Skip to content
/ terraform-aws-mcaf-workspace Public
forked from schubergphilis/terraform-aws-mcaf-workspace

Terraform module to create a TFC workspace for resources in an AWS account.

License

Apache-2.0 license
0 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

svashisht03/terraform-aws-mcaf-workspace

BranchesTags
 
 

Repository files navigation

terraform-aws-mcaf-workspace

Terraform module to create a Terraform Cloud workspace and either a IAM user or role in an AWS account. The user or role credentials are added to the workspace so that Terraform can create resources in the AWS account.

Usage

Team access

This module supports assigning an existing team access to the created workspace.

To do this, pass a map to var.team_access using the team name as the key and either access or permissions to assign a team access to the workspace.

Example using a pre-existing role (see this link for allowed values):

team_access = {
  "MyTeamName" = {
    access = "write"
  }
}

Example using a custom role (see this link for a list of keys and their allowed values):

team_access = {
  "MyTeamName" = {
    permissions = {
      run_tasks         = false
      runs              = "apply"
      sentinel_mocks    = "read"
      state_versions    = "read-outputs"
      variables         = "write"
      workspace_locking = true
    }
  }
}

The above custom role is similar to the "write" pre-existing role, but blocks access to the workspace state (which is considered sensitive).

Requirements

Name Version
terraform >= 1.2.0

Providers

Name Version
random n/a
tfe n/a

Inputs

Name Description Type Default Required
name A name for the Terraform workspace string n/a yes
oauth_token_id The OAuth token ID of the VCS provider string n/a yes
tags A mapping of tags to assign to resource map(string) n/a yes
terraform_organization The Terraform Enterprise organization to create the workspace in string n/a yes
agent_pool_id Agent pool ID, requires "execution_mode" to be set to agent string null no
agent_role_arn IAM role ARN used by Terraform Cloud Agent to assume role in the created account string null no
auth_method Configures how the workspace authenticates with the AWS account (can be iam_role or iam_user) string "iam_user" no
auto_apply Whether to automatically apply changes when a Terraform plan is successful bool false no
branch The git branch to trigger the TFE workspace for string "main" no
clear_text_env_variables An optional map with clear text environment variables map(string) {} no
clear_text_hcl_variables An optional map with clear text HCL Terraform variables map(string) {} no
clear_text_terraform_variables An optional map with clear text Terraform variables map(string) {} no
execution_mode Which execution mode to use string "remote" no
file_triggers_enabled Whether to filter runs based on the changed files in a VCS push bool true no
global_remote_state Allow all workspaces in the organization to read the state of this workspace bool null no
policy The policy to attach to the pipeline role or user string null no
policy_arns A set of policy ARNs to attach to the pipeline user set(string) [] no
region The default region of the account string null no
remote_state_consumer_ids A set of workspace IDs set as explicit remote state consumers for this workspace set(string) null no
repository_identifier The repository identifier to connect the workspace to string null no
role_name The IAM role name for a new pipeline user string null no
sensitive_env_variables An optional map with sensitive environment variables map(string) {} no
sensitive_hcl_variables An optional map with sensitive HCL Terraform variables 
map(object({
    sensitive = string
  }))
 {} no
sensitive_terraform_variables An optional map with sensitive Terraform variables map(string) {} no
slack_notification_triggers The triggers to send to Slack list(string) 
[
  "run:created",
  "run:planning",
  "run:needs_attention",
  "run:applying",
  "run:completed",
  "run:errored"
]
 no
slack_notification_url The Slack Webhook URL to send notification to string null no
ssh_key_id The SSH key ID to assign to the workspace string null no
team_access Map of team names and either type of fixed access or custom permissions to assign 
map(object({
    access = optional(string, null),
    permissions = optional(object({
      run_tasks         = bool
      runs              = string
      sentinel_mocks    = string
      state_versions    = string
      variables         = string
      workspace_locking = bool
    }), null)
  }))
 {} no
terraform_version The version of Terraform to use for this workspace string "latest" no
trigger_prefixes List of repository-root-relative paths which should be tracked for changes list(string) 
[
  "modules"
]
 no
username The username for a new pipeline user string null no
working_directory A relative path that Terraform will execute within string "terraform" no

Outputs

Name Description
arn The workspace IAM user ARN
workspace_id The Terraform Cloud workspace ID

About

Terraform module to create a TFC workspace for resources in an AWS account.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • HCL 98.7%
  • Smarty 1.3%