-
Notifications
You must be signed in to change notification settings - Fork 1
/
main.go
111 lines (93 loc) · 3.26 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
package main
import (
"github.com/aws/constructs-go/constructs/v10"
"github.com/aws/jsii-runtime-go"
"github.com/hashicorp/terraform-cdk-go/cdktf"
"cdk.tf/go/stack/generated/hashicorp/aws"
"cdk.tf/go/stack/generated/hashicorp/aws/iam"
)
func NewMyStack(scope constructs.Construct, id string) cdktf.TerraformStack {
stack := cdktf.NewTerraformStack(scope, &id)
aws.NewAwsProvider(stack, jsii.String("AWS"), &aws.AwsProviderConfig{
Region: jsii.String("us-west-1"),
})
group := iam.NewIamGroup(stack, jsii.String("iam-group-demo"), &iam.IamGroupConfig{
Name: jsii.String("CDKtf-Golang-Group-Demo"),
})
user := iam.NewIamUser(stack, jsii.String("iam-user-demo"), &iam.IamUserConfig{
Name: jsii.String("CDKtf-Golang-User-Demo"),
Tags: &map[string]*string{
"Name": jsii.String("CDKtf-Golang-User-Demo"),
"Team": jsii.String("Devops"),
"Company": jsii.String("Your compnay"),
},
})
role := iam.NewIamRole(stack, jsii.String("iam-role-demo"), &iam.IamRoleConfig{
Name: jsii.String("CDKtf-Golang-role-Demo"),
AssumeRolePolicy: jsii.String(`{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}]
}`),
Tags: &map[string]*string{
"Name": jsii.String("CDKtf-Golang-role-Demo"),
"Team": jsii.String("Devops"),
"Company": jsii.String("Your compnay"),
},
})
policy := iam.NewIamPolicy(stack, jsii.String("iam-policy-demo"), &iam.IamPolicyConfig{
Name: jsii.String("CDKtf-Golang-policy-Demo"),
Policy: jsii.String(`{
"Version": "2012-10-17",
"Statement": [{
"Action": "*",
"Resource": ["arn:aws:ec2:*:*:client-vpn-endpoint/*"],
"Effect": "Allow"
}]
}`),
Description: jsii.String("This policy is for Golang demo"),
})
iam.NewIamGroupMembership(stack, jsii.String("iam-group-membership-demo"), &iam.IamGroupMembershipConfig{
Name: jsii.String("group-membership"),
Group: group.Name(),
Users: jsii.Strings(*user.Name()),
})
attachment := iam.NewIamPolicyAttachment(stack, jsii.String("iam-application-managed-policy-demo"), &iam.IamPolicyAttachmentConfig{
Name: jsii.String("CDKtf-Golang-iam-attachment-Demo"),
Groups: jsii.Strings(*group.Name()),
Roles: jsii.Strings(*role.Name()),
Users: jsii.Strings(*user.Name()),
PolicyArn: jsii.String(*policy.Arn()),
})
cdktf.NewTerraformOutput(stack, jsii.String("iam-group"), &cdktf.TerraformOutputConfig{
Value: group.Name(),
})
cdktf.NewTerraformOutput(stack, jsii.String("iam-user"), &cdktf.TerraformOutputConfig{
Value: group.Name(),
})
cdktf.NewTerraformOutput(stack, jsii.String("iam-role"), &cdktf.TerraformOutputConfig{
Value: role.Arn(),
})
cdktf.NewTerraformOutput(stack, jsii.String("iam-policy"), &cdktf.TerraformOutputConfig{
Value: policy.Arn(),
})
cdktf.NewTerraformOutput(stack, jsii.String("iam-attachment"), &cdktf.TerraformOutputConfig{
Value: attachment.Name(),
})
return stack
}
func main() {
app := cdktf.NewApp(nil)
stack := NewMyStack(app, "aws_instance")
cdktf.NewRemoteBackend(stack, &cdktf.RemoteBackendProps{
Hostname: jsii.String("app.terraform.io"),
Organization: jsii.String("jigsaw373"),
Workspaces: cdktf.NewNamedRemoteWorkspace(jsii.String("cdktf-go-aws-iam")),
})
app.Synth()
}