feat: adds example for creating standard organizations policies

nimisha-gj · nimisha-gj · commit bdccb7b0396c · 2024-07-08T16:02:49.000+05:30
diff --git a/examples/create-standard-organization-policies/locals.tf b/examples/create-standard-organization-policies/locals.tf
@@ -0,0 +1,9 @@
+locals {
+  aws_region              = "ap-south-1"
+  tag_policy_file_content = file("${path.module}/tag_policy.json")
+  tag_policy_name         = "STANDARD_TAG_POLICIES"
+  tag_policy_description  = "Recommend tag policies"
+  tag_policy_type         = "TAG_POLICY"
+  default_tags            = {}
+  tag_policy_taget_id     = "123456789098"
+}
diff --git a/examples/create-standard-organization-policies/main.tf b/examples/create-standard-organization-policies/main.tf
@@ -0,0 +1,15 @@
+module "tag_policy" {
+  source      = "../../modules/policy"
+  content     = local.tag_policy_file_content
+  name        = local.tag_policy_name
+  description = local.tag_policy_description
+  type        = local.tag_policy_type
+  tags        = local.default_tags
+}
+
+
+module "attach_tag_policy" {
+  source    = "../../modules/policy_attachment"
+  policy_id = module.tag_policy.aws_organizations_policy_id
+  target_id = local.tag_policy_taget_id
+}
diff --git a/examples/create-standard-organization-policies/outputs.tf b/examples/create-standard-organization-policies/outputs.tf
diff --git a/examples/create-standard-organization-policies/provider.tf b/examples/create-standard-organization-policies/provider.tf
@@ -0,0 +1,3 @@
+provider "aws" {
+  region = local.aws_region
+}
diff --git a/examples/create-standard-organization-policies/tag_policy.json b/examples/create-standard-organization-policies/tag_policy.json
@@ -0,0 +1,145 @@
+{
+  "tags": {
+    "Owner": {
+      "tag_key": {
+        "@@assign": "Owner"
+      },
+      "enforced_for": {
+        "@@assign": [
+          "ec2:instance",
+          "ec2:vpc",
+          "ec2:subnet",
+          "ec2:natgateway",
+          "ec2:security-group",
+          "ec2:route-table",
+          "ec2:internet-gateway"
+        ]
+      }
+    },
+    "Team": {
+      "tag_key": {
+        "@@assign": "Team"
+      },
+      "tag_value": {
+        "@@assign": ["DevOps"]
+      },
+      "enforced_for": {
+        "@@assign": ["ec2:instance"]
+      }
+    },
+    "Environment": {
+      "tag_key": {
+        "@@assign": "Environment"
+      },
+      "tag_value": {
+        "@@assign": ["Development", "Production", "Staging"]
+      },
+      "enforced_for": {
+        "@@assign": [
+          "ec2:instance",
+          "ec2:vpc",
+          "ec2:subnet",
+          "ec2:natgateway",
+          "ec2:security-group",
+          "ec2:route-table",
+          "ec2:internet-gateway"
+        ]
+      }
+    },
+    "CostCenter": {
+      "tag_key": {
+        "@@assign": "CostCenter"
+      },
+      "tag_value": {
+        "@@assign": ["General"]
+      },
+      "enforced_for": {
+        "@@assign": [
+          "ec2:instance",
+          "ec2:vpc",
+          "ec2:subnet",
+          "ec2:natgateway",
+          "ec2:security-group",
+          "ec2:route-table",
+          "ec2:internet-gateway"
+        ]
+      }
+    },
+    "DataClassification": {
+      "tag_key": {
+        "@@assign": "DataClassification"
+      },
+      "tag_value": {
+        "@@assign": ["Public", "Internal", "Confidential"]
+      },
+      "enforced_for": {
+        "@@assign": [
+          "ec2:instance",
+          "ec2:vpc",
+          "ec2:subnet",
+          "ec2:natgateway",
+          "ec2:security-group",
+          "ec2:route-table",
+          "ec2:internet-gateway"
+        ]
+      }
+    },
+    "Service": {
+      "tag_key": {
+        "@@assign": "Service"
+      },
+      "tag_value": {
+        "@@assign": ["Micro", "Monolithic"]
+      },
+      "enforced_for": {
+        "@@assign": [
+          "ec2:instance",
+          "ec2:vpc",
+          "ec2:subnet",
+          "ec2:natgateway",
+          "ec2:security-group",
+          "ec2:route-table",
+          "ec2:internet-gateway"
+        ]
+      }
+    },
+    "ManagedBy": {
+      "tag_key": {
+        "@@assign": "ManagedBy"
+      },
+      "tag_value": {
+        "@@assign": ["Terraform", "Manual"]
+      },
+      "enforced_for": {
+        "@@assign": [
+          "ec2:instance",
+          "ec2:vpc",
+          "ec2:subnet",
+          "ec2:natgateway",
+          "ec2:security-group",
+          "ec2:route-table",
+          "ec2:internet-gateway"
+        ]
+      }
+    },
+    "Compliance": {
+      "tag_key": {
+        "@@assign": "Compliance"
+      },
+      "tag_value": {
+        "@@assign": ["N/A", "NIST", "HIPAA", "GDPR"]
+      },
+      "enforced_for": {
+        "@@assign": [
+          "ec2:instance",
+          "ec2:vpc",
+          "ec2:subnet",
+          "ec2:natgateway",
+          "ec2:security-group",
+          "ec2:route-table",
+          "ec2:internet-gateway"
+        ]
+      }
+    }
+  }
+}
diff --git a/examples/create-standard-organization-policies/variables.tf b/examples/create-standard-organization-policies/variables.tf
diff --git a/examples/create-standard-organization-policies/versions.tf b/examples/create-standard-organization-policies/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.4.6"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.65.0"
+    }
+  }
+}

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+provider "aws" {`
	`2`	`+ region = local.aws_region`
	`3`	`+}`