-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathlocals.tf
77 lines (68 loc) · 2.84 KB
/
locals.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# ------------------------------------------------------------------------------
# Retrieve the effective Account ID, User ID, and ARN in which
# Terraform is authorized. This is used to calculate the session
# names for assumed roles.
# ------------------------------------------------------------------------------
data "aws_caller_identity" "current" {}
# ------------------------------------------------------------------------------
# Retrieve the caller identity for the Shared Services account
# provider in order to get the ID associated with the account.
# ------------------------------------------------------------------------------
data "aws_caller_identity" "sharedservices" {
provider = aws.sharedservicesprovisionaccount
}
# ------------------------------------------------------------------------------
# Retrieve the information for all accounts in the organization. This
# is used to lookup account IDs.
# ------------------------------------------------------------------------------
data "aws_organizations_organization" "cool" {
provider = aws.organizationsreadonly
}
# ------------------------------------------------------------------------------
# Evaluate expressions for use throughout this configuration.
# ------------------------------------------------------------------------------
locals {
# Extract the user name of the current caller for use
# as assume role session names.
caller_user_name = split("/", data.aws_caller_identity.current.arn)[1]
# The ID of the Shared Services account
sharedservices_account_id = data.aws_caller_identity.sharedservices.account_id
# Look up the name of the Shared Services account from the AWS
# organizations provider
sharedservices_account_name = [
for account in data.aws_organizations_organization.cool.accounts :
account.name
if account.id == local.sharedservices_account_id
][0]
# Determine the Shared Services account type (staging or production)
# based on the Shared Services account name.
#
# The account name format is "Shared Services (ACCOUNT_TYPE)" - for
# example, "Shared Services (Production)".
sharedservices_account_type = length(regexall("\\(([^()]*)\\)", local.sharedservices_account_name)) == 1 ? regex("\\(([^()]*)\\)", local.sharedservices_account_name)[0] : "Unknown"
workspace_type = lower(local.sharedservices_account_type)
#
# Helpful lists for defining ACL and security group rules
#
# The ports the CDM agents use to communicate with the CDM
# environment.
cdm_ports = {
tenable_ingress = {
egress = false
from_port = 8834
proto = "tcp"
to_port = 8834
},
tenable_egress = {
egress = true
from_port = 8834
proto = "tcp"
to_port = 8834
},
}
# Useful when creating some security group or ACL rules
tcp_and_udp = [
"tcp",
"udp",
]
}