Skip to content

Instantly share code, notes, and snippets.

View straubt1's full-sized avatar
💭
Terraform All The Things

Tom Straub straubt1

💭
Terraform All The Things
View GitHub Profile
@straubt1
straubt1 / tf_version.sh
Last active April 16, 2021 14:57
Disable all but an allow list of Terraform Versions on TFE
#!/bin/bash
# ----- Initialize Environment -----
# export TFE_HOSTNAME="tfe.company.com"
# export TFE_TOKEN="zzz.atlasv1.zzz"
# Allowed values should be seperated by a space
allow_list=(0.12.24 0.12.20 0.11.14)
@straubt1
straubt1 / tfe-sso-application.tf
Created February 19, 2020 20:54
Base configuration for using Terraform to manage the SSO Application
locals {
tfe_application_name = "tfe"
tfe_application_url = "https://tfe.company.com"
spn_url = "https://some_url.com"
tfe_teams = [
"app1-team-dev",
"app1-team-admin",
"app2-team-dev",
"app3-team-admin",
@straubt1
straubt1 / main.tf
Created February 20, 2020 14:03
[Terraform] Azure Storage Account Soft Delete
resource "random_pet" "name" {
length = 3
separator = ""
}
resource "azurerm_resource_group" "example" {
name = random_pet.name.id
location = "centralus"
}
@straubt1
straubt1 / get-airgap-versions.sh
Last active July 7, 2022 15:07
TFE Download Airgap
#!/bin/bash
# export LICENSE_ID=""
# export PASSWORD=""
[[ -z "$LICENSE_ID" ]] && echo "Please Set LICENSE_ID Environment Variable" && exit 1
[[ -z "$PASSWORD" ]] && echo "Please Set PASSWORD Environment Variable" && exit 1
b64_password=$(echo -n ${PASSWORD} | base64)
@straubt1
straubt1 / README.md
Last active June 22, 2020 12:52
TFE Speculative Destroy

TFE Speculative Destroy

Desired Outcome

Assuming a TFE Workspace has been successfully Applied, perform an API driven workflow to queue a speculative destroy plan (mimicking a terraform plan -destroy). In other words, a TFE Run that is a destroy, but unable to actually apply it like a speculative plan.

Steps to Reproduce

  1. Create a new Configuration Version, setting "speculative": true.
@straubt1
straubt1 / keyvault.tf
Created July 20, 2020 13:57
key vault issue gits
data "azurerm_client_config" "current" {}
variable "keyVaultLocation" {
default = "centralus"
}
variable "azTags" {
default = {
Owner = "me"
Application = "Azure DevOps Terraform Pipelines"
}
}
@straubt1
straubt1 / restrict-iam-policy.sentinel
Created August 31, 2020 18:32
Sentinel policy to parse an AWS IAM Policy and fail based on not allowed actions
import "tfplan/v2" as tfplan
import "json"
import "types"
// Parametized not allowed list
param not_allowed_actions default [
"s3:*",
"s3:GetObject",
"s3:PutObject",
"kms:*",
@straubt1
straubt1 / main.tf
Created September 10, 2020 13:35
Terraform 0.13 Variable Validation Rule
terraform {
required_version = "~> 0.13.0"
}
variable "environment_name" {
description = "The environment name."
type = string
validation {
condition = contains(["develop", "stage", "production"], var.environment_name)
locals {
config = {
vm_name_prefix = "mdl"
vm_num_prefix = 1
vm_role = "asrv"
vm_pool_count = 2
vm_servers_per_pool = 2
vm_singleton = false
vm_reserve = true
}