class Terrafying::Components::Security::ConfigAggregator
Public Class Methods
create(*args)
click to toggle source
# File lib/terrafying/components/security/config_aggregator.rb, line 13 def self.create(*args) ConfigAggregator.new.create(*args) end
Public Instance Methods
create( name, whole_organisation: false )
click to toggle source
# File lib/terrafying/components/security/config_aggregator.rb, line 17 def create( name, whole_organisation: false ) ident = tf_safe(name) role = resource :aws_iam_role, ident, { name: name, assume_role_policy: { Version: "2012-10-17", Statement: [ { Action: "sts:AssumeRole", Principal: { Service: "config.amazonaws.com" }, Effect: "Allow", Sid: "" } ] }.to_json, } resource :aws_iam_role_policy_attachment, "#{ident}-config-org-policy", { provider: @provider, role: role["name"], policy_arn: "arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations", }.compact source = {} if whole_organisation source[:organization_aggregation_source] = { all_regions: true, role_arn: role["arn"], } else source[:account_aggregation_source] = { account_ids: [ aws.account_id ], all_regions: true, } end resource :aws_config_configuration_aggregator, ident, { depends_on: [ "aws_iam_role_policy_attachment.#{ident}-config-org-policy" ], name: name, }.merge(source) self end