├── .github ├── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md └── workflows │ ├── solution-auto-account-factory-module-idp.yml │ ├── solution-auto-account-factory-step-auth-create-idp.yml │ ├── terraform-modules-alicloud-landing-zone-alb.yml │ ├── terraform-modules-alicloud-landing-zone-cen-custom-route.yml │ ├── terraform-modules-alicloud-landing-zone-cen-vpc-attach.yml │ ├── terraform-modules-alicloud-landing-zone-eip.yml │ ├── terraform-modules-alicloud-landing-zone-nat-gateway.yml │ ├── terraform-modules-alicloud-landing-zone-share-vpc.yml │ ├── terraform-modules-alicloud-landing-zone-vpc-custom-route.yml │ └── truffleHog.yml ├── .gitignore ├── LICENSE ├── README.md ├── README_en.md ├── example ├── 01-startup │ ├── README.md │ ├── README_zh.md │ ├── shell-scripts │ │ ├── identity │ │ │ └── main.sh │ │ └── network │ │ │ └── main.sh │ └── terraform │ │ ├── app-on-ecs │ │ ├── main.tf │ │ ├── modules │ │ │ ├── identity │ │ │ │ ├── main.tf │ │ │ │ └── variable.tf │ │ │ └── network │ │ │ │ └── main.tf │ │ └── variable.tf │ │ └── app-on-k8s │ │ ├── main.tf │ │ ├── settings.tfvars │ │ └── variables.tf ├── 02-standard-enterprise │ ├── README.md │ └── README_zh.md └── 03-complex-enterprise │ ├── README.md │ ├── README_zh.md │ ├── account-baseline │ ├── backend.conf.example │ ├── main.tf │ ├── modules │ │ ├── account │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ └── variables.tf │ │ └── network │ │ │ ├── main.tf │ │ │ ├── nacl │ │ │ ├── main.tf │ │ │ └── variables.tf │ │ │ ├── output.tf │ │ │ ├── variables.tf │ │ │ └── vswitch │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ └── variables.tf │ ├── output.tf │ ├── settings.tfvars │ ├── variables.tf │ └── versions.tf │ ├── foundations │ ├── backend.conf.example │ ├── main.tf │ ├── modules │ │ ├── governance │ │ │ ├── main.tf │ │ │ └── variables.tf │ │ ├── identity │ │ │ ├── main.tf │ │ │ └── variables.tf │ │ └── networking │ │ │ ├── main.tf │ │ │ ├── network │ │ │ ├── bastion │ │ │ │ ├── main.tf │ │ │ │ └── variable.tf │ │ │ ├── main.tf │ │ │ ├── nat │ │ │ │ ├── main.tf │ │ │ │ └── variable.tf │ │ │ ├── output.tf │ │ │ └── variable.tf │ │ │ ├── output.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ ├── output.tf │ ├── settings.tfvars │ ├── variables.tf │ └── versions.tf │ └── kubenetes │ ├── main.tf │ ├── modules │ ├── cluster │ │ ├── main.tf │ │ ├── output.tf │ │ └── variables.tf │ ├── identity │ │ ├── main.tf │ │ └── variables.tf │ └── network │ │ ├── main.tf │ │ └── variable.tf │ ├── output.tf │ ├── settings.tfvars │ ├── variables.tf │ └── versions.tf ├── image ├── landing-zone-journey.png └── landing-zone-module.png ├── solution ├── IAM │ ├── 2.1-multi-account-sso │ │ ├── README.md │ │ ├── README_en.md │ │ ├── modules │ │ │ └── role │ │ │ │ ├── main.tf │ │ │ │ └── variables.tf │ │ └── step1 │ │ │ ├── main.tf │ │ │ ├── meta.xml │ │ │ ├── settings.tfvars │ │ │ ├── step2.tmpl │ │ │ └── variables.tf │ ├── README.md │ ├── function │ │ ├── 01-terraform-init-resource-directory │ │ │ ├── README.md │ │ │ ├── README_en.md │ │ │ ├── main.tf │ │ │ ├── modules │ │ │ │ └── account │ │ │ │ │ ├── main.tf │ │ │ │ │ └── variables.tf │ │ │ ├── settings.tfvars │ │ │ └── variables.tf │ │ ├── 02-terraform-control-policy │ │ │ ├── README.md │ │ │ ├── README_en.md │ │ │ ├── main.tf │ │ │ ├── settings.tfvars │ │ │ └── variables.tf │ │ ├── 03-terraform-auto-create-role │ │ │ ├── README.md │ │ │ ├── README_en.md │ │ │ ├── modules │ │ │ │ └── role │ │ │ │ │ ├── main.tf │ │ │ │ │ └── variables.tf │ │ │ └── step1 │ │ │ │ ├── main.tf │ │ │ │ ├── settings.tfvars │ │ │ │ ├── step2.tmpl │ │ │ │ └── variables.tf │ │ ├── 04-terraform-multi-roles │ │ │ ├── README.md │ │ │ ├── README_en.md │ │ │ ├── modules │ │ │ │ └── output │ │ │ │ │ └── main.tf │ │ │ └── step1 │ │ │ │ ├── main.tf │ │ │ │ ├── settings.tfvars │ │ │ │ ├── step2.tmpl │ │ │ │ └── variables.tf │ │ └── 05-terraform-auto-sso │ │ │ ├── README.md │ │ │ ├── main.tf │ │ │ ├── meta.xml │ │ │ ├── modules │ │ │ └── role │ │ │ │ ├── main.tf │ │ │ │ └── variables.tf │ │ │ ├── settings.tfvars │ │ │ └── variables.tf │ └── img │ │ ├── 1.创建RAM角色并生成AK.png │ │ ├── 10.03-控制台.png │ │ ├── 11.02-控制台.png │ │ ├── 12.01-控制台.png │ │ ├── 13.04-plan结果.png │ │ ├── 14.04-apply结果.png │ │ ├── 15.step2-plan结果.png │ │ ├── 16.04-step2-apply结果.png │ │ ├── 17.开启管控策略.png │ │ ├── 18.开启管控策略apply.png │ │ ├── 19.管控策略控制台.png │ │ ├── 2.01-plan运行结果.png │ │ ├── 20.单账号sso-plan.png │ │ ├── 21.单账号sso-apply.png │ │ ├── 22.多账号sso-step1-apply.png │ │ ├── 23.多账号sso-step2-apply.png │ │ ├── 3.01-apply运行结果.png │ │ ├── 4.02-plan运行结果.png │ │ ├── 5.02-apply运行结果.png │ │ ├── 6.03-step1-plan运行结果.png │ │ ├── 7.03-step1-apply运行结果.png │ │ ├── 8.03-step2-plan运行结果.png │ │ └── 9.03-step2-apply运行结果.png ├── ack │ ├── solutions │ │ └── IAM │ │ │ └── OIDC │ │ │ ├── java │ │ │ ├── pom.xml │ │ │ └── src │ │ │ │ └── main │ │ │ │ └── java │ │ │ │ └── com │ │ │ │ └── aliyun │ │ │ │ └── landingzone │ │ │ │ └── Main.java │ │ │ ├── java_spring │ │ │ ├── Dockerfile │ │ │ ├── Dockerfile_biz │ │ │ ├── Readme.md │ │ │ ├── bin │ │ │ │ ├── appctl.sh │ │ │ │ ├── preload.sh │ │ │ │ ├── setenv.sh │ │ │ │ └── start.sh │ │ │ ├── build.sh │ │ │ ├── pom.xml │ │ │ └── src │ │ │ │ └── main │ │ │ │ ├── java │ │ │ │ └── org │ │ │ │ │ └── hz │ │ │ │ │ └── minigroup │ │ │ │ │ ├── Bootstrap.java │ │ │ │ │ ├── FreetimeApplication.java │ │ │ │ │ ├── common │ │ │ │ │ ├── CommonConstants.java │ │ │ │ │ ├── OidcStsUtils.java │ │ │ │ │ ├── model │ │ │ │ │ │ ├── Page.java │ │ │ │ │ │ ├── Result.java │ │ │ │ │ │ ├── StsToken.java │ │ │ │ │ │ └── WebResult.java │ │ │ │ │ └── utils │ │ │ │ │ │ ├── BaseController.java │ │ │ │ │ │ └── JsonUtils.java │ │ │ │ │ ├── network │ │ │ │ │ ├── controller │ │ │ │ │ │ └── NetworkController.java │ │ │ │ │ ├── enums │ │ │ │ │ │ └── NetworkEnum.java │ │ │ │ │ ├── model │ │ │ │ │ │ └── VpcRequest.java │ │ │ │ │ └── service │ │ │ │ │ │ └── NetworkService.java │ │ │ │ │ └── ram │ │ │ │ │ ├── RamController.java │ │ │ │ │ └── service │ │ │ │ │ └── RamService.java │ │ │ │ └── resources │ │ │ │ ├── application.properties │ │ │ │ └── oidc.properties │ │ │ └── python │ │ │ └── oidc_v1.py │ └── usecase │ │ └── IAM │ │ ├── Dockerfile │ │ └── configmap ├── automation │ ├── account-factory │ │ ├── .gitignore │ │ ├── README.md │ │ ├── backend.tfvars │ │ ├── extension │ │ │ ├── backend │ │ │ │ ├── azurerm-backend.tf │ │ │ │ └── azurerm-backend.tfvars │ │ │ ├── kms_client_key_kaap.json │ │ │ ├── kms_secret.py │ │ │ └── secretsmanager.properties │ │ ├── modules │ │ │ ├── idp │ │ │ │ ├── CHANGELOG.md │ │ │ │ ├── README.md │ │ │ │ ├── examples │ │ │ │ │ ├── complete │ │ │ │ │ │ ├── README.md │ │ │ │ │ │ ├── main.tf │ │ │ │ │ │ ├── outputs.tf │ │ │ │ │ │ └── variables.tf │ │ │ │ │ └── scenario-other-1 │ │ │ │ │ │ ├── README.md │ │ │ │ │ │ ├── main.tf │ │ │ │ │ │ ├── outputs.tf │ │ │ │ │ │ └── variables.tf │ │ │ │ ├── main.tf │ │ │ │ ├── outputs.tf │ │ │ │ ├── variables.tf │ │ │ │ └── versions.tf │ │ │ ├── network │ │ │ │ ├── main.tf │ │ │ │ ├── outputs.tf │ │ │ │ └── variables.tf │ │ │ └── role │ │ │ │ ├── main.tf │ │ │ │ ├── outputs.tf │ │ │ │ └── variables.tf │ │ ├── settings.tfvars │ │ └── step │ │ │ ├── account-create │ │ │ ├── backend.tf │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ │ ├── auth-authorize-role │ │ │ ├── backend.tf │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ │ ├── auth-create-idp │ │ │ ├── backend.tf │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ │ ├── auth-create-role │ │ │ ├── backend.tf │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ │ ├── auth-create-user │ │ │ ├── backend.tf │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ │ ├── network-create-vpc-vsw │ │ │ ├── backend.tf │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ │ └── var │ │ │ ├── account.json.tmpl │ │ │ ├── vpc.json.tmpl │ │ │ └── vswitch.json.tmpl │ └── finance-industry │ │ ├── modules │ │ ├── compliance-pack │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── ecs-alb-multi-az │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── networking │ │ │ ├── cen-custom-route │ │ │ │ ├── main.tf │ │ │ │ ├── outputs.tf │ │ │ │ ├── variables.tf │ │ │ │ └── versions.tf │ │ │ ├── cen-vpc-attach │ │ │ │ ├── main.tf │ │ │ │ ├── outputs.tf │ │ │ │ ├── variables.tf │ │ │ │ └── versions.tf │ │ │ ├── eip │ │ │ │ ├── main.tf │ │ │ │ ├── outputs.tf │ │ │ │ ├── variables.tf │ │ │ │ └── versions.tf │ │ │ ├── nat-gateway │ │ │ │ ├── main.tf │ │ │ │ ├── outputs.tf │ │ │ │ ├── variables.tf │ │ │ │ └── versions.tf │ │ │ ├── vpc-create │ │ │ │ ├── main.tf │ │ │ │ ├── outputs.tf │ │ │ │ ├── variables.tf │ │ │ │ └── versions.tf │ │ │ └── vpc-custom-route │ │ │ │ ├── main.tf │ │ │ │ ├── outputs.tf │ │ │ │ ├── variables.tf │ │ │ │ └── versions.tf │ │ ├── ram-authorize-user-role │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ └── ram-user-role │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── run.sh │ │ ├── settings.tfvars │ │ └── step │ │ ├── application-deploy-ecs-alb │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── com-config-compliance-pack │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── iam-authorize-user-role │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── iam-create-idp │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── iam-create-user-role │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── network-attach-cen │ │ ├── cen_service.py │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── network-build-dmz │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── network-config-route │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── network-create-vpc │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── resource-create-account │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── sec-subscribe-anti-ddos │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── sec-subscribe-cfw │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── sec-subscribe-waf │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf │ │ └── var │ │ ├── account.json.tmpl │ │ ├── anti-ddos.json.tmpl │ │ ├── cen.json.tmpl │ │ ├── dmz.json.tmpl │ │ ├── ecs-alb.json.tmpl │ │ ├── route.json.tmpl │ │ ├── vpc.json.tmpl │ │ └── waf.json.tmpl ├── compliance │ ├── 3.1-actiontrail │ │ ├── README.md │ │ ├── README_en.md │ │ ├── main.tf │ │ ├── settings.tfvars │ │ └── variables.tf │ ├── 3.2-goldenImage │ │ ├── README.md │ │ ├── README_en.md │ │ ├── step1-create-ecs │ │ │ ├── main.tf │ │ │ ├── settings.tfvars │ │ │ └── variables.tf │ │ └── step2-distribute-golden-image │ │ │ ├── main.tf │ │ │ ├── settings.tfvars │ │ │ └── variables.tf │ ├── 3.3-cmdb │ │ ├── README.md │ │ ├── README_en.md │ │ ├── main.tf │ │ ├── settings.tfvars │ │ └── variables.tf │ ├── 3.4-sub-resource-changes │ │ ├── README.md │ │ ├── python_script │ │ │ ├── README.md │ │ │ ├── __init__.py │ │ │ ├── config_default.py │ │ │ ├── index.py │ │ │ ├── requirement.txt │ │ │ └── subscription.py │ │ └── terraform │ │ │ ├── main.tf │ │ │ ├── settings.tfvars │ │ │ └── variables.tf │ ├── README.md │ └── img │ │ ├── ActionTrail-OSS.png │ │ ├── ActionTrail-SLS.png │ │ ├── ActionTrail-apply.png │ │ ├── CMDB-terraform.png │ │ ├── CMDB-数据投递.png │ │ ├── CMDB-消费预览.png │ │ ├── CMDB-消费预览结果.png │ │ ├── CMDB-账号组.png │ │ ├── GoldenImage-step1-apply.png │ │ ├── GoldenImage-step2-apply.png │ │ ├── GoldenImage-共享账号.png │ │ ├── GoldenImage-策略绑定.png │ │ └── GoldenImage-结果.png ├── finance │ ├── idle_resource.py │ └── storage_risk_item.py ├── networking │ ├── build-dmz │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── settings.tfvars │ │ ├── variables.tf │ │ └── versions.tf │ └── multi-account-multi-vpc │ │ ├── main.tf │ │ ├── network │ │ ├── main.tf │ │ ├── project │ │ │ ├── main.tf │ │ │ ├── nacl │ │ │ │ ├── main.tf │ │ │ │ └── variables.tf │ │ │ ├── nat │ │ │ │ ├── main.tf │ │ │ │ └── variables.tf │ │ │ ├── variable.tf │ │ │ └── vswitch │ │ │ │ ├── main.tf │ │ │ │ ├── output.tf │ │ │ │ └── variable.tf │ │ └── variables.tf │ │ ├── settings.tfvars │ │ ├── variables.tf │ │ └── versions.tf ├── operations │ ├── golden-image │ │ ├── README.md │ │ ├── README_en.md │ │ ├── step1-create-ecs │ │ │ └── main.tf │ │ └── step2-distribute-golden-image │ │ │ ├── main.tf │ │ │ └── variables.tf │ └── sls-audit │ │ ├── README.md │ │ ├── default.tfvars │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf ├── solution-ARMS-Grafana-integrate-Zabbix-Prometheus │ ├── README.md │ └── main.tf ├── solution-IDaaS-synchronization │ ├── README.md │ └── index.py ├── solution-access-analyzer-external-access │ ├── .gitignore │ ├── README.md │ ├── fc │ │ └── java │ │ │ ├── pom.xml │ │ │ └── src │ │ │ └── main │ │ │ └── java │ │ │ └── org │ │ │ └── example │ │ │ └── Main.java │ └── ros │ │ └── create-role-cross-account │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf ├── solution-ack-managed-cluster │ ├── README.md │ ├── main.tf │ ├── modules │ │ └── ack-managed-cluster │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ ├── outputs.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── solution-ack-sts-token │ ├── .gitignore │ ├── README.md │ └── code-example │ │ ├── deploy.yaml │ │ ├── golang │ │ ├── go.mod │ │ ├── go.sum │ │ ├── oss_sdk │ │ │ └── credentials_oidc_role_arn_sample.go │ │ ├── sdk2_0 │ │ │ └── credentials_oidc_role_arn_sample.go │ │ └── sls_sdk │ │ │ └── credentials_oidc_role_arn_sample.go │ │ ├── java │ │ ├── common │ │ │ ├── pom.xml │ │ │ └── src │ │ │ │ └── main │ │ │ │ └── java │ │ │ │ └── org │ │ │ │ └── example │ │ │ │ ├── oss_sdk │ │ │ │ ├── CredentialsDefaultSample.java │ │ │ │ └── CredentialsOIDCRoleArnSample.java │ │ │ │ ├── sdk1_0 │ │ │ │ ├── CredentialsDefaultSample.java │ │ │ │ └── CredentialsOIDCRoleArnSample.java │ │ │ │ ├── sdk2_0 │ │ │ │ ├── CredentialsDefaultSample.java │ │ │ │ └── CredentialsOIDCRoleArnSample.java │ │ │ │ └── sls_sdk │ │ │ │ ├── CredentialsDefaultSample.java │ │ │ │ └── CredentialsOIDCRoleArnSample.java │ │ └── spring-boot │ │ │ ├── pom.xml │ │ │ └── src │ │ │ └── main │ │ │ ├── java │ │ │ └── org │ │ │ │ └── example │ │ │ │ ├── Application.java │ │ │ │ ├── config │ │ │ │ ├── CredentialConfig.java │ │ │ │ ├── OssClientConfig.java │ │ │ │ ├── SdkV1ClientConfig.java │ │ │ │ ├── SdkV2ClientConfig.java │ │ │ │ └── SlsClientConfig.java │ │ │ │ ├── controller │ │ │ │ ├── OssController.java │ │ │ │ ├── SdkV1Controller.java │ │ │ │ ├── SdkV2Controller.java │ │ │ │ └── SlsController.java │ │ │ │ └── service │ │ │ │ ├── OssService.java │ │ │ │ ├── SdkV1Service.java │ │ │ │ ├── SdkV2Service.java │ │ │ │ └── SlsService.java │ │ │ └── resources │ │ │ └── application.properties │ │ └── python │ │ ├── oss_sdk │ │ ├── credentials_default_sample.py │ │ ├── credentials_oidc_role_arn_sample.py │ │ └── requirements.txt │ │ ├── sdk2_0 │ │ ├── credentials_default_sample.py │ │ └── credentials_oidc_role_arn_sample.py │ │ └── sls_sdk │ │ ├── credentials_default_sample.py │ │ ├── credentials_oidc_role_arn_sample.py │ │ └── requirements.txt ├── solution-cen-ack │ ├── .metadata │ ├── CHANGELOG.md │ ├── README.md │ ├── k8s │ │ └── main.tf │ ├── main.tf │ ├── variables.tf │ └── vpc │ │ └── main.tf ├── solution-compliance-audit-for-data-plane │ ├── README.md │ └── source │ │ ├── function │ │ ├── ecs-patch-baseline │ │ │ ├── index.js │ │ │ └── package.json │ │ └── ecs-timezone │ │ │ ├── index.js │ │ │ └── package.json │ │ └── ros │ │ ├── create-cross-account-command-inspection-role.yaml │ │ └── create-cross-account-patch-inspection-role.yaml ├── solution-cross-account-sts-token │ ├── .gitignore │ ├── README.md │ ├── code-example │ │ ├── java │ │ │ ├── common │ │ │ │ ├── pom.xml │ │ │ │ └── src │ │ │ │ │ └── main │ │ │ │ │ └── java │ │ │ │ │ └── org │ │ │ │ │ └── example │ │ │ │ │ ├── sdk1_0 │ │ │ │ │ └── AssumeRoleSample.java │ │ │ │ │ └── sdk2_0 │ │ │ │ │ ├── AssumeRoleSample.java │ │ │ │ │ ├── RamRoleCredentialAsyncSample.java │ │ │ │ │ └── RamRoleCredentialSample.java │ │ │ └── spring-boot │ │ │ │ ├── assume-role │ │ │ │ ├── sdk-v1 │ │ │ │ │ ├── pom.xml │ │ │ │ │ └── src │ │ │ │ │ │ └── main │ │ │ │ │ │ ├── java │ │ │ │ │ │ └── org │ │ │ │ │ │ │ └── example │ │ │ │ │ │ │ ├── Application.java │ │ │ │ │ │ │ ├── config │ │ │ │ │ │ │ ├── CredentialConfig.java │ │ │ │ │ │ │ └── CrossAccountSdkClientConfig.java │ │ │ │ │ │ │ └── controller │ │ │ │ │ │ │ └── Controller.java │ │ │ │ │ │ └── resources │ │ │ │ │ │ └── application.properties │ │ │ │ └── sdk-v2 │ │ │ │ │ ├── pom.xml │ │ │ │ │ └── src │ │ │ │ │ └── main │ │ │ │ │ ├── java │ │ │ │ │ └── org │ │ │ │ │ │ └── example │ │ │ │ │ │ ├── Application.java │ │ │ │ │ │ ├── config │ │ │ │ │ │ ├── CacheConfig.java │ │ │ │ │ │ ├── CredentialConfig.java │ │ │ │ │ │ └── StsClientConfig.java │ │ │ │ │ │ ├── controller │ │ │ │ │ │ └── Controller.java │ │ │ │ │ │ └── service │ │ │ │ │ │ └── AssumeRoleService.java │ │ │ │ │ └── resources │ │ │ │ │ └── application.properties │ │ │ │ └── ram-role-credential │ │ │ │ └── sdk-v2 │ │ │ │ ├── pom.xml │ │ │ │ └── src │ │ │ │ └── main │ │ │ │ ├── java │ │ │ │ └── org │ │ │ │ │ └── example │ │ │ │ │ ├── Application.java │ │ │ │ │ ├── config │ │ │ │ │ ├── CredentialConfig.java │ │ │ │ │ └── SdkV2ClientConfig.java │ │ │ │ │ └── controller │ │ │ │ │ └── Controller.java │ │ │ │ └── resources │ │ │ │ └── application.properties │ │ └── terraform │ │ │ ├── ack-rrsa │ │ │ └── main.tf │ │ │ ├── ecs-instance-role │ │ │ └── main.tf │ │ │ └── long-term-ak │ │ │ └── main.tf │ └── deployment │ │ └── create-role-cross-account │ │ ├── .metadata │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf ├── solution-ecs-patching │ ├── README.md │ ├── README_en.md │ ├── step1-preparation │ │ ├── main.tf │ │ ├── tfvars.json.example │ │ ├── variables.tf │ │ └── versions.tf │ ├── step2-create-cross-account-role │ │ └── stack-group-template.yaml │ ├── step3-distribute-patch-baseline │ │ └── stack-template.yaml │ └── step4-automation-deployment │ │ ├── main.tf │ │ ├── tfvars.json.example │ │ ├── variables.tf │ │ └── versions.tf ├── solution-ecs-sts-token │ ├── .gitignore │ ├── README.md │ ├── code-example │ │ ├── java │ │ │ ├── common │ │ │ │ ├── pom.xml │ │ │ │ └── src │ │ │ │ │ └── main │ │ │ │ │ └── java │ │ │ │ │ └── org │ │ │ │ │ └── example │ │ │ │ │ ├── oss_sdk │ │ │ │ │ ├── CredentialsDefaultSample.java │ │ │ │ │ ├── README.md │ │ │ │ │ └── RoleConfigSample.java │ │ │ │ │ ├── sdk1_0 │ │ │ │ │ ├── CredentialsSample.java │ │ │ │ │ ├── EnvConfigSample.java │ │ │ │ │ ├── LongTermAkSample.java │ │ │ │ │ ├── README.md │ │ │ │ │ ├── RoleConfigSample.java │ │ │ │ │ └── code-diff.png │ │ │ │ │ ├── sdk2_0 │ │ │ │ │ ├── CredentialsDefaultSample.java │ │ │ │ │ ├── CredentialsRoleConfigSample.java │ │ │ │ │ ├── LongTermAkSample.java │ │ │ │ │ ├── README.md │ │ │ │ │ └── code-diff.png │ │ │ │ │ └── sls_sdk │ │ │ │ │ ├── CredentialsDefaultSample.java │ │ │ │ │ ├── README.md │ │ │ │ │ └── RoleConfigSample.java │ │ │ └── spring-boot │ │ │ │ ├── pom.xml │ │ │ │ └── src │ │ │ │ └── main │ │ │ │ ├── java │ │ │ │ └── org │ │ │ │ │ └── example │ │ │ │ │ ├── Application.java │ │ │ │ │ ├── config │ │ │ │ │ ├── CredentialConfig.java │ │ │ │ │ ├── OssClientConfig.java │ │ │ │ │ ├── SdkV1ClientConfig.java │ │ │ │ │ ├── SdkV2ClientConfig.java │ │ │ │ │ └── SlsClientConfig.java │ │ │ │ │ ├── controller │ │ │ │ │ ├── OssController.java │ │ │ │ │ ├── SdkV1Controller.java │ │ │ │ │ ├── SdkV2Controller.java │ │ │ │ │ └── SlsController.java │ │ │ │ │ └── service │ │ │ │ │ ├── OssService.java │ │ │ │ │ ├── SdkV1Service.java │ │ │ │ │ ├── SdkV2Service.java │ │ │ │ │ └── SlsService.java │ │ │ │ └── resources │ │ │ │ └── application.properties │ │ ├── php │ │ │ └── sls_sdk │ │ │ │ ├── composer.json │ │ │ │ └── credentials_default_sample.php │ │ └── python │ │ │ ├── oss_sdk │ │ │ ├── README.md │ │ │ ├── credentials_default_sample.py │ │ │ ├── requirements.txt │ │ │ └── role_config_sample.py │ │ │ ├── sdk1_0 │ │ │ ├── README.md │ │ │ └── role_config_sample.py │ │ │ ├── sdk2_0 │ │ │ ├── README.md │ │ │ ├── credentials_default_sample.py │ │ │ └── credentials_role_config_sample.py │ │ │ └── sls_sdk │ │ │ ├── README.md │ │ │ ├── credentials_default_sample.py │ │ │ └── requirements.txt │ └── deployment │ │ └── create_role_cross_account │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf ├── solution-ecs-system-configuration-maintenance │ ├── README.md │ ├── step1-preparation │ │ ├── main.tf │ │ ├── tfvars.json.example │ │ ├── variables.tf │ │ └── versions.tf │ ├── step2-create-cross-account-role │ │ └── stack-group-template.yaml │ └── step3-automation-deployment │ │ ├── main.tf │ │ ├── tfvars.json.example │ │ ├── variables.tf │ │ └── versions.tf ├── solution-enterprise-cloud-connection-using-cen-tr │ ├── CHANGELOG.md │ ├── README.md │ ├── main.tf │ └── variables.tf ├── solution-fc-sts-token │ ├── .gitignore │ ├── README.md │ └── code-example │ │ ├── java │ │ ├── pom.xml │ │ └── src │ │ │ └── main │ │ │ └── java │ │ │ └── org │ │ │ └── example │ │ │ ├── aliyun_sdk │ │ │ └── App.java │ │ │ ├── oss_sdk │ │ │ └── App.java │ │ │ └── sls_sdk │ │ │ └── App.java │ │ ├── nodejs │ │ └── aliyun_sdk │ │ │ └── index.js │ │ └── python │ │ ├── aliyun_sdk │ │ └── index.py │ │ ├── oss_sdk │ │ └── index.py │ │ └── sls_sdk │ │ └── index.py ├── solution-golden-image │ ├── CHANGELOG.md │ ├── README.md │ ├── README_en.md │ ├── golden-image-distribution │ │ ├── README.md │ │ ├── README_en.md │ │ ├── step1-copy-golden-image │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ └── step2-share-golden-image │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ └── golden-image-pipeline │ │ ├── README.md │ │ ├── README_en.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf ├── solution-kms-managed-accesskey │ ├── code-example │ │ └── java │ │ │ ├── README.md │ │ │ ├── pom.xml │ │ │ └── src │ │ │ ├── config │ │ │ └── prod-aliyun │ │ │ │ └── resources │ │ │ │ ├── application.properties │ │ │ │ └── managed_credentials_providers.properties │ │ │ └── main │ │ │ ├── java │ │ │ └── org │ │ │ │ └── example │ │ │ │ ├── AliyunSdkAKExpireHandler.java │ │ │ │ └── Main.java │ │ │ └── resources │ │ │ ├── application.properties │ │ │ └── managed_credentials_providers.properties │ └── deployment │ │ ├── README.md │ │ ├── step1-share-vswitch │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── tfvars.json.example │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── step2-create-kms-instance │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── tfvars.json.example │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── step3-share-kms-instance │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── tfvars.json.example │ │ ├── variables.tf │ │ └── versions.tf │ │ └── step4-create-kms-aap │ │ ├── main.tf │ │ ├── tfvars.json.example │ │ ├── variables.tf │ │ └── versions.tf ├── solution-log-audit-using-sls │ ├── README.md │ ├── modules │ │ └── ram-role │ │ │ ├── main.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ ├── step1-create-log-audit-application │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── tfvars.json.example │ │ ├── variables.tf │ │ └── versions.tf │ ├── step2-delivery-to-central-logarchive │ │ ├── main.tf │ │ ├── tfvars.json.example │ │ ├── variables.tf │ │ └── versions.tf │ ├── step3-cold-archive-to-oss │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── tfvars.json.example │ │ ├── variables.tf │ │ └── versions.tf │ └── step4-add-control-policy │ │ ├── main.tf │ │ ├── tfvars.json.example │ │ ├── variables.tf │ │ └── versions.tf ├── solution-oss-pre-signed │ ├── .gitignore │ ├── README.md │ └── code-example │ │ └── java │ │ └── spring-boot │ │ ├── pom.xml │ │ └── src │ │ └── main │ │ ├── java │ │ └── org │ │ │ └── example │ │ │ ├── Application.java │ │ │ ├── config │ │ │ ├── CredentialConfig.java │ │ │ └── OssConfig.java │ │ │ ├── controller │ │ │ ├── DownloadController.java │ │ │ └── UploadController.java │ │ │ ├── model │ │ │ ├── OssPostCallback.java │ │ │ ├── PostCallbackResp.java │ │ │ └── PostSignatureResp.java │ │ │ └── service │ │ │ ├── DownloadService.java │ │ │ └── UploadService.java │ │ └── resources │ │ ├── application.properties │ │ └── static │ │ └── index.html ├── solution-privatelink-private-network-interconnection │ ├── .metadata │ ├── CHANGELOG.md │ ├── README.md │ ├── ecs │ │ └── main.tf │ ├── main.tf │ ├── outputs.tf │ ├── privatelink_private_network_interconnection │ │ ├── .metadata │ │ ├── ecs │ │ │ └── main.tf │ │ ├── main.tf │ │ ├── sg │ │ │ └── main.tf │ │ ├── variables.tf │ │ └── vpc │ │ │ └── main.tf │ ├── sg │ │ └── main.tf │ ├── variables.tf │ ├── versions.tf │ └── vpc │ │ └── main.tf ├── solution-tvm │ ├── .gitignore │ ├── README.md │ └── code-example │ │ └── java │ │ └── spring-boot │ │ ├── pom.xml │ │ └── src │ │ └── main │ │ ├── java │ │ └── org │ │ │ └── example │ │ │ ├── Application.java │ │ │ ├── config │ │ │ ├── CredentialConfig.java │ │ │ └── StsClientConfig.java │ │ │ ├── controller │ │ │ └── TvmController.java │ │ │ └── service │ │ │ ├── StsTokenVendor.java │ │ │ ├── TokenVendingMachine.java │ │ │ └── policy │ │ │ ├── PolicyGenerator.java │ │ │ └── PolicyTemplateLoader.java │ │ └── resources │ │ ├── application.properties │ │ ├── policy-templates │ │ ├── OssTemplate.json │ │ └── SlsTemplate.json │ │ └── static │ │ ├── oss.html │ │ └── sls.html ├── solution-vpc-interconnection-using-peering-and-tr │ ├── CHANGELOG.md │ ├── README.md │ ├── ecs │ │ └── main.tf │ ├── main.tf │ ├── variables.tf │ ├── versions.tf │ └── vpc │ │ └── main.tf └── tools │ └── aliyun_subscribe_actiontrail │ ├── README.md │ ├── index.py │ └── requirements.txt └── terraform-modules ├── terraform-alicloud-landing-zone-account-factory-role-based-sso ├── CHANGELOG.md ├── README.md ├── examples │ └── common │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── tfvars │ │ ├── common.tfvars │ │ └── custom.tfvars │ │ └── variables.tf ├── main.tf ├── modules │ └── ram_role │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf ├── outputs.tf ├── variables.tf └── versions.tf ├── terraform-alicloud-landing-zone-actiontrail-event-alert ├── README.md ├── cis_at_abnormal_ak_usage.tf ├── cis_at_abnormal_login.tf ├── cis_at_abnormal_pwd_mod_cnt.tf ├── cis_at_ak_conf_change.tf ├── cis_at_api_err.tf ├── cis_at_cfw_ai_off.tf ├── cis_at_cfw_assets_auto_protec_off.tf ├── cis_at_cfw_assets_protec_off.tf ├── cis_at_cfw_basic_rule_off.tf ├── cis_at_cfw_log_off.tf ├── cis_at_cfw_loose_block.tf ├── cis_at_cfw_obs_mode.tf ├── cis_at_cfw_patch_off.tf ├── cis_at_cfw_ti_off.tf ├── cis_at_cloudfirewall_conf_change.tf ├── cis_at_ecs_auto_snapshot_policy.tf ├── cis_at_ecs_disk_encry_detc.tf ├── cis_at_ecs_disk_reinit.tf ├── cis_at_ecs_disk_release.tf ├── cis_at_ecs_force_reboot.tf ├── cis_at_ecs_reboot_alot.tf ├── cis_at_ecs_release_protec_off.tf ├── cis_at_esc_release.tf ├── cis_at_off_duty_login.tf ├── cis_at_oss_policy_change.tf ├── cis_at_password_change.tf ├── cis_at_password_reset.tf ├── cis_at_pwd_expire_policy.tf ├── cis_at_pwd_length_policy.tf ├── cis_at_pwd_login_attemp_policy.tf ├── cis_at_pwd_reuse_prevention_policy.tf ├── cis_at_ram_auth_change.tf ├── cis_at_ram_mfa_login.tf ├── cis_at_ram_policy_change.tf ├── cis_at_rds_access_whitelist.tf ├── cis_at_rds_conf_change.tf ├── cis_at_rds_sql_audit.tf ├── cis_at_rds_ssl_config.tf ├── cis_at_root_ak_usage.tf ├── cis_at_root_login.tf ├── cis_at_sas_webshell_detection.tf ├── cis_at_sas_webshell_unbind.tf ├── cis_at_securitygroup_change.tf ├── cis_at_trail_off.tf ├── cis_at_unauth_apicall.tf ├── cis_at_unauth_login.tf ├── cis_at_vpc_conf_change.tf ├── cis_at_vpc_flowlog_off.tf ├── cis_at_vpc_route_change.tf ├── dataflow_at_slb_http.tf ├── db_at_rds_instance_del.tf ├── ip_insight.tf ├── ip_insight_v2.tf ├── main.tf ├── tfvars.json.example ├── variables.tf └── versions.tf ├── terraform-alicloud-landing-zone-alb ├── CHANGELOG.md ├── README.md ├── examples │ └── create-public-alb │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── tfvars │ │ ├── create-waf-edition.tfvars │ │ └── settings.tfvars │ │ └── variables.tf ├── main.tf ├── outputs.tf ├── variables.tf └── versions.tf ├── terraform-alicloud-landing-zone-cen-custom-route ├── CHANGELOG.md ├── README.md ├── examples │ └── add-routing-entries │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── tfvars │ │ └── settings.tfvars │ │ └── variables.tf ├── main.tf ├── outputs.tf ├── variables.tf └── versions.tf ├── terraform-alicloud-landing-zone-cen-vpc-attach ├── CHANGELOG.md ├── README.md ├── examples │ └── add-vpc-attachment │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── tfvars │ │ └── settings.tfvars │ │ └── variables.tf ├── main.tf ├── outputs.tf ├── variables.tf └── versions.tf ├── terraform-alicloud-landing-zone-cen-with-dmz-vpc ├── examples │ └── common │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── tfvars │ │ └── common.tfvars │ │ ├── variables.tf │ │ └── versions.tf ├── local.tfvars ├── main.tf ├── modules │ ├── cen-vpc-attach │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── eip │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf │ └── nat-gateway │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf ├── outputs.tf ├── variables.tf └── versions.tf ├── terraform-alicloud-landing-zone-cloud-sso-multi-account-policy ├── LICENSE ├── README-CN.md ├── README.md ├── examples │ └── complete │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── tfvars │ │ ├── step-01.tfvars │ │ ├── step-02.tfvars │ │ └── step-03.tfvars │ │ └── variables.tf ├── locals.tf ├── main.tf ├── outputs.tf ├── variables.tf └── versions.tf ├── terraform-alicloud-landing-zone-eip ├── CHANGELOG.md ├── README.md ├── examples │ └── create-eip-and-bandwidth-package │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── tfvars │ │ └── settings.tfvars │ │ └── variables.tf ├── main.tf ├── outputs.tf ├── variables.tf └── versions.tf ├── terraform-alicloud-landing-zone-guardrails ├── CHANGELOG.md ├── README.md ├── examples │ └── common │ │ ├── README.md │ │ ├── main.tf │ │ ├── output.tf │ │ ├── tfvars │ │ ├── common.tfvars │ │ └── custom.tfvars │ │ └── variables.tf ├── main.tf ├── output.tf ├── variables.tf └── versions.tf ├── terraform-alicloud-landing-zone-log-archive ├── CHANGELOG.md ├── README.md ├── examples │ └── common │ │ ├── README.md │ │ ├── main.tf │ │ ├── output.tf │ │ ├── tfvars │ │ ├── all.tfvars │ │ └── sls_only.tfvars │ │ └── variables.tf ├── locals.tf ├── main.tf ├── outputs.tf ├── variables.tf └── versions.tf ├── terraform-alicloud-landing-zone-nat-gateway ├── CHANGELOG.md ├── README.md ├── examples │ └── create-public-nat-gateway │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── tfvars │ │ └── settings.tfvars │ │ └── variables.tf ├── main.tf ├── outputs.tf ├── variables.tf └── versions.tf ├── terraform-alicloud-landing-zone-resource-structure ├── CHANGELOG.md ├── README.md ├── examples │ └── common │ │ ├── README.md │ │ ├── main.tf │ │ ├── output.tf │ │ ├── tfvars │ │ ├── common.tfvars │ │ └── custom.tfvars │ │ └── variables.tf ├── main.tf ├── output.tf ├── variables.tf └── versions.tf ├── terraform-alicloud-landing-zone-share-vpc ├── CHANGELOG.md ├── README.md ├── examples │ └── complete │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── tfvars │ │ └── update-shared-unit.tfvars │ │ └── variables.tf ├── main.tf ├── outputs.tf ├── variables.tf └── versions.tf └── terraform-alicloud-landing-zone-vpc-custom-route ├── CHANGELOG.md ├── README.md ├── examples └── add-routing-entries │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── tfvars │ └── settings.tfvars │ └── variables.tf ├── main.tf ├── outputs.tf ├── variables.tf └── versions.tf /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: "[Feature Request]" 5 | labels: '' 6 | assignees: daxingplay 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 12 | 13 | **Describe the solution you'd like** 14 | A clear and concise description of what you want to happen. 