0
Want to create SFTP server , sftp users, s3 buckets for home directory, s3 bucket policies using terraform.
one sftp user can have multiple keys, and the number of keys depends on the users, some may have 2 keys, some may have more than 2 etc
Want to automate this with terraform,
create aws_transfer_ssh_key resource with combination of users and keys, provided from variables
Created list variable with maps ( for users ) , which will have the configurations corresponding to that users, like bucket name, sftp username etc
It works , with single public key (as mentioned in code below ) , but now I want to pass value to public_key as dynamic, from variables,
how to do this?
tried below:
resource "aws_transfer_server" "sftp" {
identity_provider_type = "SERVICE_MANAGED"
logging_role = "${aws_iam_role.sftp.arn}"
endpoint_type = "VPC_ENDPOINT"
endpoint_details{
vpc_endpoint_id = "<Endpoint-Id-from-other-terraform-resource>"
}
}
#locals.tf
locals {
keylength = ["rsa","rsa","rsa"]
app_parent = "core"
app_name = "datadl"
app_costcode = "IT-DATA"
app_env = "uat"
sftp_user_count = 2
sftp_user = "${list(
map("name", "app1",
"data", "rsa"
),
map("name", "app2",
"data", "rsa"
),
)}"
}
#iam.tf
resource "aws_iam_role_policy" "sftp_user" {
count = "${local.sftp_user_count}"
name = "${local.app_env}-${lookup(local.sftp_user[count.index], "name")}-policy"
role = "${element(aws_iam_role.sftp_user.*.id,count.index)}"
policy = "${element(data.template_file.sftp_user_policy.*.rendered,count.index)}"
}
resource "aws_transfer_user" "sftp_user" {
server_id = "${aws_transfer_server.sftp.id}"
count = "${local.sftp_user_count}"
user_name = "${local.app_env}-${lookup(local.sftp_user[count.index], "name")}-sftp"
role = "${element(aws_iam_role.sftp_user.*.arn,count.index)}"
home_directory = "/${local.app_env}-${lookup(local.sftp_user[count.index], "name")}-sftp"
}
resource "aws_transfer_user" "sftp_user" {
server_id = "${aws_transfer_server.sftp.id}"
count = "${local.sftp_user_count}"
user_name = "${local.app_env}-${lookup(local.sftp_user[count.index], "name")}-sftp"
role = "${element(aws_iam_role.sftp_user.*.arn,count.index)}"
home_directory = "/${local.app_env}-${lookup(local.sftp_user[count.index], "name")}-sftp"
}
resource "aws_iam_role" "sftp_user" {
count = "${local.sftp_user_count}"
name = "${local.app_env}-${lookup(local.sftp_user[count.index], "name")}-role"
assume_role_policy = "${file("${path.module}/templates/assume-sftp.json")}"
}
resource "aws_transfer_ssh_key" "sftp_user" {
server_id = "${aws_transfer_server.sftp.id}"
count = "${local.sftp_user_count}"
user_name = "${element(aws_transfer_user.sftp_user.*.user_name,count.index)}"
body = "${tls_private_key.app1.public_key_openssh}"
}
resource "tls_private_key" "app1" {
count = "${length(local.keylength)}"
algorithm = "RSA"
rsa_bits = 2048
}
resource "aws_key_pair" "app1" {
key_name_prefix = "${local.app_env}-${local.app_parent}-${local.app_name}-"
public_key = "${tls_private_key.app1.public_key_openssh}"
}
Gandhar khaladkar
Posted 2019-05-28T13:24:43.663
Reputation: 1