nivleshc
nivleshc
/ blog-aws-service-catalog-for-terraform-products_variables.tf
Created
September 20, 2025 09:34
This gist contains code from the file variables.tf, which is part of the blog-aws-service-catalog-for-terraform-products repository.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| variable "aws_region" { | |
| type = string | |
| description = "The AWS Region that the resources will be deployed inot" | |
| default = "ap-southeast-2" | |
| } | |
| variable "environment" { | |
| type = string | |
| description = "Deployment environment (e.g., dev, staging, prod)" | |
| default = "dev" |
nivleshc
/ blog-aws-service-catalog-for-terraform-products_product-s3-bucket_variables.tf
Created
September 13, 2025 09:08
This gist contains code from the file variables.tf inside the product-s3-bucket folder, which is part of the blog-aws-service-catalog-for-terraform-products repository.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| variable "portfolio_id" { | |
| type = string | |
| description = "The id of the Service Catalog Portfolio to attach this Service Catalog Product to" | |
| } | |
| variable "artifacts_s3_bucket_name" { | |
| type = string | |
| description = "The name of the artifacts s3 bucket" | |
| } |
nivleshc
/ blog-aws-service-catalog-for-terraform-products_product-s3-bucket_iam-roles-03.tf
Created
September 13, 2025 09:04
This gist contains code from the file iam-roles.tf inside the product-s3-bucket folder, which is part of the blog-aws-service-catalog-for-terraform-products repository.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "aws_iam_role_policy_attachment" "service_catalog_product_s3_bucket_launch_contraint_role" { | |
| role = aws_iam_role.service_catalog_product_s3_bucket_launch_contraint_role.name | |
| policy_arn = aws_iam_policy.service_catalog_product_s3_bucket_launch_contraint_role_policy.arn | |
| } |
nivleshc
/ blog-aws-service-catalog-for-terraform-products_product-s3-bucket_iam-roles-02.tf
Created
September 13, 2025 09:03
This gist contains code from the file iam-roles.tf inside the product-s3-bucket folder, which is part of the blog-aws-service-catalog-for-terraform-products repository.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "aws_iam_policy" "service_catalog_product_s3_bucket_launch_contraint_role_policy" { | |
| name = "service-catalog-product-s3-bucket-launch-constraint-role-policy" | |
| policy = <<POLICY | |
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "AllowCloudFormationAccess", | |
| "Effect": "Allow", |
nivleshc
/ blog-aws-service-catalog-for-terraform-products_product-s3-bucket_iam-roles-01.tf
Created
September 13, 2025 09:01
This gist contains code from the file iam-roles.tf inside the product-s3-bucket folder, which is part of the blog-aws-service-catalog-for-terraform-products repository.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "aws_iam_role" "service_catalog_product_s3_bucket_launch_contraint_role" { | |
| name = "service-catalog-product-s3-bucket-launch-constraint-role" | |
| assume_role_policy = <<EOF | |
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Principal": { |
nivleshc
/ blog-aws-service-catalog-for-terraform-products_product-s3-bucket_data.tf
Created
September 13, 2025 08:57
This gist contains code from the file data.tf inside the product-s3-bucket folder, which is part of the blog-aws-service-catalog-for-terraform-products repository.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| data "aws_s3_bucket" "artifacts_s3_bucket" { | |
| bucket = var.artifacts_s3_bucket_name | |
| } |
nivleshc
/ blog-aws-service-catalog-for-terraform-products_service-catalog-product-s3-bucket-06.tf
Created
September 13, 2025 08:48
This gist contains code from the file service-catalog-product-s3-bucket.tf, which is part of the blog-aws-service-catalog-for-terraform-products repository.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # attach a launch constraint to the portfolio, this ensures product is launched with least privileges and user doesn't need | |
| # additional permissions assined to them | |
| resource "aws_servicecatalog_constraint" "product_s3_bucket_launch_constraint" { | |
| description = "Launch constraint for the Service Catalog Product - S3 Bucket" | |
| portfolio_id = var.portfolio_id | |
| product_id = aws_servicecatalog_product.s3_bucket.id | |
| type = "LAUNCH" | |
| parameters = jsonencode({ | |
| "RoleArn" : "${aws_iam_role.service_catalog_product_s3_bucket_launch_contraint_role.arn}" |
nivleshc
/ blog-aws-service-catalog-for-terraform-products_service-catalog-product-s3-bucket-05.tf
Created
September 13, 2025 08:46
This gist contains code from the file service-catalog-product-s3-bucket.tf, which is part of the blog-aws-service-catalog-for-terraform-products repository.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # attach the s3 bucket product to the portfolio | |
| resource "aws_servicecatalog_product_portfolio_association" "s3_bucket" { | |
| portfolio_id = var.portfolio_id | |
| product_id = aws_servicecatalog_product.s3_bucket.id | |
| } |
nivleshc
/ blog-aws-service-catalog-for-terraform-products_service-catalog-product-s3-bucket-04.tf
Created
September 13, 2025 08:44
This gist contains code from the file service-catalog-product-s3-bucket.tf, which is part of the blog-aws-service-catalog-for-terraform-products repository.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "aws_servicecatalog_product" "s3_bucket" { | |
| name = "S3 Bucket (Terraform)" | |
| owner = "IT Department" | |
| description = "This Service Catalog Product creates an Amazon S3 Bucket using Terraform code" | |
| distributor = "Internal" | |
| support_description = "For support, please contact the IT Department" | |
| support_email = "[email protected]" | |
| support_url = "https://www.example.com/support" | |
| type = "CLOUD_FORMATION_TEMPLATE" |
nivleshc
/ blog-aws-service-catalog-for-terraform-products_service-catalog-product-s3-bucket-03.tf
Created
September 13, 2025 08:40
This gist contains code from the file service-catalog-product-s3-bucket.tf, which is part of the blog-aws-service-catalog-for-terraform-products repository.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "aws_s3_bucket_object" "product_s3_bucket_cfn_template" { | |
| bucket = data.aws_s3_bucket.artifacts_s3_bucket.id | |
| key = "${var.artifacts_s3_bucket_key}/s3-bucket/product-s3-bucket.yaml" | |
| content = templatefile("${path.module}/cfn/product-s3-bucket.yaml", { | |
| central_lambda_function_arn = var.central_lambda_function_arn | |
| }) | |
| etag = filemd5("${path.module}/cfn/product-s3-bucket.yaml") | |
| } |
NewerOlder