NEW: more samples

conditional/main.tf

@@ -0,0 +1,16 @@
+resource null_resource res1 {
+  count = var.is-sys-sec-account ? 1 : 0
+}
+
+// cannot be res1 otherwise terraform complains about duplication
+resource null_resource res2 {
+  count = var.is-sys-sec-account ? 0 : 1
+}
+
+output res1-id {
+  value = null_resource.res1.*.id
+}
+
+output res2-id {
+  value = null_resource.res2.*.id
+}

conditional/variables.tf

@@ -0,0 +1 @@
+variable is-sys-sec-account {}

csv/csv.off

@@ -0,0 +1,25 @@
+locals {
+  csv_file = file("sg.csv")
+  rules    = csvdecode(local.csv_file)
+}
+
+data aws_caller_identity self {}
+
+resource "aws_security_group" "security-groups" {
+  description = "sg description"
+  name        = "sg1"
+  vpc_id      = data.aws_caller_identity.self.id
+
+  for_each = {
+    for rule in local.rules : rule.rule_no => rule
+  }
+
+  ingress {
+    description = each.value.description
+    from_port   = each.value.from_port
+    to_port     = each.value.to_port
+    protocol    = each.value.proto
+    cidr_blocks = [each.value.source]
+  }
+}
+

csv/dynamic.tf

@@ -0,0 +1,22 @@
+data aws_caller_identity self {}
+
+variable sg1 {}
+
+resource "aws_security_group" "sg1" {
+  name        = var.sg1.name
+  description = var.sg1.description
+  vpc_id      = data.aws_caller_identity.self.id
+
+  dynamic "ingress" {
+    for_each = var.sg1.cidrs
+    content {
+      description = ingress.key
+      cidr_blocks = [ingress.value]
+      from_port   = var.sg1.from_port
+      to_port     = var.sg1.to_port
+      protocol    = "tcp"
+    }
+  }
+}
+
+

csv/sg.csv

@@ -0,0 +1,4 @@
+rule_no,direction,proto,from_port,to_port,source,description
+rule1,ingress,TCP,0,65535,10.193.35.0/24,MTCPortal
+rule2,ingress,TCP,0,65535,10.193.36.0/24,MTCVDI
+rule3,ingress,TCP,0,65535,10.193.46.0/24,iDesk

kms/main.tf

@@ -0,0 +1,31 @@
+resource "aws_kms_external_key" "kms-key1" {
+  description = "Customer managed key"
+  key_material_base64 = "s5yiaoDbfHrBkbuGdyIxQaILucovIgPMbw8/pgYZJu0="
+  enabled = true
+  policy =<<EOF
+{
+    "Version": "2012-10-17",
+    "Id": "key-default-1",
+    "Statement": [
+        {
+            "Sid": "Allow access for key administrators"
+            "Effect": "Allow",
+            "Principal": {
+                "AWS": [
+			"arn:aws:iam::376395444418:user/temp-provisioning-fullaccess",
+			"arn:aws:iam::376395444418:root"
+		]
+            },
+            "Action": "kms:*",
+            "Resource": "*"
+        }
+    ]
+}
+EOF
+ 
+}
+
+resource "aws_kms_alias" "keyalias1" {
+  name          = "alias/kf-test-3"
+  target_key_id = aws_kms_external_key.kms-key1.id
+}

loop/groups.tf

@@ -0,0 +1,15 @@
+locals {
+  group_names = {
+    group1 = "/users/"
+    group2 = "/users/"
+    group3 = "/users/"
+  }
+}
+
+resource "aws_iam_group" "iam-groups" {
+  for_each = local.group_names
+  name     = each.key
+  path 	   = each.value
+}
+
+

loop/provider.tf

@@ -0,0 +1,10 @@
+variable "aws_access_key" {}
+variable "aws_secret_key" {}
+variable "aws_region" {}
+
+provider "aws" {
+  access_key = var.aws_access_key
+  secret_key = var.aws_secret_key
+  region     = var.aws_region
+}
+