diff --git a/README.md b/README.md index bdc3881..1cbf40d 100644 --- a/README.md +++ b/README.md @@ -66,22 +66,51 @@ This module has a few dependencies: ### Simple Example +### Public Here is an example of how you can use this module in your inventory structure: ```hcl - module "sftp" { - source = "clouddrove/sftp/aws" - version = "1.3.0" - name = "sftp" - environment = "test" - label_order = ["name", "environment"] - public_key = "" - user_name = "ftp-user" - enable_sftp = true - s3_bucket_id = clouddrove_dev_s3_bucket - endpoint_type = "PUBLIC" + module "sftp" { + source = "clouddrove/sftp/aws" + version = "1.3.1" + name = "sftp" + environment = "test" + label_order = ["environment", "name"] + enable_sftp = true + s3_bucket_name = module.s3_bucket.id + endpoint_type = "PUBLIC" + workflow_details = { + on_upload = { + execution_role = "arn:aws:iam::1234567890:role/test-sftp-transfer-role" + workflow_id = "w-12345XXXX6da" } + } + } ``` +### VPC +Here is an example of how you can use this module in your inventory structure: +```hcl + module "sftp" { + source = "clouddrove/sftp/aws" + version = "1.3.1" + name = "sftp" + environment = "test" + label_order = ["environment", "name"] + eip_enabled = false + s3_bucket_name = module.s3_bucket.id + sftp_users = var.sftp_users + subnet_ids = module.subnets.private_subnet_id + vpc_id = module.vpc.vpc_id + restricted_home = true + vpc_security_group_ids = [module.security_group_sftp.security_group_id] + workflow_details = { + on_upload = { + execution_role = "arn:aws:iam::1234567890:role/test-sftp-transfer-role" + workflow_id = "w-12345XXXX6da" + } + } + } +``` diff --git a/README.yaml b/README.yaml index cf75383..bff3318 100644 --- a/README.yaml +++ b/README.yaml @@ -37,18 +37,47 @@ include: # How to use this project usage : |- ### Simple Example + ### PUBLIC Here is an example of how you can use this module in your inventory structure: ```hcl module "sftp" { - source = "clouddrove/sftp/aws" - version = "1.3.0" - name = "sftp" - environment = "test" - label_order = ["name", "environment"] - public_key = "" - user_name = "ftp-user" - enable_sftp = true - s3_bucket_id = clouddrove_dev_s3_bucket - endpoint_type = "PUBLIC" - } + source = "clouddrove/sftp/aws" + version = "1.3.1" + name = "sftp" + environment = "test" + label_order = ["environment", "name"] + enable_sftp = true + s3_bucket_name = module.s3_bucket.id + endpoint_type = "PUBLIC" + workflow_details = { + on_upload = { + execution_role = "arn:aws:iam::1234567890:role/test-sftp-transfer-role" + workflow_id = "w-12345XXXX6da" + } + } + } ``` + + ### VPC + ```hcl + module "sftp" { + source = "clouddrove/sftp/aws" + version = "1.3.1" + name = "sftp" + environment = "test" + label_order = ["environment", "name"] + eip_enabled = false + s3_bucket_name = module.s3_bucket.id + sftp_users = var.sftp_users + subnet_ids = module.subnets.private_subnet_id + vpc_id = module.vpc.vpc_id + restricted_home = true + vpc_security_group_ids = [module.security_group_sftp.security_group_id] + workflow_details = { + on_upload = { + execution_role = "arn:aws:iam::1234567890:role/test-sftp-transfer-role" + workflow_id = "w-12345XXXX6da" + } + } + } + ``` \ No newline at end of file diff --git a/main.tf b/main.tf index 638e5e4..32d134f 100644 --- a/main.tf +++ b/main.tf @@ -26,11 +26,11 @@ locals { s3_arn_prefix = "arn:${one(data.aws_partition.default[*].partition)}:s3:::" is_vpc = var.vpc_id != null - user_names = length(var.sftp_users) > 0 ? [for user in var.sftp_users : user.username] : [] + user_names = length(var.sftp_users) > 0 ? [for user in var.sftp_users : user.user_name] : [] user_names_map = length(var.sftp_users) > 0 ? { for user in var.sftp_users : - user.username => merge(user, { + user.user_name => merge(user, { s3_bucket_arn = lookup(user, "s3_bucket_name", null) != null ? "${local.s3_arn_prefix}${lookup(user, "s3_bucket_name")}" : one(data.aws_s3_bucket.landing[*].arn) }) } : {} @@ -232,7 +232,7 @@ resource "aws_transfer_server" "transfer_server" { ##---------------------------------------------------------------------------------- resource "aws_transfer_user" "transfer_server_user" { - for_each = var.enabled ? { for user in var.sftp_users : user.username => user } : {} + for_each = var.enabled ? { for user in var.sftp_users : user.user_name => user } : {} server_id = join("", aws_transfer_server.transfer_server[*].id) role = aws_iam_role.s3_access_for_sftp_users[each.value.user_name].arn diff --git a/variables.tf b/variables.tf index c77c64f..f6d0f4e 100644 --- a/variables.tf +++ b/variables.tf @@ -155,4 +155,10 @@ variable "workflow_details" { variable "enable_workflow" { type = bool default = false +} + +variable "endpoint_type" { + type = string + default = "PUBLIC" + description = "The type of endpoint that you want your SFTP server connect to. If you connect to a VPC (or VPC_ENDPOINT), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC" } \ No newline at end of file