Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings
NotificationsYou must be signed in to change notification settings

DevopsArtFactory/terraform-provisioning

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Terraform Sytle Guide(https://github.com/jonbrouse/terraform-style-guide/blob/master/README.md)

Table of Contents

Introduction

This repository gives coding conventions for Terraform's HashiCorp Configuration Language (HCL). Terraform allows infrastructure to be described as code. As such, we should adhere to a style guide to ensure readable and high quality code.

Syntax

  • Strings are in double-quotes.

Spacing

Use 2 spaces when defining resources except when defining inline policies or other inline resources.

resource "aws_iam_role" "iam_role" {  name = "${var.resource_name}-role"  assume_role_policy = <<EOF{  "Version": "2012-10-17",  "Statement": [    {      "Action": "sts:AssumeRole",      "Principal": {        "Service": "ec2.amazonaws.com"      },      "Effect": "Allow",      "Sid": ""    }  ]}EOF}

Resource Block Alignment

Parameter definitions in a resource block should be aligned. Theterraform fmt command can do this for you.

provider "aws" {  access_key = var.aws_access_key  secret_key = var.aws_secret_key  region     = "us-east-1"}

Comments

When commenting use a hash "#" and a space in front of the comment.

# Create ELK IAM Role...

Organizing Variables

Thevariables.tf file should be broken down into three sections with each section arranged alphabetically. Starting at the top of the file:

  1. Variables that have no defaults defined
  2. Variables that contain defaults
  3. All locals blocks

For example:

variable "image_tag" {}variable "desired_count" {  default = "2"}locals {  domain_name = ${data.terraform_remote_state.account.domain_name}}

Naming Conventions

File Names

Create a separate resource file for each type of AWS resource. Similar resources should be defined in the same file and named accordingly.

ami.tfautoscaling_group.tfcloudwatch.tfdata.tfiam.tflaunch_configuration.tfproviders.tfs3.tfsecurity_groups.tfsns.tfsqs.tfuser_data.shvariables.tf

Parameter, Meta-parameter and Variable Naming

Only use an underscore (_) when naming Terraform resources like TYPE/NAME parameters and variables.

resource "aws_security_group" "security_group" {...

Resource Naming

Only use a hyphen (-) when naming the component being created.

resource "aws_security_group" "security_group" { name = "${var.resource_name}-security-group"...

A resource's NAME should be the same as the TYPE minus the provider.

resource "aws_autoscaling_group" "autoscaling_group" {...

If there are multiple resources of the same TYPE defined, add a minimalistic identifier to differentiate between the two resources. A blank line should sperate resource definitions contained in the same file.

# Create Data S3 Bucketresource "aws_s3_bucket" "data_s3_bucket" {  bucket = "${var.environment_name}-data-${var.aws_region}"  acl    = "private"  versioning {    enabled = true  }}# Create Images S3 Bucketresource "aws_s3_bucket" "images_s3_bucket" {  bucket = "${var.environment_name}-images-${var.aws_region}"  acl    = "private"}

Policies as Data Sources

All policies (IAM, S3, KMS, SNS, etc.) should be located indata.tf. The following examples create IAM resources iniam.tf and policies as data sources indata.tf

Snippet fromiam.tf:

# Create Cloudtrail log IAM role for loggingresource "aws_iam_role" "cloudtrail_iam_role" {  name  = "cloudtrail-role"  assume_role_policy = data.aws_iam_policy_document.cloudtrail_assume_role_iam_policy_document.json}# Attach Cloudtrail log policy to Cloudtrail log IAM roleresource "aws_iam_role_policy_attachment" "cloudtrail_policy_attachement" {  role       = aws_iam_role.cloudtrail_iam_role.name  policy_arn = aws_iam_policy.cloudtrail_iam_policy.id}# Create Cloudtrail log IAM policyresource "aws_iam_policy" "cloudtrail_iam_policy" {  name   = "cloudtrail-iam-iam-policy"  policy = data.aws_iam_policy_document.cloudtrail_iam_policy_document.json}

Snippet fromdata.tf:

# Create Cloudtrail assume role policydata "aws_iam_policy_document" "cloudtrail_assume_role_iam_policy_document" {  statement {    actions = ["sts:AssumeRole"]    principals {      type        = "AWS"      identifiers = ["cloudtrail.amazonaws.com"]    }  }}# Create Cloudtrail log IAM policy documentdata "aws_iam_policy_document" "cloudtrail_log_iam_policy_document" {  statement {    sid    = "AllowLogs"    effect = "Allow"    actions = [      "logs:CreateLogStream",      "logs:PutLogEvents",    ]    resources = [      "${aws_cloudwatch_log_group.cloudtrail_cloudwatch_log_group.arn}*",    ]  }}

About

No description or website provided.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published
[8]ページ先頭
©2009-2025 Movatter.jp