gateway.
             returned: always
             type: str
-            sample: "1234567654323"
+            sample: "123456789012"
         state:
             description: The state of the transit gateway.
             returned: always
@@ -153,7 +153,7 @@
             description: The Amazon Resource Name (ARN) of the transit gateway.
             returned: always
             type: str
-            sample: "arn:aws:ec2:us-west-2:1234567654323:transit-gateway/tgw-02c42332e6b7da829"
+            sample: "arn:aws:ec2:us-west-2:123456789012:transit-gateway/tgw-02c42332e6b7da829"
         transit_gateway_id:
             description: The ID of the transit gateway.
             returned: always

diff --git a/ec2_transit_gateway_vpc_attachment.py b/ec2_transit_gateway_vpc_attachment.py
@@ -214,7 +214,7 @@
         - The ID of the account that the VPC belongs to.
       type: str
       returned: success
-      example: '012345678901'
+      example: '123456789012'
 '''
 
 

diff --git a/ec2_transit_gateway_vpc_attachment_info.py b/ec2_transit_gateway_vpc_attachment_info.py
@@ -142,7 +142,7 @@
         - The ID of the account that the VPC belongs to.
       type: str
       returned: success
-      example: '012345678901'
+      example: '123456789012'
 '''
 
 

diff --git a/ec2_vpc_peer.py b/ec2_vpc_peer.py
@@ -109,7 +109,7 @@
     region: ap-southeast-2
     vpc_id: vpc-12345678
     peer_vpc_id: vpc-12345678
-    peer_owner_id: 123456789102
+    peer_owner_id: 123456789012
     state: present
     tags:
       Name: Peering connection for VPC 21 to VPC 22
@@ -171,7 +171,7 @@
     region: ap-southeast-2
     vpc_id: vpc-12345678
     peer_vpc_id: vpc-12345678
-    peer_owner_id: 123456789102
+    peer_owner_id: 123456789012
     state: present
     tags:
       Name: Peering connection for VPC 21 to VPC 22
@@ -196,7 +196,7 @@
     region: ap-southeast-2
     vpc_id: vpc-12345678
     peer_vpc_id: vpc-12345678
-    peer_owner_id: 123456789102
+    peer_owner_id: 123456789012
     state: present
     tags:
       Name: Peering connection for VPC 21 to VPC 22
@@ -247,7 +247,7 @@
           description: The AWS account that owns the VPC.
           returned: success
           type: str
-          example: 012345678901
+          example: 123456789012
         peering_options:
           description: Additional peering configuration.
           returned: when connection is in the accepted state.
@@ -299,7 +299,7 @@
           description: The AWS account that owns the VPC.
           returned: success
           type: str
-          example: 012345678901
+          example: 123456789012
         peering_options:
           description: Additional peering configuration.
           returned: when connection is not in the deleted state.
@@ -341,7 +341,7 @@
           description: Additional information about the status of the connection.
           returned: success
           type: str
-          example: Pending Acceptance by 012345678901
+          example: Pending Acceptance by 123456789012
     tags:
       description: Tags applied to the connection.
       returned: success

diff --git a/ec2_vpc_peering_info.py b/ec2_vpc_peering_info.py
@@ -88,7 +88,7 @@
           description: The AWS account that owns the VPC.
           returned: success
           type: str
-          example: 012345678901
+          example: 123456789012
         peering_options:
           description: Additional peering configuration.
           returned: when connection is in the accepted state.
@@ -140,7 +140,7 @@
           description: The AWS account that owns the VPC.
           returned: success
           type: str
-          example: 012345678901
+          example: 123456789012
         peering_options:
           description: Additional peering configuration.
           returned: when connection is not in the deleted state.
@@ -182,7 +182,7 @@
           description: Additional information about the status of the connection.
           returned: success
           type: str
-          example: Pending Acceptance by 012345678901
+          example: Pending Acceptance by 123456789012
     tags:
       description: Tags applied to the connection.
       returned: success

diff --git a/ec2_vpc_vpn_info.py b/ec2_vpc_vpn_info.py
@@ -144,7 +144,7 @@
                description: The Amazon Resource Name of the virtual private gateway tunnel endpoint certificate.
                returned: when a private certificate is used for authentication
                type: str
-               sample: "arn:aws:acm:us-east-1:123456789101:certificate/c544d8ce-20b8-4fff-98b0-example"
+               sample: "arn:aws:acm:us-east-1:123456789012:certificate/c544d8ce-20b8-4fff-98b0-example"
       vpn_connection_id:
         description: The ID of the VPN connection.
         returned: always

