Skip to content

Instantly share code, notes, and snippets.

View straubt1's full-sized avatar
💭
Terraform All The Things

Tom Straub straubt1

💭
Terraform All The Things
74 followers · 8 following
View GitHub Profile
@straubt1
straubt1 / main-assignment-multiple.tf
Last active October 11, 2020 04:32
Terraform Azure Policy & Assignment
data "template_file" "requiredTag_policy_rule" {
template = <<POLICY_RULE
{
"if": {
"field": "[concat('tags[', parameters('tagName'), ']')]",
"exists": "false"
},
"then": {
"effect": "audit"
}
@straubt1
straubt1 / gist:500d9b64b4ff6c87fd570564201f8d02
Created September 11, 2020 17:58
Python replacement
locals {
config = {
vm_name_prefix = "mdl"
vm_num_prefix = 1
vm_role = "asrv"
vm_pool_count = 2
vm_servers_per_pool = 2
vm_singleton = false
vm_reserve = true
}
@straubt1
straubt1 / main.tf
Created September 10, 2020 13:35
Terraform 0.13 Variable Validation Rule
terraform {
required_version = "~> 0.13.0"
}
variable "environment_name" {
description = "The environment name."
type = string
validation {
condition = contains(["develop", "stage", "production"], var.environment_name)
@straubt1
straubt1 / restrict-iam-policy.sentinel
Created August 31, 2020 18:32
Sentinel policy to parse an AWS IAM Policy and fail based on not allowed actions
import "tfplan/v2" as tfplan
import "json"
import "types"
// Parametized not allowed list
param not_allowed_actions default [
"s3:*",
"s3:GetObject",
"s3:PutObject",
"kms:*",
@straubt1
straubt1 / keyvault.tf
Created July 20, 2020 13:57
key vault issue gits
data "azurerm_client_config" "current" {}
variable "keyVaultLocation" {
default = "centralus"
}
variable "azTags" {
default = {
Owner = "me"
Application = "Azure DevOps Terraform Pipelines"
}
}
@straubt1
straubt1 / README.md
Last active June 22, 2020 12:52
TFE Speculative Destroy

TFE Speculative Destroy

Desired Outcome

Assuming a TFE Workspace has been successfully Applied, perform an API driven workflow to queue a speculative destroy plan (mimicking a terraform plan -destroy). In other words, a TFE Run that is a destroy, but unable to actually apply it like a speculative plan.

Steps to Reproduce

  1. Create a new Configuration Version, setting "speculative": true.
@straubt1
straubt1 / main.tf
Created February 20, 2020 14:03
[Terraform] Azure Storage Account Soft Delete
resource "random_pet" "name" {
length = 3
separator = ""
}
resource "azurerm_resource_group" "example" {
name = random_pet.name.id
location = "centralus"
}
@straubt1
straubt1 / tfe-sso-application.tf
Created February 19, 2020 20:54
Base configuration for using Terraform to manage the SSO Application
locals {
tfe_application_name = "tfe"
tfe_application_url = "https://tfe.company.com"
spn_url = "https://some_url.com"
tfe_teams = [
"app1-team-dev",
"app1-team-admin",
"app2-team-dev",
"app3-team-admin",
@straubt1
straubt1 / locks-existingterraform.tf
Created August 20, 2018 17:04
Terraform Azure Management Locks
resource "azurerm_resource_group" "main" {
name = "cardinal-rg"
location = "centralus"
}
resource "azurerm_management_lock" "resource-group-level" {
name = "resource-group-level"
scope = "${azurerm_resource_group.main.id}"
lock_level = "ReadOnly"
notes = "This Resource Group is Read-Only"
@straubt1
straubt1 / dynamic_2.tf
Created October 26, 2018 13:31
storage_data_disk {
name = "datadisk0"
lun = 0
disk_size_gb = 32
create_option = "Empty"
managed_disk_type = "Standard_LRS"
}
storage_data_disk {
name = "datadisk1"
lun = 1