first commit

Signed-off-by: Greg Werner <[email protected]>

.gitignore

@@ -0,0 +1,38 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+# example.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+.terraform.lock.hcl
+
+go.mod
+go.sum
+
+.DS_Store

.header.md

@@ -0,0 +1,40 @@
+# IllumiDesk Backoffice Resources
+
+> **NOTE**: This module is still in DRAFT mode. It is not ready for production use. There is a known issue with the `aws_workspaces_directory` resource that prevents the module from deploying successfully.
+
+Deploys an AWS Directory Service directory, a WorkSpaces directory, and a WorkSpace.
+
+## Note
+
+The AWS WorkSpaces service requires an IAM role named `workspaces_IllumiDeskRole`. If this role is already created, comment out the resources `aws_iam_role.workspaces_IllumiDeskRole` and `aws_iam_role_policy_attachment.workspaces_IllumiDeskRole` in the Terraform source file [iam.tf](./iam.tf).
+
+## Usage
+
+### Create Terraform Variables
+
+Copy the `terraform.tfvars.example` file to `terraform.tfvars` and update the values as needed.
+
+```shell
+cp example.tfvars terraform.tfvars
+```
+
+### Terraform State
+
+The bucket to manage state for the Workspaces is different from other IllumiDesk resources. To create the AWS S3 bucket to manage state, run the following commands:
+
+```shell
+terraform init
+terraform plan -target=module.state
+terraform apply -target=module.state
+```
+
+By default, resources are created in the `us-east-1` region. To override the region, set the variable `aws_region` to a different value in the `terraform.tfvars` file.
+
+### Deploy Workspaces
+
+Create the Workspaces resources:
+
+```shell
+terraform plan -target=module.workspaces
+terraform apply -target=module.workspaces
+```

.pre-commit-config.yaml

@@ -0,0 +1,92 @@
+---
+
+fail_fast: false
+minimum_pre_commit_version: "2.6.0"
+
+repos:
+  -
+    repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: 3298ddab3c13dd77d6ce1fc0baf97691430d84b0  # frozen: v4.3.0
+    hooks:
+      - id: check-added-large-files
+      - id: check-case-conflict
+      - id: check-merge-conflict
+      - id: check-executables-have-shebangs
+      - id: check-json
+      - id: check-symlinks
+      - id: check-vcs-permalinks
+      - id: check-xml
+      - id: check-yaml
+        args: [--allow-multiple-documents]
+        exclude: "templates/.*"
+      - id: mixed-line-ending
+      #      - id: trailing-whitespace
+      #- id: flake8
+
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: 1d54ea2b9950097568c6a7a2e2bcb6d4b4ebfb61  # frozen: v1.77.0
+    hooks:
+      # see https://github.com/antonbabenko/pre-commit-terraform#terraform_fmt
+      - id: terraform_fmt
+
+      # see https://github.com/antonbabenko/pre-commit-terraform#terraform_validate
+      - id: terraform_validate
+        exclude: examples/.*
+
+      # see https://github.com/antonbabenko/pre-commit-terraform#terraform_docs
+      - id: terraform_docs
+        args:
+          - "--args=--config=.terraform-docs.yaml"
+          - "--args=--lockfile=false"
+
+      # see https://github.com/antonbabenko/pre-commit-terraform#terraform_providers_lock
+      - id: terraform_providers_lock
+
+      # see https://github.com/antonbabenko/pre-commit-terraform#terraform_tflint
+      - id: terraform_tflint
+        exclude: 'examples/.*'
+        args:
+          - "--args=--config=__GIT_WORKING_DIR__/.tflint.hcl"
+
+      - id: terraform_tfsec
+        args:
+          - "--args=--exclude-downloaded-modules"
+          - "--args=--custom-check-dir=__GIT_WORKING_DIR__/.tfsec"
+        files: \.tf$
+        exclude: \.terraform\/.*$
+  - repo: https://github.com/aws-quickstart/qs-cfn-lint-rules
+    rev: 93a9fc75ed3d7ede082b8afad4cdd97e4794cee0  # frozen: v1.4
+    hooks:
+      # Inverse flag passed to effectively enforce that CFN templates must be in `templates/`
+      - id: files-are-not-cfn
+        name: Validating no CFN files exist outside of templates/
+        verbose: true
+        types_or: [json,yaml]
+        require_serial: true
+        args:
+          - '-i'
+        exclude: '^templates/.*'
+      - id: files-are-cfn
+        name: Validating only CFN files exist in templates/
+        verbose: true
+        require_serial: true
+        files: '^templates/.*'
+      - id: qs-cfn-lint-wrapped
+        files: '^templates/.*'
+  - repo: https://github.com/aws-ia/pre-commit-hooks
+    rev: 16be3ef859223383f402c8523bfd3bbb5f750894  # frozen: v1.0
+    hooks:
+      - id: git-submodule-sanity-check
+        always_run: true
+  - repo: local
+    hooks:
+      - id: restricted-filenames
+        name: Check commits for unexpected file extensions
+        entry: These files are prohibited and should be removed.
+        language: fail
+        files: '.*\.(taskcat_overrides.yml)'
+  - repo: https://github.com/PyCQA/bandit
+    rev: 1ed79063e3672a1c6d91ee27cb648e07a7465344  # frozen: 1.7.4
+    hooks:
+      - id: bandit
+        description: 'Bandit is a tool for finding common security issues in Python code'