15 | 16 | **Describe alternatives you've considered** 17 | A clear and concise description of any alternative solutions or features you've considered. 18 | 19 | **Additional context** 20 | Add any other context or screenshots about the feature request here. 21 | -------------------------------------------------------------------------------- /example/01-startup/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/example/01-startup/README.md -------------------------------------------------------------------------------- /example/01-startup/README_zh.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/example/01-startup/README_zh.md -------------------------------------------------------------------------------- /example/01-startup/shell-scripts/network/main.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | Region="cn-hangzhou" 4 | Zone="cn-hangzhou-h" 5 | # 创建企业默认专有网络(VPC) 6 | VpcId=$(aliyun vpc CreateVpc --region $Region --VpcName "default_vpc" --CidrBlock "192.168.0.0/16" | jq -r '.VpcId') 7 | # 等待VPC可用 8 | aliyun vpc DescribeVpcs --region $Region --VpcId $VpcId --waiter expr="Vpcs.Vpc[0].Status" to="Available" 9 | # 创建交换机 10 | VswId=$(aliyun vpc CreateVSwitch --region $Region --CidrBlock "192.168.0.0/24" --VpcId $VpcId --ZoneId $Zone --VSwitchName "default_vswitch" | jq -r '.VSwitchId') 11 | # 创建企业默认安全组 12 | SgId=$(aliyun ecs CreateSecurityGroup --region $Region --SecurityGroupName "default_sg" --VpcId $VpcId | jq -r '.SecurityGroupId') -------------------------------------------------------------------------------- /example/01-startup/terraform/app-on-ecs/main.tf: -------------------------------------------------------------------------------- 1 | # 为系统管理员创建自定义权限策略 2 | 3 | module network { 4 | source = "./modules/network" 5 | } 6 | 7 | module identity { 8 | source = "./modules/identity" 9 | language = var.language 10 | } 11 | 12 | 13 | 14 | -------------------------------------------------------------------------------- /example/01-startup/terraform/app-on-ecs/modules/identity/variable.tf: -------------------------------------------------------------------------------- 1 | variable "language"{ 2 | description="identify which language we will apply" 3 | } -------------------------------------------------------------------------------- /example/01-startup/terraform/app-on-ecs/modules/network/main.tf: -------------------------------------------------------------------------------- 1 | provider "alicloud" { 2 | profile = "default" 3 | } 4 | 5 | # 创建企业默认专有网络 6 | resource "alicloud_vpc" "default_vpc" { 7 | name = "default_vpc" 8 | cidr_block = "192.168.0.0/16" 9 | } 10 | # 创建交换机 11 | resource "alicloud_vswitch" "default_vswitch" { 12 | name = "default_vswitch" 13 | vpc_id = alicloud_vpc.default_vpc.id 14 | cidr_block = "192.168.0.0/24" 15 | availability_zone = "cn-hangzhou-h" 16 | } 17 | # 创建企业默认安全组 18 | resource "alicloud_security_group" "charles_security_group" { 19 | name = "default-sg" 20 | vpc_id = alicloud_vpc.default_vpc.id 21 | } 22 | -------------------------------------------------------------------------------- /example/01-startup/terraform/app-on-ecs/variable.tf: -------------------------------------------------------------------------------- 1 | variable "language"{ 2 | default="EN" 3 | description="identify which language we will apply" 4 | } 5 | -------------------------------------------------------------------------------- /example/01-startup/terraform/app-on-k8s/variables.tf: -------------------------------------------------------------------------------- 1 | 2 | variable "cluster_spec" { 3 | } 4 | 5 | variable "k8s_name" { 6 | } 7 | 8 | variable "worker_instance_types" { 9 | } 10 | 11 | variable "worker_number" { 12 | default = 2 13 | } 14 | 15 | variable "proxy_mode" { 16 | default = "ipvs" 17 | } 18 | 19 | variable "node_login_password" { 20 | default = "Test12345" 21 | } 22 | 23 | variable "pod_cidr" {} 24 | 25 | variable "service_cidr" {} 26 | 27 | variable "cluster_addons" {} 28 | -------------------------------------------------------------------------------- /example/02-standard-enterprise/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/example/02-standard-enterprise/README.md -------------------------------------------------------------------------------- /example/02-standard-enterprise/README_zh.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/example/02-standard-enterprise/README_zh.md -------------------------------------------------------------------------------- /example/03-complex-enterprise/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/example/03-complex-enterprise/README.md -------------------------------------------------------------------------------- /example/03-complex-enterprise/README_zh.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/example/03-complex-enterprise/README_zh.md -------------------------------------------------------------------------------- /example/03-complex-enterprise/account-baseline/backend.conf.example: -------------------------------------------------------------------------------- 1 | bucket="landing-zone-setup-xxxx" 2 | region="cn-shanghai" 3 | prefix="account-baseline/terraform" 4 | tablestore_endpoint="https://xxxx.cn-shanghai.ots.aliyuncs.com" 5 | tablestore_table="statelock" 6 | access_key="xxxx" 7 | secret_key="xxxx" -------------------------------------------------------------------------------- /example/03-complex-enterprise/account-baseline/modules/account/output.tf: -------------------------------------------------------------------------------- 1 | output "application_account_id" { 2 | value = alicloud_resource_manager_account.rd_account_app.id 3 | description = "Output application account id." 4 | } -------------------------------------------------------------------------------- /example/03-complex-enterprise/account-baseline/modules/account/variables.tf: -------------------------------------------------------------------------------- 1 | variable "app_setting" { 2 | description = "" 3 | } 4 | 5 | variable "cen_instance_id" {} 6 | 7 | variable "folder_id" {} 8 | 9 | variable "payer_account_id" {} 10 | 11 | variable "vpc_production_id" {} 12 | 13 | variable "vpc_non_production_id" {} 14 | 15 | variable "vswitches_shared_services" {} 16 | 17 | variable "vswitches_dmz" {} 18 | 19 | # variable "network_acl_enabled" {} 20 | 21 | # 附加到成员账号ram user的权限策略 22 | variable "attached_system_policy" { 23 | default = "AdministratorAccess" 24 | } 25 | 26 | # 成员账号ram user的名称 27 | variable "ram_user_name" { 28 | default = "LandingZoneAccountSetup" 29 | } -------------------------------------------------------------------------------- /example/03-complex-enterprise/account-baseline/modules/network/nacl/variables.tf: -------------------------------------------------------------------------------- 1 | variable "vpc_id" {} 2 | 3 | variable "network_acl_name" {} 4 | 5 | variable "vswitches" { 6 | 7 | } 8 | 9 | variable "vswitches_shared_services" {} 10 | 11 | variable "vswitches_dmz" {} -------------------------------------------------------------------------------- /example/03-complex-enterprise/account-baseline/modules/network/output.tf: -------------------------------------------------------------------------------- 1 | output "vswitches_app" { 2 | value = { 3 | for o in keys(module.vpc_vswitch) : o => module.vpc_vswitch[o].vswitch_app 4 | } 5 | } -------------------------------------------------------------------------------- /example/03-complex-enterprise/account-baseline/modules/network/variables.tf: -------------------------------------------------------------------------------- 1 | variable "app_network_setting" { 2 | description = "" 3 | } 4 | 5 | variable "cen_instance_id" { 6 | description = "" 7 | } 8 | 9 | variable "vpc_id" {} 10 | 11 | variable "vswitches_shared_services" {} 12 | 13 | variable "vswitches_dmz" {} 14 | 15 | variable "network_acl_enabled" {} 16 | 17 | variable "resource_share_id" { 18 | 19 | } -------------------------------------------------------------------------------- /example/03-complex-enterprise/account-baseline/modules/network/vswitch/main.tf: -------------------------------------------------------------------------------- 1 | # 创建 VSwitch 2 | resource "alicloud_vswitch" "vswitch_app" { 3 | name = var.vswitch_name 4 | vpc_id = var.vpc_id 5 | cidr_block = var.cidr_block 6 | availability_zone = var.zone 7 | } 8 | 9 | # 将创建的 VSwitch 共享给改成员账号 10 | resource "alicloud_resource_manager_shared_resource" "shared_vswitches" { 11 | resource_id = alicloud_vswitch.vswitch_app.id 12 | resource_share_id = var.resource_share_id 13 | resource_type = "VSwitch" 14 | } -------------------------------------------------------------------------------- /example/03-complex-enterprise/account-baseline/modules/network/vswitch/output.tf: -------------------------------------------------------------------------------- 1 | output "vswitch_app" { 2 | value = alicloud_vswitch.vswitch_app 3 | } -------------------------------------------------------------------------------- /example/03-complex-enterprise/account-baseline/modules/network/vswitch/variables.tf: -------------------------------------------------------------------------------- 1 | variable "vswitch_name" { 2 | 3 | } 4 | 5 | variable "vpc_id" { 6 | 7 | } 8 | 9 | variable "cidr_block" { 10 | 11 | } 12 | 13 | variable "zone" { 14 | 15 | } 16 | 17 | variable "resource_share_id" { 18 | 19 | } -------------------------------------------------------------------------------- /example/03-complex-enterprise/account-baseline/output.tf: -------------------------------------------------------------------------------- 1 | output "application_accounts_ids" { 2 | value = module.app 3 | description = "Output application accounts ids." 4 | } -------------------------------------------------------------------------------- /example/03-complex-enterprise/account-baseline/variables.tf: -------------------------------------------------------------------------------- 1 | variable "foundations" { 2 | description = "Output from foundation step" 3 | } 4 | 5 | variable "applications_accounts" { 6 | description = "Setup member accounts for applications" 7 | } 8 | 9 | variable "access_key" { 10 | } 11 | 12 | variable "secret_key" { 13 | } 14 | 15 | variable "region" { 16 | } 17 | 18 | 19 | -------------------------------------------------------------------------------- /example/03-complex-enterprise/account-baseline/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "hashicorp/alicloud" 5 | version = ">= 1.111.0" 6 | } 7 | } 8 | required_version = ">= 0.13" 9 | } 10 | -------------------------------------------------------------------------------- /example/03-complex-enterprise/foundations/backend.conf.example: -------------------------------------------------------------------------------- 1 | bucket="landing-zone-setup-xxxxx" 2 | region="cn-shanghai" 3 | prefix="foundations/terraform" 4 | tablestore_endpoint="https://xxxx.cn-shanghai.ots.aliyuncs.com" 5 | tablestore_table="statelock" 6 | access_key="xxxx" 7 | secret_key="xxxx" -------------------------------------------------------------------------------- /example/03-complex-enterprise/foundations/modules/governance/variables.tf: -------------------------------------------------------------------------------- 1 | variable "bucket_audit_logs" {} 2 | 3 | variable "trail_audit_logs" {} 4 | 5 | variable "mns" {} 6 | 7 | variable "master_id" {} 8 | 9 | -------------------------------------------------------------------------------- /example/03-complex-enterprise/foundations/modules/identity/variables.tf: -------------------------------------------------------------------------------- 1 | # SharedServices 账号的 UID 2 | variable "shared_services_account_id" { 3 | default = "" 4 | } 5 | 6 | # Bussiness 目录 ID 7 | variable "business_folder_id" { 8 | default = "" 9 | } 10 | 11 | # 附加到成员账号ram user的权限策略 12 | variable "attached_system_policy" { 13 | default = "AdministratorAccess" 14 | } 15 | 16 | # 成员账号ram user的名称 17 | variable "ram_user_name" { 18 | default = "LandingZoneAccountSetup" 19 | } 20 | -------------------------------------------------------------------------------- /example/03-complex-enterprise/foundations/modules/networking/main.tf: -------------------------------------------------------------------------------- 1 | # assumerole到SharedServices账号 2 | provider "alicloud" { 3 | alias = "sharedservices" 4 | } 5 | 6 | 7 | ######################## 网络配置 ################## 8 | 9 | module "network_main" { 10 | source = "./network" 11 | providers = { 12 | alicloud = alicloud.sharedservices 13 | } 14 | 15 | network_settings = var.network_settings 16 | region = var.region 17 | } 18 | -------------------------------------------------------------------------------- /example/03-complex-enterprise/foundations/modules/networking/network/bastion/main.tf: -------------------------------------------------------------------------------- 1 | 2 | resource "alicloud_yundun_bastionhost_instance" "default" { 3 | description = var.description 4 | period = var.period 5 | vswitch_id = var.vswitch_id 6 | security_group_ids = var.security_group_ids 7 | license_code = "bhah_ent_50_asset" 8 | } -------------------------------------------------------------------------------- /example/03-complex-enterprise/foundations/modules/networking/network/bastion/variable.tf: -------------------------------------------------------------------------------- 1 | variable "description"{ 2 | default="Terraform-test-description" 3 | } 4 | 5 | variable "plan_code"{ 6 | default="alpha.professional" 7 | } 8 | 9 | variable "period"{ 10 | default="1" 11 | } 12 | 13 | variable "vswitch_id"{ 14 | default="v-testVswitch" 15 | } 16 | 17 | variable "security_group_ids"{ 18 | default=["sg-test"] 19 | } 20 | -------------------------------------------------------------------------------- /example/03-complex-enterprise/foundations/modules/networking/network/nat/variable.tf: -------------------------------------------------------------------------------- 1 | variable "vpc_id"{ 2 | default="vpc-bp1xxxxxxx" 3 | } 4 | 5 | variable "nat_name"{ 6 | default="nat_test_name" 7 | } 8 | 9 | 10 | variable "eip_bandwidth"{ 11 | default="10" 12 | } 13 | 14 | variable "eip_internet_charge_type"{ 15 | default="PayByBandwidth" 16 | } 17 | 18 | variable "common_bandwidth_package_enabled" { 19 | default=false 20 | } 21 | 22 | variable "common_bandwidth_package_name"{ 23 | default="tf_cbp" 24 | } 25 | 26 | variable "common_bandwidth_package_bandwidth"{ 27 | default="1000" 28 | } 29 | 30 | variable "common_bandwidth_package_internet_charge_type"{ 31 | default="PayByBandwidth" 32 | } 33 | 34 | -------------------------------------------------------------------------------- /example/03-complex-enterprise/foundations/modules/networking/network/output.tf: -------------------------------------------------------------------------------- 1 | output "vpc_shared_service_id" { 2 | value = alicloud_vpc.vpc_shared_service.id 3 | } 4 | 5 | output "vpc_dmz_id" { 6 | value = alicloud_vpc.vpc_dmz.id 7 | } 8 | 9 | output "vpc_production_id" { 10 | value = alicloud_vpc.vpc_production.id 11 | } 12 | 13 | output "vpc_non_production_id" { 14 | value = alicloud_vpc.vpc_non_production.id 15 | } 16 | 17 | output "cen_instance_id" { 18 | value = alicloud_cen_instance.cen.id 19 | } 20 | 21 | output "vswitches_shared_services" { 22 | value = alicloud_vswitch.shared_service_vswitches 23 | } 24 | 25 | output "vswitches_dmz" { 26 | value = alicloud_vswitch.dmz_vswitches 27 | } -------------------------------------------------------------------------------- /example/03-complex-enterprise/foundations/modules/networking/network/variable.tf: -------------------------------------------------------------------------------- 1 | variable "network_settings" { 2 | description = "" 3 | } 4 | 5 | variable "region" { 6 | description = "" 7 | } 8 | 9 | 10 | -------------------------------------------------------------------------------- /example/03-complex-enterprise/foundations/modules/networking/variables.tf: -------------------------------------------------------------------------------- 1 | variable "network_settings" { 2 | description = "" 3 | } 4 | 5 | variable "region" { 6 | description = "" 7 | } -------------------------------------------------------------------------------- /example/03-complex-enterprise/foundations/modules/networking/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "hashicorp/alicloud" 5 | version = ">= 1.96.0" 6 | } 7 | } 8 | required_version = ">= 0.13" 9 | } 10 | -------------------------------------------------------------------------------- /example/03-complex-enterprise/foundations/output.tf: -------------------------------------------------------------------------------- 1 | output "foundations" { 2 | value = { 3 | master_uid = data.alicloud_account.current_account.id 4 | shared_services_uid = alicloud_resource_manager_account.rd_account_SharedServices.id 5 | rd_folder_application_id = alicloud_resource_manager_folder.rd_folder_Business.id 6 | cloudfirewall = module.networking.cloudfirewall_setting 7 | networking = { 8 | cen_instance_id = module.networking.cen_instance_id 9 | vswitches_shared_services = module.networking.vswitches_shared_services 10 | vswitches_dmz = module.networking.vswitches_dmz 11 | vpc_production_id = module.networking.vpc_production_id 12 | vpc_non_production_id = module.networking.vpc_non_production_id 13 | } 14 | } 15 | } -------------------------------------------------------------------------------- /example/03-complex-enterprise/foundations/variables.tf: -------------------------------------------------------------------------------- 1 | variable "access_key" { 2 | default = "" 3 | } 4 | variable "secret_key" { 5 | default = "" 6 | } 7 | 8 | variable "region" { 9 | default = "cn-shanghai" 10 | } 11 | 12 | variable "basic_settings" { 13 | description = "" 14 | } 15 | 16 | variable "network_settings" { 17 | description = "" 18 | } -------------------------------------------------------------------------------- /example/03-complex-enterprise/foundations/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "hashicorp/alicloud" 5 | version = ">= 1.100.1" 6 | } 7 | } 8 | required_version = ">= 0.13" 9 | } 10 | -------------------------------------------------------------------------------- /example/03-complex-enterprise/kubenetes/modules/cluster/output.tf: -------------------------------------------------------------------------------- 1 | output "slb_address" { 2 | value = data.alicloud_slbs.slbs 3 | } -------------------------------------------------------------------------------- /example/03-complex-enterprise/kubenetes/modules/network/variable.tf: -------------------------------------------------------------------------------- 1 | variable "vpc_id"{ 2 | default="vpc-uf62jqcrmv6ouwcqi2zqw" 3 | } 4 | 5 | variable "external_port"{ 6 | default="any" 7 | } 8 | 9 | variable "external_ip"{ 10 | default="" 11 | } 12 | 13 | variable "eip_id"{ 14 | default="" 15 | } 16 | 17 | variable "ip_protocol"{ 18 | default="any" 19 | } 20 | 21 | variable "internal_ip"{ 22 | default="10.34.67.241" 23 | } 24 | 25 | variable "internal_port"{ 26 | default="any" 27 | } 28 | 29 | variable "network_enabled"{ 30 | default="any" 31 | } 32 | 33 | variable "nat_id"{ 34 | } 35 | 36 | 37 | -------------------------------------------------------------------------------- /example/03-complex-enterprise/kubenetes/output.tf: -------------------------------------------------------------------------------- 1 | output "slb_address" { 2 | value = module.app_k8s_cluster.slb_address.slbs.0.address 3 | } -------------------------------------------------------------------------------- /example/03-complex-enterprise/kubenetes/variables.tf: -------------------------------------------------------------------------------- 1 | variable "access_key" { 2 | default = "" 3 | } 4 | 5 | variable "secret_key" { 6 | default = "" 7 | } 8 | 9 | variable "security_token" { 10 | 11 | } 12 | 13 | variable "region" { 14 | default = "cn-shanghai" 15 | } 16 | 17 | variable "applications_cluster_setting" { 18 | description = "" 19 | } 20 | 21 | variable "foundations" { 22 | description = "" 23 | } 24 | 25 | variable "network_settings" { 26 | description = "" 27 | } 28 | 29 | 30 | -------------------------------------------------------------------------------- /example/03-complex-enterprise/kubenetes/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "hashicorp/alicloud" 5 | version = ">= 1.100.1" 6 | } 7 | } 8 | required_version = ">= 0.13" 9 | } 10 | -------------------------------------------------------------------------------- /image/landing-zone-journey.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/image/landing-zone-journey.png -------------------------------------------------------------------------------- /image/landing-zone-module.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/image/landing-zone-module.png -------------------------------------------------------------------------------- /solution/IAM/2.1-multi-account-sso/modules/role/variables.tf: -------------------------------------------------------------------------------- 1 | variable "role_name" {} 2 | 3 | variable "role_description" {} 4 | 5 | variable "policies" {} 6 | 7 | variable "account_uid" {} 8 | 9 | variable "idp_name" {} -------------------------------------------------------------------------------- /solution/IAM/2.1-multi-account-sso/step1/settings.tfvars: -------------------------------------------------------------------------------- 1 | # 主账号AK,需要填写AK和AK secret 2 | access_key = "" 3 | 4 | secret_key = "" 5 | 6 | region = "cn-hangzhou" 7 | 8 | # 角色列表 9 | ram_roles = { 10 | "ssoTestRole": { 11 | description = "Test for Terraform" 12 | policies = [ 13 | "AliyunLogFullAccess" 14 | ] 15 | } 16 | } 17 | 18 | # idp名称 19 | saml_provider_name = "tf-testIdp" 20 | 21 | # idp元数据xml文件路径 22 | metadata = "./meta.xml" 23 | 24 | # 子账号黑名单,填写子账号uid,在黑名单内的子账号不会创建idp和ram角色 25 | exclude = ["113************"] 26 | # 期望作用在所有子账号上则配置exclude=[]即可。 27 | # exclude = [] -------------------------------------------------------------------------------- /solution/IAM/2.1-multi-account-sso/step1/variables.tf: -------------------------------------------------------------------------------- 1 | variable "access_key" {} 2 | 3 | variable "secret_key" {} 4 | 5 | variable "region" {} 6 | 7 | variable "ram_roles" {} 8 | 9 | variable "saml_provider_name" {} 10 | 11 | variable "metadata" {} 12 | 13 | variable "exclude" {} -------------------------------------------------------------------------------- /solution/IAM/README.md: -------------------------------------------------------------------------------- 1 | - 2.1-multi-account-sso:自建IDP实现多账号SSO解决方案的Terraform脚本 2 | 3 | - function中包含5个功能模板,每个模板下的README.md详细介绍了各个功能模板的使用。 