17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
# File 'lib/terrafying/components/security/config_aggregator.rb', line 17
def create(
name,
whole_organisation: false
)
ident = tf_safe(name)
role = resource :aws_iam_role, ident, {
name: name,
assume_role_policy: {
Version: "2012-10-17",
Statement: [
{
Action: "sts:AssumeRole",
Principal: {
Service: "config.amazonaws.com"
},
Effect: "Allow",
Sid: ""
}
]
}.to_json,
}
resource :aws_iam_role_policy_attachment, "#{ident}-config-org-policy", {
provider: @provider,
role: role["name"],
policy_arn: "arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations",
}.compact
source = {}
if whole_organisation
source[:organization_aggregation_source] = {
all_regions: true,
role_arn: role["arn"],
}
else
source[:account_aggregation_source] = {
account_ids: [ aws.account_id ],
all_regions: true,
}
end
resource :aws_config_configuration_aggregator, ident, {
depends_on: [ "aws_iam_role_policy_attachment.#{ident}-config-org-policy" ],
name: name,
}.merge(source)
self
end
|