.terraform-docs.yaml

@@ -0,0 +1,21 @@
+formatter: markdown
+header-from: .header.md
+settings:
+  anchor: true
+  color: true
+  default: true
+  escape: true
+  html: true
+  indent: 2
+  required: true
+  sensitive: true
+  type: true
+  lockfile: false
+
+sort:
+  enabled: true
+  by: required
+
+output:
+  file: README.md
+  mode: replace

.tflint.hcl

@@ -0,0 +1,66 @@
+# https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/module-inspection.md
+# borrowed & modified indefinitely from https://github.com/ksatirli/building-infrastructure-you-can-mostly-trust/blob/main/.tflint.hcl
+
+plugin "aws" {
+  enabled = true
+  version = "0.14.0"
+  source  = "github.com/terraform-linters/tflint-ruleset-aws"
+}
+
+config {
+  module = true
+  force  = false
+}
+
+rule "terraform_required_providers" {
+  enabled = true
+}
+
+rule "terraform_required_version" {
+  enabled = true
+}
+
+rule "terraform_naming_convention" {
+  enabled = true
+  format  = "snake_case"
+}
+
+rule "terraform_typed_variables" {
+  enabled = true
+}
+
+rule "terraform_unused_declarations" {
+  enabled = true
+}
+
+rule "terraform_comment_syntax" {
+  enabled = true
+}
+
+rule "terraform_deprecated_index" {
+  enabled = true
+}
+
+rule "terraform_deprecated_interpolation" {
+  enabled = true
+}
+
+rule "terraform_documented_outputs" {
+  enabled = true
+}
+
+rule "terraform_documented_variables" {
+  enabled = true
+}
+
+rule "terraform_module_pinned_source" {
+  enabled = true
+}
+
+rule "terraform_standard_module_structure" {
+  enabled = true
+}
+
+rule "terraform_workspace_remote" {
+  enabled = true
+}