4 | - 01-自动化从主账号初始化资源目录 5 | - 02-自动化为资源目录下发策略 6 | - 03-自动化为企业成员账号创建角色 7 | - 04-用户跨账号扮演角色模板 8 | - 05-单账号sso自动化配置 9 | - img: readme.md中的图片 -------------------------------------------------------------------------------- /solution/IAM/function/01-terraform-init-resource-directory/main.tf: -------------------------------------------------------------------------------- 1 | provider "alicloud" { 2 | access_key = var.access_key 3 | secret_key = var.secret_key 4 | region = var.region 5 | } 6 | 7 | # 开通资源目录 8 | resource "alicloud_resource_manager_resource_directory" "resource_manager" { 9 | # 开启策略管控 10 | status = "Enabled" 11 | } 12 | 13 | # 在文件夹下创建资源账号 14 | module "account" { 15 | for_each = var.resource_directories 16 | source = "./modules/account" 17 | 18 | providers = { 19 | alicloud = alicloud 20 | } 21 | 22 | folder_name = each.key 23 | account_name = each.value.accounts 24 | depends_on = [ 25 | alicloud_resource_manager_resource_directory.resource_manager, 26 | ] 27 | } -------------------------------------------------------------------------------- /solution/IAM/function/01-terraform-init-resource-directory/modules/account/main.tf: -------------------------------------------------------------------------------- 1 | # 创建文件夹 2 | resource "alicloud_resource_manager_folder" "folder" { 3 | folder_name = var.folder_name 4 | } 5 | 6 | # 在文件夹下创建账户 7 | resource "alicloud_resource_manager_account" "account" { 8 | for_each = toset(var.account_name) 9 | display_name = each.key 10 | folder_id = alicloud_resource_manager_folder.folder.id 11 | } 12 | -------------------------------------------------------------------------------- /solution/IAM/function/01-terraform-init-resource-directory/modules/account/variables.tf: -------------------------------------------------------------------------------- 1 | variable "account_name" {} 2 | variable "folder_name" {} 3 | -------------------------------------------------------------------------------- /solution/IAM/function/01-terraform-init-resource-directory/settings.tfvars: -------------------------------------------------------------------------------- 1 | # 主账号AK,需要填写AK和AK secret 2 | access_key = "" 3 | secret_key = "" 4 | region = "cn-hangzhou" 5 | 6 | # 创建文件夹和资源账号 7 | # 创建"prod"和"core"文件夹 8 | # "prod"下有账号"Prod", "Pre-prod", "Dev", "Test", "core"下有账号"Shared Service", "Security", "Networking", "Audit" 9 | resource_directories = { 10 | "prod": { 11 | accounts = ["Prod", "Pre-prod", "Dev", "Test"] 12 | }, 13 | "core": { 14 | accounts = ["Shared Service", "Security", "Networking", "Audit"] 15 | } 16 | } 17 | 18 | -------------------------------------------------------------------------------- /solution/IAM/function/01-terraform-init-resource-directory/variables.tf: -------------------------------------------------------------------------------- 1 | variable "access_key" {} 2 | variable "secret_key" {} 3 | variable "region" {} 4 | variable "resource_directories" {} 5 | -------------------------------------------------------------------------------- /solution/IAM/function/02-terraform-control-policy/main.tf: -------------------------------------------------------------------------------- 1 | provider "alicloud" { 2 | access_key = var.access_key 3 | secret_key = var.secret_key 4 | region = var.region 5 | } 6 | 7 | # 创建策略 8 | resource "alicloud_resource_manager_control_policy" "control_policy" { 9 | control_policy_name = var.control_policy_name 10 | description = var.description 11 | effect_scope = var.effect_scope 12 | policy_document = jsonencode(var.policy_document) 13 | } 14 | 15 | # 将策略添加到资源夹下 16 | resource "alicloud_resource_manager_control_policy_attachment" "attach" { 17 | for_each = toset(var.resource_manager_folder_ids) 18 | policy_id = alicloud_resource_manager_control_policy.control_policy.id 19 | target_id = each.value 20 | } 21 | -------------------------------------------------------------------------------- /solution/IAM/function/02-terraform-control-policy/settings.tfvars: -------------------------------------------------------------------------------- 1 | # AK,需要手动填写AK和AK Secret 2 | access_key = "" 3 | secret_key = "" 4 | region = "cn-hangzhou" 5 | 6 | # 管控策略详细信息 7 | # 策略名称 8 | control_policy_name = "policy1" 9 | # 策略描述 10 | description = "" 11 | # 策略作用范围 12 | effect_scope = "RAM" 13 | # 策略配置 14 | policy_document = { 15 | "Version":"1", 16 | "Statement": [ 17 | { 18 | "Effect": "Deny", 19 | "Action": [ 20 | "ram:UpdateRole", 21 | "ram:DeleteRole", 22 | "ram:AttachPolicyToRole", 23 | "ram:DetachPolicyFromRole" 24 | ], 25 | "Resource":"acs:ram:*:*:role/ResourceDirectoryAccountAccessRole" 26 | } 27 | ] 28 | } 29 | 30 | # 绑定的资源夹ID组 31 | resource_manager_folder_ids = ["fd-Zn1wkx2Dws","fd-5wKgZmg0ng"] 32 | -------------------------------------------------------------------------------- /solution/IAM/function/02-terraform-control-policy/variables.tf: -------------------------------------------------------------------------------- 1 | variable access_key {} 2 | variable secret_key {} 3 | variable region {} 4 | variable resource_manager_folder_ids {} 5 | variable control_policy_name {} 6 | variable description {} 7 | variable effect_scope {} 8 | variable policy_document {} 9 | -------------------------------------------------------------------------------- /solution/IAM/function/03-terraform-auto-create-role/modules/role/variables.tf: -------------------------------------------------------------------------------- 1 | variable "role_name" {} 2 | 3 | variable "role_description" {} 4 | 5 | variable "policies" {} 6 | 7 | variable "account_uid" {} -------------------------------------------------------------------------------- /solution/IAM/function/03-terraform-auto-create-role/step1/variables.tf: -------------------------------------------------------------------------------- 1 | variable "access_key" {} 2 | 3 | variable "secret_key" {} 4 | 5 | variable "region" {} 6 | 7 | variable "ram_roles" {} 8 | -------------------------------------------------------------------------------- /solution/IAM/function/04-terraform-multi-roles/modules/output/main.tf: -------------------------------------------------------------------------------- 1 | provider "alicloud" {} 2 | 3 | data "alicloud_caller_identity" "current" { 4 | } 5 | 6 | output "current_role_arn" { 7 | value = data.alicloud_caller_identity.current.arn 8 | } -------------------------------------------------------------------------------- /solution/IAM/function/04-terraform-multi-roles/step1/main.tf: -------------------------------------------------------------------------------- 1 | provider "alicloud" { 2 | access_key = var.access_key 3 | secret_key = var.secret_key 4 | region = var.region 5 | } 6 | 7 | # assumerole到成员账号 8 | resource "local_file" "step2-main" { 9 | content = templatefile("${path.module}/step2.tmpl", { 10 | access_key = var.access_key, 11 | secret_key = var.secret_key, 12 | region = var.region, 13 | ram_roles = var.ram_roles 14 | }) 15 | filename = "${path.module}/../step2/main.tf" 16 | } -------------------------------------------------------------------------------- /solution/IAM/function/04-terraform-multi-roles/step1/settings.tfvars: -------------------------------------------------------------------------------- 1 | # AK,需要手动填写AK和AK Secret 2 | access_key = "" 3 | secret_key = "" 4 | region = "cn-hangzhou" 5 | 6 | # RAM用户要去扮演的角色,需要填写角色名称和角色所在账号的uid 7 | ram_roles = [ 8 | { 9 | role_name = "cloudadmin" 10 | account_id = "1925726250249818" 11 | }, 12 | { 13 | role_name = "networkadmin" 14 | account_id = "1320526250247518" 15 | } 16 | ] -------------------------------------------------------------------------------- /solution/IAM/function/04-terraform-multi-roles/step1/variables.tf: -------------------------------------------------------------------------------- 1 | variable "access_key" {} 2 | variable "secret_key" {} 3 | variable "region" {} 4 | 5 | variable "ram_roles" {} -------------------------------------------------------------------------------- /solution/IAM/function/05-terraform-auto-sso/modules/role/variables.tf: -------------------------------------------------------------------------------- 1 | variable "role_name" {} 2 | 3 | variable "role_description" {} 4 | 5 | variable "policies" {} 6 | 7 | variable "account_uid" {} 8 | 9 | variable "idp_name" {} -------------------------------------------------------------------------------- /solution/IAM/function/05-terraform-auto-sso/settings.tfvars: -------------------------------------------------------------------------------- 1 | # 主账号AK,需要填写AK和AK secret 2 | access_key = "" 3 | 4 | secret_key = "" 5 | 6 | region = "cn-hangzhou" 7 | 8 | # 角色列表 9 | ram_roles = { 10 | "ssoTestRole": { 11 | description = "Test for Terraform" 12 | policies = [ 13 | "AliyunLogFullAccess" 14 | ] 15 | }, 16 | "ssoTestRole2": { 17 | description = "Test for Terraform" 18 | policies = [ 19 | "AliyunLogReadOnlyAccess" 20 | ] 21 | } 22 | } 23 | 24 | # idp名称 25 | saml_provider_name = "tf-testIdp" 26 | 27 | # idp元数据xml文件路径 28 | metadata = "./meta.xml" -------------------------------------------------------------------------------- /solution/IAM/function/05-terraform-auto-sso/variables.tf: -------------------------------------------------------------------------------- 1 | variable "access_key" {} 2 | 3 | variable "secret_key" {} 4 | 5 | variable "region" {} 6 | 7 | variable "saml_provider_name" {} 8 | 9 | variable "metadata" {} 10 | 11 | variable "ram_roles" {} 12 | -------------------------------------------------------------------------------- /solution/IAM/img/1.创建RAM角色并生成AK.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/IAM/img/1.创建RAM角色并生成AK.png -------------------------------------------------------------------------------- /solution/IAM/img/10.03-控制台.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/IAM/img/10.03-控制台.png -------------------------------------------------------------------------------- /solution/IAM/img/11.02-控制台.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/IAM/img/11.02-控制台.png -------------------------------------------------------------------------------- /solution/IAM/img/12.01-控制台.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/IAM/img/12.01-控制台.png -------------------------------------------------------------------------------- /solution/IAM/img/13.04-plan结果.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/IAM/img/13.04-plan结果.png -------------------------------------------------------------------------------- /solution/IAM/img/14.04-apply结果.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/IAM/img/14.04-apply结果.png -------------------------------------------------------------------------------- /solution/IAM/img/15.step2-plan结果.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/IAM/img/15.step2-plan结果.png -------------------------------------------------------------------------------- /solution/IAM/img/16.04-step2-apply结果.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/IAM/img/16.04-step2-apply结果.png -------------------------------------------------------------------------------- /solution/IAM/img/17.开启管控策略.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/IAM/img/17.开启管控策略.png -------------------------------------------------------------------------------- /solution/IAM/img/18.开启管控策略apply.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/IAM/img/18.开启管控策略apply.png -------------------------------------------------------------------------------- /solution/IAM/img/19.管控策略控制台.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/IAM/img/19.管控策略控制台.png -------------------------------------------------------------------------------- /solution/IAM/img/2.01-plan运行结果.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/IAM/img/2.01-plan运行结果.png -------------------------------------------------------------------------------- /solution/IAM/img/20.单账号sso-plan.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/IAM/img/20.单账号sso-plan.png -------------------------------------------------------------------------------- /solution/IAM/img/21.单账号sso-apply.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/IAM/img/21.单账号sso-apply.png -------------------------------------------------------------------------------- /solution/IAM/img/22.多账号sso-step1-apply.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/IAM/img/22.多账号sso-step1-apply.png -------------------------------------------------------------------------------- /solution/IAM/img/23.多账号sso-step2-apply.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/IAM/img/23.多账号sso-step2-apply.png -------------------------------------------------------------------------------- /solution/IAM/img/3.01-apply运行结果.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/IAM/img/3.01-apply运行结果.png -------------------------------------------------------------------------------- /solution/IAM/img/4.02-plan运行结果.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/IAM/img/4.02-plan运行结果.png -------------------------------------------------------------------------------- /solution/IAM/img/5.02-apply运行结果.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/IAM/img/5.02-apply运行结果.png -------------------------------------------------------------------------------- /solution/IAM/img/6.03-step1-plan运行结果.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/IAM/img/6.03-step1-plan运行结果.png -------------------------------------------------------------------------------- /solution/IAM/img/7.03-step1-apply运行结果.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/IAM/img/7.03-step1-apply运行结果.png -------------------------------------------------------------------------------- /solution/IAM/img/8.03-step2-plan运行结果.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/IAM/img/8.03-step2-plan运行结果.png -------------------------------------------------------------------------------- /solution/IAM/img/9.03-step2-apply运行结果.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/IAM/img/9.03-step2-apply运行结果.png -------------------------------------------------------------------------------- /solution/ack/solutions/IAM/OIDC/java_spring/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alibaba-cloud-linux-3-registry.cn-hangzhou.cr.aliyuncs.com/alinux3/alinux3 2 | 3 | RUN yum -y install python3.8 && \ 4 | yum -y install java && \ 5 | yum -y install tar && \ 6 | curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py && \ 7 | python3 get-pip.py && \ 8 | pip3 install -i https://pypi.tuna.tsinghua.edu.cn/simple alibabacloud_sts20150401==1.1.1 && \ 9 | pip3 install -i https://pypi.tuna.tsinghua.edu.cn/simple aliyun-python-sdk-sts==3.1.0 10 | -------------------------------------------------------------------------------- /solution/ack/solutions/IAM/OIDC/java_spring/Dockerfile_biz: -------------------------------------------------------------------------------- 1 | FROM dsafd-registry.cn-shenzhen.cr.aliyuncs.com/yaofangapp/basicapp:v0.1 2 | 3 | # 这里替换成你自己的应用名 4 | ARG APP_NAME=calcula 5 | ARG ENV_TYPE=production 6 | 7 | # 容器运行时的环境变量 8 | ENV APP_NAME=$APP_NAME 9 | ENV APP_ENVIRONMENT=$ENV_TYPE 10 | 11 | COPY bin /root/${APP_NAME}/bin 12 | 13 | RUN mkdir -p /root/${APP_NAME}/logs && mkdir -p /root/${APP_NAME}/target 14 | 15 | VOLUME /root/${APP_NAME}/logs 16 | 17 | COPY ${APP_NAME}.jar /root/${APP_NAME}/target 18 | -------------------------------------------------------------------------------- /solution/ack/solutions/IAM/OIDC/java_spring/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # 执行脚本:./build.sh v0.1 4 | 5 | TAG=$1 6 | 7 | mvn clean package -DskipTests 8 | cp target/calcula.jar calcula.jar 9 | 10 | # yaofangapp 11 | docker build -t dsafd-registry.cn-shenzhen.cr.aliyuncs.com/yaofangapp/calcula:${TAG} -f Dockerfile_biz ./ 12 | docker push dsafd-registry.cn-shenzhen.cr.aliyuncs.com/yaofangapp/calcula:${TAG} 13 | 14 | docker images | grep calcula 15 | 16 | rm calcula.jar -------------------------------------------------------------------------------- /solution/ack/solutions/IAM/OIDC/java_spring/src/main/java/org/hz/minigroup/FreetimeApplication.java: -------------------------------------------------------------------------------- 1 | package org.hz.minigroup; 2 | 3 | import org.springframework.boot.SpringApplication; 4 | import org.springframework.boot.autoconfigure.SpringBootApplication; 5 | 6 | @SpringBootApplication 7 | public class FreetimeApplication { 8 | 9 | public static void main(String[] args) { 10 | SpringApplication.run(FreetimeApplication.class, args); 11 | } 12 | 13 | } 14 | -------------------------------------------------------------------------------- /solution/ack/solutions/IAM/OIDC/java_spring/src/main/java/org/hz/minigroup/network/enums/NetworkEnum.java: -------------------------------------------------------------------------------- 1 | package org.hz.minigroup.network.enums; 2 | 3 | public enum NetworkEnum { 4 | 5 | } 6 | -------------------------------------------------------------------------------- /solution/ack/solutions/IAM/OIDC/java_spring/src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | project.name=calcula 2 | server.port=7001 3 | management.server.port=7002 4 | info.app.name=spring-boot-actuator 5 | info.app.version= 1.0.0 6 | info.app.test=test 7 | 8 | management.endpoints.web.exposure.include=* 9 | management.endpoint.health.show-details=always 10 | #management.endpoints.web.base-path=/monitor 11 | 12 | management.endpoint.shutdown.enabled=true 13 | 14 | 15 | 16 | 17 | 18 | 19 | -------------------------------------------------------------------------------- /solution/ack/solutions/IAM/OIDC/java_spring/src/main/resources/oidc.properties: -------------------------------------------------------------------------------- 1 | # ak / sk 2 | oidc.sts.provider_arn=acs:ram::1146716667364xxxx:oidc-provider/ack-rrsa-xxxx 3 | oidc.sts.role_arn=acs:ram::1146716667364xxx:role/ack-app-sts-role 4 | oidc.sts.role_session_name=yaoapp 5 | oidc.sts.region=cn-shenzhen 6 | oidc.sts.endpoint=sts.cn-shenzhen.aliyuncs.com 7 | -------------------------------------------------------------------------------- /solution/ack/usecase/IAM/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine 2 | 3 | RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories && \ 4 | apk add curl && \ 5 | apk add python3 && \ 6 | curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py && \ 7 | python3 get-pip.py 8 | 9 | -------------------------------------------------------------------------------- /solution/ack/usecase/IAM/configmap: -------------------------------------------------------------------------------- 1 | # kubectl create configmap game-config --from-file=docs/user-guide/configmap/kubectl 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: aliyun-config 6 | data: 7 | # replace your filename of properties configration and contents here. 8 | game.properties: | 9 | enemies=aliens 10 | lives=3 11 | enemies.cheat=true 12 | enemies.cheat.level=noGoodRotten 13 | secret.code.passphrase=UUDDLRLRBABAS 14 | secret.code.allowed=true 15 | secret.code.lives=30 16 | ui.properties: | 17 | color.good=purple 18 | color.bad=yellow 19 | allow.textmode=true 20 | how.nice.to.look=fairlyNice 21 | special.env: env_value -------------------------------------------------------------------------------- /solution/automation/account-factory/README.md: -------------------------------------------------------------------------------- 1 | ## Notes on Backend 2 | The 'key' field in backend configuration at each step of the pipeline must be different. Otherwise, overwriting will occur. 3 | 4 | For example, the step of creating an IDP is completed, and the generated state file will have IDP information. 5 | If the 'key' field of the next step X is configured the same as the IDP step, after execution, because of the IDP Terraform code is not included in step X, 6 | Terraform thinks that the final state description of the resource has been changed, and the IDP will be overwritten and deleted. -------------------------------------------------------------------------------- /solution/automation/account-factory/backend.tfvars: -------------------------------------------------------------------------------- 1 | # Modify according to the actual situation 2 | bucket = "bucket-with-terraform-state1" 3 | prefix = "path/mystate" 4 | region = "cn-hangzhou" 5 | tablestore_endpoint = "https://xxxx.cn-hangzhou.ots.aliyuncs.com" 6 | tablestore_table = "statelock" 7 | endpoint = "oss-cn-hangzhou.aliyuncs.com" 8 | # If the backend storage is not under the management account, you need to set the AK/SK of the corresponding account 9 | #access_key = "xxx" 10 | #secret_key = "xxx" -------------------------------------------------------------------------------- /solution/automation/account-factory/extension/backend/azurerm-backend.tf: -------------------------------------------------------------------------------- 1 | # {state_key} should be replaced at each step 2 | terraform { 3 | backend "azurerm" { 4 | resource_group_name = "xxx" 5 | storage_account_name = "xxx" 6 | container_name = "xxx" 7 | key = "${state_key}" 8 | } 9 | } 10 | 11 | provider "azurerm" { 12 | features {} 13 | } -------------------------------------------------------------------------------- /solution/automation/account-factory/extension/backend/azurerm-backend.tfvars: -------------------------------------------------------------------------------- 1 | # Modify according to the actual situation 2 | resource_group_name = "yourResourceGroupName" 3 | storage_account_name = "yourStorageAccountName" 4 | container_name = "yourStorageContainerName" -------------------------------------------------------------------------------- /solution/automation/account-factory/extension/kms_client_key_kaap.json: -------------------------------------------------------------------------------- 1 | { 2 | "KeyId": "KAAP.6681da05-xxxx-xxxx-xxxx-b8721c18bddb", 3 | "PrivateKeyData": "yourPrivateKeyData" 4 | } -------------------------------------------------------------------------------- /solution/automation/account-factory/extension/secretsmanager.properties: -------------------------------------------------------------------------------- 1 | ## access type。 2 | credentials_type=client_key 3 | 4 | # your client key private key password environment variable name# 5 | client_key_password_from_env_variable=KMS_AAP_CLIENT_KEY_PWD 6 | 7 | ## private key file。 8 | client_key_private_key_path=kms_client_key_kaap.json 9 | 10 | ## KMS Region。 11 | cache_client_region_id=[{"regionId":"cn-shanghai"}] -------------------------------------------------------------------------------- /solution/automation/account-factory/modules/idp/CHANGELOG.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/automation/account-factory/modules/idp/CHANGELOG.md -------------------------------------------------------------------------------- /solution/automation/account-factory/modules/idp/examples/complete/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | } 6 | } 7 | backend "oss" { 8 | } 9 | } 10 | 11 | provider "alicloud" { 12 | alias = "rd_role" 13 | assume_role { 14 | role_arn = format("acs:ram::%s:role/ResourceDirectoryAccountAccessRole", var.account_id) 15 | session_name = "AccountLandingZoneSetup" 16 | session_expiration = 999 17 | } 18 | } 19 | 20 | module "idp" { 21 | source = "../../" 22 | 23 | providers = { 24 | alicloud = alicloud.rd_role 25 | } 26 | sso_provider_name = var.sso_provider_name 27 | encodedsaml_metadata_document = var.encodedsaml_metadata_document 28 | } 29 | -------------------------------------------------------------------------------- /solution/automation/account-factory/modules/idp/examples/complete/outputs.tf: -------------------------------------------------------------------------------- 1 | output "idp_arn" { 2 | value = module.idp.idp_arn 3 | } 4 | -------------------------------------------------------------------------------- /solution/automation/account-factory/modules/idp/examples/scenario-other-1/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | } 6 | } 7 | backend "oss" { 8 | } 9 | } 10 | 11 | provider "alicloud" { 12 | alias = "rd_role" 13 | assume_role { 14 | role_arn = format("acs:ram::%s:role/ResourceDirectoryAccountAccessRole", var.account_id) 15 | session_name = "AccountLandingZoneSetup" 16 | session_expiration = 999 17 | } 18 | } 19 | 20 | module "idp" { 21 | source = "../../" 22 | 23 | providers = { 24 | alicloud = alicloud.rd_role 25 | } 26 | sso_provider_name = var.sso_provider_name 27 | encodedsaml_metadata_document = var.encodedsaml_metadata_document 28 | } 29 | -------------------------------------------------------------------------------- /solution/automation/account-factory/modules/idp/examples/scenario-other-1/outputs.tf: -------------------------------------------------------------------------------- 1 | output "idp_arn" { 2 | value = module.idp.idp_arn 3 | } 4 | -------------------------------------------------------------------------------- /solution/automation/account-factory/modules/idp/main.tf: -------------------------------------------------------------------------------- 1 | resource "alicloud_ram_saml_provider" "idp" { 2 | saml_provider_name = var.sso_provider_name 3 | encodedsaml_metadata_document = var.encodedsaml_metadata_document 4 | description = "Created with Terraform automation scripts." 5 | } -------------------------------------------------------------------------------- /solution/automation/account-factory/modules/idp/outputs.tf: -------------------------------------------------------------------------------- 1 | output "idp_arn" { 2 | value = alicloud_ram_saml_provider.idp.arn 3 | } 4 | -------------------------------------------------------------------------------- /solution/automation/account-factory/modules/idp/variables.tf: -------------------------------------------------------------------------------- 1 | variable "sso_provider_name" {} 2 | 3 | variable "encodedsaml_metadata_document" {} 4 | -------------------------------------------------------------------------------- /solution/automation/account-factory/modules/idp/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = ">=1.127.0" 6 | } 7 | } 8 | required_version = ">=0.12" 9 | } 10 | -------------------------------------------------------------------------------- /solution/automation/account-factory/modules/network/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | } 6 | } 7 | required_version = ">=0.12" 8 | } 9 | 10 | resource "alicloud_vpc" "vpc" { 11 | vpc_name = var.vpc_name 12 | cidr_block = var.vpc_cidr_block 13 | } 14 | 15 | resource "alicloud_vswitch" "vsw" { 16 | vpc_id = alicloud_vpc.vpc.id 17 | vswitch_name = var.vswitch_name 18 | cidr_block = var.switch_cidr_block 19 | zone_id = var.zone_id 20 | } 21 | -------------------------------------------------------------------------------- /solution/automation/account-factory/modules/network/outputs.tf: -------------------------------------------------------------------------------- 1 | output "vpc_id" { 2 | value = alicloud_vpc.vpc.id 3 | } 4 | 5 | output "vswitch_id" { 6 | value = alicloud_vswitch.vsw.id 7 | } 8 | -------------------------------------------------------------------------------- /solution/automation/account-factory/modules/network/variables.tf: -------------------------------------------------------------------------------- 1 | variable "vpc_name" {} 2 | 3 | variable "vpc_cidr_block" {} 4 | 5 | variable "vswitch_name" {} 6 | 7 | variable "switch_cidr_block" {} 8 | 9 | variable "zone_id" {} 10 | 11 | 12 | -------------------------------------------------------------------------------- /solution/automation/account-factory/modules/role/outputs.tf: -------------------------------------------------------------------------------- 1 | output "role_arn" { 2 | value = alicloud_ram_role.ram_role.arn 3 | description = "Output role arn." 4 | } 5 | -------------------------------------------------------------------------------- /solution/automation/account-factory/modules/role/variables.tf: -------------------------------------------------------------------------------- 1 | variable "role_name" {} 2 | 3 | variable "role_description" {} 4 | 5 | variable "sso_provider_name" {} 6 | 7 | variable "account_uid" {} -------------------------------------------------------------------------------- /solution/automation/account-factory/step/account-create/backend.tf: -------------------------------------------------------------------------------- 1 | # {state_key} should be replaced at each step 2 | terraform { 3 | backend "oss" { 4 | bucket = "xxx" 5 | prefix = "xxx" 6 | key = "{state_key}" 7 | region = "xxx" 8 | tablestore_endpoint = "xxx" 9 | tablestore_table = "xxx" 10 | # access_key = "xxx" 11 | # secret_key = "xxx" 12 | endpoint = "xxx" 13 | } 14 | } -------------------------------------------------------------------------------- /solution/automation/account-factory/step/account-create/main.tf: -------------------------------------------------------------------------------- 1 | provider "alicloud" { 2 | } 3 | 4 | # Create member account 5 | resource "alicloud_resource_manager_account" "rd_account_app" { 6 | display_name = var.account_name 7 | account_name_prefix = var.account_name_prefix 8 | folder_id = var.folder_id 9 | } 10 | 11 | # Save member account information temporarily 12 | resource "local_file" "account_json" { 13 | content = templatefile("../var/account.json.tmpl", { 14 | account_id = alicloud_resource_manager_account.rd_account_app.id 15 | }) 16 | filename = "../var/account.json" 17 | } 18 | -------------------------------------------------------------------------------- /solution/automation/account-factory/step/account-create/outputs.tf: -------------------------------------------------------------------------------- 1 | # outputs.tf https://learn.hashicorp.com/tutorials/terraform/outputs 2 | output "account_id" { 3 | value = alicloud_resource_manager_account.rd_account_app.id 4 | } -------------------------------------------------------------------------------- /solution/automation/account-factory/step/account-create/variables.tf: -------------------------------------------------------------------------------- 1 | variable "account_name" {} 2 | 3 | variable "account_name_prefix" {} 4 | 5 | variable "folder_id" {} 6 | -------------------------------------------------------------------------------- /solution/automation/account-factory/step/account-create/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.127.0" 6 | } 7 | 8 | local = { 9 | source = "hashicorp/local" 10 | version = "2.1.0" 11 | } 12 | } 13 | required_version = ">=0.12" 14 | } -------------------------------------------------------------------------------- /solution/automation/account-factory/step/auth-authorize-role/backend.tf: -------------------------------------------------------------------------------- 1 | # {state_key} should be replaced at each step 2 | terraform { 3 | backend "oss" { 4 | bucket = "xxx" 5 | prefix = "xxx" 6 | key = "{state_key}" 7 | region = "xxx" 8 | tablestore_endpoint = "xxx" 9 | tablestore_table = "xxx" 10 | # access_key = "xxx" 11 | # secret_key = "xxx" 12 | endpoint = "xxx" 13 | } 14 | } -------------------------------------------------------------------------------- /solution/automation/account-factory/step/auth-authorize-role/outputs.