From 4f7f12d3792599eb9876ba6370d92054cc614297 Mon Sep 17 00:00:00 2001 From: Dan Miller Date: Mon, 11 Mar 2024 10:39:05 -0700 Subject: [PATCH] feat: `prettier` in READMEs (https://github.com/cloudposse/terraform-aws-components/pull/998) --- src/README.md | 80 ++++++++++++++++++++++++--------------------------- 1 file changed, 37 insertions(+), 43 deletions(-) diff --git a/src/README.md b/src/README.md index a7cc67e..3238f64 100644 --- a/src/README.md +++ b/src/README.md @@ -50,42 +50,43 @@ components: Use case: Peering v2 accounts to v2 ```yaml - vpc-peering/-vpc0: - metadata: - component: vpc-peering - inherits: - - vpc-peering/defaults - vars: - requester_vpc_component_name: vpc - accepter_region: us-east-1 - accepter_stage_name: - accepter_vpc: - tags: - # Fill in with your own information - Name: acme---- +vpc-peering/-vpc0: + metadata: + component: vpc-peering + inherits: + - vpc-peering/defaults + vars: + requester_vpc_component_name: vpc + accepter_region: us-east-1 + accepter_stage_name: + accepter_vpc: + tags: + # Fill in with your own information + Name: acme---- ``` ## Legacy Account Configuration The `vpc-peering` component peers the `dev`, `prod`, `sandbox` and `staging` VPCs to a VPC in the legacy account. -The `dev`, `prod`, `sandbox` and `staging` VPCs are the requesters of the VPC peering connection, -while the legacy VPC is the accepter of the peering connection. - -To provision VPC peering and all related resources with Terraform, we need the following information from the legacy account: +The `dev`, `prod`, `sandbox` and `staging` VPCs are the requesters of the VPC peering connection, while the legacy VPC +is the accepter of the peering connection. - - Legacy account ID - - Legacy VPC ID - - Legacy AWS region - - Legacy IAM role (the role must be created in the legacy account with permissions to create VPC peering and routes). - The name of the role could be `acme-vpc-peering` and the ARN of the role should look like `arn:aws:iam:::role/acme-vpc-peering` +To provision VPC peering and all related resources with Terraform, we need the following information from the legacy +account: +- Legacy account ID +- Legacy VPC ID +- Legacy AWS region +- Legacy IAM role (the role must be created in the legacy account with permissions to create VPC peering and routes). + The name of the role could be `acme-vpc-peering` and the ARN of the role should look like + `arn:aws:iam:::role/acme-vpc-peering` ### Legacy Account IAM Role In the legacy account, create IAM role `acme-vpc-peering` with the following policy: -__NOTE:__ Replace `` with the ID of the legacy account. +**NOTE:** Replace `` with the ID of the legacy account. ```json { @@ -93,10 +94,7 @@ __NOTE:__ Replace `` with the ID of the legacy account. "Statement": [ { "Effect": "Allow", - "Action": [ - "ec2:CreateRoute", - "ec2:DeleteRoute" - ], + "Action": ["ec2:CreateRoute", "ec2:DeleteRoute"], "Resource": "arn:aws:ec2:*::route-table/*" }, { @@ -126,10 +124,7 @@ __NOTE:__ Replace `` with the ID of the legacy account. }, { "Effect": "Allow", - "Action": [ - "ec2:DeleteTags", - "ec2:CreateTags" - ], + "Action": ["ec2:DeleteTags", "ec2:CreateTags"], "Resource": "arn:aws:ec2:*::vpc-peering-connection/*" } ] @@ -138,7 +133,7 @@ __NOTE:__ Replace `` with the ID of the legacy account. Add the following trust policy to the IAM role: -__NOTE:__ Replace `` with the ID of the `identity` account in the new infrastructure. +**NOTE:** Replace `` with the ID of the `identity` account in the new infrastructure. ```json { @@ -147,26 +142,22 @@ __NOTE:__ Replace `` with the ID of the `identity` account { "Effect": "Allow", "Principal": { - "AWS": [ - "arn:aws:iam:::root" - ] + "AWS": ["arn:aws:iam:::root"] }, - "Action": [ - "sts:AssumeRole", - "sts:TagSession" - ], + "Action": ["sts:AssumeRole", "sts:TagSession"], "Condition": {} } ] } ``` -The trust policy allows the `identity` account to assume the role (and provision all the resources in the legacy account). +The trust policy allows the `identity` account to assume the role (and provision all the resources in the legacy +account). ## Provisioning -Provision the VPC peering connections in the `dev`, `prod`, `sandbox` and `staging` accounts by executing -the following commands: +Provision the VPC peering connections in the `dev`, `prod`, `sandbox` and `staging` accounts by executing the following +commands: ```sh atmos terraform plan vpc-peering -s ue1-sandbox @@ -182,6 +173,7 @@ atmos terraform plan vpc-peering -s ue1-prod atmos terraform apply vpc-peering -s ue1-prod ``` + ## Requirements @@ -249,7 +241,9 @@ atmos terraform apply vpc-peering -s ue1-prod |------|-------------| | [vpc\_peering](#output\_vpc\_peering) | VPC peering outputs | + -- [cloudposse/terraform-aws-components](https://github.com/cloudposse/terraform-aws-components/tree/main/modules/vpc-peering) - Cloud Posse's upstream component +- [cloudposse/terraform-aws-components](https://github.com/cloudposse/terraform-aws-components/tree/main/modules/vpc-peering) - + Cloud Posse's upstream component [](https://cpco.io/component)