Skip to content

Instantly share code, notes, and snippets.

View devops-adeel's full-sized avatar
🎯
Focusing

Adeel Ahmad devops-adeel

🎯
Focusing
66 followers · 160 following
View GitHub Profile
@devops-adeel
devops-adeel / okta.tf
Created July 18, 2023 15:34
Vault Okta OIDC as Terraform snippet.
locals {
vault_url = "https://vault.com"
}
resource "okta_user" "default" {
first_name = "John"
last_name = "Smith"
login = "example@example.com"
email = "example@example.com"
}
@devops-adeel
devops-adeel / boundary.tf
Created June 22, 2023 15:08
collection of TF configs that would amount to be a part of platform foundations build.
resource "boundary_scope" "default" {
name = "organization_one"
description = "My first scope!"
scope_id = "global"
auto_create_admin_role = true
auto_create_default_role = true
}
resource "boundary_auth_method_oidc" "default" {
scope_id = boundary_scope.default.id
@devops-adeel
devops-adeel / aws.tf
Created June 19, 2023 15:05
Visualise in code the manifests & constructs of a landing-zone
resource "aws_organizations_account" "default" {
name = "my_new_account"
email = "john@doe.org"
}
data "aws_billing_service_account" "default" {}
resource "aws_iam_user" "default" {
name = "vault-aws-auth-user"
}
@devops-adeel
devops-adeel / boundary.tf
Last active June 20, 2023 12:02
Multiple operational discipline example in a single terraform module for Google CloudSQL Instance
locals {
boundary_creds_path = format(
"%s/creds/%s",
vault_mount.default.path,
vault_database_secret_backend_role.default.name
)
}
resource "boundary_credential_library_vault" "default" {
name = google_sql_database_instance.default.name
@devops-adeel
devops-adeel / rds.tf
Created February 8, 2023 20:34
non-interactive consumption pattern for Vault secrets engine for RDS DB instance
resource "random_uuid" "default" {}
resource "random_pet" "default" {}
resource "random_password" "default" {
length = 16
special = true
override_special = "!#$%&*()-_=+[]{}<>:?"
}
@devops-adeel
devops-adeel / aws_auth.tf
Last active February 15, 2023 18:11
Non-Interactive Consumption Pattern for Vault PKI
data "aws_billing_service_account" "default" {}
resource "aws_iam_user" "default" {
name = "vault-aws-auth-user"
}
resource "aws_iam_access_key" "default" {
user = aws_iam_user.default.name
}
@devops-adeel
devops-adeel / groups.tf
Last active November 30, 2022 14:35
quick gist on having okta users request ssh signing
data "okta_group" "default" {
name = var.group_name
}
resource "vault_identity_group" "default" {
name = data.okta_group.default.name
type = "external"
external_policies = true
}
@devops-adeel
devops-adeel / aws_iam_federated.tf
Last active August 8, 2023 20:15
WIP Code in creating workload identity
data "aws_iam_policy_document" "default" {
version = "2012-10-17"
statement {
sid = "FederatedTrustVaultOIDC"
effect = "Allow"
actions = ["sts:AssumeRoleWithWebIdentity", ]
principals {
type = "Federated"
@devops-adeel
devops-adeel / acl_policies.tf
Last active July 11, 2022 15:56
basic pattern on acl templating with entity metadata against jwt auth method/role.
locals {
engine = [
"secret",
"oracle",
"postgres",
"mysql"
]
}
data "vault_policy_document" "read" {
@devops-adeel
devops-adeel / github_module.tf
Created May 4, 2022 13:28
series of code to automate tf-module-setup
/**
* Usage:
*
* ```hcl
*
* module "github_repo" {
* source = "hashicorp/github_terraform_module"
* application_name = "foo"
* tfc_token = vault_terraform_cloud_secret_creds.default.token
* }