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/automation/account-factory/step/auth-authorize-role/outputs.tf -------------------------------------------------------------------------------- /solution/automation/account-factory/step/auth-authorize-role/variables.tf: -------------------------------------------------------------------------------- 1 | variable "account_id" { 2 | type = string 3 | default = "" 4 | } 5 | 6 | variable "policy_name" {} 7 | variable "policy_document" { 8 | type = string 9 | } 10 | variable "attach_roles" { 11 | type = list(string) 12 | } 13 | variable "attach_users" { 14 | type = list(string) 15 | } 16 | variable "reader_name" {} 17 | variable "reader_policy_type" {} 18 | variable "reader_policy_name" {} 19 | -------------------------------------------------------------------------------- /solution/automation/account-factory/step/auth-authorize-role/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.127.0" 6 | } 7 | 8 | local = { 9 | source = "hashicorp/local" 10 | version = "2.1.0" 11 | } 12 | } 13 | required_version = ">=0.12" 14 | } -------------------------------------------------------------------------------- /solution/automation/account-factory/step/auth-create-idp/backend.tf: -------------------------------------------------------------------------------- 1 | # {state_key} should be replaced at each step 2 | terraform { 3 | backend "oss" { 4 | bucket = "xxx" 5 | prefix = "xxx" 6 | key = "{state_key}" 7 | region = "xxx" 8 | tablestore_endpoint = "xxx" 9 | tablestore_table = "xxx" 10 | # access_key = "xxx" 11 | # secret_key = "xxx" 12 | endpoint = "xxx" 13 | } 14 | } -------------------------------------------------------------------------------- /solution/automation/account-factory/step/auth-create-idp/outputs.tf: -------------------------------------------------------------------------------- 1 | output "idp_arn" { 2 | value = module.idp.idp_arn 3 | } -------------------------------------------------------------------------------- /solution/automation/account-factory/step/auth-create-idp/variables.tf: -------------------------------------------------------------------------------- 1 | variable "account_id" { 2 | type = string 3 | default = "" 4 | } 5 | 6 | variable "sso_provider_name" {} 7 | variable "encodedsaml_metadata_document" {} 8 | 9 | -------------------------------------------------------------------------------- /solution/automation/account-factory/step/auth-create-idp/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.127.0" 6 | } 7 | 8 | local = { 9 | source = "hashicorp/local" 10 | version = "2.1.0" 11 | } 12 | } 13 | required_version = ">=0.12" 14 | } -------------------------------------------------------------------------------- /solution/automation/account-factory/step/auth-create-role/backend.tf: -------------------------------------------------------------------------------- 1 | # {state_key} should be replaced at each step 2 | terraform { 3 | backend "oss" { 4 | bucket = "xxx" 5 | prefix = "xxx" 6 | key = "{state_key}" 7 | region = "xxx" 8 | tablestore_endpoint = "xxx" 9 | tablestore_table = "xxx" 10 | # access_key = "xxx" 11 | # secret_key = "xxx" 12 | endpoint = "xxx" 13 | } 14 | } -------------------------------------------------------------------------------- /solution/automation/account-factory/step/auth-create-role/outputs.tf: -------------------------------------------------------------------------------- 1 | output "role_arn" { 2 | value = { 3 | for role in var.ram_roles.roles :role.role_name => module.ram_role[role.role_name].role_arn 4 | } 5 | depends_on = [module.ram_role] 6 | } 7 | 8 | #output "role_arn" { 9 | # value = [ 10 | # for role in var.ram_roles.roles: module.ram_role[role.role_name].role_arn 11 | # ] 12 | # depends_on = [module.ram_role] 13 | #} -------------------------------------------------------------------------------- /solution/automation/account-factory/step/auth-create-role/variables.tf: -------------------------------------------------------------------------------- 1 | variable "account_id" { 2 | type = string 3 | default = "" 4 | } 5 | 6 | variable "sso_provider_name" {} 7 | variable "ram_roles" {} -------------------------------------------------------------------------------- /solution/automation/account-factory/step/auth-create-role/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.127.0" 6 | } 7 | 8 | local = { 9 | source = "hashicorp/local" 10 | version = "2.1.0" 11 | } 12 | } 13 | required_version = ">=0.12" 14 | } -------------------------------------------------------------------------------- /solution/automation/account-factory/step/auth-create-user/backend.tf: -------------------------------------------------------------------------------- 1 | # {state_key} should be replaced at each step 2 | terraform { 3 | backend "oss" { 4 | bucket = "xxx" 5 | prefix = "xxx" 6 | key = "{state_key}" 7 | region = "xxx" 8 | tablestore_endpoint = "xxx" 9 | tablestore_table = "xxx" 10 | # access_key = "xxx" 11 | # secret_key = "xxx" 12 | endpoint = "xxx" 13 | } 14 | } -------------------------------------------------------------------------------- /solution/automation/account-factory/step/auth-create-user/main.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | account_json = fileexists("../var/account.json") ? jsondecode(file("../var/account.json")) : {} 3 | account_id = var.account_id == "" ? local.account_json["account_id"] : var.account_id 4 | user_name = var.user_name 5 | } 6 | 7 | provider "alicloud" { 8 | alias = "rd_role" 9 | assume_role { 10 | role_arn = format("acs:ram::%s:role/ResourceDirectoryAccountAccessRole", local.account_id) 11 | session_name = "AccountLandingZoneSetup" 12 | session_expiration = 999 13 | } 14 | } 15 | 16 | resource "alicloud_ram_user" "user" { 17 | provider = alicloud.rd_role 18 | name = local.user_name 19 | force = true 20 | } 21 | -------------------------------------------------------------------------------- /solution/automation/account-factory/step/auth-create-user/outputs.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/automation/account-factory/step/auth-create-user/outputs.tf -------------------------------------------------------------------------------- /solution/automation/account-factory/step/auth-create-user/variables.tf: -------------------------------------------------------------------------------- 1 | variable "account_id" { 2 | type = string 3 | default = "" 4 | } 5 | 6 | variable "user_name" {} -------------------------------------------------------------------------------- /solution/automation/account-factory/step/auth-create-user/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.127.0" 6 | } 7 | 8 | local = { 9 | source = "hashicorp/local" 10 | version = "2.1.0" 11 | } 12 | } 13 | required_version = ">=0.12" 14 | } -------------------------------------------------------------------------------- /solution/automation/account-factory/step/network-create-vpc-vsw/backend.tf: -------------------------------------------------------------------------------- 1 | # {state_key} should be replaced at each step 2 | terraform { 3 | backend "oss" { 4 | bucket = "xxx" 5 | prefix = "xxx" 6 | key = "{state_key}" 7 | region = "xxx" 8 | tablestore_endpoint = "xxx" 9 | tablestore_table = "xxx" 10 | # access_key = "xxx" 11 | # secret_key = "xxx" 12 | endpoint = "xxx" 13 | } 14 | } -------------------------------------------------------------------------------- /solution/automation/account-factory/step/network-create-vpc-vsw/outputs.tf: -------------------------------------------------------------------------------- 1 | output "vpc_id" { 2 | value = module.network_config.vpc_id 3 | } 4 | 5 | output "vswitch_id" { 6 | value = module.network_config.vswitch_id 7 | } -------------------------------------------------------------------------------- /solution/automation/account-factory/step/network-create-vpc-vsw/variables.tf: -------------------------------------------------------------------------------- 1 | variable "account_id" { 2 | type = string 3 | default = "" 4 | } 5 | 6 | variable "vpc_name" {} 7 | variable "vpc_cidr_block" {} 8 | variable "switch_cidr_block" {} 9 | variable "vswitch_name" {} 10 | variable "zone_id" {} 11 | 12 | -------------------------------------------------------------------------------- /solution/automation/account-factory/step/network-create-vpc-vsw/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.127.0" 6 | } 7 | 8 | local = { 9 | source = "hashicorp/local" 10 | version = "2.1.0" 11 | } 12 | } 13 | required_version = ">=0.12" 14 | } -------------------------------------------------------------------------------- /solution/automation/account-factory/step/var/account.json.tmpl: -------------------------------------------------------------------------------- 1 | { 2 | "account_id":"${account_id}" 3 | } -------------------------------------------------------------------------------- /solution/automation/account-factory/step/var/vpc.json.tmpl: -------------------------------------------------------------------------------- 1 | { 2 | "${vpc_name}":"${vpc_id}" 3 | } -------------------------------------------------------------------------------- /solution/automation/account-factory/step/var/vswitch.json.tmpl: -------------------------------------------------------------------------------- 1 | { 2 | "${vswitch_name}":"${vswitch_id}" 3 | } -------------------------------------------------------------------------------- /solution/automation/finance-industry/modules/compliance-pack/outputs.tf: -------------------------------------------------------------------------------- 1 | output "aggregate_compliance_pack_id" { 2 | description = " The resource ID of Aggregate Compliance Pack. The value is formatted :." 3 | value = alicloud_config_aggregate_compliance_pack.compliance_pack.id 4 | } -------------------------------------------------------------------------------- /solution/automation/finance-industry/modules/compliance-pack/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.160.0" 6 | } 7 | 8 | local = { 9 | source = "hashicorp/local" 10 | version = "2.1.0" 11 | } 12 | } 13 | required_version = ">=0.12" 14 | } -------------------------------------------------------------------------------- /solution/automation/finance-industry/modules/ecs-alb-multi-az/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.160.0" 6 | } 7 | 8 | local = { 9 | source = "hashicorp/local" 10 | version = "2.1.0" 11 | } 12 | } 13 | required_version = ">=0.12" 14 | } -------------------------------------------------------------------------------- /solution/automation/finance-industry/modules/networking/cen-custom-route/outputs.tf: -------------------------------------------------------------------------------- 1 | # outputs.tf https://learn.hashicorp.com/tutorials/terraform/outputs 2 | output "route_table_id" { 3 | description = "The ID of the transit router table." 4 | value = alicloud_cen_transit_router_route_table.custom_route_table.transit_router_route_table_id 5 | } 6 | -------------------------------------------------------------------------------- /solution/automation/finance-industry/modules/networking/cen-custom-route/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.160.0" 6 | } 7 | 8 | local = { 9 | source = "hashicorp/local" 10 | version = "2.1.0" 11 | } 12 | } 13 | required_version = ">=0.12" 14 | } -------------------------------------------------------------------------------- /solution/automation/finance-industry/modules/networking/cen-vpc-attach/outputs.tf: -------------------------------------------------------------------------------- 1 | # outputs.tf https://learn.hashicorp.com/tutorials/terraform/outputs 2 | output "id" { 3 | description = "ID of the resource, It is formatted to :" 4 | value = alicloud_cen_transit_router_vpc_attachment.vpc_attachment.id 5 | } 6 | 7 | output "attachment_id" { 8 | description = "The ID of transit router attachment." 9 | value = alicloud_cen_transit_router_vpc_attachment.vpc_attachment.transit_router_attachment_id 10 | } 11 | -------------------------------------------------------------------------------- /solution/automation/finance-industry/modules/networking/cen-vpc-attach/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.160.0" 6 | configuration_aliases = [ alicloud.shared_service_account, alicloud.vpc_account ] 7 | } 8 | 9 | local = { 10 | source = "hashicorp/local" 11 | version = "2.1.0" 12 | } 13 | } 14 | required_version = ">=0.12" 15 | } -------------------------------------------------------------------------------- /solution/automation/finance-industry/modules/networking/eip/outputs.tf: -------------------------------------------------------------------------------- 1 | output "eip_id_list" { 2 | description = "EIP ID." 3 | value = [for idx, eip in alicloud_eip_address.eip_address : eip.id] 4 | } 5 | 6 | output "eip_address_list" { 7 | description = "EIP Address." 8 | value = [for idx, eip in alicloud_eip_address.eip_address : eip.ip_address] 9 | } 10 | 11 | output "common_bandwidth_package_id" { 12 | description = "Common bandwidth package ID." 13 | value = var.create_common_bandwidth_package ? alicloud_common_bandwidth_package.bandwidth_package.0.id : "" 14 | } 15 | -------------------------------------------------------------------------------- /solution/automation/finance-industry/modules/networking/eip/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.160.0" 6 | } 7 | 8 | local = { 9 | source = "hashicorp/local" 10 | version = "2.1.0" 11 | } 12 | } 13 | required_version = ">=0.12" 14 | } -------------------------------------------------------------------------------- /solution/automation/finance-industry/modules/networking/nat-gateway/outputs.tf: -------------------------------------------------------------------------------- 1 | output "nat_gateway_id" { 2 | description = "The ID of the nat gateway." 3 | value = alicloud_nat_gateway.nat_gateway.id 4 | } 5 | -------------------------------------------------------------------------------- /solution/automation/finance-industry/modules/networking/nat-gateway/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.160.0" 6 | } 7 | 8 | local = { 9 | source = "hashicorp/local" 10 | version = "2.1.0" 11 | } 12 | } 13 | required_version = ">=0.12" 14 | } -------------------------------------------------------------------------------- /solution/automation/finance-industry/modules/networking/vpc-create/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.127.0" 6 | } 7 | 8 | local = { 9 | source = "hashicorp/local" 10 | version = "2.1.0" 11 | } 12 | } 13 | required_version = ">=0.12" 14 | } -------------------------------------------------------------------------------- /solution/automation/finance-industry/modules/networking/vpc-custom-route/outputs.tf: -------------------------------------------------------------------------------- 1 | # outputs.tf https://learn.hashicorp.com/tutorials/terraform/outputs 2 | output "route_table_id" { 3 | value = var.create_route_table ? alicloud_route_table.vpc_route_table.0.id : data.alicloud_route_tables.vpc_route_tables.ids.0 4 | } 5 | -------------------------------------------------------------------------------- /solution/automation/finance-industry/modules/networking/vpc-custom-route/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.160.0" 6 | } 7 | 8 | local = { 9 | source = "hashicorp/local" 10 | version = "2.1.0" 11 | } 12 | } 13 | required_version = ">=0.12" 14 | } -------------------------------------------------------------------------------- /solution/automation/finance-industry/modules/ram-authorize-user-role/outputs.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/automation/finance-industry/modules/ram-authorize-user-role/outputs.tf -------------------------------------------------------------------------------- /solution/automation/finance-industry/modules/ram-authorize-user-role/variables.tf: -------------------------------------------------------------------------------- 1 | variable "ram_users" { 2 | type = list(object({ 3 | name = string 4 | description = string 5 | system_policy = list(string) 6 | })) 7 | } 8 | 9 | 10 | variable "ram_roles" { 11 | type = list(object({ 12 | name = string 13 | description = string 14 | system_policy = list(string) 15 | })) 16 | } -------------------------------------------------------------------------------- /solution/automation/finance-industry/modules/ram-authorize-user-role/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.127.0" 6 | } 7 | 8 | local = { 9 | source = "hashicorp/local" 10 | version = "2.1.0" 11 | } 12 | } 13 | required_version = ">=0.12" 14 | } -------------------------------------------------------------------------------- /solution/automation/finance-industry/modules/ram-user-role/outputs.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/automation/finance-industry/modules/ram-user-role/outputs.tf -------------------------------------------------------------------------------- /solution/automation/finance-industry/modules/ram-user-role/variables.tf: -------------------------------------------------------------------------------- 1 | variable "account_id" {} 2 | 3 | variable "ram_users" { 4 | type = list(object({ 5 | name = string 6 | description = string 7 | enable_console_login = bool 8 | enable_api_access = bool 9 | })) 10 | 11 | default = [ 12 | { 13 | name = "" 14 | description = "" 15 | 16 | enable_console_login = false 17 | enable_api_access = false 18 | } 19 | ] 20 | } 21 | 22 | variable "ram_user_initial_pwd" {} 23 | 24 | variable "ram_roles" {} 25 | 26 | variable "sso_provider_name" {} -------------------------------------------------------------------------------- /solution/automation/finance-industry/modules/ram-user-role/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.127.0" 6 | } 7 | 8 | local = { 9 | source = "hashicorp/local" 10 | version = "2.1.0" 11 | } 12 | } 13 | required_version = ">=0.12" 14 | } -------------------------------------------------------------------------------- /solution/automation/finance-industry/step/application-deploy-ecs-alb/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.160.0" 6 | } 7 | 8 | local = { 9 | source = "hashicorp/local" 10 | version = "2.1.0" 11 | } 12 | } 13 | required_version = ">=0.12" 14 | } -------------------------------------------------------------------------------- /solution/automation/finance-industry/step/com-config-compliance-pack/outputs.tf: -------------------------------------------------------------------------------- 1 | # outputs.tf https://learn.hashicorp.com/tutorials/terraform/outputs 2 | output "aggregate_compliance_pack_ids" { 3 | description = "The resource IDs of Aggregate Compliance Pack" 4 | value = module.compliance_pack 5 | } -------------------------------------------------------------------------------- /solution/automation/finance-industry/step/com-config-compliance-pack/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.160.0" 6 | } 7 | 8 | local = { 9 | source = "hashicorp/local" 10 | version = "2.1.0" 11 | } 12 | } 13 | required_version = ">=0.12" 14 | } -------------------------------------------------------------------------------- /solution/automation/finance-industry/step/iam-authorize-user-role/outputs.tf: -------------------------------------------------------------------------------- 1 | #output "user_policy_list" { 2 | # value = local.prod_account_role_policy_list 3 | #} -------------------------------------------------------------------------------- /solution/automation/finance-industry/step/iam-authorize-user-role/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.127.0" 6 | } 7 | 8 | local = { 9 | source = "hashicorp/local" 10 | version = "2.1.0" 11 | } 12 | } 13 | required_version = ">=0.12" 14 | } -------------------------------------------------------------------------------- /solution/automation/finance-industry/step/iam-create-idp/outputs.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/automation/finance-industry/step/iam-create-idp/outputs.tf -------------------------------------------------------------------------------- /solution/automation/finance-industry/step/iam-create-idp/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.127.0" 6 | } 7 | 8 | local = { 9 | source = "hashicorp/local" 10 | version = "2.1.0" 11 | } 12 | } 13 | required_version = ">=0.12" 14 | } -------------------------------------------------------------------------------- /solution/automation/finance-industry/step/iam-create-user-role/outputs.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/automation/finance-industry/step/iam-create-user-role/outputs.tf -------------------------------------------------------------------------------- /solution/automation/finance-industry/step/iam-create-user-role/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.127.0" 6 | } 7 | 8 | local = { 9 | source = "hashicorp/local" 10 | version = "2.1.0" 11 | } 12 | } 13 | required_version = ">=0.12" 14 | } -------------------------------------------------------------------------------- /solution/automation/finance-industry/step/network-attach-cen/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.160.0" 6 | } 7 | 8 | local = { 9 | source = "hashicorp/local" 10 | version = "2.1.0" 11 | } 12 | } 13 | required_version = ">=0.12" 14 | } -------------------------------------------------------------------------------- /solution/automation/finance-industry/step/network-build-dmz/outputs.tf: -------------------------------------------------------------------------------- 1 | output "egress_eip_id" { 2 | value = module.shared_service_account_dmz_eip.eip_id_list 3 | } 4 | 5 | output "egress_eip_ip_address" { 6 | value = module.shared_service_account_dmz_eip.eip_address_list 7 | } 8 | 9 | output "egress_nat_gateway_id" { 10 | value = module.shared_service_account_dmz_nat_gateway.nat_gateway_id 11 | } 12 | -------------------------------------------------------------------------------- /solution/automation/finance-industry/step/network-build-dmz/variables.tf: -------------------------------------------------------------------------------- 1 | variable "shared_service_account_id" { 2 | type = string 3 | default = "" 4 | } 5 | 6 | variable "shared_service_account_vpc_config" {} 7 | 8 | variable "dev_account_vpc_config" {} 9 | 10 | variable "prod_account_vpc_config" {} 11 | 12 | variable "ops_account_vpc_config" {} 13 | 14 | variable "dmz_egress_nat_gateway_name" { 15 | type = string 16 | default = "" 17 | } 18 | 19 | variable "dmz_egress_eip_name" { 20 | type = string 21 | default = "" 22 | } 23 | 24 | variable "shared_service_account_vpc_id" { 25 | type = string 26 | default = "" 27 | } 28 | 29 | variable "shared_service_account_vswitch_id" { 30 | type = string 31 | default = "" 32 | } 33 | 34 | 35 | -------------------------------------------------------------------------------- /solution/automation/finance-industry/step/network-build-dmz/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.160.0" 6 | } 7 | 8 | local = { 9 | source = "hashicorp/local" 10 | version = "2.1.0" 11 | } 12 | } 13 | required_version = ">=0.12" 14 | } -------------------------------------------------------------------------------- /solution/automation/finance-industry/step/network-config-route/outputs.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/automation/finance-industry/step/network-config-route/outputs.tf -------------------------------------------------------------------------------- /solution/automation/finance-industry/step/network-config-route/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.160.0" 6 | } 7 | 8 | local = { 9 | source = "hashicorp/local" 10 | version = "2.1.0" 11 | } 12 | } 13 | required_version = ">=0.12" 14 | } -------------------------------------------------------------------------------- /solution/automation/finance-industry/step/network-create-vpc/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.127.0" 6 | } 7 | 8 | local = { 9 | source = "hashicorp/local" 10 | version = "2.1.0" 11 | } 12 | } 13 | required_version = ">=0.12" 14 | } -------------------------------------------------------------------------------- /solution/automation/finance-industry/step/resource-create-account/outputs.tf: -------------------------------------------------------------------------------- 1 | # outputs.tf https://learn.hashicorp.com/tutorials/terraform/outputs 2 | -------------------------------------------------------------------------------- /solution/automation/finance-industry/step/resource-create-account/variables.tf: -------------------------------------------------------------------------------- 1 | variable "payer_account_id" {} 2 | 3 | variable "core_folder_id" {} 4 | 5 | variable "applications_folder_id" {} 6 | 7 | 8 | variable "security_display_name" {} 9 | 10 | variable "security_account_name_prefix" {} 11 | 12 | variable "ops_display_name" {} 13 | 14 | variable "ops_account_name_prefix" {} 15 | 16 | variable "dev_display_name" {} 17 | 18 | variable "dev_account_name_prefix" {} 19 | 20 | variable "prod_display_name" {} 21 | 22 | variable "prod_account_name_prefix" {} 23 | 24 | 25 | 26 | 27 | -------------------------------------------------------------------------------- /solution/automation/finance-industry/step/resource-create-account/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.127.0" 6 | } 7 | 8 | local = { 9 | source = "hashicorp/local" 10 | version = "2.1.0" 11 | } 12 | } 13 | required_version = ">=0.12" 14 | } -------------------------------------------------------------------------------- /solution/automation/finance-industry/step/sec-subscribe-anti-ddos/outputs.tf: -------------------------------------------------------------------------------- 1 | output "anti_ddos_id" { 2 | value = alicloud_ddoscoo_instance.newInstance.id 3 | } 4 | 5 | output "shared_service_account_domain_resource_id" { 6 | value = alicloud_ddoscoo_domain_resource.shared_service_account_domain_resource.id 7 | } 8 | 9 | output "dev_account_domain_resource_id" { 10 | value = alicloud_ddoscoo_domain_resource.dev_account_domain_resource.id 11 | } -------------------------------------------------------------------------------- /solution/automation/finance-industry/step/sec-subscribe-anti-ddos/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.160.0" 6 | } 7 | 8 | local = { 9 | source = "hashicorp/local" 10 | version = "2.1.0" 11 | } 12 | } 13 | required_version = ">=0.12" 14 | } -------------------------------------------------------------------------------- /solution/automation/finance-industry/step/sec-subscribe-cfw/outputs.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/automation/finance-industry/step/sec-subscribe-cfw/outputs.tf -------------------------------------------------------------------------------- /solution/automation/finance-industry/step/sec-subscribe-cfw/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.160.0" 6 | } 7 | 8 | local = { 9 | source = "hashicorp/local" 10 | version = "2.1.0" 11 | } 12 | } 13 | required_version = ">=0.12" 14 | } -------------------------------------------------------------------------------- /solution/automation/finance-industry/step/sec-subscribe-waf/outputs.tf: -------------------------------------------------------------------------------- 1 | output "waf_id" { 2 | value = alicloud_waf_instance.waf_instance.id 3 | } 4 | 5 | output "shared_service_account_waf_cname" { 6 | value = alicloud_waf_domain.domain_shared_service_account.cname 7 | } 8 | 9 | output "dev_account_waf_cname" { 10 | value = alicloud_waf_domain.domain_dev_account.cname 11 | } -------------------------------------------------------------------------------- /solution/automation/finance-industry/step/sec-subscribe-waf/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.160.0" 6 | } 7 | 8 | local = { 9 | source = "hashicorp/local" 10 | version = "2.1.0" 11 | } 12 | } 13 | required_version = ">=0.12" 14 | } -------------------------------------------------------------------------------- /solution/automation/finance-industry/step/var/account.json.tmpl: -------------------------------------------------------------------------------- 1 | { 2 | "security_account_id":"${security_account_id}", 3 | "ops_account_id":"${ops_account_id}", 4 | 5 | "dev_account_id":"${dev_account_id}", 6 | "prod_account_id":"${prod_account_id}" 7 | } -------------------------------------------------------------------------------- /solution/automation/finance-industry/step/var/anti-ddos.json.tmpl: -------------------------------------------------------------------------------- 1 | { 2 | "security_account": { 3 | "anti_ddos_id": "${anti_ddos_id}", 4 | "shared_service_account_domain_id": "${shared_service_account_domain_id}", 5 | "dev_account_waf_domain_id": "${dev_account_waf_domain_id}" 6 | } 7 | } -------------------------------------------------------------------------------- /solution/automation/finance-industry/step/var/dmz.json.tmpl: -------------------------------------------------------------------------------- 1 | { 2 | "egress_eip_id": "${egress_eip_id}", 3 | "egress_eip_ip_address": "${egress_eip_ip_address}", 4 | "egress_nat_gateway_id": "${egress_nat_gateway_id}" 5 | } -------------------------------------------------------------------------------- /solution/automation/finance-industry/step/var/route.json.tmpl: -------------------------------------------------------------------------------- 1 | { 2 | "shared_service_account": { 3 | "cen_custom_route_table_id_business_vpc": "${cen_custom_route_table_id_business_vpc}", 4 | "cen_custom_route_table_id_management_vpc": "${cen_custom_route_table_id_management_vpc}" 5 | } 6 | } -------------------------------------------------------------------------------- /solution/automation/finance-industry/step/var/waf.json.tmpl: -------------------------------------------------------------------------------- 1 | { 2 | "security_account": { 3 | "waf_id": "${waf_id}", 4 | "shared_service_account_waf_cname": "${shared_service_account_waf_cname}", 5 | "dev_account_waf_cname": "${dev_account_waf_cname}" 6 | } 7 | } -------------------------------------------------------------------------------- /solution/compliance/3.1-actiontrail/settings.tfvars: -------------------------------------------------------------------------------- 1 | region = "cn-hangzhou" 2 | 3 | # 企业管理账号下RAM用户的AK,SK 4 | master_account_access_key = "" 5 | master_account_secret_key = "" 6 | 7 | # 企业管理账号RD下成员账号uid,该成员账号选定为日志审计账号 8 | actiontrail_account_uid = "113*************" 9 | # 日志审计账号下创建的project、bucket名称 10 | project_name = "test-project-111" 11 | bucket_name = "test-bucket-134" 12 | 13 | # 企业管理账号下在操作审计中创建跨账号追踪的名称 14 | action_trail_name = "test-trail-111" -------------------------------------------------------------------------------- /solution/compliance/3.1-actiontrail/variables.tf: -------------------------------------------------------------------------------- 1 | variable region {} 2 | 3 | variable master_account_access_key {} 4 | 5 | variable master_account_secret_key {} 6 | 7 | variable actiontrail_account_uid {} 8 | 9 | variable project_name {} 10 | 11 | variable bucket_name {} 12 | 13 | variable action_trail_name {} 14 | 15 | -------------------------------------------------------------------------------- /solution/compliance/3.2-goldenImage/step1-create-ecs/settings.tfvars: -------------------------------------------------------------------------------- 1 | # 企业管理账号AK, SK 2 | access_key = "" 3 | secret_key = "" 4 | 5 | # ECS实例的创建地区 6 | region = "cn-hangzhou" -------------------------------------------------------------------------------- /solution/compliance/3.2-goldenImage/step1-create-ecs/variables.tf: -------------------------------------------------------------------------------- 1 | variable "access_key" {} 2 | 3 | variable "secret_key" {} 4 | 5 | variable "region" {} -------------------------------------------------------------------------------- /solution/compliance/3.2-goldenImage/step2-distribute-golden-image/settings.tfvars: -------------------------------------------------------------------------------- 1 | # 企业管理账号的AK, SK 2 | access_key = "" 3 | secret_key = "" 4 | 5 | # ECS实例所在地区,也是分发镜像的地区 6 | region = "cn-hangzhou" 7 | 8 | # 制作镜像的ECS实例ID 9 | ecs_instance_id = "i-***************" 10 | 11 | # 下发管控策略的资源夹id 12 | resource_manager_folder_id = "fd-***********" -------------------------------------------------------------------------------- /solution/compliance/3.2-goldenImage/step2-distribute-golden-image/variables.tf: -------------------------------------------------------------------------------- 1 | variable "access_key" {} 2 | 3 | variable "secret_key" {} 4 | 5 | variable "region" {} 6 | 7 | variable "ecs_instance_id" { 8 | description = "the ecs instance id for building the golden image" 9 | } 10 | 11 | variable "golden_image_architecture" { 12 | default = "x86_64" 13 | } 14 | 15 | variable "resource_manager_folder_id" { 16 | description = "the folder id to attach this golden image policy to" 17 | } -------------------------------------------------------------------------------- /solution/compliance/3.3-cmdb/settings.tfvars: -------------------------------------------------------------------------------- 1 | # 地区 2 | region = "cn-hangzhou" 3 | 4 | # 主账号AK和SK 5 | master_account_access_key = "" 6 | master_account_secret_key = "" 7 | 8 | # 设置cmdb账号,该账号必须在主账号的RD中 9 | cmdb_account_uid = "113**************" 10 | 11 | # 设置用于存储CMDB数据的proeject和logstore名称 12 | project_name = "config-delivery-project-2021" 13 | logstore_name = "config-history-2021" -------------------------------------------------------------------------------- /solution/compliance/3.3-cmdb/variables.tf: -------------------------------------------------------------------------------- 1 | variable region {} 2 | 3 | variable master_account_access_key {} 4 | 5 | variable master_account_secret_key {} 6 | 7 | variable cmdb_account_uid {} 8 | 9 | variable project_name {} 10 | 11 | variable logstore_name {} -------------------------------------------------------------------------------- /solution/compliance/3.4-sub-resource-changes/python_script/__init__.py: -------------------------------------------------------------------------------- 1 | import os, sys; sys.path.append(os.path.dirname(os.path.realpath(__file__))) 2 | 3 | -------------------------------------------------------------------------------- /solution/compliance/3.4-sub-resource-changes/python_script/requirement.txt: -------------------------------------------------------------------------------- 1 | aliyun-python-sdk-sts==3.1.0 2 | aliyun-python-sdk-ram==3.2.0 3 | aliyun-python-sdk-resourcemanager==1.2.0 4 | alibabacloud_eventbridge 5 | alibabacloud_tea_console 6 | alibabacloud-fc-open20210406 7 | 8 | -------------------------------------------------------------------------------- /solution/compliance/3.4-sub-resource-changes/terraform/settings.tfvars: -------------------------------------------------------------------------------- 1 | # 地区 2 | region = "cn-hangzhou" 3 | 4 | # 主账号AK和SK 5 | master_account_access_key = "" 6 | master_account_secret_key = "" 7 | 8 | # 设置cmdb账号,该账号必须在主账号的RD中 9 | cmdb_account_uid = "113**************" 10 | 11 | # 设置用于存储CMDB数据的proeject和logstore名称 12 | project_name = "config-delivery-project-2021" 13 | logstore_name = "config-history-2021" -------------------------------------------------------------------------------- /solution/compliance/3.4-sub-resource-changes/terraform/variables.tf: -------------------------------------------------------------------------------- 1 | variable region {} 2 | 3 | variable master_account_access_key {} 4 | 5 | variable master_account_secret_key {} 6 | 7 | variable cmdb_account_uid {} 8 | 9 | variable project_name {} 10 | 11 | variable logstore_name {} -------------------------------------------------------------------------------- /solution/compliance/README.md: -------------------------------------------------------------------------------- 1 | - 3.2-goldenImage:多账号Golden Image解决方案的Terraform脚本 2 | - 3.3-cmdb: 同步云上配置到企业CMDB解决方案的Terraform脚本 3 | - img: readme.md中的图片 -------------------------------------------------------------------------------- /solution/compliance/img/ActionTrail-OSS.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/compliance/img/ActionTrail-OSS.png -------------------------------------------------------------------------------- /solution/compliance/img/ActionTrail-SLS.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/compliance/img/ActionTrail-SLS.png -------------------------------------------------------------------------------- /solution/compliance/img/ActionTrail-apply.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/compliance/img/ActionTrail-apply.png -------------------------------------------------------------------------------- /solution/compliance/img/CMDB-terraform.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/compliance/img/CMDB-terraform.png -------------------------------------------------------------------------------- /solution/compliance/img/CMDB-数据投递.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/compliance/img/CMDB-数据投递.png -------------------------------------------------------------------------------- /solution/compliance/img/CMDB-消费预览.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/compliance/img/CMDB-消费预览.png -------------------------------------------------------------------------------- /solution/compliance/img/CMDB-消费预览结果.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/compliance/img/CMDB-消费预览结果.png -------------------------------------------------------------------------------- /solution/compliance/img/CMDB-账号组.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/compliance/img/CMDB-账号组.png -------------------------------------------------------------------------------- /solution/compliance/img/GoldenImage-step1-apply.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/compliance/img/GoldenImage-step1-apply.png -------------------------------------------------------------------------------- /solution/compliance/img/GoldenImage-step2-apply.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/compliance/img/GoldenImage-step2-apply.png -------------------------------------------------------------------------------- /solution/compliance/img/GoldenImage-共享账号.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/compliance/img/GoldenImage-共享账号.png -------------------------------------------------------------------------------- /solution/compliance/img/GoldenImage-策略绑定.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/compliance/img/GoldenImage-策略绑定.png -------------------------------------------------------------------------------- /solution/compliance/img/GoldenImage-结果.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/compliance/img/GoldenImage-结果.png -------------------------------------------------------------------------------- /solution/networking/build-dmz/outputs.tf: -------------------------------------------------------------------------------- 1 | output "egress_eip_id" { 2 | value = module.dmz_egress_eip.eip_id_list 3 | } 4 | 5 | output "egress_eip_ip_address" { 6 | value = module.dmz_egress_eip.eip_address_list 7 | } 8 | 9 | output "egress_nat_gateway_id" { 10 | value = module.dmz_egress_nat_gateway.nat_gateway_id 11 | } 12 | -------------------------------------------------------------------------------- /solution/networking/build-dmz/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = ">=1.194.0" 6 | } 7 | 8 | local = { 9 | source = "hashicorp/local" 10 | version = "2.1.0" 11 | } 12 | } 13 | required_version = ">=0.12" 14 | } -------------------------------------------------------------------------------- /solution/networking/multi-account-multi-vpc/network/project/main.tf: -------------------------------------------------------------------------------- 1 | module "network_vswitch_nat" { 2 | source = "./vswitch" 3 | for_each = var.vswitches 4 | vpc_id = var.vpc_id 5 | vswitch_name = each.key 6 | cidr_block = each.value.cidr_block 7 | zone = each.value.zone 8 | nat = each.value.nat 9 | cen_id = var.cen_id 10 | } 11 | 12 | # 创建nacl,隔离各项目交换机 13 | module "vpc_nacl" { 14 | source = "./nacl" 15 | count = var.network_acl_enabled ? 1 : 0 16 | vpc_id = var.vpc_id 17 | network_acl_name = "${var.project_name}_acl" 18 | vswitches = { 19 | for o in keys(module.network_vswitch_nat) : o => module.network_vswitch_nat[o].vswitch_app 20 | } 21 | } -------------------------------------------------------------------------------- /solution/networking/multi-account-multi-vpc/network/project/nacl/variables.tf: -------------------------------------------------------------------------------- 1 | variable "vpc_id" {} 2 | 3 | variable "network_acl_name" {} 4 | 5 | variable "vswitches" { 6 | 7 | } -------------------------------------------------------------------------------- /solution/networking/multi-account-multi-vpc/network/project/nat/variables.tf: -------------------------------------------------------------------------------- 1 | variable "nat" { 2 | description = "" 3 | } 4 | 5 | variable "vpc_id" { 6 | description = "" 7 | } 8 | 9 | variable "cen_id" { 10 | description = "" 11 | } 12 | 13 | variable "vswitch_id" { 14 | description = "" 15 | } 16 | 17 | 18 | -------------------------------------------------------------------------------- /solution/networking/multi-account-multi-vpc/network/project/variable.tf: -------------------------------------------------------------------------------- 1 | variable "vswitches" { 2 | description = "" 3 | } 4 | 5 | variable "vpc_id" { 6 | description = "" 7 | } 8 | 9 | variable "cen_id" { 10 | description = "" 11 | } 12 | 13 | variable "network_acl_enabled" { 14 | description = "" 15 | } 16 | 17 | variable "project_name" { 18 | description = "" 19 | } 20 | 21 | -------------------------------------------------------------------------------- /solution/networking/multi-account-multi-vpc/network/project/vswitch/main.tf: -------------------------------------------------------------------------------- 1 | # 创建VPC 内的交换机 2 | resource "alicloud_vswitch" "vswitches_business" { 3 | name = var.vswitch_name 4 | vpc_id = var.vpc_id 5 | cidr_block = var.cidr_block 6 | availability_zone = var.zone 7 | } 8 | 9 | # 创建交换机的nat eip 10 | module "nat" { 11 | source = "../nat" 12 | count = var.nat.natgateway_enabled ? 1 : 0 13 | vswitch_id = alicloud_vswitch.vswitches_business.id 14 | nat = var.nat 15 | cen_id = var.cen_id 16 | vpc_id = var.vpc_id 17 | } 18 | 19 | -------------------------------------------------------------------------------- /solution/networking/multi-account-multi-vpc/network/project/vswitch/output.tf: -------------------------------------------------------------------------------- 1 | output "vswitch_app" { 2 | value = alicloud_vswitch.vswitches_business 3 | } -------------------------------------------------------------------------------- /solution/networking/multi-account-multi-vpc/network/project/vswitch/variable.tf: -------------------------------------------------------------------------------- 1 | variable "vswitch_name" { 2 | description = "" 3 | } 4 | 5 | variable "cidr_block" { 6 | description = "" 7 | } 8 | 9 | variable "zone" { 10 | description = "" 11 | } 12 | 13 | variable "nat" { 14 | description = "" 15 | } 16 | 17 | variable "vpc_id" { 18 | description = "" 19 | } 20 | 21 | variable "cen_id" { 22 | description = "" 23 | } 24 | 25 | -------------------------------------------------------------------------------- /solution/networking/multi-account-multi-vpc/network/variables.tf: -------------------------------------------------------------------------------- 1 | variable "member_account_id" { 2 | description = "" 3 | } 4 | 5 | variable "share_service_account_id" { 6 | description = "" 7 | } 8 | 9 | variable "vpc" { 10 | description = "" 11 | } 12 | 13 | variable "cen_id" { 14 | description = "" 15 | } 16 | 17 | variable "region" { 18 | description = "" 19 | } 20 | 21 | 22 | 23 | 24 | -------------------------------------------------------------------------------- /solution/networking/multi-account-multi-vpc/variables.tf: -------------------------------------------------------------------------------- 1 | variable "member_account_vpc" { 2 | description = "" 3 | } 4 | 5 | variable "share_service_account_cen" { 6 | description = "" 7 | } 8 | 9 | variable "region" { 10 | description = "" 11 | } 12 | 13 | variable "access_key" { 14 | description = "" 15 | } 16 | 17 | variable "secret_key" { 18 | description = "" 19 | } -------------------------------------------------------------------------------- /solution/networking/multi-account-multi-vpc/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "hashicorp/alicloud" 5 | version = ">= 1.114.0" 6 | } 7 | } 8 | required_version = ">= 0.13" 9 | } 10 | -------------------------------------------------------------------------------- /solution/operations/golden-image/README.md: -------------------------------------------------------------------------------- 1 | ## 使用 Terraform 构建 golden image 2 | 3 | ### 准备工作 4 | 5 | * 开通资源目录,并建立相应的资源结构 6 | * 开通 ECS 的快照服务 7 | 8 | ### 使用方式 9 | 10 | 该操作共分为两个步骤: 11 | * 首先需要创建一台 ECS,并通过 user-data 的方式让 ECS 在创建完成后执行相关自定义脚本。通过该脚本实现镜像内的操作。也可以通过云助手命令的方式实现。脚本可以参考 `step1-create-ecs` 这个文件夹下的内容; 12 | * 进入 `step2-distribute-golden-image`,将第一步得到的实例 ID 做为变量传入,完成镜像分发; 13 | * 完成后,即可销毁第一步的资源。下次再构建黄金镜像的时候,可以再从第一步开始运行。 14 | 15 | ### 可能会遇到的问题 16 | 17 | * 镜像创建时间过长,导致执行失败。当前 alicloud provider 设置的超时时间为 10min 18 | -------------------------------------------------------------------------------- /solution/operations/golden-image/README_en.md: -------------------------------------------------------------------------------- 1 | ## Building golden image using terraform 2 | 3 | ### Prerequisite 4 | 5 | * Enable resource directory and create your account structure. 6 | * Enable ECS snapshot service. 7 | 8 | -------------------------------------------------------------------------------- /solution/operations/golden-image/step2-distribute-golden-image/variables.tf: -------------------------------------------------------------------------------- 1 | variable "ecs_instance_id" { 2 | description = "the ecs instance id for building the golden image" 3 | } 4 | 5 | variable "golden_image_architecture" { 6 | default = "x86_64" 7 | } 8 | 9 | variable "golden_image_platform" { 10 | description = "platform for this golden image. eg, Ubuntu" 11 | } 12 | 13 | variable "resource_manager_folder_id" { 14 | description = "the folder id to attach this golden image policy to" 15 | } -------------------------------------------------------------------------------- /solution/operations/sls-audit/default.tfvars: -------------------------------------------------------------------------------- 1 | region = "cn-hangzhou" 2 | access_key = "" 3 | secret_key = "" 4 | log_account_id = "" 5 | member_account_list = [""] 6 | userdefined = ["cache_group"] 7 | log_project_name = "os-operation-log-hz-a" 8 | log_project_logstore_name = "os-operation-store-hz" 9 | file_path = "/var/log" 10 | file_pattern = "*.log" 11 | 12 | 13 | ### 单独创建ECS的参数 14 | zone_id = "cn-hangzhou-i" 15 | internet_max_bandwidth_out = 5 16 | region = "cn-hangzhou" 17 | period = 1 18 | securitygroup = "sg-" 19 | log_account_id = "" 20 | image_id = ".vhd" 21 | instance_password = "" 22 | 23 | vpc = "vpc-" 24 | 25 | vswitch = "vsw-" 26 | 27 | instance_charge_type = "PrePaid" 28 | 29 | instancetype = "ecs.s6-c1m4.small" 30 | 31 | period_unit = "Week" 32 | -------------------------------------------------------------------------------- /solution/operations/sls-audit/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | user_data = < /etc/ilogtail/user_defined_id 7 | EOF 8 | } 9 | 10 | 11 | 12 | data "alicloud_regions" "this" { 13 | current = true 14 | } 15 | 16 | 17 | 18 | 19 | -------------------------------------------------------------------------------- /solution/operations/sls-audit/outputs.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/operations/sls-audit/outputs.tf -------------------------------------------------------------------------------- /solution/operations/sls-audit/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = ">1.111.0" 6 | } 7 | } 8 | required_version = ">=0.12" 9 | } 10 | -------------------------------------------------------------------------------- /solution/solution-IDaaS-synchronization/README.md: -------------------------------------------------------------------------------- 1 | # 基于函数计算实现从IdP到IDaaS的人员定时同步方案 2 | 3 | 本方案通过函数计算定时调用IDaaS同步的OpenAPI,来实现按照自定义周期进行人员自动从IdP到IDaaS同步。通过FC函数角色和RAM角色关联,使用STS Token访问云资源,避免了将访问密钥硬编码在代码中,从而消除AK泄露的风险。临时凭证(STS Token)的使用有效解决了永久凭证(AK/SK)可能带来的安全风险问题。 本方案提供Python代码示例,客户能够快速完成函数计算部署,减少开发和部署的复杂度。 4 | 5 | ## 如何运行 6 | 该示例代码需要在FC函数中执行,请确保选择Python作为FC函数的运行环境。 7 | 请您选择您的SDK类型对应的示例代码,复制代码后上传至函数计算运行即可。 8 | 需要配置以下环境变量: 9 | {'IDAAS_EIAM_ENDPOINT', 10 | 'INSTANCE_ID', 11 | 'TARGET_ID', 12 | 'TARGET_TYPE' 13 | } -------------------------------------------------------------------------------- /solution/solution-access-analyzer-external-access/.gitignore: -------------------------------------------------------------------------------- 1 | target/ 2 | !.mvn/wrapper/maven-wrapper.jar 3 | !**/src/main/**/target/ 4 | !**/src/test/**/target/ 5 | dependency-reduced-pom.xml 6 | 7 | ### IntelliJ IDEA ### 8 | .idea/ 9 | 10 | ### Eclipse ### 11 | .apt_generated 12 | .classpath 13 | .factorypath 14 | .project 15 | .settings 16 | .springBeans 17 | .sts4-cache 18 | 19 | ### VS Code ### 20 | .vscode/ 21 | 22 | ### Mac OS ### 23 | .DS_Store -------------------------------------------------------------------------------- /solution/solution-access-analyzer-external-access/ros/create-role-cross-account/outputs.tf: -------------------------------------------------------------------------------- 1 | output "role_arn" { 2 | value = alicloud_ram_role.role.arn 3 | } 4 | -------------------------------------------------------------------------------- /solution/solution-access-analyzer-external-access/ros/create-role-cross-account/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = ">=1.213.1" 6 | } 7 | } 8 | required_version = ">=0.13" 9 | } 10 | -------------------------------------------------------------------------------- /solution/solution-ack-managed-cluster/README.md: -------------------------------------------------------------------------------- 1 | # 解决方案企业级ACK搭建自动化代码仓库 2 | 3 | 当企业开通ACK容器服务并创建集群时,需要同时创建如VPC,交换机,NAT网关等一系列资源实例。同时,创建ACK容器集群需要选择诸多参数并安装基础组件,增加了手动创建的复杂性。 4 | 本代码仓库使用Terraform,自动在当前账号内快速创建ACK集群的方法。 5 | 6 | ## 使用步骤 7 | 8 | 见解决方案文档 -------------------------------------------------------------------------------- /solution/solution-ack-managed-cluster/modules/ack-managed-cluster/outputs.tf: -------------------------------------------------------------------------------- 1 | output "ack_managed_cluster_id" { 2 | value = alicloud_cs_managed_kubernetes.default.id 3 | } -------------------------------------------------------------------------------- /solution/solution-ack-managed-cluster/modules/ack-managed-cluster/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "hashicorp/alicloud" 5 | version = "1.173.0" 6 | } 7 | } 8 | required_version = ">= 0.13" 9 | } -------------------------------------------------------------------------------- /solution/solution-ack-managed-cluster/outputs.tf: -------------------------------------------------------------------------------- 1 | output "ack_managed_cluster_id" { 2 | value = module.ack-managed-cluster.ack_managed_cluster_id 3 | } -------------------------------------------------------------------------------- /solution/solution-ack-managed-cluster/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "hashicorp/alicloud" 5 | version = "1.173.0" 6 | } 7 | } 8 | required_version = ">= 0.13" 9 | } -------------------------------------------------------------------------------- /solution/solution-ack-sts-token/.gitignore: -------------------------------------------------------------------------------- 1 | target/ 2 | !.mvn/wrapper/maven-wrapper.jar 3 | !**/src/main/**/target/ 4 | !**/src/test/**/target/ 5 | 6 | ### IntelliJ IDEA ### 7 | .idea/ 8 | 9 | ### Eclipse ### 10 | .apt_generated 11 | .classpath 12 | .factorypath 13 | .project 14 | .settings 15 | .springBeans 16 | .sts4-cache 17 | 18 | ### NetBeans ### 19 | /nbproject/private/ 20 | /nbbuild/ 21 | /dist/ 22 | /nbdist/ 23 | /.nb-gradle/ 24 | build/ 25 | !**/src/main/**/build/ 26 | !**/src/test/**/build/ 27 | 28 | ### VS Code ### 29 | .vscode/ 30 | 31 | ### Mac OS ### 32 | .DS_Store -------------------------------------------------------------------------------- /solution/solution-ack-sts-token/code-example/java/spring-boot/src/main/java/org/example/Application.java: -------------------------------------------------------------------------------- 1 | package org.example; 2 | 3 | import org.springframework.boot.SpringApplication; 4 | import org.springframework.boot.autoconfigure.SpringBootApplication; 5 | 6 | @SpringBootApplication 7 | public class Application { 8 | public static void main(String[] args) { 9 | SpringApplication.run(Application.class, args); 10 | } 11 | } -------------------------------------------------------------------------------- /solution/solution-ack-sts-token/code-example/java/spring-boot/src/main/java/org/example/controller/OssController.java: -------------------------------------------------------------------------------- 1 | package org.example.controller; 2 | 3 | import org.example.service.OssService; 4 | import org.springframework.beans.factory.annotation.Autowired; 5 | import org.springframework.web.bind.annotation.GetMapping; 6 | import org.springframework.web.bind.annotation.RequestMapping; 7 | import org.springframework.web.bind.annotation.RestController; 8 | 9 | @RestController 10 | @RequestMapping(value = "oss") 11 | public class OssController { 12 | 13 | @Autowired 14 | OssService ossService; 15 | 16 | @GetMapping("/listBuckets") 17 | public String listBuckets() { 18 | return ossService.listBuckets(); 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /solution/solution-ack-sts-token/code-example/java/spring-boot/src/main/java/org/example/controller/SdkV1Controller.java: -------------------------------------------------------------------------------- 1 | package org.example.controller; 2 | 3 | import org.example.service.SdkV1Service; 4 | import org.springframework.beans.factory.annotation.Autowired; 5 | import org.springframework.web.bind.annotation.GetMapping; 6 | import org.springframework.web.bind.annotation.RequestMapping; 7 | import org.springframework.web.bind.annotation.RestController; 8 | 9 | @RestController 10 | @RequestMapping(value = "sdkV1") 11 | public class SdkV1Controller { 12 | 13 | @Autowired 14 | SdkV1Service sdkV1Service; 15 | 16 | @GetMapping("/getCallerIdentity") 17 | public String getCallerIdentity() { 18 | return sdkV1Service.getCallerIdentity(); 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /solution/solution-ack-sts-token/code-example/java/spring-boot/src/main/java/org/example/controller/SdkV2Controller.java: -------------------------------------------------------------------------------- 1 | package org.example.controller; 2 | 3 | import org.example.service.SdkV2Service; 4 | import org.springframework.beans.factory.annotation.Autowired; 5 | import org.springframework.web.bind.annotation.GetMapping; 6 | import org.springframework.web.bind.annotation.RequestMapping; 7 | import org.springframework.web.bind.annotation.RestController; 8 | 9 | @RestController 10 | @RequestMapping(value = "sdkV2") 11 | public class SdkV2Controller { 12 | 13 | @Autowired 14 | SdkV2Service sdkV2Service; 15 | 16 | @GetMapping("/getCallerIdentity") 17 | public String getCallerIdentity() { 18 | return sdkV2Service.getCallerIdentity(); 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /solution/solution-ack-sts-token/code-example/java/spring-boot/src/main/java/org/example/controller/SlsController.java: -------------------------------------------------------------------------------- 1 | package org.example.controller; 2 | 3 | import org.example.service.SlsService; 4 | import org.springframework.beans.factory.annotation.Autowired; 5 | import org.springframework.web.bind.annotation.GetMapping; 6 | import org.springframework.web.bind.annotation.RequestMapping; 7 | import org.springframework.web.bind.annotation.RestController; 8 | 9 | @RestController 10 | @RequestMapping(value = "sls") 11 | public class SlsController { 12 | 13 | @Autowired 14 | SlsService slsService; 15 | 16 | @GetMapping("/listProjects") 17 | public String listProjects() { 18 | return slsService.listProjects(); 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /solution/solution-ack-sts-token/code-example/java/spring-boot/src/main/java/org/example/service/OssService.java: -------------------------------------------------------------------------------- 1 | package org.example.service; 2 | 3 | import com.alibaba.fastjson2.JSON; 4 | import com.aliyun.oss.OSS; 5 | import com.aliyun.oss.model.Bucket; 6 | import org.springframework.beans.factory.annotation.Autowired; 7 | import org.springframework.stereotype.Component; 8 | 9 | import java.util.List; 10 | 11 | @Component 12 | public class OssService { 13 | 14 | @Autowired 15 | OSS ossClient; 16 | 17 | /** 18 | * 调用OSS API,以调用ListBuckets获取OSS Bucket列表为例 19 | */ 20 | public String listBuckets() { 21 | List buckets = ossClient.listBuckets(); 22 | return JSON.toJSONString(buckets); 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /solution/solution-ack-sts-token/code-example/java/spring-boot/src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | server.port = 7001 -------------------------------------------------------------------------------- /solution/solution-ack-sts-token/code-example/python/oss_sdk/requirements.txt: -------------------------------------------------------------------------------- 1 | alibabacloud-credentials>=0.3.5 2 | oss2>=2.18.4 -------------------------------------------------------------------------------- /solution/solution-ack-sts-token/code-example/python/sls_sdk/requirements.txt: -------------------------------------------------------------------------------- 1 | alibabacloud-credentials>=0.3.5 2 | aliyun-log-python-sdk>=0.9.11 -------------------------------------------------------------------------------- /solution/solution-cen-ack/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | ## 1.0.0 4 | 5 | * initial version -------------------------------------------------------------------------------- /solution/solution-cen-ack/README.md: -------------------------------------------------------------------------------- 1 | # terraform-xxx 2 | 3 | Terraform module which xxx. 4 | 5 | ## Usage 6 | 7 | ``` 8 | module "xxxx" { 9 | source = "terraform-alicloud-modules/xxxx" 10 | 11 | var1 = "value1" 12 | var2 = "value2" 13 | } 14 | ``` 15 | 16 | * `var1`: variable 1 17 | * `var2` variable 2 -------------------------------------------------------------------------------- /solution/solution-compliance-audit-for-data-plane/source/function/ecs-patch-baseline/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "ecs-patch-baseline", 3 | "version": "1.0.0", 4 | "description": "", 5 | "main": "index.js", 6 | "scripts": { 7 | "test": "echo \"Error: no test specified\" && exit 1" 8 | }, 9 | "author": "", 10 | "license": "MIT", 11 | "dependencies": { 12 | "@alicloud/pop-core": "^1.7.13", 13 | "lodash": "^4.17.21" 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /solution/solution-compliance-audit-for-data-plane/source/function/ecs-timezone/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "ecs-timezone", 3 | "version": "1.0.0", 4 | "description": "", 5 | "main": "index.js", 6 | "scripts": { 7 | "test": "echo \"Error: no test specified\" && exit 1" 8 | }, 9 | "author": "", 10 | "license": "MIT", 11 | "dependencies": { 12 | "@alicloud/pop-core": "^1.7.13", 13 | "lodash": "^4.17.21" 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /solution/solution-cross-account-sts-token/.gitignore: -------------------------------------------------------------------------------- 1 | target/ 2 | !.mvn/wrapper/maven-wrapper.jar 3 | !**/src/main/**/target/ 4 | !**/src/test/**/target/ 5 | 6 | ### IntelliJ IDEA ### 7 | .idea/ 8 | 9 | ### Eclipse ### 10 | .apt_generated 11 | .classpath 12 | .factorypath 13 | .project 14 | .settings 15 | .springBeans 16 | .sts4-cache 17 | 18 | ### NetBeans ### 19 | /nbproject/private/ 20 | /nbbuild/ 21 | /dist/ 22 | /nbdist/ 23 | /.nb-gradle/ 24 | build/ 25 | !**/src/main/**/build/ 26 | !