cloudposse-terraform-components · goruha · Jan 3, 2025 · Jan 3, 2025
@@ -0,0 +1,32 @@
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+# Override for Makefile
+[{Makefile,makefile,GNUmakefile}]
+indent_style = tab
+indent_size = 4
+
+[Makefile.*]
+indent_style = tab
+indent_size = 4
+
+[{*.yaml,*.yml,*.md}]
+indent_style = space
+indent_size = 2
+
+[*.sh]
+indent_style = tab
+indent_size = 2
+
+[*.{tf,tfvars,tpl,variant}]
+indent_style = space
+indent_size = 2
+
+[*.json]
+insert_final_newline = false
@@ -3,4 +3,4 @@
   "extends": [
     "config:base"
   ]
-}
+}
@@ -5,3 +5,4 @@ repository:
   description: This component is responsible for creating AWS SSO Permission Sets and creating AWS SSO Account Assignments, that is, assigning IdP (Okta) groups and/or users to AWS SSO permission sets in specific AWS Accounts
   homepage: https://cloudposse.com/accelerate
   topics: terraform, terraform-component
+
@@ -101,51 +101,51 @@ description: |-
   ### Defining a new permission set
 
   1. Give the permission set a name, capitalized, in CamelCase, e.g. `AuditManager`. We will use `NAME` as a placeholder
-     for the name in the instructions below. In Terraform, convert the name to lowercase snake case, e.g. `audit_manager`.
+    for the name in the instructions below. In Terraform, convert the name to lowercase snake case, e.g. `audit_manager`.
   2. Create a file in the `aws-sso` directory with the name `policy-NAME.tf`.
   3. In that file, create a policy as follows:
 
-     ```hcl
-     data "aws_iam_policy_document" "TerraformUpdateAccess" {
-       # Define the custom policy here
-     }
-
-     locals {
-       NAME_permission_set = {                         # e.g. audit_manager_permission_set
-         name                                = "NAME",  # e.g. AuditManager
-         description                         = "<description>",
-         relay_state                         = "",
-         session_duration                    = "PT1H", # One hour, maximum allowed for chained assumed roles
-         tags                                = {},
-         inline_policy                       = data.aws_iam_policy_document.NAME.json,
-         policy_attachments                  = []  # ARNs of AWS managed IAM policies to attach, e.g. arn:aws:iam::aws:policy/ReadOnlyAccess
-         customer_managed_policy_attachments = []  # ARNs of customer managed IAM policies to attach
-       }
-     }
-     ```
+    ```hcl
+    data "aws_iam_policy_document" "TerraformUpdateAccess" {
+      # Define the custom policy here
+    }
+
+    locals {
+      NAME_permission_set = {                         # e.g. audit_manager_permission_set
+        name                                = "NAME",  # e.g. AuditManager
+        description                         = "<description>",
+        relay_state                         = "",
+        session_duration                    = "PT1H", # One hour, maximum allowed for chained assumed roles
+        tags                                = {},
+        inline_policy                       = data.aws_iam_policy_document.NAME.json,
+        policy_attachments                  = []  # ARNs of AWS managed IAM policies to attach, e.g. arn:aws:iam::aws:policy/ReadOnlyAccess
+        customer_managed_policy_attachments = []  # ARNs of customer managed IAM policies to attach
+      }
+    }
+    ```
 
   4. Create a file named `additional-permission-sets-list_override.tf` in the `aws-sso` directory (if it does not already
-     exist). This is a [terraform override file](https://developer.hashicorp.com/terraform/language/files/override),
-     meaning its contents will be merged with the main terraform file, and any locals defined in it will override locals
-     defined in other files. Having your code in this separate override file makes it possible for the component to
-     provide a placeholder local variable so that it works without customization, while allowing you to customize the
-     component and still update it without losing your customizations.
+    exist). This is a [terraform override file](https://developer.hashicorp.com/terraform/language/files/override),
+    meaning its contents will be merged with the main terraform file, and any locals defined in it will override locals
+    defined in other files. Having your code in this separate override file makes it possible for the component to
+    provide a placeholder local variable so that it works without customization, while allowing you to customize the
+    component and still update it without losing your customizations.
   5. In that file, redefine the local variable `overridable_additional_permission_sets` as follows:
 
-     ```hcl
-     locals {
-       overridable_additional_permission_sets = [
-         local.NAME_permission_set,
-       ]
-     }
-     ```
+    ```hcl
+    locals {
+      overridable_additional_permission_sets = [
+        local.NAME_permission_set,
+      ]
+    }
+    ```
 
-     If you have multiple custom policies, add each one to the list.
+    If you have multiple custom policies, add each one to the list.
 
   6. With that done, the new permission set will be created when the changes are applied. You can then use it just like
-     the others.
+    the others.
   7. If you want the permission set to be able to use Terraform, enable access to the Terraform state read/write (default)
-     role in `tfstate-backend`.
+    role in `tfstate-backend`.
 
   #### Example
 

@@ -0,0 +1 @@
+
@@ -264,8 +264,8 @@ variable "descriptor_formats" {
     Describe additional descriptors to be output in the `descriptors` output map.
     Map of maps. Keys are names of descriptors. Values are maps of the form
     `{
-       format = string
-       labels = list(string)
+      format = string
+      labels = list(string)
     }`
     (Type is `any` so the map values can later be enhanced to provide additional options.)
     `format` is a Terraform format string to be passed to the `format()` function.

@@ -19,9 +19,9 @@ data "aws_iam_policy_document" "assume_aws_team" {
     resources = ["*"]
 
     /* For future reference, this tag-based restriction also works, based on
-       the fact that we always tag our IAM roles with the "Name" tag.
-       This could be used to control access based on some other tag, like "Category",
-       so is left here as an example.
+      the fact that we always tag our IAM roles with the "Name" tag.
+      This could be used to control access based on some other tag, like "Category",
+      so is left here as an example.
 
     condition {
       test     = "ForAllValues:StringEquals"
-Original file line number
+Diff line change
@@ Expand Up / @@ -3,4 +3,4 @@ @@
       "extends": [
         "config:base"
       ]
-    }
+    }
Original file line number	Diff line number	Diff line change
Expand Up		@@ -5,3 +5,4 @@ repository:
		description: This component is responsible for creating AWS SSO Permission Sets and creating AWS SSO Account Assignments, that is, assigning IdP (Okta) groups and/or users to AWS SSO permission sets in specific AWS Accounts
		homepage: https://cloudposse.com/accelerate
		topics: terraform, terraform-component