diff --git a/ecs_cluster.py b/ecs_cluster.py
@@ -78,12 +78,12 @@
     description: the ARN of the cluster just created
     type: str
     returned: 0 if a new cluster
-    sample: arn:aws:ecs:us-west-2:172139249013:cluster/test-cluster-mfshcdok
+    sample: arn:aws:ecs:us-west-2:123456789012:cluster/test-cluster
 clusterName:
     description: name of the cluster just created (should match the input argument)
     type: str
     returned: always
-    sample: test-cluster-mfshcdok
+    sample: test-cluster
 pendingTasksCount:
     description: how many tasks are waiting to run in this cluster
     returned: 0 if a new cluster

diff --git a/ecs_ecr.py b/ecs_ecr.py
@@ -107,7 +107,7 @@
 
 - name: Cross account ecr-repo
   community.aws.ecs_ecr:
-    registry_id: 999999999999
+    registry_id: 123456789012
     name: cross/account
 
 - name: set-policy as object
@@ -186,10 +186,10 @@
     returned: I(state=present)
     sample:
         createdAt: '2017-01-17T08:41:32-06:00'
-        registryId: '999999999999'
-        repositoryArn: arn:aws:ecr:us-east-1:999999999999:repository/ecr-test-1484664090
+        registryId: '123456789012'
+        repositoryArn: arn:aws:ecr:us-east-1:123456789012:repository/ecr-test-1484664090
         repositoryName: ecr-test-1484664090
-        repositoryUri: 999999999999.dkr.ecr.us-east-1.amazonaws.com/ecr-test-1484664090
+        repositoryUri: 123456789012.dkr.ecr.us-east-1.amazonaws.com/ecr-test-1484664090
 '''
 
 import json

diff --git a/ecs_service.py b/ecs_service.py
@@ -411,9 +411,10 @@
             returned: always
             type: int
         serviceArn:
-            description: The Amazon Resource Name (ARN) that identifies the service. The ARN contains the arn:aws:ecs namespace, followed by the region
-                         of the service, the AWS account ID of the service owner, the service namespace, and then the service name. For example,
-                         arn:aws:ecs:region :012345678910 :service/my-service .
+            description:
+                - The Amazon Resource Name (ARN) that identifies the service. The ARN contains the C(arn:aws:ecs) namespace, followed by
+                  the region of the service, the AWS account ID of the service owner, the service namespace, and then the service name.
+            sample: 'arn:aws:ecs:us-east-1:123456789012:service/my-service'
             returned: always
             type: str
         serviceName:
@@ -547,9 +548,10 @@
                     returned: always
                     type: int
                 serviceArn:
-                    description: The Amazon Resource Name (ARN) that identifies the service. The ARN contains the arn:aws:ecs namespace, followed by the region
-                                 of the service, the AWS account ID of the service owner, the service namespace, and then the service name. For example,
-                                 arn:aws:ecs:region :012345678910 :service/my-service .
+                    description:
+                        - The Amazon Resource Name (ARN) that identifies the service. The ARN contains the arn:aws:ecs namespace, followed by the region
+                          of the service, the AWS account ID of the service owner, the service namespace, and then the service name.
+                    sample: 'arn:aws:ecs:us-east-1:123456789012:service/my-service'
                     returned: always
                     type: str
                 serviceName:

diff --git a/ecs_service_info.py b/ecs_service_info.py
@@ -103,7 +103,10 @@
             returned: always
             type: int
         serviceArn:
-            description: The Amazon Resource Name (ARN) that identifies the service. The ARN contains the arn:aws:ecs namespace, followed by the region of the service, the AWS account ID of the service owner, the service namespace, and then the service name. For example, arn:aws:ecs:region :012345678910 :service/my-service .
+            description:
+              - The Amazon Resource Name (ARN) that identifies the service. The ARN contains the arn:aws:ecs namespace, followed by the region of the
+                service, the AWS account ID of the service owner, the service namespace, and then the service name.
+            sample: 'arn:aws:ecs:us-east-1:123456789012:service/my-service'
             returned: always
             type: str
         serviceName:

diff --git a/ecs_task.py b/ecs_task.py
@@ -122,14 +122,14 @@
       operation: start
       cluster: console-sample-app-static-cluster
       task_definition: console-sample-app-static-taskdef
-      task: "arn:aws:ecs:us-west-2:172139249013:task/3f8353d1-29a8-4689-bbf6-ad79937ffe8a"
+      task: "arn:aws:ecs:us-west-2:123456789012:task/3f8353d1-29a8-4689-bbf6-ad79937ffe8a"
       tags:
         resourceName: a_task_for_ansible_to_run
         type: long_running_task
         network: internal
         version: 1.4
       container_instances:
-      - arn:aws:ecs:us-west-2:172139249013:container-instance/79c23f22-876c-438a-bddf-55c98a3538a8
+      - arn:aws:ecs:us-west-2:123456789012:container-instance/79c23f22-876c-438a-bddf-55c98a3538a8
       started_by: ansible_user
       network_configuration:
         subnets:
@@ -144,7 +144,7 @@
       operation: run
       cluster: console-sample-app-static-cluster
       task_definition: console-sample-app-static-taskdef
-      task: "arn:aws:ecs:us-west-2:172139249013:task/3f8353d1-29a8-4689-bbf6-ad79937ffe8a"
+      task: "arn:aws:ecs:us-west-2:123456789012:task/3f8353d1-29a8-4689-bbf6-ad79937ffe8a"
       started_by: ansible_user
       launch_type: FARGATE
       network_configuration:
@@ -161,7 +161,7 @@
       count: 2
       cluster: console-sample-app-static-cluster
       task_definition: console-sample-app-static-taskdef
-      task: "arn:aws:ecs:us-west-2:172139249013:task/3f8353d1-29a8-4689-bbf6-ad79937ffe8a"
+      task: "arn:aws:ecs:us-west-2:123456789012:task/3f8353d1-29a8-4689-bbf6-ad79937ffe8a"
       started_by: ansible_user
       launch_type: FARGATE
       network_configuration:
@@ -175,7 +175,7 @@
       operation: stop
       cluster: console-sample-app-static-cluster
       task_definition: console-sample-app-static-taskdef
-      task: "arn:aws:ecs:us-west-2:172139249013:task/3f8353d1-29a8-4689-bbf6-ad79937ffe8a"
+      task: "arn:aws:ecs:us-west-2:123456789012:task/3f8353d1-29a8-4689-bbf6-ad79937ffe8a"
 '''
 RETURN = r'''
 task:

diff --git a/efs.py b/efs.py
@@ -196,7 +196,7 @@
                 "life_cycle_state": "available",
                 "mount_target_id": "fsmt-d8907871",
                 "network_interface_id": "eni-6e387e26",
-                "owner_id": "740748460359",
+                "owner_id": "123456789012",
                 "security_groups": [
                     "sg-a30b22c6"
                 ],

diff --git a/efs_info.py b/efs_info.py
@@ -108,7 +108,7 @@
                 "life_cycle_state": "available",
                 "mount_target_id": "fsmt-d8907871",
                 "network_interface_id": "eni-6e387e26",
-                "owner_id": "740748460359",
+                "owner_id": "123456789012",
                 "security_groups": [
                     "sg-a30b22c6"
                 ],

diff --git a/eks_cluster.py b/eks_cluster.py
@@ -89,7 +89,7 @@
   description: ARN of the EKS cluster
   returned: when state is present
   type: str
-  sample: arn:aws:eks:us-west-2:111111111111:cluster/my-eks-cluster
+  sample: arn:aws:eks:us-west-2:123456789012:cluster/my-eks-cluster
 certificate_authority:
   description: Dictionary containing Certificate Authority Data for cluster
   returned: after creation
@@ -143,7 +143,7 @@
   description: ARN of the IAM role used by the cluster
   returned: when state is present
   type: str
-  sample: arn:aws:iam::111111111111:role/eks_cluster_role
+  sample: arn:aws:iam::123456789012:role/eks_cluster_role
 status:
   description: status of the EKS cluster
   returned: when state is present

diff --git a/elasticache_subnet_group.py b/elasticache_subnet_group.py
@@ -70,7 +70,7 @@
       description: The Amazon Resource Name (ARN) of the cache subnet group.
       returned: when the subnet group exists
       type: str
-      sample: arn:aws:elasticache:us-east-1:012345678901:subnetgroup:norwegian-blue
+      sample: arn:aws:elasticache:us-east-1:123456789012:subnetgroup:norwegian-blue
     description:
       description: The description of the cache subnet group.
       returned: when the cache subnet group exists

diff --git a/elb_network_lb.py b/elb_network_lb.py
@@ -289,7 +289,7 @@
             description: The Amazon Resource Name (ARN) of the load balancer.
             returned: when state is present
             type: str
-            sample: arn:aws:elasticloadbalancing:ap-southeast-2:0123456789:loadbalancer/app/my-elb/001122334455
+            sample: arn:aws:elasticloadbalancing:ap-southeast-2:123456789012:loadbalancer/app/my-elb/001122334455
         load_balancer_name:
             description: The name of the load balancer.
             returned: when state is present

diff --git a/elb_target_group.py b/elb_target_group.py
@@ -403,7 +403,7 @@
     description: The Amazon Resource Name (ARN) of the target group.
     returned: when state present
     type: str
-    sample: "arn:aws:elasticloadbalancing:ap-southeast-2:01234567890:targetgroup/mytargetgroup/aabbccddee0044332211"
+    sample: "arn:aws:elasticloadbalancing:ap-southeast-2:123456789012:targetgroup/mytargetgroup/aabbccddee0044332211"
 target_group_name:
     description: The name of the target group.
     returned: when state present