**/src/test/**/build/ 27 | 28 | ### VS Code ### 29 | .vscode/ 30 | 31 | ### Mac OS ### 32 | .DS_Store 33 | 34 | ### Terraform ### 35 | .terraform 36 | .terraform.lock.hcl 37 | *.tfstate -------------------------------------------------------------------------------- /solution/solution-cross-account-sts-token/code-example/java/spring-boot/assume-role/sdk-v1/src/main/java/org/example/Application.java: -------------------------------------------------------------------------------- 1 | package org.example; 2 | 3 | import org.springframework.boot.SpringApplication; 4 | import org.springframework.boot.autoconfigure.SpringBootApplication; 5 | 6 | @SpringBootApplication 7 | public class Application { 8 | public static void main(String[] args) { 9 | SpringApplication.run(Application.class, args); 10 | } 11 | } -------------------------------------------------------------------------------- /solution/solution-cross-account-sts-token/code-example/java/spring-boot/assume-role/sdk-v1/src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | server.port = 7001 2 | 3 | # 地域,以杭州地域为例 4 | region.id=cn-hangzhou 5 | 6 | # 您实际要扮演的RAM角色ARN 7 | # 格式为 acs:ram::${账号ID}:role/${角色名称} 8 | role.arn=acs:ram:::role/ -------------------------------------------------------------------------------- /solution/solution-cross-account-sts-token/code-example/java/spring-boot/assume-role/sdk-v2/src/main/java/org/example/Application.java: -------------------------------------------------------------------------------- 1 | package org.example; 2 | 3 | import org.springframework.boot.SpringApplication; 4 | import org.springframework.boot.autoconfigure.SpringBootApplication; 5 | import org.springframework.cache.annotation.EnableCaching; 6 | 7 | @EnableCaching 8 | @SpringBootApplication 9 | public class Application { 10 | public static void main(String[] args) { 11 | SpringApplication.run(Application.class, args); 12 | } 13 | } -------------------------------------------------------------------------------- /solution/solution-cross-account-sts-token/code-example/java/spring-boot/assume-role/sdk-v2/src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | server.port = 7001 2 | 3 | # 地域,以杭州地域为例 4 | region.id=cn-hangzhou 5 | 6 | # 您实际要扮演的RAM角色ARN 7 | # 格式为 acs:ram::${账号ID}:role/${角色名称} 8 | role.arn=acs:ram:::role/ -------------------------------------------------------------------------------- /solution/solution-cross-account-sts-token/code-example/java/spring-boot/ram-role-credential/sdk-v2/src/main/java/org/example/Application.java: -------------------------------------------------------------------------------- 1 | package org.example; 2 | 3 | import org.springframework.boot.SpringApplication; 4 | import org.springframework.boot.autoconfigure.SpringBootApplication; 5 | 6 | @SpringBootApplication 7 | public class Application { 8 | public static void main(String[] args) { 9 | SpringApplication.run(Application.class, args); 10 | } 11 | } -------------------------------------------------------------------------------- /solution/solution-cross-account-sts-token/code-example/java/spring-boot/ram-role-credential/sdk-v2/src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | server.port = 7001 2 | 3 | # 地域,以杭州地域为例 4 | region.id=cn-hangzhou 5 | 6 | # 您实际要扮演的RAM角色ARN 7 | # 格式为 acs:ram::${账号ID}:role/${角色名称} 8 | role.arn=acs:ram:::role/ 9 | 10 | # 以部署在ECS上的应用程序,使用ECS实例角色为例,保证应用程序本身无AK 11 | # 请替换为绑定到ECS实例上的RAM角色名称 12 | ecs.instance.role.name= -------------------------------------------------------------------------------- /solution/solution-cross-account-sts-token/deployment/create-role-cross-account/outputs.tf: -------------------------------------------------------------------------------- 1 | output "role_arn" { 2 | value = alicloud_ram_role.role.arn 3 | } 4 | -------------------------------------------------------------------------------- /solution/solution-cross-account-sts-token/deployment/create-role-cross-account/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = ">=1.213.1" 6 | } 7 | } 8 | required_version = ">=0.13" 9 | } 10 | -------------------------------------------------------------------------------- /solution/solution-ecs-patching/step1-preparation/tfvars.json.example: -------------------------------------------------------------------------------- 1 | { 2 | "region": "cn-hangzhou", 3 | "share_services_account_id": "1254004685xxxxx" 4 | } 5 | -------------------------------------------------------------------------------- /solution/solution-ecs-patching/step1-preparation/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = ">= 1.203.0" 6 | } 7 | } 8 | required_version = ">= 1.3" 9 | } 10 | -------------------------------------------------------------------------------- /solution/solution-ecs-patching/step4-automation-deployment/tfvars.json.example: -------------------------------------------------------------------------------- 1 | { 2 | "region": "cn-hangzhou", 3 | "oss_assume_role": "EcsPatchingAutomationTriggerRole", 4 | "oos_cross_account_assume_role": "EcsPatchingAutomationRole", 5 | "approverRamUserName": "oos-approver", 6 | "approverWebHookUrl": "https://oapi.dingtalk.com/robot/send?access_token=xxx", 7 | "patchingWebHookUrl": "https://oapi.dingtalk.com/robot/send?access_token=xxx" 8 | } 9 | -------------------------------------------------------------------------------- /solution/solution-ecs-patching/step4-automation-deployment/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = ">= 1.203.0" 6 | } 7 | } 8 | required_version = ">= 1.3" 9 | } 10 | -------------------------------------------------------------------------------- /solution/solution-ecs-sts-token/.gitignore: -------------------------------------------------------------------------------- 1 | target/ 2 | !.mvn/wrapper/maven-wrapper.jar 3 | !**/src/main/**/target/ 4 | !**/src/test/**/target/ 5 | 6 | ### IntelliJ IDEA ### 7 | .idea/ 8 | 9 | ### Eclipse ### 10 | .apt_generated 11 | .classpath 12 | .factorypath 13 | .project 14 | .settings 15 | .springBeans 16 | .sts4-cache 17 | 18 | ### NetBeans ### 19 | /nbproject/private/ 20 | /nbbuild/ 21 | /dist/ 22 | /nbdist/ 23 | /.nb-gradle/ 24 | build/ 25 | !**/src/main/**/build/ 26 | !**/src/test/**/build/ 27 | 28 | ### VS Code ### 29 | .vscode/ 30 | 31 | ### Mac OS ### 32 | .DS_Store -------------------------------------------------------------------------------- /solution/solution-ecs-sts-token/code-example/java/common/src/main/java/org/example/sdk1_0/code-diff.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/solution-ecs-sts-token/code-example/java/common/src/main/java/org/example/sdk1_0/code-diff.png -------------------------------------------------------------------------------- /solution/solution-ecs-sts-token/code-example/java/common/src/main/java/org/example/sdk2_0/code-diff.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/solution-ecs-sts-token/code-example/java/common/src/main/java/org/example/sdk2_0/code-diff.png -------------------------------------------------------------------------------- /solution/solution-ecs-sts-token/code-example/java/spring-boot/src/main/java/org/example/Application.java: -------------------------------------------------------------------------------- 1 | package org.example; 2 | 3 | import org.springframework.boot.SpringApplication; 4 | import org.springframework.boot.autoconfigure.SpringBootApplication; 5 | 6 | @SpringBootApplication 7 | public class Application { 8 | public static void main(String[] args) { 9 | SpringApplication.run(Application.class, args); 10 | } 11 | } -------------------------------------------------------------------------------- /solution/solution-ecs-sts-token/code-example/java/spring-boot/src/main/java/org/example/controller/OssController.java: -------------------------------------------------------------------------------- 1 | package org.example.controller; 2 | 3 | import org.example.service.OssService; 4 | import org.springframework.beans.factory.annotation.Autowired; 5 | import org.springframework.web.bind.annotation.GetMapping; 6 | import org.springframework.web.bind.annotation.RequestMapping; 7 | import org.springframework.web.bind.annotation.RestController; 8 | 9 | @RestController 10 | @RequestMapping(value = "oss") 11 | public class OssController { 12 | 13 | @Autowired 14 | OssService ossService; 15 | 16 | @GetMapping("/listBuckets") 17 | public String listBuckets() { 18 | return ossService.listBuckets(); 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /solution/solution-ecs-sts-token/code-example/java/spring-boot/src/main/java/org/example/controller/SdkV1Controller.java: -------------------------------------------------------------------------------- 1 | package org.example.controller; 2 | 3 | import org.example.service.SdkV1Service; 4 | import org.springframework.beans.factory.annotation.Autowired; 5 | import org.springframework.web.bind.annotation.GetMapping; 6 | import org.springframework.web.bind.annotation.RequestMapping; 7 | import org.springframework.web.bind.annotation.RestController; 8 | 9 | @RestController 10 | @RequestMapping(value = "sdkV1") 11 | public class SdkV1Controller { 12 | 13 | @Autowired 14 | SdkV1Service sdkV1Service; 15 | 16 | @GetMapping("/getCallerIdentity") 17 | public String getCallerIdentity() { 18 | return sdkV1Service.getCallerIdentity(); 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /solution/solution-ecs-sts-token/code-example/java/spring-boot/src/main/java/org/example/controller/SdkV2Controller.java: -------------------------------------------------------------------------------- 1 | package org.example.controller; 2 | 3 | import org.example.service.SdkV2Service; 4 | import org.springframework.beans.factory.annotation.Autowired; 5 | import org.springframework.web.bind.annotation.GetMapping; 6 | import org.springframework.web.bind.annotation.RequestMapping; 7 | import org.springframework.web.bind.annotation.RestController; 8 | 9 | @RestController 10 | @RequestMapping(value = "sdkV2") 11 | public class SdkV2Controller { 12 | 13 | @Autowired 14 | SdkV2Service sdkV2Service; 15 | 16 | @GetMapping("/getCallerIdentity") 17 | public String getCallerIdentity() { 18 | return sdkV2Service.getCallerIdentity(); 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /solution/solution-ecs-sts-token/code-example/java/spring-boot/src/main/java/org/example/controller/SlsController.java: -------------------------------------------------------------------------------- 1 | package org.example.controller; 2 | 3 | import org.example.service.SlsService; 4 | import org.springframework.beans.factory.annotation.Autowired; 5 | import org.springframework.web.bind.annotation.GetMapping; 6 | import org.springframework.web.bind.annotation.RequestMapping; 7 | import org.springframework.web.bind.annotation.RestController; 8 | 9 | @RestController 10 | @RequestMapping(value = "sls") 11 | public class SlsController { 12 | 13 | @Autowired 14 | SlsService slsService; 15 | 16 | @GetMapping("/listProjects") 17 | public String listProjects() { 18 | return slsService.listProjects(); 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /solution/solution-ecs-sts-token/code-example/java/spring-boot/src/main/java/org/example/service/OssService.java: -------------------------------------------------------------------------------- 1 | package org.example.service; 2 | 3 | import com.alibaba.fastjson2.JSON; 4 | import com.aliyun.oss.OSS; 5 | import com.aliyun.oss.model.Bucket; 6 | import org.springframework.beans.factory.annotation.Autowired; 7 | import org.springframework.stereotype.Component; 8 | 9 | import java.util.List; 10 | 11 | @Component 12 | public class OssService { 13 | 14 | @Autowired 15 | OSS ossClient; 16 | 17 | /** 18 | * 调用OSS API,以调用ListBuckets获取OSS Bucket列表为例 19 | */ 20 | public String listBuckets() { 21 | List buckets = ossClient.listBuckets(); 22 | return JSON.toJSONString(buckets); 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /solution/solution-ecs-sts-token/code-example/java/spring-boot/src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | server.port = 7001 -------------------------------------------------------------------------------- /solution/solution-ecs-sts-token/code-example/php/sls_sdk/composer.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "hello/sls", 3 | "type": "project", 4 | "require": { 5 | "alibabacloud/aliyun-log-php-sdk": "^0.6.4", 6 | "alibabacloud/credentials": "^1.1" 7 | }, 8 | "license": "MIT", 9 | "authors": [ 10 | { 11 | "name": "crimson" 12 | } 13 | ] 14 | } -------------------------------------------------------------------------------- /solution/solution-ecs-sts-token/code-example/python/oss_sdk/requirements.txt: -------------------------------------------------------------------------------- 1 | alibabacloud-credentials>=0.3.5 2 | oss2>=2.18.4 -------------------------------------------------------------------------------- /solution/solution-ecs-sts-token/code-example/python/sdk1_0/README.md: -------------------------------------------------------------------------------- 1 | ### 说明 2 | 阿里云V1.0 SDK是较早使用版本,稳定性良好,不少老用户习惯于原版SDK的开发,本示例为用户提供一个简练的使用指南。对于新用户则建议直接使用新版SDK,老用户也建议尽早迁移到新版SDK。 3 | 4 | 本示例完成SDK客户端的初始化后,调用API:GetCallerIdentity 获取当前调用者身份信息。 5 | #### 环境要求 6 | 该示例代码需要在ECS环境中执行 7 | - Python 2.7 或 3.x 8 | - 安装 SDK 核心库 Core 9 | ```bash 10 | pip install aliyun-python-sdk-core 11 | ``` 12 | - 安装 sts SDK,用于完成代码示例调用 13 | ```bash 14 | pip install aliyun-python-sdk-sts==3.1.2 15 | ``` 16 | 17 | ### role_config_sample 18 | 该示例代码通过配置ECS实例角色名完成客户端初始化。 19 | 20 | 在python目录下运行示例代码: 21 | ```bash 22 | python ./sdk1_0/role_config_sample.py 23 | ``` 24 | -------------------------------------------------------------------------------- /solution/solution-ecs-sts-token/code-example/python/sls_sdk/requirements.txt: -------------------------------------------------------------------------------- 1 | alibabacloud-credentials>=0.3.5 2 | aliyun-log-python-sdk>=0.9.3 -------------------------------------------------------------------------------- /solution/solution-ecs-sts-token/deployment/create_role_cross_account/outputs.tf: -------------------------------------------------------------------------------- 1 | output "role_arn" { 2 | value = alicloud_ram_role.role.arn 3 | } 4 | -------------------------------------------------------------------------------- /solution/solution-ecs-sts-token/deployment/create_role_cross_account/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = ">=1.213.1" 6 | } 7 | } 8 | required_version = ">=0.13" 9 | } 10 | -------------------------------------------------------------------------------- /solution/solution-ecs-system-configuration-maintenance/step1-preparation/tfvars.json.example: -------------------------------------------------------------------------------- 1 | { 2 | "region": "cn-hangzhou", 3 | "share_services_account_id": "" 4 | } 5 | -------------------------------------------------------------------------------- /solution/solution-ecs-system-configuration-maintenance/step1-preparation/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = ">= 1.203.0" 6 | } 7 | } 8 | required_version = ">= 1.3" 9 | } 10 | -------------------------------------------------------------------------------- /solution/solution-ecs-system-configuration-maintenance/step3-automation-deployment/tfvars.json.example: -------------------------------------------------------------------------------- 1 | { 2 | "region": "cn-hangzhou", 3 | "approverRamUserName": "oos-approver", 4 | "approverWebHookUrl": "https://oapi.dingtalk.com/robot/send?access_token=xxx", 5 | "commandRunningWebHookUrl": "https://oapi.dingtalk.com/robot/send?access_token=xxx" 6 | } 7 | -------------------------------------------------------------------------------- /solution/solution-ecs-system-configuration-maintenance/step3-automation-deployment/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = ">= 1.203.0" 6 | } 7 | } 8 | required_version = ">= 1.3" 9 | } 10 | -------------------------------------------------------------------------------- /solution/solution-enterprise-cloud-connection-using-cen-tr/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | ## 1.0.0 4 | 5 | * initial version -------------------------------------------------------------------------------- /solution/solution-enterprise-cloud-connection-using-cen-tr/README.md: -------------------------------------------------------------------------------- 1 | # terraform-xxx 2 | 3 | Terraform module which xxx. 4 | 5 | ## Usage 6 | 7 | ``` 8 | module "xxxx" { 9 | source = "terraform-alicloud-modules/xxxx" 10 | 11 | var1 = "value1" 12 | var2 = "value2" 13 | } 14 | ``` 15 | 16 | * `var1`: variable 1 17 | * `var2` variable 2 -------------------------------------------------------------------------------- /solution/solution-fc-sts-token/.gitignore: -------------------------------------------------------------------------------- 1 | target/ 2 | !.mvn/wrapper/maven-wrapper.jar 3 | !**/src/main/**/target/ 4 | !**/src/test/**/target/ 5 | 6 | ### IntelliJ IDEA ### 7 | .idea/ 8 | 9 | ### Eclipse ### 10 | .apt_generated 11 | .classpath 12 | .factorypath 13 | .project 14 | .settings 15 | .springBeans 16 | .sts4-cache 17 | 18 | ### NetBeans ### 19 | /nbproject/private/ 20 | /nbbuild/ 21 | /dist/ 22 | /nbdist/ 23 | /.nb-gradle/ 24 | build/ 25 | !**/src/main/**/build/ 26 | !**/src/test/**/build/ 27 | 28 | ### VS Code ### 29 | .vscode/ 30 | 31 | ### Mac OS ### 32 | .DS_Store -------------------------------------------------------------------------------- /solution/solution-fc-sts-token/code-example/python/oss_sdk/index.py: -------------------------------------------------------------------------------- 1 | import json 2 | import oss2 3 | 4 | def handler(event, context): 5 | endpoint = 'http://oss-cn-hangzhou.aliyuncs.com' 6 | bucket = 'web****' 7 | object = 'myObj' 8 | message = 'test-message' 9 | 10 | # 从上下文获取临时凭证 11 | creds = context.credentials 12 | 13 | # 转化为OSS SDK的凭证 14 | auth = oss2.StsAuth(creds.access_key_id, creds.access_key_secret, creds.security_token) 15 | 16 | # 调用OpenAPI 17 | bucket = oss2.Bucket(auth, endpoint, bucket) 18 | bucket.put_object(object, message) 19 | 20 | return 'success' -------------------------------------------------------------------------------- /solution/solution-fc-sts-token/code-example/python/sls_sdk/index.py: -------------------------------------------------------------------------------- 1 | from aliyun.log import LogClient 2 | 3 | def handler(event, context): 4 | endpoint = 'cn-hangzhou.log.aliyuncs.com' 5 | 6 | # 从上下文获取临时凭证 7 | creds = context.credentials 8 | 9 | # 初始化 LogClient 10 | client = LogClient(endpoint, creds.access_key_id, creds.access_key_secret, creds.security_token) 11 | 12 | # 调用ListProject接口 13 | response = client.list_project() 14 | 15 | return response.get_projects() -------------------------------------------------------------------------------- /solution/solution-golden-image/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | ## 1.0.0 4 | 5 | * initial version -------------------------------------------------------------------------------- /solution/solution-golden-image/README.md: -------------------------------------------------------------------------------- 1 | # 多账号 Golden Image 方案 2 | 3 | [中文](README.md) | [English](README_en.md) 4 | 5 | 多账号 Golden Image 方案实现了一种企业客户实现云上基础镜像的统一构建、共享和分发的方案,确保在多账号体系下,企业相关应用账号都能够使用安全合规的基础镜像。本代码仓库通过 Terraform 实现该方案的自动化。 6 | 7 | ![参考架构](https://img.alicdn.com/imgextra/i4/O1CN01q60mc31uISsMeep38_!!6000000006014-0-tps-1318-1304.jpg) 8 | 9 | ## 代码结构 10 | 11 | - `golden-image-pipeline`:通过 Terraform 部署的 Golden Image 自动化 Pipeline。 12 | - `golden-image-distribution`:分发 Golden Image 的 Terraform 代码实现。共分为两个步骤: 13 | - 复制镜像到其他地域。 14 | - 通过资源共享的共享单元共享镜像给其他账号、资源夹或者整个资源目录。 -------------------------------------------------------------------------------- /solution/solution-golden-image/golden-image-distribution/README.md: -------------------------------------------------------------------------------- 1 | # 分发 Golden Image 2 | 3 | [中文](README.md) | [English](README_en.md) 4 | 5 | ## 准备工作 6 | 7 | 1. 开通资源目录,并建立相应的资源结构 8 | 9 | ## 使用方式 10 | 11 | 分发 Golden Image 共分为两个步骤: 12 | 13 | 1. 进入 `step1-copy-golden-image`,将源镜像复制到其他地域,复制出来的镜像会和源镜像保持相同的名称和 Tag 标签。 14 | 2. 进入 `step2-share-golden-image`,基于资源共享的共享单元将镜像共享给其他账号。首先会创建资源共享共享单元,然后将需要共享的目标绑定到共享单元上,共享目标可以是资源目录中的任意账号、资源夹或者整个资源目录结构,最后将所需要共享的镜像添加入共享单元中,完成共享操作。 15 | 16 | ## 可能会遇到的问题 17 | 18 | 镜像创建时间过长,导致执行失败。当前 alicloud provider 设置的超时时间为 10min -------------------------------------------------------------------------------- /solution/solution-golden-image/golden-image-distribution/step1-copy-golden-image/outputs.tf: -------------------------------------------------------------------------------- 1 | output "image_id" { 2 | value = alicloud_image_copy.image.id 3 | } 4 | -------------------------------------------------------------------------------- /solution/solution-golden-image/golden-image-distribution/step1-copy-golden-image/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = ">= 1.192.0" 6 | } 7 | } 8 | required_version = ">= 0.13" 9 | } 10 | -------------------------------------------------------------------------------- /solution/solution-golden-image/golden-image-distribution/step2-share-golden-image/outputs.tf: -------------------------------------------------------------------------------- 1 | output "resource_share_id" { 2 | value = alicloud_resource_manager_resource_share.share_image.id 3 | } 4 | -------------------------------------------------------------------------------- /solution/solution-golden-image/golden-image-distribution/step2-share-golden-image/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | type = string 3 | default = "" 4 | description = "The ID of the deployment region" 5 | } 6 | 7 | variable "golden_image_ids" { 8 | type = list(string) 9 | description = "The image ids need shared." 10 | } 11 | 12 | variable "resource_share_name" { 13 | type = string 14 | description = "The name of resource share." 15 | } 16 | 17 | variable "resource_share_target_id" { 18 | type = string 19 | description = "The target of resource share. It should be the member account id or folder id or resource directory id in resource directory." 20 | } 21 | -------------------------------------------------------------------------------- /solution/solution-golden-image/golden-image-distribution/step2-share-golden-image/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = ">= 1.192.0" 6 | } 7 | } 8 | required_version = ">= 0.13" 9 | } 10 | -------------------------------------------------------------------------------- /solution/solution-golden-image/golden-image-pipeline/outputs.tf: -------------------------------------------------------------------------------- 1 | output "vpcId" { 2 | value = alicloud_vpc.immediate_instance.id 3 | } 4 | 5 | output "vswitchId" { 6 | value = alicloud_vswitch.immediate_instance.id 7 | } 8 | 9 | output "securityGroupId" { 10 | value = alicloud_security_group.immediate_instance.id 11 | } 12 | 13 | output "goldenImageAutomationTemplateId" { 14 | value = alicloud_oos_template.golden_image_automation.template_id 15 | } 16 | 17 | output "goldenImageAutomationTemplate" { 18 | value = alicloud_oos_template.golden_image_automation.id 19 | } 20 | -------------------------------------------------------------------------------- /solution/solution-golden-image/golden-image-pipeline/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = ">= 1.192.0" 6 | } 7 | } 8 | required_version = ">= 0.13" 9 | } 10 | -------------------------------------------------------------------------------- /solution/solution-kms-managed-accesskey/code-example/java/src/config/prod-aliyun/resources/application.properties: -------------------------------------------------------------------------------- 1 | endpoint.vpc=vpc-vpc.cn-hangzhou.aliyuncs.com -------------------------------------------------------------------------------- /solution/solution-kms-managed-accesskey/code-example/java/src/config/prod-aliyun/resources/managed_credentials_providers.properties: -------------------------------------------------------------------------------- 1 | cache_client_dkms_config_info=[{"regionId":"cn-hangzhou","endpoint":"kst-hzz646325987hc8fsulng.cryptoservice.kms.aliyuncs.com","passwordFromFilePath":"/root/resources/clientKey_Password.txt","clientKeyFile":"/root/resources/clientKey.json","ignoreSslCerts":false,"caFilePath":"/root/resources/PrivateKmsCA.pem"}] -------------------------------------------------------------------------------- /solution/solution-kms-managed-accesskey/code-example/java/src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | endpoint.vpc=vpc.aliyuncs.com -------------------------------------------------------------------------------- /solution/solution-kms-managed-accesskey/code-example/java/src/main/resources/managed_credentials_providers.properties: -------------------------------------------------------------------------------- 1 | credentials_type=client_key 2 | 3 | client_key_password_from_file_path=target/classes/clientKey_Password.txt 4 | #client_key_password_from_env_variable=CLIENT_KEY_PASSWORD 5 | 6 | client_key_private_key_path=target/classes/clientKey.json 7 | 8 | cache_client_region_id=[{"regionId":"cn-hangzhou"}] -------------------------------------------------------------------------------- /solution/solution-kms-managed-accesskey/deployment/step1-share-vswitch/outputs.tf: -------------------------------------------------------------------------------- 1 | output "resource_share_id" { 2 | value = alicloud_resource_manager_resource_share.share_vswitch.id 3 | } 4 | -------------------------------------------------------------------------------- /solution/solution-kms-managed-accesskey/deployment/step1-share-vswitch/tfvars.json.example: -------------------------------------------------------------------------------- 1 | { 2 | "region": "cn-hangzhou", 3 | "vswitch_ids": [ 4 | "vsw-bp18o5********" 5 | ], 6 | "resource_share_name": "kms-vpc", 7 | "resource_share_target_id": "125400********" 8 | } 9 | -------------------------------------------------------------------------------- /solution/solution-kms-managed-accesskey/deployment/step1-share-vswitch/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | type = string 3 | default = "" 4 | description = "The ID of the region where the vswitch is located " 5 | } 6 | 7 | variable "vswitch_ids" { 8 | type = list(string) 9 | description = "The ids of vswitch need shared." 10 | } 11 | 12 | variable "resource_share_name" { 13 | type = string 14 | description = "The name of resource share." 15 | } 16 | 17 | variable "resource_share_target_id" { 18 | type = string 19 | description = "The target of resource share. It should be the member account id or folder id or resource directory id in resource directory." 20 | } 21 | -------------------------------------------------------------------------------- /solution/solution-kms-managed-accesskey/deployment/step1-share-vswitch/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = ">= 1.208.0" 6 | } 7 | } 8 | required_version = ">= 0.13" 9 | } 10 | -------------------------------------------------------------------------------- /solution/solution-kms-managed-accesskey/deployment/step2-create-kms-instance/outputs.tf: -------------------------------------------------------------------------------- 1 | output "instance_id" { 2 | value = alicloud_kms_instance.instance.id 3 | } 4 | -------------------------------------------------------------------------------- /solution/solution-kms-managed-accesskey/deployment/step2-create-kms-instance/tfvars.json.example: -------------------------------------------------------------------------------- 1 | { 2 | "region": "cn-hangzhou", 3 | "log": false, 4 | "access_num": 3, 5 | "purchase_period": 1, 6 | "auto_renew": false, 7 | "vpc_id": "vpc-bp1c********", 8 | "zone_ids": [ 9 | "cn-hangzhou-k", "cn-hangzhou-j" 10 | ], 11 | "vswitch_id": "vsw-bp1cq3********", 12 | "bind_vpcs": [ 13 | { 14 | "vpc_id": "vpc-bp1lqqx*********", 15 | "vswitch_id": "vsw-bp18o5x64********", 16 | "vpc_owner_id": "18495046********" 17 | } 18 | ] 19 | } 20 | -------------------------------------------------------------------------------- /solution/solution-kms-managed-accesskey/deployment/step2-create-kms-instance/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = ">= 1.208.0" 6 | } 7 | } 8 | required_version = ">= 0.13" 9 | } 10 | -------------------------------------------------------------------------------- /solution/solution-kms-managed-accesskey/deployment/step3-share-kms-instance/outputs.tf: -------------------------------------------------------------------------------- 1 | output "resource_share_id" { 2 | value = alicloud_resource_manager_resource_share.share_kms_instance.id 3 | } 4 | -------------------------------------------------------------------------------- /solution/solution-kms-managed-accesskey/deployment/step3-share-kms-instance/tfvars.json.example: -------------------------------------------------------------------------------- 1 | { 2 | "region": "cn-hangzhou", 3 | "kms_instance_ids": [ 4 | "kst-hzz662b**********" 5 | ], 6 | "resource_share_name": "kms-instance", 7 | "resource_share_target_id": "184950469********" 8 | } 9 | -------------------------------------------------------------------------------- /solution/solution-kms-managed-accesskey/deployment/step3-share-kms-instance/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | type = string 3 | default = "" 4 | description = "The ID of the region where the kms instance is located " 5 | } 6 | 7 | variable "kms_instance_ids" { 8 | type = list(string) 9 | description = "The ids of kms instance need shared." 