README.md

@@ -0,0 +1,106 @@
+<!-- BEGIN_TF_DOCS -->
+# IllumiDesk Backoffice Resources
+
+> **NOTE**: This module is still in DRAFT mode. It is not ready for production use. There is a known issue with the `aws_workspaces_directory` resource that prevents the module from deploying successfully.
+
+Deploys an AWS Directory Service directory, a WorkSpaces directory, and a WorkSpace.
+
+## Note
+
+The AWS WorkSpaces service requires an IAM role named `workspaces_IllumiDeskRole`. If this role is already created, comment out the resources `aws_iam_role.workspaces_IllumiDeskRole` and `aws_iam_role_policy_attachment.workspaces_IllumiDeskRole` in the Terraform source file [iam.tf](./iam.tf).
+
+## Usage
+
+### Create Terraform Variables
+
+Copy the `terraform.tfvars.example` file to `terraform.tfvars` and update the values as needed.
+
+```shell
+cp example.tfvars terraform.tfvars
+```
+
+### Terraform State
+
+The bucket to manage state for the Workspaces is different from other IllumiDesk resources. To create the AWS S3 bucket to manage state, run the following commands:
+
+```shell
+terraform init
+terraform plan -target=module.state
+terraform apply -target=module.state
+```
+
+By default, resources are created in the `us-east-1` region. To override the region, set the variable `aws_region` to a different value in the `terraform.tfvars` file.
+
+### Deploy Workspaces
+
+Create the Workspaces resources:
+
+```shell
+terraform plan -target=module.workspaces
+terraform apply -target=module.workspaces
+```
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+| <a name="provider_random"></a> [random](#provider\_random) | n/a |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_state"></a> [state](#module\_state) | ./modules/state | n/a |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_directory_service_directory.illumidesk](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/directory_service_directory) | resource |
+| [aws_iam_role.workspaces-default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [aws_iam_role_policy_attachment.workspaces_default_self_service_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_iam_role_policy_attachment.workspaces_default_service_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_kms_key.illumidesk](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
+| [aws_workspaces_directory.illumidesk](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/workspaces_directory) | resource |
+| [aws_workspaces_ip_group.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/workspaces_ip_group) | resource |
+| [aws_workspaces_workspace.illumidesk](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/workspaces_workspace) | resource |
+| [random_string.suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
+| [aws_iam_policy_document.workspaces](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_security_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) | data source |
+| [aws_workspaces_bundle.value_windows](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/workspaces_bundle) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_aws_access_key"></a> [aws\_access\_key](#input\_aws\_access\_key) | AWS access key id | `string` | `""` | no |
+| <a name="input_aws_directory_name"></a> [aws\_directory\_name](#input\_aws\_directory\_name) | AWS directory name | `string` | `"workspaces.illumidesk.com"` | no |
+| <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | The AWS region to use | `string` | `"us-east-1"` | no |
+| <a name="input_aws_secret_key"></a> [aws\_secret\_key](#input\_aws\_secret\_key) | AWS secret key id | `string` | `""` | no |
+| <a name="input_workspace_password"></a> [workspace\_password](#input\_workspace\_password) | Workspace password | `string` | `""` | no |
+| <a name="input_workspace_size"></a> [workspace\_size](#input\_workspace\_size) | Workspace size | `string` | `"Small"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_aws_kms_alias_for_terraform_state"></a> [aws\_kms\_alias\_for\_terraform\_state](#output\_aws\_kms\_alias\_for\_terraform\_state) | n/a |
+| <a name="output_private_subnets"></a> [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets |
+| <a name="output_private_subnets_cidr_blocks"></a> [private\_subnets\_cidr\_blocks](#output\_private\_subnets\_cidr\_blocks) | List of cidr\_blocks of private subnets |
+| <a name="output_public_subnets"></a> [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets |
+| <a name="output_public_subnets_cidr_blocks"></a> [public\_subnets\_cidr\_blocks](#output\_public\_subnets\_cidr\_blocks) | List of cidr\_blocks of public subnets |
+| <a name="output_terraform-state-it-bucket"></a> [terraform-state-it-bucket](#output\_terraform-state-it-bucket) | n/a |
+| <a name="output_vpc_arn"></a> [vpc\_arn](#output\_vpc\_arn) | The ARN of the VPC |
+| <a name="output_vpc_cidr_block"></a> [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR block of the VPC |
+| <a name="output_vpc_id"></a> [vpc\_id](#output\_vpc\_id) | The ID of the VPC |
+<!-- END_TF_DOCS -->