add a module to associate aws_iam_access_key credentials to a TFE wor…

…kspace * add a module to associate aws_iam_access_key credentials to a tfe workspace * Minor changes based on feedback for PR #264
fpco · Oct 18, 2019 · 8697685 · 8697685
1 parent 8a214e5
commit 8697685
Show file tree

Hide file tree

Showing 5 changed files with 67 additions and 0 deletions.
diff --git a/modules/tf-cloud-credential/README.md b/modules/tf-cloud-credential/README.md
@@ -0,0 +1,4 @@
+## TF Cloud AWS credentials
+
+This module associates credential values as environmental variables to
+a tfe workspace.
diff --git a/modules/tf-cloud-credential/data.tf b/modules/tf-cloud-credential/data.tf
@@ -0,0 +1,4 @@
+resource "tfe_workspace" "workspace" {
+  name         = var.workspace_name_prefix
+  organization = var.organization
+}
diff --git a/modules/tf-cloud-credential/main.tf b/modules/tf-cloud-credential/main.tf
@@ -0,0 +1,23 @@
+resource "tfe_variable" "workspace_aws_access_key_id" {
+  workspace_id = "${tfe_workspace.workspace.id}"
+  key          = "AWS_ACCESS_KEY_ID"
+  value        = var.iam_access_key.id
+  category     = "env"
+  sensitive    = true
+}
+
+resource "tfe_variable" "workspace_aws_secret_access_key_id" {
+  workspace_id = "${tfe_workspace.workspace.id}"
+  key          = "AWS_SECRET_ACCESS_KEY"
+  value        = var.iam_access_key.secret
+  category     = "env"
+  sensitive    = true
+}
+
+resource "tfe_variable" "workspace_aws_default_region" {
+  workspace_id = "${tfe_workspace.workspace.id}"
+  key          = "AWS_DEFAULT_REGION"
+  value        = var.region
+  category     = "env"
+  sensitive    = false
+}
diff --git a/modules/tf-cloud-credential/outputs.tf b/modules/tf-cloud-credential/outputs.tf
@@ -0,0 +1,14 @@
+output "workspace_aws_access_key_id" {
+  value       = tfe_variable.workspace_aws_access_key_id.id
+  description = "Access key tfe_variable id"
+}
+
+output "workspace_aws_secret_access_key_id" {
+  value       = tfe_variable.workspace_aws_secret_access_key_id.id
+  description = "Access secret tfe_variable id"
+}
+
+output "workspace_aws_default_region" {
+  value       = tfe_variable.workspace_aws_default_region.id
+  description = "Region tfe_variable id"
+}
diff --git a/modules/tf-cloud-credential/variables.tf b/modules/tf-cloud-credential/variables.tf
@@ -0,0 +1,22 @@
+variable "name_prefix" {
+  type        = string
+  description = "The name prefix to use for the workspace"
+}
+
+variable "organization" {
+  type        = string
+  description = "The workspace organization"
+}
+
+variable "iam_access_key" {
+  type = object({
+    id     = string
+    secret = string
+  })
+  description = "The aws_iam_access_key id/secret pair to use as credentials for the workspace."
+}
+
+variable "region" {
+  type        = string
+  description = "The aws region"
+}