10 | } 11 | 12 | variable "resource_share_name" { 13 | type = string 14 | description = "The name of resource share." 15 | } 16 | 17 | variable "resource_share_target_id" { 18 | type = string 19 | description = "The target of resource share. It should be the member account id or folder id or resource directory id in resource directory." 20 | } 21 | -------------------------------------------------------------------------------- /solution/solution-kms-managed-accesskey/deployment/step3-share-kms-instance/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = ">= 1.208.0" 6 | } 7 | } 8 | required_version = ">= 0.13" 9 | } 10 | -------------------------------------------------------------------------------- /solution/solution-kms-managed-accesskey/deployment/step4-create-kms-aap/tfvars.json.example: -------------------------------------------------------------------------------- 1 | { 2 | "region": "cn-hangzhou", 3 | "kms_instance_id": "kst-hzz662b622********", 4 | "kms_key_id": "key-hzz66387dcb********", 5 | "kms_managed_ram_secret_name": "acs/ram/user/****", 6 | "kms_instance_policy": { 7 | "name": "ram-secret-private" 8 | }, 9 | "kms_shared_gateway_policy": { 10 | "name": "ram-secret-public" 11 | }, 12 | "aap_name": "ram-secret", 13 | "client_key_password": "ePw81zE**********" 14 | } 15 | -------------------------------------------------------------------------------- /solution/solution-kms-managed-accesskey/deployment/step4-create-kms-aap/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = ">= 1.208.0" 6 | } 7 | } 8 | required_version = ">= 0.13" 9 | } 10 | -------------------------------------------------------------------------------- /solution/solution-log-audit-using-sls/modules/ram-role/main.tf: -------------------------------------------------------------------------------- 1 | resource "alicloud_ram_policy" "policy" { 2 | policy_name = var.policy_name 3 | policy_document = var.policy_document 4 | } 5 | 6 | resource "alicloud_ram_role" "role" { 7 | name = var.role_name 8 | document = var.role_document 9 | } 10 | 11 | resource "alicloud_ram_role_policy_attachment" "attachment" { 12 | policy_name = alicloud_ram_policy.policy.name 13 | policy_type = alicloud_ram_policy.policy.type 14 | role_name = alicloud_ram_role.role.name 15 | 16 | depends_on = [ 17 | alicloud_ram_policy.policy, 18 | alicloud_ram_role.role 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /solution/solution-log-audit-using-sls/modules/ram-role/variables.tf: -------------------------------------------------------------------------------- 1 | variable "role_name" { 2 | type = string 3 | } 4 | 5 | variable "role_document" { 6 | type = string 7 | } 8 | 9 | variable "policy_name" { 10 | type = string 11 | } 12 | 13 | variable "policy_document" { 14 | type = string 15 | } 16 | -------------------------------------------------------------------------------- /solution/solution-log-audit-using-sls/modules/ram-role/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = ">= 1.203.0" 6 | } 7 | } 8 | required_version = ">= 1.3" 9 | } 10 | -------------------------------------------------------------------------------- /solution/solution-log-audit-using-sls/step1-create-log-audit-application/outputs.tf: -------------------------------------------------------------------------------- 1 | output "logarchive_central_sls_project" { 2 | value = format("slsaudit-center-%s-%s", var.logarchive_account_id, var.logarchive_central_region) 3 | } 4 | -------------------------------------------------------------------------------- /solution/solution-log-audit-using-sls/step1-create-log-audit-application/tfvars.json.example: -------------------------------------------------------------------------------- 1 | { 2 | "logarchive_central_region": "cn-shanghai", 3 | "logarchive_account_id": "", 4 | "audit_logs": { 5 | "cloudconfig_change_enabled": "true", 6 | "cloudconfig_change_ttl": "180", 7 | "oss_access_enabled": "true" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /solution/solution-log-audit-using-sls/step1-create-log-audit-application/variables.tf: -------------------------------------------------------------------------------- 1 | variable "logarchive_central_region" { 2 | type = string 3 | description = "Region of the central sls project" 4 | } 5 | 6 | variable "logarchive_account_id" { 7 | type = string 8 | description = "The ID of logarchive account" 9 | } 10 | 11 | variable "audit_logs" { 12 | type = map(string) 13 | description = "The logs to be audited" 14 | } 15 | -------------------------------------------------------------------------------- /solution/solution-log-audit-using-sls/step1-create-log-audit-application/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = ">= 1.203.0" 6 | } 7 | } 8 | required_version = ">= 1.3" 9 | } 10 | -------------------------------------------------------------------------------- /solution/solution-log-audit-using-sls/step2-delivery-to-central-logarchive/tfvars.json.example: -------------------------------------------------------------------------------- 1 | { 2 | "delivery_region": "cn-hangzhou", 3 | "delivery_account_id": "", 4 | "logarchive_central_region": "cn-shanghai", 5 | "logarchive_account_id": "", 6 | "delivery_sls_project": "", 7 | "delivery_sls_logstore": "", 8 | "central_sls_project": "", 9 | "central_sls_logstore_name": "other_log", 10 | "is_central_sls_logstore_existed": false, 11 | "delivery_ram_name_prefix": "", 12 | "logarchive_ram_role_name": "logaudit-post-role", 13 | "is_logarchive_ram_role_existed": false 14 | } 15 | -------------------------------------------------------------------------------- /solution/solution-log-audit-using-sls/step2-delivery-to-central-logarchive/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = ">= 1.203.0" 6 | } 7 | } 8 | required_version = ">= 1.3" 9 | } 10 | -------------------------------------------------------------------------------- /solution/solution-log-audit-using-sls/step3-cold-archive-to-oss/outputs.tf: -------------------------------------------------------------------------------- 1 | output "oss_export_job_ids" { 2 | value = [ 3 | for k, v in alicloud_log_oss_export.logarchive : v.export_name 4 | ] 5 | } 6 | 7 | output "oss_export_jobs" { 8 | value = [ 9 | for k, v in alicloud_log_oss_export.logarchive : { 10 | id = v.id 11 | job_id = v.export_name 12 | project_name = v.project_name 13 | logstore_name = v.logstore_name 14 | bucket_name = v.bucket 15 | } 16 | ] 17 | } 18 | -------------------------------------------------------------------------------- /solution/solution-log-audit-using-sls/step3-cold-archive-to-oss/tfvars.json.example: -------------------------------------------------------------------------------- 1 | { 2 | "logarchive_central_region": "cn-shanghai", 3 | "logarchive_account_id": "", 4 | "central_sls_project": "", 5 | "oss_bucket_name": "audit-log-archive", 6 | "is_oss_bucket_existed": false, 7 | "central_sls_logstore_exports": [ 8 | { 9 | "logstore_name": "cloudconfig_log", 10 | "oss_bucket_directory": "cloudconfig" 11 | }, 12 | { 13 | "logstore_name": "oss_log", 14 | "oss_bucket_directory": "oss" 15 | } 16 | ], 17 | "logarchive_ram_role_name": "audit-log-archive-to-oss-role", 18 | "is_logarchive_ram_role_existed": false 19 | } 20 | -------------------------------------------------------------------------------- /solution/solution-log-audit-using-sls/step3-cold-archive-to-oss/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = ">= 1.203.0" 6 | } 7 | } 8 | required_version = ">= 1.3" 9 | } 10 | 11 | -------------------------------------------------------------------------------- /solution/solution-log-audit-using-sls/step4-add-control-policy/tfvars.json.example: -------------------------------------------------------------------------------- 1 | { 2 | "logarchive_account_id": "", 3 | "central_sls_project": "", 4 | "oss_bucket_name": "audit-log-archive", 5 | "oss_export_job_ids": [ 6 | "cold-logarchive-1", 7 | "cold-logarchive-2" 8 | ] 9 | } 10 | -------------------------------------------------------------------------------- /solution/solution-log-audit-using-sls/step4-add-control-policy/variables.tf: -------------------------------------------------------------------------------- 1 | variable "logarchive_account_id" { 2 | type = string 3 | description = "The ID of logarchive account" 4 | } 5 | 6 | variable "central_sls_project" { 7 | type = string 8 | description = "The name of logarchive central sls project" 9 | } 10 | 11 | variable "oss_bucket_name" { 12 | type = string 13 | description = "The name of oss bucket that cold logarchive" 14 | } 15 | 16 | variable "oss_export_job_ids" { 17 | type = list(string) 18 | description = "The IDs of oss export job that cold archiving log" 19 | } 20 | -------------------------------------------------------------------------------- /solution/solution-log-audit-using-sls/step4-add-control-policy/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = ">= 1.203.0" 6 | } 7 | } 8 | required_version = ">= 1.3" 9 | } 10 | -------------------------------------------------------------------------------- /solution/solution-oss-pre-signed/.gitignore: -------------------------------------------------------------------------------- 1 | target/ 2 | !.mvn/wrapper/maven-wrapper.jar 3 | !**/src/main/**/target/ 4 | !**/src/test/**/target/ 5 | 6 | ### IntelliJ IDEA ### 7 | .idea/ 8 | 9 | ### Eclipse ### 10 | .apt_generated 11 | .classpath 12 | .factorypath 13 | .project 14 | .settings 15 | .springBeans 16 | .sts4-cache 17 | 18 | ### NetBeans ### 19 | /nbproject/private/ 20 | /nbbuild/ 21 | /dist/ 22 | /nbdist/ 23 | /.nb-gradle/ 24 | build/ 25 | !**/src/main/**/build/ 26 | !**/src/test/**/build/ 27 | 28 | ### VS Code ### 29 | .vscode/ 30 | 31 | ### Mac OS ### 32 | .DS_Store -------------------------------------------------------------------------------- /solution/solution-oss-pre-signed/code-example/java/spring-boot/src/main/java/org/example/Application.java: -------------------------------------------------------------------------------- 1 | package org.example; 2 | 3 | import org.springframework.boot.SpringApplication; 4 | import org.springframework.boot.autoconfigure.SpringBootApplication; 5 | 6 | @SpringBootApplication 7 | public class Application { 8 | public static void main(String[] args) { 9 | SpringApplication.run(Application.class, args); 10 | } 11 | } -------------------------------------------------------------------------------- /solution/solution-oss-pre-signed/code-example/java/spring-boot/src/main/java/org/example/model/OssPostCallback.java: -------------------------------------------------------------------------------- 1 | package org.example.model; 2 | 3 | import lombok.Builder; 4 | import lombok.Data; 5 | 6 | @Data 7 | @Builder 8 | public class OssPostCallback { 9 | 10 | String callbackUrl; 11 | 12 | String callbackBody; 13 | 14 | String callbackBodyType; 15 | } 16 | -------------------------------------------------------------------------------- /solution/solution-oss-pre-signed/code-example/java/spring-boot/src/main/java/org/example/model/PostCallbackResp.java: -------------------------------------------------------------------------------- 1 | package org.example.model; 2 | 3 | import lombok.Data; 4 | 5 | @Data 6 | public class PostCallbackResp { 7 | 8 | Boolean success; 9 | 10 | String message; 11 | } 12 | -------------------------------------------------------------------------------- /solution/solution-oss-pre-signed/code-example/java/spring-boot/src/main/java/org/example/model/PostSignatureResp.java: -------------------------------------------------------------------------------- 1 | package org.example.model; 2 | 3 | import lombok.Builder; 4 | import lombok.Data; 5 | 6 | @Data 7 | @Builder 8 | public class PostSignatureResp { 9 | 10 | private String accessKeyId; 11 | 12 | private String securityToken; 13 | 14 | private String policy; 15 | 16 | private String signature; 17 | 18 | private String dir; 19 | 20 | private String host; 21 | 22 | private String expires; 23 | 24 | private String callback; 25 | } 26 | -------------------------------------------------------------------------------- /solution/solution-oss-pre-signed/code-example/java/spring-boot/src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | server.port = 7001 2 | 3 | # 地域,以杭州地域为例 4 | region.id=cn-hangzhou 5 | 6 | oss.bucket= 7 | 8 | service.address= -------------------------------------------------------------------------------- /solution/solution-privatelink-private-network-interconnection/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | ## 1.0.0 4 | 5 | * initial version -------------------------------------------------------------------------------- /solution/solution-privatelink-private-network-interconnection/README.md: -------------------------------------------------------------------------------- 1 | # terraform-xxx 2 | 3 | Terraform module which xxx. 4 | 5 | ## Usage 6 | 7 | ``` 8 | module "xxxx" { 9 | source = "terraform-alicloud-modules/xxxx" 10 | 11 | var1 = "value1" 12 | var2 = "value2" 13 | } 14 | ``` 15 | 16 | * `var1`: variable 1 17 | * `var2` variable 2 -------------------------------------------------------------------------------- /solution/solution-privatelink-private-network-interconnection/outputs.tf: -------------------------------------------------------------------------------- 1 | output "out1" { 2 | value = data.alicloud_account.current 3 | } -------------------------------------------------------------------------------- /solution/solution-privatelink-private-network-interconnection/privatelink_private_network_interconnection/vpc/main.tf: -------------------------------------------------------------------------------- 1 | variable "vpc_cidr" {} 2 | 3 | terraform { 4 | required_providers { 5 | alicloud = { 6 | source = "hashicorp/alicloud" 7 | version = "~> 1.1" 8 | } 9 | } 10 | } 11 | 12 | resource "alicloud_vpc" "vpc" { 13 | vpc_name = "privatelink-service" 14 | cidr_block = var.vpc_cidr 15 | } 16 | 17 | output "vpc_id" { 18 | value = alicloud_vpc.vpc.id 19 | } 20 | output "route_table_id" { 21 | value = alicloud_vpc.vpc.route_table_id 22 | } 23 | -------------------------------------------------------------------------------- /solution/solution-privatelink-private-network-interconnection/sg/main.tf: -------------------------------------------------------------------------------- 1 | variable "vpc_id" {} 2 | 3 | terraform { 4 | required_providers { 5 | alicloud = { 6 | source = "hashicorp/alicloud" 7 | version = "~> 1.1" 8 | } 9 | } 10 | } 11 | 12 | resource "alicloud_security_group" "group" { 13 | vpc_id = var.vpc_id 14 | } 15 | 16 | resource "alicloud_security_group_rule" "rule" { 17 | type = "ingress" 18 | ip_protocol = "all" 19 | nic_type = "intranet" 20 | policy = "accept" 21 | port_range = "1/65535" 22 | priority = 1 23 | security_group_id = alicloud_security_group.group.id 24 | cidr_ip = "0.0.0.0/0" 25 | } 26 | 27 | 28 | output "sg_id" { 29 | value = alicloud_security_group.group.id 30 | } 31 | 32 | -------------------------------------------------------------------------------- /solution/solution-privatelink-private-network-interconnection/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = ">= 1.180.0" 6 | } 7 | } 8 | required_version = ">= 0.13" 9 | } -------------------------------------------------------------------------------- /solution/solution-privatelink-private-network-interconnection/vpc/main.tf: -------------------------------------------------------------------------------- 1 | variable "vpc_cidr" {} 2 | 3 | terraform { 4 | required_providers { 5 | alicloud = { 6 | source = "hashicorp/alicloud" 7 | version = "~> 1.1" 8 | } 9 | } 10 | } 11 | 12 | resource "alicloud_vpc" "vpc" { 13 | vpc_name = "privatelink-service" 14 | cidr_block = var.vpc_cidr 15 | } 16 | 17 | output "vpc_id" { 18 | value = alicloud_vpc.vpc.id 19 | } 20 | output "route_table_id" { 21 | value = alicloud_vpc.vpc.route_table_id 22 | } 23 | -------------------------------------------------------------------------------- /solution/solution-tvm/.gitignore: -------------------------------------------------------------------------------- 1 | target/ 2 | !.mvn/wrapper/maven-wrapper.jar 3 | !**/src/main/**/target/ 4 | !**/src/test/**/target/ 5 | 6 | ### IntelliJ IDEA ### 7 | .idea/ 8 | 9 | ### Eclipse ### 10 | .apt_generated 11 | .classpath 12 | .factorypath 13 | .project 14 | .settings 15 | .springBeans 16 | .sts4-cache 17 | 18 | ### NetBeans ### 19 | /nbproject/private/ 20 | /nbbuild/ 21 | /dist/ 22 | /nbdist/ 23 | /.nb-gradle/ 24 | build/ 25 | !**/src/main/**/build/ 26 | !**/src/test/**/build/ 27 | 28 | ### VS Code ### 29 | .vscode/ 30 | 31 | ### Mac OS ### 32 | .DS_Store -------------------------------------------------------------------------------- /solution/solution-tvm/code-example/java/spring-boot/src/main/java/org/example/Application.java: -------------------------------------------------------------------------------- 1 | package org.example; 2 | 3 | import org.springframework.boot.SpringApplication; 4 | import org.springframework.boot.autoconfigure.SpringBootApplication; 5 | 6 | @SpringBootApplication 7 | public class Application { 8 | public static void main(String[] args) { 9 | SpringApplication.run(Application.class, args); 10 | } 11 | } -------------------------------------------------------------------------------- /solution/solution-tvm/code-example/java/spring-boot/src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | server.port = 7001 2 | 3 | # 地域,以杭州地域为例 4 | region.id=cn-hangzhou 5 | 6 | # 业务角色ARN 7 | role.arn= 8 | 9 | # oss bucket 10 | oss.bucket= 11 | 12 | # sls project 13 | sls.project= -------------------------------------------------------------------------------- /solution/solution-tvm/code-example/java/spring-boot/src/main/resources/policy-templates/OssTemplate.json: -------------------------------------------------------------------------------- 1 | { 2 | "Effect": "Allow", 3 | "Action": [ 4 | "oss:GetObject", 5 | "oss:PutObject", 6 | "oss:DeleteObject" 7 | ], 8 | "Resource": "acs:oss:*:*:{{bucket}}/{{dir}}/*" 9 | }, 10 | { 11 | "Effect": "Allow", 12 | "Action": "oss:ListObjects", 13 | "Resource": "acs:oss:*:*:{{bucket}}", 14 | "Condition": { 15 | "StringLike": { 16 | "oss:Delimiter": "/", 17 | "oss:Prefix": [ 18 | "{{dir}}/", 19 | "{{dir}}/*" 20 | ] 21 | } 22 | } 23 | } -------------------------------------------------------------------------------- /solution/solution-tvm/code-example/java/spring-boot/src/main/resources/policy-templates/SlsTemplate.json: -------------------------------------------------------------------------------- 1 | { 2 | "Effect":"Allow", 3 | "Action":[ 4 | "log:PostLogStoreLogs" 5 | ], 6 | "Resource":[ 7 | "acs:log:*:*:project/{{project}}/logstore/{{logstore}}" 8 | ] 9 | } -------------------------------------------------------------------------------- /solution/solution-vpc-interconnection-using-peering-and-tr/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | ## 1.0.0 4 | 5 | * initial version -------------------------------------------------------------------------------- /solution/solution-vpc-interconnection-using-peering-and-tr/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/solution/solution-vpc-interconnection-using-peering-and-tr/README.md -------------------------------------------------------------------------------- /solution/solution-vpc-interconnection-using-peering-and-tr/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "hashicorp/alicloud" 5 | version = "~> 1.1" 6 | } 7 | } 8 | } -------------------------------------------------------------------------------- /solution/solution-vpc-interconnection-using-peering-and-tr/vpc/main.tf: -------------------------------------------------------------------------------- 1 | variable "vpc_cidr" {} 2 | variable "vsw_cidr" {} 3 | variable "zone_id" {} 4 | 5 | resource "alicloud_vpc" "vpc" { 6 | vpc_name = "vpc_test" 7 | cidr_block = var.vpc_cidr 8 | } 9 | 10 | resource "alicloud_vswitch" "vsw" { 11 | vpc_id = alicloud_vpc.vpc.id 12 | cidr_block = var.vsw_cidr 13 | zone_id = var.zone_id 14 | } 15 | 16 | output "vpc_id" { 17 | value = alicloud_vpc.vpc.id 18 | } 19 | output "vsw_id" { 20 | value = alicloud_vswitch.vsw.id 21 | } 22 | output "route_table_id" { 23 | value = alicloud_vpc.vpc.route_table_id 24 | } 25 | -------------------------------------------------------------------------------- /solution/tools/aliyun_subscribe_actiontrail/README.md: -------------------------------------------------------------------------------- 1 | ### 脚本逻辑 2 | - 确保已在「企业管理账号」中开通资源目录,并且将其他账号邀请到资源目录中。具体操作,请参见云治理中心-资源结构初始化。 3 | - 确保已在「企业管理账号」中开启多账号的统一日志投递。具体操作,请参见云治理中心-统一投递审计日志投递审计日志。 4 | - 确保在各个成员账号中开通事件总线并且完成授权。具体操作,请参见开通事件总线。 5 | - 确保在「日志账号」中已开通了日志服务,用于收集函数计算运行过程中日志。 6 | - 如果需要使用到高阶版功能支持幂等逻辑需要再执行以下操作: 7 | - 确保在「日志账号」中开通事件总线及函数计算、配置相应的VPC网络及安全组用于配置数据库及函数计算资源。创建相应的数据库,相应的数据表及授权。具体操作,请参见开通事件总线 和 开通函数计算。 8 | -------------------------------------------------------------------------------- /solution/tools/aliyun_subscribe_actiontrail/requirements.txt: -------------------------------------------------------------------------------- 1 | aliyun-python-sdk-ecs==4.24.24 2 | aliyun-python-sdk-core==2.13.35 3 | aliyun-python-sdk-sts==3.1.0 4 | aliyun-python-sdk-resourcemanager==1.2.1 5 | PyMySQL==1.0.2 6 | 7 | 8 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-account-factory-role-based-sso/CHANGELOG.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/terraform-modules/terraform-alicloud-landing-zone-account-factory-role-based-sso/CHANGELOG.md -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-account-factory-role-based-sso/examples/common/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/terraform-modules/terraform-alicloud-landing-zone-account-factory-role-based-sso/examples/common/README.md -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-account-factory-role-based-sso/examples/common/main.tf: -------------------------------------------------------------------------------- 1 | provider "alicloud" { 2 | region = "cn-shanghai" 3 | } 4 | 5 | module "role_based_sso" { 6 | source = "../../" 7 | 8 | metadata_file_path = var.metadata_file_path 9 | 10 | ram_roles = var.ram_roles 11 | 12 | saml_provider_name = var.saml_provider_name 13 | saml_provider_description = var.saml_provider_description 14 | } -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-account-factory-role-based-sso/examples/common/outputs.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/terraform-modules/terraform-alicloud-landing-zone-account-factory-role-based-sso/examples/common/outputs.tf -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-account-factory-role-based-sso/examples/common/tfvars/common.tfvars: -------------------------------------------------------------------------------- 1 | metadata_file_path = "./metadata.xml" 2 | ram_roles = [ 3 | { 4 | name = "Admin" 5 | description = "Super admin" 6 | policies = [ 7 | "AdministratorAccess" 8 | ] 9 | }, 10 | { 11 | name = "LogAdmin" 12 | description = "Log service full access" 13 | policies = [ 14 | "AliyunLogFullAccess" 15 | ] 16 | }, 17 | { 18 | name = "NetworkAdmin" 19 | description = "VPC/SLB/CEN... full access" 20 | policies = [ 21 | "AliyunVPCFullAccess", 22 | "AliyunNATGatewayFullAccess", 23 | "AliyunEIPFullAccess", 24 | "AliyunCENFullAccess", 25 | "AliyunSLBFullAccess" 26 | ] 27 | } 28 | ] -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-account-factory-role-based-sso/examples/common/variables.tf: -------------------------------------------------------------------------------- 1 | variable "metadata_file_path" { 2 | type = string 3 | default = "" 4 | description = "metadata.xml exported from IdP" 5 | } 6 | 7 | variable "ram_roles" { 8 | type = list(object({ 9 | name = string 10 | description = string 11 | policies = list(string) 12 | })) 13 | } 14 | 15 | variable "saml_provider_name" { 16 | type = string 17 | default = "EnterpriseIdP" 18 | description = "(optional) IdP name used as SSO" 19 | } 20 | 21 | variable "saml_provider_description" { 22 | type = string 23 | default = "IdP used for role based SSO" 24 | description = "(optional) IdP description" 25 | } -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-account-factory-role-based-sso/modules/ram_role/outputs.tf: -------------------------------------------------------------------------------- 1 | output "role_name" { 2 | value = alicloud_ram_role.ram_role.id 3 | } 4 | 5 | output "role_arn" { 6 | value = alicloud_ram_role.ram_role.arn 7 | } -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-account-factory-role-based-sso/modules/ram_role/variables.tf: -------------------------------------------------------------------------------- 1 | variable "role_name" {} 2 | 3 | variable "role_description" {} 4 | 5 | variable "policies" {} 6 | 7 | variable "account_uid" {} 8 | 9 | variable "idp_name" {} -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-account-factory-role-based-sso/outputs.tf: -------------------------------------------------------------------------------- 1 | output "saml_provider_arn" { 2 | value = alicloud_ram_saml_provider.idp.arn 3 | } 4 | 5 | output "ram_roles_arn" { 6 | value = [ 7 | for k, role in module.role: role.role_arn 8 | ] 9 | } -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-account-factory-role-based-sso/variables.tf: -------------------------------------------------------------------------------- 1 | variable "metadata_file_path" { 2 | type = string 3 | default = "" 4 | description = "metadata.xml exported from IdP" 5 | } 6 | 7 | variable "ram_roles" { 8 | type = list(object({ 9 | name = string 10 | description = string 11 | policies = list(string) 12 | })) 13 | } 14 | 15 | variable "saml_provider_name" { 16 | type = string 17 | default = "EnterpriseIdP" 18 | description = "(optional) IdP name used as SSO" 19 | } 20 | 21 | variable "saml_provider_description" { 22 | type = string 23 | default = "IdP used for role based SSO" 24 | description = "(optional) IdP description" 25 | } -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-account-factory-role-based-sso/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "hashicorp/alicloud" 5 | version = ">= 1.134.0" 6 | } 7 | } 8 | required_version = ">= 0.13" 9 | } 10 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-actiontrail-event-alert/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "hashicorp/alicloud" 5 | version = "> 1.203.0" 6 | configuration_aliases = [alicloud.log_resource_record] 7 | } 8 | } 9 | required_version = ">= 0.13" 10 | } 11 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-alb/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # CHANGELOG 2 | 3 | ## 1.0.0 4 | Initial version. 5 | 6 | ## 1.0.1 7 | Add WAF edition support for ALB. -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-alb/examples/create-public-alb/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = ">=1.193.1" 6 | } 7 | } 8 | } 9 | 10 | provider "alicloud" { 11 | region = var.region 12 | } 13 | 14 | module "dmz_ingress_alb" { 15 | source = "../.." 16 | vpc_id = var.dmz_vpc_id 17 | alb_instance_spec = var.alb_instance_spec 18 | alb_instance_deploy_config = var.alb_instance_deploy_config 19 | server_group_backend_servers = var.server_group_backend_servers 20 | } 21 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-alb/examples/create-public-alb/outputs.tf: -------------------------------------------------------------------------------- 1 | output "alb_instance_id" { 2 | description = "The ID of the ALB instance." 3 | value = module.dmz_ingress_alb.alb_instance_id 4 | } 5 | 6 | output "server_group_id" { 7 | description = "The ID of the server group." 8 | value = module.dmz_ingress_alb.server_group_id 9 | } 10 | 11 | output "alb_listener_id" { 12 | description = "The ID of the ALB Listener." 13 | value = module.dmz_ingress_alb.alb_listener_id 14 | } -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-alb/examples/create-public-alb/tfvars/settings.tfvars: -------------------------------------------------------------------------------- 1 | region = "cn-shanghai" 2 | dmz_vpc_id = "vpc-uf64jvvvabr84damwjp9q" 3 | 4 | alb_instance_deploy_config = { 5 | load_balancer_name = "alb-dmz-ingress" 6 | zone_1_id = "cn-shanghai-f" 7 | vswitch_1_id = "vsw-uf6hsm7zaupj72bekrctf" 8 | 9 | zone_2_id = "cn-shanghai-g" 10 | vswitch_2_id = "vsw-uf6xwi8lz10wc60kb5mzd" 11 | } 12 | 13 | # TF不支持,目前无法使用跨VPC挂载IP类型服务器组功能 14 | #server_group_backend_servers = [ 15 | # { 16 | # server_type = "Ip" 17 | # server_id = "i-uf6ambutcn90srdw6kw1" 18 | # server_ip = "172.16.10.50" 19 | # description = "backend-server1" 20 | # weight = 100 21 | # port = 80 22 | # } 23 | #] 24 | 25 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-alb/outputs.tf: -------------------------------------------------------------------------------- 1 | output "alb_instance_id" { 2 | description = "The ID of the ALB instance." 3 | value = alicloud_alb_load_balancer.default.id 4 | } 5 | 6 | output "server_group_id" { 7 | description = "The ID of the server group." 8 | value = alicloud_alb_server_group.default.id 9 | } 10 | 11 | output "alb_listener_id" { 12 | description = "The ID of the ALB Listener." 