diff --git a/modules/config/README.md b/modules/config/README.md index 6ac5d39..73a361a 100644 --- a/modules/config/README.md +++ b/modules/config/README.md @@ -71,6 +71,7 @@ No modules. | [aws_config_configuration_recorder_status.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/config_configuration_recorder_status) | resource | | [aws_config_delivery_channel.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/config_delivery_channel) | resource | | [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_account_alias.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_account_alias) | data source | | [aws_iam_policy.service_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | | [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.notifications](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | @@ -88,6 +89,7 @@ No modules. | [name](#input\_name) | Name to set on AWS Config resources. | `string` | `"default"` | no | | [prefix](#input\_prefix) | The prefix for the specified S3 bucket. | `string` | `""` | no | | [sns\_topic\_arn](#input\_sns\_topic\_arn) | The ARN of the SNS topic that AWS Config delivers notifications to. | `string` | `null` | no | +| [tag\_account\_alias](#input\_tag\_account\_alias) | Set tag based on account alias. | `bool` | `true` | no | ## Outputs diff --git a/modules/config/alias.tf b/modules/config/alias.tf new file mode 100644 index 0000000..c5f5ccd --- /dev/null +++ b/modules/config/alias.tf @@ -0,0 +1,9 @@ +data "aws_iam_account_alias" "current" { + count = var.tag_account_alias ? 1 : 0 +} + +locals { + tags = var.tag_account_alias ? { + "observeinc.com/accountalias" = data.aws_iam_account_alias.current[0].account_alias + } : {} +} diff --git a/modules/config/iam.tf b/modules/config/iam.tf index 3506a89..a2371db 100644 --- a/modules/config/iam.tf +++ b/modules/config/iam.tf @@ -18,6 +18,8 @@ resource "aws_iam_role" "this" { policy = data.aws_iam_policy_document.notifications.json } } + + tags = local.tags } data "aws_iam_policy_document" "assume_role" { diff --git a/modules/config/variables.tf b/modules/config/variables.tf index 43fbf59..000a27b 100644 --- a/modules/config/variables.tf +++ b/modules/config/variables.tf @@ -79,3 +79,12 @@ variable "sns_topic_arn" { default = null nullable = true } + +variable "tag_account_alias" { + type = bool + description = <<-EOF + Set tag based on account alias. + EOF + default = true + nullable = false +} diff --git a/modules/configsubscription/alias.tf b/modules/configsubscription/alias.tf new file mode 100644 index 0000000..c5f5ccd --- /dev/null +++ b/modules/configsubscription/alias.tf @@ -0,0 +1,9 @@ +data "aws_iam_account_alias" "current" { + count = var.tag_account_alias ? 1 : 0 +} + +locals { + tags = var.tag_account_alias ? { + "observeinc.com/accountalias" = data.aws_iam_account_alias.current[0].account_alias + } : {} +} diff --git a/modules/configsubscription/change.tf b/modules/configsubscription/change.tf index ef24adc..8af422f 100644 --- a/modules/configsubscription/change.tf +++ b/modules/configsubscription/change.tf @@ -10,6 +10,8 @@ resource "aws_cloudwatch_event_rule" "change" { ] }, ) + + tags = local.tags } resource "aws_cloudwatch_event_target" "change" { diff --git a/modules/configsubscription/variables.tf b/modules/configsubscription/variables.tf index d5e0fcf..a0d41a2 100644 --- a/modules/configsubscription/variables.tf +++ b/modules/configsubscription/variables.tf @@ -14,4 +14,11 @@ variable "name_prefix" { nullable = false } - +variable "tag_account_alias" { + type = bool + description = <<-EOF + Set tag based on account alias. + EOF + default = true + nullable = false +} diff --git a/modules/stack/README.md b/modules/stack/README.md index 92667f8..3903c5f 100644 --- a/modules/stack/README.md +++ b/modules/stack/README.md @@ -166,8 +166,8 @@ You can additionally configure other submodules in this manner: | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [config](#input\_config) | Variables for AWS Config collection. |
object({| `null` | no | -| [configsubscription](#input\_configsubscription) | Variables for AWS Config subscription. |
include_resource_types = list(string)
exclude_resource_types = optional(list(string))
delivery_frequency = optional(string)
include_global_resource_types = optional(bool)
})
object({| `null` | no | +| [config](#input\_config) | Variables for AWS Config collection. |
delivery_bucket_name = string
})
object({| `null` | no | +| [configsubscription](#input\_configsubscription) | Variables for AWS Config subscription. |
include_resource_types = list(string)
exclude_resource_types = optional(list(string))
delivery_frequency = optional(string)
include_global_resource_types = optional(bool)
tag_account_alias = optional(bool)
})
object({| `null` | no | | [debug\_endpoint](#input\_debug\_endpoint) | Endpoint to send debugging telemetry to. Sets OTEL\_EXPORTER\_OTLP\_ENDPOINT environment variable for supported lambda functions. | `string` | `null` | no | | [destination](#input\_destination) | Destination filedrop |
delivery_bucket_name = string
tag_account_alias = optional(bool)
})
object({| n/a | yes | | [forwarder](#input\_forwarder) | Variables for forwarder module. |
arn = optional(string, "")
bucket = optional(string, "")
prefix = optional(string, "")
# exclusively for backward compatible HTTP endpoint
uri = optional(string, "")
})
object({| `{}` | no | diff --git a/modules/stack/config.tf b/modules/stack/config.tf index 623010a..034486a 100644 --- a/modules/stack/config.tf +++ b/modules/stack/config.tf @@ -10,6 +10,7 @@ module "config" { exclude_resource_types = var.config.exclude_resource_types delivery_frequency = var.config.delivery_frequency include_global_resource_types = var.config.include_global_resource_types + tag_account_alias = var.config.tag_account_alias depends_on = [aws_s3_bucket_notification.this] } diff --git a/modules/stack/configsubscription.tf b/modules/stack/configsubscription.tf index 19784d4..2cb5441 100644 --- a/modules/stack/configsubscription.tf +++ b/modules/stack/configsubscription.tf @@ -4,5 +4,7 @@ module "configsubscription" { name_prefix = local.name_prefix target_arn = module.forwarder.queue_arn + + tag_account_alias = var.configsubscription.tag_account_alias } diff --git a/modules/stack/variables.tf b/modules/stack/variables.tf index ff2c625..26a3e00 100644 --- a/modules/stack/variables.tf +++ b/modules/stack/variables.tf @@ -56,6 +56,7 @@ variable "config" { exclude_resource_types = optional(list(string)) delivery_frequency = optional(string) include_global_resource_types = optional(bool) + tag_account_alias = optional(bool) }) default = null } @@ -66,6 +67,7 @@ variable "configsubscription" { EOF type = object({ delivery_bucket_name = string + tag_account_alias = optional(bool) }) default = null }
source_bucket_names = optional(list(string), [])
source_topic_arns = optional(list(string), [])
content_type_overrides = optional(list(object({ pattern = string, content_type = string })), [])
max_file_size = optional(number)
lambda_memory_size = optional(number)
lambda_timeout = optional(number)
lambda_env_vars = optional(map(string))
retention_in_days = optional(number)
queue_max_receive_count = optional(number)
queue_delay_seconds = optional(number)
queue_message_retention_seconds = optional(number)
queue_batch_size = optional(number)
queue_maximum_batching_window_in_seconds = optional(number)
})