Beanstalk Service Role Creation

.pre-commit-config.yaml

@@ -0,0 +1,20 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.3.0
+    hooks:
+      - id: detect-aws-credentials
+        args: [--allow-missing-credentials]
+      - id: detect-private-key
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.74.1
+    hooks:
+      - id: terraform_fmt
+      - id: terraform_tfsec
+        args:
+          - >
+          - --args=--exclude-downloaded-modules
+      - id: terraform_tflint
+        args:
+          - --args=--config=__GIT_WORKING_DIR__/.tflint.hcl

.tflint.hcl

@@ -0,0 +1,29 @@
+plugin "aws" {
+  enabled = true
+  version = "0.18.0"
+  source  = "github.com/terraform-linters/tflint-ruleset-aws"
+}
+
+rule "terraform_naming_convention" {
+  enabled = true
+}
+
+rule "terraform_unused_declarations" {
+  enabled = true
+}
+
+rule "terraform_deprecated_index" {
+  enabled = true
+}
+
+rule "terraform_documented_outputs" {
+  enabled = true
+}
+
+rule "terraform_documented_variables" {
+  enabled = true
+}
+
+rule "terraform_typed_variables" {
+  enabled = true
+}

examples/multiple_apps/ci.auto.tfvars

@@ -1,6 +1,6 @@
 aws_profile = "default"
 
-region = "ap-south-1"
+region = "ap-southeast-1"
 
 name = "Application"
 

examples/multiple_apps/iam.tf

@@ -13,3 +13,70 @@ resource "aws_iam_role" "this" {
   name               = "eb_appversion_deletion_role"
   assume_role_policy = data.aws_iam_policy_document.this.json
 }
+
+
+resource "aws_iam_role_policy_attachment" "service_policy_attachment" {
+  role       = aws_iam_role.this.name
+  policy_arn = aws_iam_policy.eb_custom_service_policy.arn
+}
+
+
+resource "aws_iam_policy" "eb_custom_service_policy" {
+  policy = jsonencode({
+    "Version" : "2012-10-17",
+    "Statement" : [
+      {
+        "Sid" : "AllowCloudformationReadOperationsOnElasticBeanstalkStacks",
+        "Effect" : "Allow",
+        "Action" : [
+          "cloudformation:DescribeStackResource",
+          "cloudformation:DescribeStackResources",
+          "cloudformation:DescribeStacks"
+        ],
+        "Resource" : [
+          "arn:aws:cloudformation:*:*:stack/awseb-*",
+          "arn:aws:cloudformation:*:*:stack/eb-*"
+        ]
+      },
+      {
+        "Sid" : "AllowOperations",
+        "Effect" : "Allow",
+        "Action" : [
+          "autoscaling:DescribeAutoScalingGroups",
+          "autoscaling:DescribeAutoScalingInstances",
+          "autoscaling:DescribeNotificationConfigurations",
+          "autoscaling:DescribeScalingActivities",
+          "autoscaling:PutNotificationConfiguration",
+          "ec2:DescribeInstanceStatus",
+          "ec2:AssociateAddress",
+          "ec2:DescribeAddresses",
+          "ec2:DescribeInstances",
+          "ec2:DescribeSecurityGroups",
+          "elasticloadbalancing:DescribeInstanceHealth",
+          "elasticloadbalancing:DescribeLoadBalancers",
+          "elasticloadbalancing:DescribeTargetHealth",
+          "elasticloadbalancing:DescribeTargetGroups",
+          "lambda:GetFunction",
+          "sqs:GetQueueAttributes",
+          "sqs:GetQueueUrl",
+          "sns:Publish"
+        ],
+        "Resource" : [
+          "*"
+        ]
+      },
+      {
+        "Sid" : "AllowOperationsOnHealthStreamingLogs",
+        "Effect" : "Allow",
+        "Action" : [
+          "logs:CreateLogStream",
+          "logs:DescribeLogGroups",
+          "logs:DescribeLogStreams",
+          "logs:DeleteLogGroup",
+          "logs:PutLogEvents"
+        ],
+        "Resource" : "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*"
+      }
+    ]
+  })
+}

examples/multiple_apps/vars.tf

@@ -5,7 +5,7 @@ variable "aws_profile" {
 
 variable "region" {
   type        = string
-  default     = "us-east-1"
+  default     = "ap-southeast-1"
   description = "AWS region for running the TF scripts"
 }
 

out.tf

@@ -1,34 +1,34 @@
 output "name" {
-  value = aws_elastic_beanstalk_application.this.name
+  value       = aws_elastic_beanstalk_application.this.name
   description = "Elastic beanstalk application name"
 }
 
 output "description" {
-  value = aws_elastic_beanstalk_application.this.description
+  value       = aws_elastic_beanstalk_application.this.description
   description = "Elastic beanstalk application description"
 }
 
 output "tags" {
-  value = aws_elastic_beanstalk_application.this.tags
+  value       = aws_elastic_beanstalk_application.this.tags
   description = "Elastic beanstalk application tags"
 }
 
 output "service_role" {
-  value = aws_elastic_beanstalk_application.this.appversion_lifecycle.0.service_role
+  value       = aws_elastic_beanstalk_application.this.appversion_lifecycle.0.service_role
   description = "Elastic beanstalk application appversion service role"
 }
 
 output "max_age_in_days" {
-  value = aws_elastic_beanstalk_application.this.appversion_lifecycle.0.max_age_in_days
+  value       = aws_elastic_beanstalk_application.this.appversion_lifecycle.0.max_age_in_days
   description = "Elastic beanstalk application appversion max age in days"
 }
 
 output "delete_source_from_s3" {
-  value = aws_elastic_beanstalk_application.this.appversion_lifecycle.0.delete_source_from_s3
+  value       = aws_elastic_beanstalk_application.this.appversion_lifecycle.0.delete_source_from_s3
   description = "Elastic beanstalk application appversion delete source from s3"
 }
 
 output "max_count" {
-  value = aws_elastic_beanstalk_application.this.appversion_lifecycle.0.max_count
+  value       = aws_elastic_beanstalk_application.this.appversion_lifecycle.0.max_count
   description = "Elastic beanstalk application appversion max count"
 }

vars.tf

@@ -38,4 +38,3 @@ variable "appversion_delete_source_from_s3" {
   default     = false
   description = "(Optional) Set to true to delete a version's source bundle from S3 when the application version is deleted."
 }
-