13 | value = alicloud_alb_listener.default.id 14 | } 15 | 16 | 17 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-alb/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = ">=1.193.1" 6 | } 7 | 8 | local = { 9 | source = "hashicorp/local" 10 | version = "2.1.0" 11 | } 12 | } 13 | required_version = ">=0.12" 14 | } -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-cen-custom-route/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # CHANGELOG 2 | 3 | ## 1.0.0 4 | 5 | Initial version -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-cen-custom-route/examples/add-routing-entries/outputs.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/terraform-modules/terraform-alicloud-landing-zone-cen-custom-route/examples/add-routing-entries/outputs.tf -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-cen-custom-route/examples/add-routing-entries/tfvars/settings.tfvars: -------------------------------------------------------------------------------- 1 | region = "cn-shanghai" 2 | transit_router_id = "tr-uf6vpyd9yp4lyeu70n3yw" 3 | cen_attach_id_dmz_vpc = "tr-attach-79nkaodj9a1qhblksf" 4 | 5 | alb_back_to_source_route = [ 6 | "100.121.111.192/26", "100.121.112.0/26", "100.121.112.64/26", "100.121.113.128/26", "100.117.147.128/26", 7 | "100.117.147.192/26", "100.117.147.64/26", "100.121.111.128/26" 8 | ] 9 | 10 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-cen-custom-route/examples/add-routing-entries/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | type = string 3 | } 4 | 5 | variable "create_route_table" { 6 | description = "Whether to create a TR route table. If false, use default route table." 7 | type = bool 8 | default = false 9 | } 10 | 11 | variable "transit_router_id" { 12 | description = "ID of the transit router." 13 | type = string 14 | } 15 | 16 | variable "cen_attach_id_dmz_vpc" { 17 | description = "Attachment ID of the transit router association for DMZ VPC." 18 | type = string 19 | } 20 | 21 | variable "alb_back_to_source_route" { 22 | description = "Configuration of the route entry." 23 | type = list(string) 24 | } 25 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-cen-custom-route/outputs.tf: -------------------------------------------------------------------------------- 1 | # outputs.tf https://learn.hashicorp.com/tutorials/terraform/outputs 2 | output "route_table_id" { 3 | description = "The ID of the transit router table." 4 | value = var.create_route_table ? alicloud_cen_transit_router_route_table.custom_route_table.0.transit_router_route_table_id : "" 5 | } 6 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-cen-custom-route/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = ">=1.160.0" 6 | } 7 | 8 | local = { 9 | source = "hashicorp/local" 10 | version = "2.1.0" 11 | } 12 | } 13 | required_version = ">=0.12" 14 | } -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-cen-vpc-attach/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # CHANGELOG 2 | 3 | ## 1.0.0 4 | 5 | Initial version -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-cen-vpc-attach/examples/add-vpc-attachment/outputs.tf: -------------------------------------------------------------------------------- 1 | output "attachment_id" { 2 | value = module.cen_attach.attachment_id 3 | } -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-cen-vpc-attach/outputs.tf: -------------------------------------------------------------------------------- 1 | output "id" { 2 | description = "ID of the resource, It is formatted to :" 3 | value = alicloud_cen_transit_router_vpc_attachment.vpc_attachment.id 4 | } 5 | 6 | output "attachment_id" { 7 | description = "ID of transit router attachment." 8 | value = alicloud_cen_transit_router_vpc_attachment.vpc_attachment.transit_router_attachment_id 9 | } 10 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-cen-vpc-attach/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = ">=1.192.0" 6 | configuration_aliases = [ alicloud.shared_service_account, alicloud.vpc_account ] 7 | } 8 | 9 | local = { 10 | source = "hashicorp/local" 11 | version = "2.1.0" 12 | } 13 | } 14 | required_version = ">=0.12" 15 | } -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-cen-with-dmz-vpc/examples/common/outputs.tf: -------------------------------------------------------------------------------- 1 | output "dmz_vpc_id" { 2 | value = module.dmz_vpc.dmz_vpc_id 3 | } 4 | 5 | output "dmz_vswitches" { 6 | value = [ 7 | for idx, vsw in module.dmz_vpc.dmz_vswitches : 8 | { 9 | ZoneId = vsw.zone_id 10 | VswitchId = vsw.vswitch_id 11 | } 12 | ] 13 | } -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-cen-with-dmz-vpc/examples/common/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.170.0" 6 | configuration_aliases = [ alicloud.cen_account, alicloud.dmz_vpc_account ] 7 | } 8 | } 9 | required_version = ">= 0.14" 10 | } 11 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-cen-with-dmz-vpc/local.tfvars: -------------------------------------------------------------------------------- 1 | cen_instance_name = "lz-cen" 2 | network_cidr = "10.0.0.0/8" 3 | dmz_vpc_region = "cn-hangzhou" 4 | dmz_vpc_cidr = "10.0.1.0/24" 5 | dmz_egress_eip_name = "lz-dmz-eip" 6 | dmz_egress_nat_gateway_name = "lz-dmz-nat" 7 | dmz_vswitch = [ { 8 | vswitch_cidr = "10.0.1.0/26" 9 | vswitch_description = "lz-dmz-vsw-1" 10 | vswitch_name = "lz-dmz-vsw-1" 11 | zone_id = "cn-hangzhou-h" 12 | }, { 13 | vswitch_cidr = "10.0.1.128/26" 14 | vswitch_description = "lz-dmz-vsw-2" 15 | vswitch_name = "lz-dmz-vsw-2" 16 | zone_id = "cn-hangzhou-i" 17 | } ] -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-cen-with-dmz-vpc/modules/cen-vpc-attach/outputs.tf: -------------------------------------------------------------------------------- 1 | # outputs.tf https://learn.hashicorp.com/tutorials/terraform/outputs 2 | output "id" { 3 | description = "ID of the resource, It is formatted to :" 4 | value = alicloud_cen_transit_router_vpc_attachment.vpc_attachment.id 5 | } 6 | 7 | output "attachment_id" { 8 | description = "The ID of transit router attachment." 9 | value = alicloud_cen_transit_router_vpc_attachment.vpc_attachment.transit_router_attachment_id 10 | } 11 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-cen-with-dmz-vpc/modules/cen-vpc-attach/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.170.0" 6 | configuration_aliases = [ alicloud.cen_account, alicloud.vpc_account ] 7 | } 8 | } 9 | required_version = ">=0.13" 10 | } -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-cen-with-dmz-vpc/modules/eip/outputs.tf: -------------------------------------------------------------------------------- 1 | output "eip_id_list" { 2 | description = "EIP ID." 3 | value = [for idx, eip in alicloud_eip_address.eip_address : eip.id] 4 | } 5 | 6 | output "eip_address_list" { 7 | description = "EIP Address." 8 | value = [for idx, eip in alicloud_eip_address.eip_address : eip.ip_address] 9 | } 10 | 11 | output "common_bandwidth_package_id" { 12 | description = "Common bandwidth package ID." 13 | value = var.create_common_bandwidth_package ? alicloud_common_bandwidth_package.bandwidth_package.0.id : "" 14 | } 15 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-cen-with-dmz-vpc/modules/eip/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.170.0" 6 | } 7 | } 8 | required_version = ">=0.13" 9 | } -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-cen-with-dmz-vpc/modules/nat-gateway/outputs.tf: -------------------------------------------------------------------------------- 1 | output "nat_gateway_id" { 2 | description = "The ID of the nat gateway." 3 | value = alicloud_nat_gateway.nat_gateway.id 4 | } 5 | 6 | output "nat_gateway_snat_entry_id_list" { 7 | description = "The ID list of SNAT entries." 8 | value = [for idx, entry in alicloud_snat_entry.snat_entry : entry.id] 9 | } -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-cen-with-dmz-vpc/modules/nat-gateway/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.170.0" 6 | } 7 | } 8 | required_version = ">=0.13" 9 | } -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-cen-with-dmz-vpc/outputs.tf: -------------------------------------------------------------------------------- 1 | output "cen_account_id" { 2 | value = data.alicloud_account.cen.id 3 | } 4 | 5 | output "dmz_vpc_account_id" { 6 | value = data.alicloud_account.dmz_vpc.id 7 | } 8 | 9 | output "dmz_vpc_id" { 10 | value = alicloud_vpc.dmz_vpc.id 11 | } 12 | 13 | output "dmz_vswitches" { 14 | value = [ 15 | for idx, vsw in alicloud_vswitch.dmz_vswitch : 16 | { 17 | vswitch_id = vsw.id 18 | zone_id = vsw.zone_id 19 | } 20 | ] 21 | } -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-cen-with-dmz-vpc/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.170.0" 6 | configuration_aliases = [ alicloud.cen_account, alicloud.dmz_vpc_account ] 7 | } 8 | } 9 | required_version = ">= 0.14" 10 | } 11 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-cloud-sso-multi-account-policy/examples/complete/tfvars/step-01.tfvars: -------------------------------------------------------------------------------- 1 | # Step 1: Creating a directory and folder 2 | ##################### 3 | # Cloud SSO Directory 4 | ##################### 5 | create_directory = true 6 | directory_name = "multi-account-module" 7 | mfa_authentication_status = "Enabled" 8 | scim_synchronization_status = "Disabled" 9 | 10 | ##################### 11 | # Resource Manager Folder 12 | ##################### 13 | create_resource_manager_folder = true 14 | folder_name = "multi-account-module" 15 | 16 | 17 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-cloud-sso-multi-account-policy/examples/complete/tfvars/step-03.tfvars: -------------------------------------------------------------------------------- 1 | # Step 3: Creating a RD account and assign the policy for it 2 | create_resource_manager_account = true 3 | assign_access_configuration = true 4 | 5 | # Remain the step 2 variables 6 | create_group = true 7 | create_access_configuration = true 8 | display_name = "AppNameDev" 9 | 10 | # Remain the step 1 variables 11 | create_directory = true 12 | directory_name = "multi-account-module" 13 | mfa_authentication_status = "Enabled" 14 | scim_synchronization_status = "Disabled" 15 | 16 | create_resource_manager_folder = true 17 | folder_name = "multi-account-module" 18 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-cloud-sso-multi-account-policy/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.13.1" 3 | 4 | required_providers { 5 | alicloud = { 6 | source = "hashicorp/alicloud" 7 | version = ">= 1.145.0" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-eip/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # CHANGELOG 2 | 3 | ## 1.0.0 4 | 5 | Initial version -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-eip/examples/create-eip-and-bandwidth-package/outputs.tf: -------------------------------------------------------------------------------- 1 | output "eip_id_list" { 2 | description = "EIP ID." 3 | value = module.dmz_egress_eip.eip_id_list 4 | } 5 | 6 | output "eip_address_list" { 7 | description = "EIP Address." 8 | value = module.dmz_egress_eip.eip_address_list 9 | } 10 | 11 | output "common_bandwidth_package_id" { 12 | description = "Common bandwidth package ID." 13 | value = module.dmz_egress_eip.common_bandwidth_package_id 14 | } -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-eip/examples/create-eip-and-bandwidth-package/tfvars/settings.tfvars: -------------------------------------------------------------------------------- 1 | region = "cn-shanghai" 2 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-eip/examples/create-eip-and-bandwidth-package/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | type = string 3 | } 4 | 5 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-eip/outputs.tf: -------------------------------------------------------------------------------- 1 | output "eip_id_list" { 2 | description = "EIP ID." 3 | value = [for idx, eip in alicloud_eip_address.eip_address : eip.id] 4 | } 5 | 6 | output "eip_address_list" { 7 | description = "EIP Address." 8 | value = [for idx, eip in alicloud_eip_address.eip_address : eip.ip_address] 9 | } 10 | 11 | output "common_bandwidth_package_id" { 12 | description = "Common bandwidth package ID." 13 | value = var.create_common_bandwidth_package ? alicloud_common_bandwidth_package.bandwidth_package.0.id : "" 14 | } 15 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-eip/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = ">=1.160.0" 6 | } 7 | 8 | local = { 9 | source = "hashicorp/local" 10 | version = "2.1.0" 11 | } 12 | } 13 | required_version = ">=0.12" 14 | } -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-guardrails/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # CHANGELOG 2 | 3 | ## 1.0.0 4 | 5 | initial version -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-guardrails/examples/common/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/terraform-modules/terraform-alicloud-landing-zone-guardrails/examples/common/README.md -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-guardrails/examples/common/main.tf: -------------------------------------------------------------------------------- 1 | provider "alicloud" { 2 | region = "cn-shanghai" 3 | } 4 | 5 | module "detective_guardrails" { 6 | source = "../../" 7 | 8 | detective_guardrails = var.detective_guardrails 9 | config_aggreator_name = var.config_aggreator_name 10 | config_aggreator_description = var.config_aggreator_description 11 | config_compliance_pack_name = var.config_compliance_pack_name 12 | config_compliance_pack_description = var.config_compliance_pack_description 13 | config_compliance_pack_risk_level = var.config_compliance_pack_risk_level 14 | } -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-guardrails/examples/common/output.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/terraform-modules/terraform-alicloud-landing-zone-guardrails/examples/common/output.tf -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-guardrails/examples/common/tfvars/common.tfvars: -------------------------------------------------------------------------------- 1 | detective_guardrails = [ 2 | { 3 | rule_name = "sg-risky-ports-check" 4 | rule_identifier = "sg-risky-ports-check" 5 | parameters = [ 6 | { 7 | name = "ports" 8 | value = "22,3389" 9 | } 10 | ] 11 | resource_types_scope = ["ACS::ECS::SecurityGroup"] 12 | tag_scope_key = "" 13 | tag_scope_value = "" 14 | } 15 | ] -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-guardrails/examples/common/tfvars/custom.tfvars: -------------------------------------------------------------------------------- 1 | detective_guardrails = [ 2 | { 3 | rule_name = "sg-risky-ports-check" 4 | rule_identifier = "sg-risky-ports-check" 5 | parameters = [ 6 | { 7 | name = "ports" 8 | value = "22,3389" 9 | } 10 | ] 11 | resource_types_scope = ["ACS::ECS::SecurityGroup"] 12 | tag_scope_key = "" 13 | tag_scope_value = "" 14 | } 15 | ] 16 | 17 | config_aggregator_name = "Enterprise" 18 | config_aggreator_description = "All member account" 19 | config_compliance_pack_name = "CompliacnePackForGuardrails" 20 | config_compliance_pack_description = "Compliance pack for detective guardrails" 21 | config_compliance_pack_risk_level = 2 -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-guardrails/output.tf: -------------------------------------------------------------------------------- 1 | output "config_aggregator" { 2 | value = alicloud_config_aggregator.enterprise 3 | } 4 | 5 | output "config_rules" { 6 | value = alicloud_config_aggregate_config_rule.detective_guardrails 7 | } 8 | 9 | output "config_compliance_pack" { 10 | value = alicloud_config_aggregate_compliance_pack.detective_guardrails 11 | } -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-guardrails/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "hashicorp/alicloud" 5 | version = ">= 1.145.0" 6 | } 7 | } 8 | required_version = ">= 0.14" 9 | } 10 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-log-archive/CHANGELOG.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/terraform-modules/terraform-alicloud-landing-zone-log-archive/CHANGELOG.md -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-log-archive/examples/common/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/terraform-modules/terraform-alicloud-landing-zone-log-archive/examples/common/README.md -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-log-archive/examples/common/output.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/terraform-modules/terraform-alicloud-landing-zone-log-archive/examples/common/output.tf -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-log-archive/examples/common/tfvars/all.tfvars: -------------------------------------------------------------------------------- 1 | sls_project_name_for_actiontrail = "actiontrail-log-archive-12345678" 2 | sls_project_region_for_actiontrail = "cn-shanghai" 3 | oss_bucket_name_for_actiontrail = "actiontrail_log_archive_12345678" 4 | actiontrail_trail_name = "logarchive-1688" -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-log-archive/examples/common/tfvars/sls_only.tfvars: -------------------------------------------------------------------------------- 1 | sls_project_name_for_actiontrail = "actiontrail-log-archive-12345678" 2 | sls_project_region_for_actiontrail = "cn-shanghai" 3 | actiontrail_trail_name = "logarchive-1688" 4 | 5 | 6 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-log-archive/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | actiontrail_log_archive_enabled = anytrue([var.oss_bucket_name_for_actiontrail != "", var.sls_project_name_for_actiontrail != ""]) 3 | cloud_config_log_archive_enabled = anytrue([var.oss_bucket_name_for_cloud_config != "", var.sls_project_name_for_cloud_config != ""]) 4 | } -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-log-archive/outputs.tf: -------------------------------------------------------------------------------- 1 | output "log_archive_account_id" { 2 | value = data.alicloud_account.logarchive.id 3 | } -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-log-archive/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "hashicorp/alicloud" 5 | version = ">= 1.134.0" 6 | configuration_aliases = [ alicloud.master_account, alicloud.log_archive_account ] 7 | } 8 | } 9 | required_version = ">= 0.13" 10 | } 11 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-nat-gateway/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # CHANGELOG 2 | 3 | ## 1.0.0 4 | 5 | Initial version -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-nat-gateway/examples/create-public-nat-gateway/outputs.tf: -------------------------------------------------------------------------------- 1 | output "nat_gateway_id" { 2 | description = "ID of the nat gateway." 3 | value = module.dmz_egress_nat_gateway.nat_gateway_id 4 | } 5 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-nat-gateway/examples/create-public-nat-gateway/tfvars/settings.tfvars: -------------------------------------------------------------------------------- 1 | region = "cn-shanghai" 2 | dmz_vpc_id = "vpc-uf64jvvvabr84damwjp9q" 3 | nat_gateway_name = "dmz-nat-gateway-unified-egress" 4 | vswitch_id_nat_gateway = "vsw-uf6hsm7zaupj72bekrctf" 5 | snat_source_cidr_list = ["172.16.10.0/24"] 6 | 7 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-nat-gateway/examples/create-public-nat-gateway/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | type = string 3 | } 4 | 5 | variable "dmz_vpc_id" { 6 | description = "VPC ID of the DMZ VPC." 7 | type = string 8 | } 9 | 10 | variable "nat_gateway_name" { 11 | type = string 12 | default = "dmz-nat-gateway-unified-egress" 13 | } 14 | 15 | variable "vswitch_id_nat_gateway" { 16 | description = "ID of the vSwitch to which the NAT gateway belongs." 17 | type = string 18 | } 19 | 20 | variable "snat_source_cidr_list" { 21 | description = "CIDR for SNAT." 22 | type = list(string) 23 | } -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-nat-gateway/outputs.tf: -------------------------------------------------------------------------------- 1 | output "nat_gateway_id" { 2 | description = "The ID of the nat gateway." 3 | value = alicloud_nat_gateway.nat_gateway.id 4 | } 5 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-nat-gateway/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = ">=1.160.0" 6 | } 7 | 8 | local = { 9 | source = "hashicorp/local" 10 | version = "2.1.0" 11 | } 12 | } 13 | required_version = ">=0.12" 14 | } -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-resource-structure/CHANGELOG.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/terraform-modules/terraform-alicloud-landing-zone-resource-structure/CHANGELOG.md -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-resource-structure/examples/common/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/terraform-modules/terraform-alicloud-landing-zone-resource-structure/examples/common/README.md -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-resource-structure/examples/common/main.tf: -------------------------------------------------------------------------------- 1 | provider "alicloud" { 2 | region = "cn-shanghai" 3 | } 4 | 5 | module "directory" { 6 | source = "../../" 7 | 8 | core_folder_name = var.core_folder_name 9 | applications_folder_name = var.applications_folder_name 10 | shared_services_account_name = var.shared_services_account_name 11 | log_archive_account_name = var.log_archive_account_name 12 | billing_account_uid = var.billing_account_uid 13 | } -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-resource-structure/examples/common/output.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/terraform-modules/terraform-alicloud-landing-zone-resource-structure/examples/common/output.tf -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-resource-structure/examples/common/tfvars/common.tfvars: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/terraform-modules/terraform-alicloud-landing-zone-resource-structure/examples/common/tfvars/common.tfvars -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-resource-structure/examples/common/tfvars/custom.tfvars: -------------------------------------------------------------------------------- 1 | core_folder_name = "Infra" 2 | applications_folder_name = "Business" 3 | shared_services_account_name = "Common" 4 | log_archive_account_name = "Audit" 5 | billing_account_uid = "" -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-resource-structure/output.tf: -------------------------------------------------------------------------------- 1 | output "resource_directory_id" { 2 | value = alicloud_resource_manager_resource_directory.master.id 3 | } 4 | 5 | output "root_folder_id" { 6 | value = alicloud_resource_manager_resource_directory.master.root_folder_id 7 | } 8 | 9 | output "core_folder_id" { 10 | value = alicloud_resource_manager_folder.core.id 11 | } 12 | 13 | output "applications_folder_id" { 14 | value = alicloud_resource_manager_folder.applications.id 15 | } 16 | 17 | output "shared_services_account_id" { 18 | value = alicloud_resource_manager_account.shared_services.id 19 | } 20 | 21 | output "log_archive_account_id" { 22 | value = alicloud_resource_manager_account.log_archive.id 23 | } -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-resource-structure/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "hashicorp/alicloud" 5 | version = ">= 1.134.0" 6 | } 7 | } 8 | required_version = ">= 0.13" 9 | } 10 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-share-vpc/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # CHANGELOG 2 | 3 | ## 1.0.0 4 | 5 | Initial version -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-share-vpc/examples/complete/outputs.tf: -------------------------------------------------------------------------------- 1 | output "resource_share_id" { 2 | value = module.resource_share.resource_share_id 3 | } 4 | 5 | output "resource_share_owner" { 6 | value = module.resource_share.resource_share_owner 7 | } 8 | 9 | output "resource_share_status" { 10 | value = module.resource_share.resource_share_status 11 | } -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-share-vpc/examples/complete/tfvars/update-shared-unit.tfvars: -------------------------------------------------------------------------------- 1 | # Update shared resources and target accounts 2 | shared_account_id = "1333131609463815" 3 | shared_region = "cn-shanghai" 4 | shared_unit_name = "TF-autotest" 5 | shared_resource_ids = ["vsw-uf6add9m10956stjhop2n", "vsw-uf62yopo48jy4oact2ne5"] 6 | target_account_ids = ["1584945597797346", "1840242161246502"] 7 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-share-vpc/main.tf: -------------------------------------------------------------------------------- 1 | resource "alicloud_resource_manager_resource_share" "res_share_1" { 2 | resource_share_name = var.shared_unit_name 3 | } 4 | 5 | resource "alicloud_resource_manager_shared_resource" "shared_res_1" { 6 | resource_share_id = alicloud_resource_manager_resource_share.res_share_1.id 7 | for_each = toset(var.shared_resource_ids) 8 | resource_id = each.value 9 | resource_type = "VSwitch" 10 | } 11 | 12 | resource "alicloud_resource_manager_shared_target" "shared_target_1" { 13 | resource_share_id = alicloud_resource_manager_resource_share.res_share_1.id 14 | for_each = toset(var.target_account_ids) 15 | target_id = each.value 16 | } -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-share-vpc/outputs.tf: -------------------------------------------------------------------------------- 1 | output "resource_share_id" { 2 | value = alicloud_resource_manager_resource_share.res_share_1.id 3 | } 4 | 5 | output "resource_share_owner" { 6 | value = alicloud_resource_manager_resource_share.res_share_1.resource_share_owner 7 | } 8 | 9 | output "resource_share_status" { 10 | value = alicloud_resource_manager_resource_share.res_share_1.status 11 | } 12 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-share-vpc/variables.tf: -------------------------------------------------------------------------------- 1 | variable "shared_unit_name" { 2 | type = string 3 | description = "Shared unit name, used when the shared unit not exists" 4 | } 5 | 6 | variable "shared_resource_ids" { 7 | type = list(string) 8 | description = "List of shared resource IDs, usually a list of switch IDs" 9 | } 10 | 11 | variable "target_account_ids" { 12 | type = list(string) 13 | description = "List of target member account IDs to share resources" 14 | } 15 | 16 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-share-vpc/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = ">1.111.0" 6 | } 7 | } 8 | required_version = ">=0.12" 9 | } 10 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-vpc-custom-route/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # CHANGELOG 2 | 3 | ## 1.0.0 4 | 5 | Initial version -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-vpc-custom-route/examples/add-routing-entries/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = "1.160.0" 6 | } 7 | } 8 | } 9 | 10 | provider "alicloud" { 11 | region = var.region 12 | } 13 | 14 | 15 | module "dmz_egress_biz_vpc_route" { 16 | source = "../.." 17 | vpc_id = var.vpc_id 18 | create_route_table = false 19 | route_entry_config = [ 20 | { 21 | name = "dmz-egress" 22 | destination_cidrblock = "0.0.0.0/0" 23 | nexthop_type = "Attachment" 24 | nexthop_id = var.nexthop_id 25 | } 26 | ] 27 | } 28 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-vpc-custom-route/examples/add-routing-entries/outputs.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aliyun/alibabacloud-landing-zone/87ae2d473dc25891c4927c7f37480c4f20315e13/terraform-modules/terraform-alicloud-landing-zone-vpc-custom-route/examples/add-routing-entries/outputs.tf -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-vpc-custom-route/examples/add-routing-entries/tfvars/settings.tfvars: -------------------------------------------------------------------------------- 1 | region = "cn-shanghai" 2 | vpc_id = "vpc-uf66g5mpm3803m2eo7oqg" 3 | nexthop_id = "tr-attach-9jrij3jn7oo38zhde6" 4 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-vpc-custom-route/examples/add-routing-entries/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | type = string 3 | } 4 | 5 | variable "vpc_id" { 6 | type = string 7 | } 8 | 9 | variable "nexthop_id" { 10 | type = string 11 | } 12 | 13 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-vpc-custom-route/outputs.tf: -------------------------------------------------------------------------------- 1 | # outputs.tf https://learn.hashicorp.com/tutorials/terraform/outputs 2 | output "route_table_id" { 3 | value = var.create_route_table ? alicloud_route_table.vpc_route_table.0.id : data.alicloud_route_tables.vpc_route_tables.ids.0 4 | } 5 | -------------------------------------------------------------------------------- /terraform-modules/terraform-alicloud-landing-zone-vpc-custom-route/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | alicloud = { 4 | source = "aliyun/alicloud" 5 | version = ">=1.160.0" 6 | } 7 | 8 | local = { 9 | source = "hashicorp/local" 10 | version = "2.1.0" 11 | } 12 | } 13 | required_version = ">=0.12" 14 | } --------------------------------------------------------------------------------