initial commit

modules/security_identity_compliance/ds-adconnector/main.tf

@@ -0,0 +1,17 @@
+
+resource "aws_directory_service_directory" "connector" {
+  name        = var.adc-domainname
+  enable_sso  = false # enabling this results in error when terraform is ran in member accounts
+  password    = var.adc-service-account-password
+  size        = var.adc-size
+  type        = "ADConnector"
+  description = "ADConnector"
+  tags        = var.default-tags
+
+  connect_settings {
+    customer_dns_ips  = var.adc-dns-ips
+    customer_username = var.adc-service-account-username
+    subnet_ids        = var.adc-subnet-ids
+    vpc_id            = var.adc-vpc-id
+  }
+}

modules/security_identity_compliance/ds-adconnector/outputs.tf

@@ -0,0 +1,11 @@
+output directory-id {
+  value = aws_directory_service_directory.connector.id
+}
+
+output security-group-id {
+  value = aws_directory_service_directory.connector.security_group_id
+}
+
+output customer-dns-ip {
+  value = flatten(aws_directory_service_directory.connector.connect_settings[*].customer_dns_ips)
+}

modules/security_identity_compliance/ds-adconnector/variables.tf

@@ -0,0 +1,8 @@
+variable "adc-domainname" {}
+variable "adc-service-account-password" {}
+variable "adc-size" {}
+variable "adc-dns-ips" {}
+variable "adc-service-account-username" {}
+variable "adc-subnet-ids" {}
+variable "adc-vpc-id" {}
+variable "default-tags" {}