From 44c1f9ca483273dfebaf3af2c00ad20b0f010c7e9fa03df0bea4b2c990944b82 Mon Sep 17 00:00:00 2001 From: xpk Date: Thu, 19 Feb 2026 22:17:43 +0800 Subject: [PATCH] feat: LabSecrets layer --- LocalStack/README.md | 3 +- LocalStack/Security/LabSecrets/main.tf | 24 ++++++++ LocalStack/Security/LabSecrets/outputs.tf | 0 LocalStack/Security/LabSecrets/provider.tf | 59 +++++++++++++++++++ .../Security/LabSecrets/terraform.tfvars | 4 ++ LocalStack/Security/LabSecrets/variables.tf | 4 ++ 6 files changed, 93 insertions(+), 1 deletion(-) create mode 100644 LocalStack/Security/LabSecrets/main.tf create mode 100644 LocalStack/Security/LabSecrets/outputs.tf create mode 100644 LocalStack/Security/LabSecrets/provider.tf create mode 100644 LocalStack/Security/LabSecrets/terraform.tfvars create mode 100644 LocalStack/Security/LabSecrets/variables.tf diff --git a/LocalStack/README.md b/LocalStack/README.md index bd6a186..a9d14ae 100644 --- a/LocalStack/README.md +++ b/LocalStack/README.md @@ -66,4 +66,5 @@ Also, ec2 instance's associate_public_ip_address attribute is always set to true it is set to false in my code. This caused the instance to be redeployed everytime terraform apply is ran. -The free edition of LocalStack does not include rds support \ No newline at end of file +The free edition of LocalStack does not support rds, among other services described in +https://docs.localstack.cloud/aws/licensing/ \ No newline at end of file diff --git a/LocalStack/Security/LabSecrets/main.tf b/LocalStack/Security/LabSecrets/main.tf new file mode 100644 index 0000000..e8bc735 --- /dev/null +++ b/LocalStack/Security/LabSecrets/main.tf @@ -0,0 +1,24 @@ +module "secret1" { + source = "../../../modules/security_identity_compliance/secretsmanager-secret" + + secret_name = "test-secret-name-1" + secret_description = "test-secret-desc-1" + secret_value = "test-secret-value" +} + +module "secret2" { + source = "../../../modules/security_identity_compliance/secretsmanager-secret" + + secret_name = "test-secret-name-2" + secret_description = "test-secret-desc-2" + generate_secret = true +} + +module "secret3" { + source = "../../../modules/security_identity_compliance/secretsmanager-secret" + + secret_name = "test-secret-name-3" + secret_description = "test-secret-desc-3" + generate_secret = true + secret_version = 1 # increment to update secret value +} \ No newline at end of file diff --git a/LocalStack/Security/LabSecrets/outputs.tf b/LocalStack/Security/LabSecrets/outputs.tf new file mode 100644 index 0000000..473a0f4 diff --git a/LocalStack/Security/LabSecrets/provider.tf b/LocalStack/Security/LabSecrets/provider.tf new file mode 100644 index 0000000..8eb02d0 --- /dev/null +++ b/LocalStack/Security/LabSecrets/provider.tf @@ -0,0 +1,59 @@ +provider "aws" { + region = var.aws-region + + # localstack config + access_key = "test" + secret_key = "test" + skip_credentials_validation = true + skip_metadata_api_check = true + skip_requesting_account_id = true + + # localstack endpoints https://docs.localstack.cloud/aws/integrations/infrastructure-as-code/terraform/#:~:text=tflocal%20is%20a%20small%20wrapper,unmodified%20Terraform%20scripts%20against%20LocalStack. + endpoints { + apigateway = "http://192.168.86.96:4566" + apigatewayv2 = "http://192.168.86.96:4566" + cloudformation = "http://192.168.86.96:4566" + cloudwatch = "http://192.168.86.96:4566" + dynamodb = "http://192.168.86.96:4566" + ec2 = "http://192.168.86.96:4566" + es = "http://192.168.86.96:4566" + elasticache = "http://192.168.86.96:4566" + firehose = "http://192.168.86.96:4566" + iam = "http://192.168.86.96:4566" + kinesis = "http://192.168.86.96:4566" + lambda = "http://192.168.86.96:4566" + rds = "http://192.168.86.96:4566" + redshift = "http://192.168.86.96:4566" + route53 = "http://192.168.86.96:4566" + s3 = "http://192.168.86.96:4566" + secretsmanager = "http://192.168.86.96:4566" + ses = "http://192.168.86.96:4566" + sns = "http://192.168.86.96:4566" + sqs = "http://192.168.86.96:4566" + ssm = "http://192.168.86.96:4566" + stepfunctions = "http://192.168.86.96:4566" + sts = "http://192.168.86.96:4566" + } + + default_tags { + tags = { + Environment = var.environment + Project = var.project + Application = var.application + LocalStack = true + TerraformDir = join("/", reverse(slice(reverse(split("/", path.cwd)), 0, 2))) + } + } +} + +terraform { + required_version = ">= 1.11.0" + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 6.0" + } + } +} + +# data aws_caller_identity current {} \ No newline at end of file diff --git a/LocalStack/Security/LabSecrets/terraform.tfvars b/LocalStack/Security/LabSecrets/terraform.tfvars new file mode 100644 index 0000000..1446415 --- /dev/null +++ b/LocalStack/Security/LabSecrets/terraform.tfvars @@ -0,0 +1,4 @@ +application = "localstack" +environment = "locallab" +project = "iac" +aws-region = "us-east-1" \ No newline at end of file diff --git a/LocalStack/Security/LabSecrets/variables.tf b/LocalStack/Security/LabSecrets/variables.tf new file mode 100644 index 0000000..ddf3dac --- /dev/null +++ b/LocalStack/Security/LabSecrets/variables.tf @@ -0,0 +1,4 @@ +variable "aws-region" {} +variable "environment" {} +variable "project" {} +variable "application" {} \ No newline at end of file