-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathterraform.tfvars.example
More file actions
94 lines (83 loc) · 2.82 KB
/
terraform.tfvars.example
File metadata and controls
94 lines (83 loc) · 2.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
# StackGuardian Platform Credentials
# Get these from your StackGuardian organization settings
api_key = "sgu_your-api-key-here"
org_name = "your-org-name"
# Workflow Groups (environments)
# These represent different deployment environments
workflow_groups = [
"team-dev",
"team-test",
"team-staging",
"team-prod"
]
# Cloud Connectors Configuration
# Configure connections to your cloud providers
cloud_connectors = [{
name = "aws-connector-1"
connector_type = "AWS_RBAC" # Options: AWS_STATIC, AWS_RBAC, AWS_OIDC, AZURE_STATIC, AZURE_OIDC, GCP_OIDC
role_arn = "arn:aws:iam::123456789012:role/StackGuardianRole"
aws_role_external_id = "your-org-name:random-string-12345"
}]
# VCS Connectors Configuration
# Configure connections to your version control systems
vcs_connectors = {
# GitLab Example (uncomment to use)
# To get GitLab credentials:
# 1. Go to GitLab Settings > Access Tokens
# 2. Create a personal access token with 'api' scope
# 3. Format: "username:personal_access_token"
vcs_gitlab = {
kind = "GITLAB_COM"
name = "gitlab-connector"
config = [{
gitlab_creds = {
gitlabCreds = "your-username:glpat-your_personal_access_token"
gitlabHttpUrl = "https://gitlab.com"
gitlabApiUrl = "https://gitlab.com/api/v4"
}
}]
}
# Bitbucket Example (uncomment to use)
# To get Bitbucket credentials:
# 1. Go to Bitbucket Settings > App passwords
# 2. Create an app password with 'Repositories: Read' permission
# 3. Format: "username:app_password"
# vcs_bitbucket = {
# kind = "BITBUCKET_ORG"
# name = "bitbucket-connector"
# config = [{
# bitbucket_creds = {
# bitbucket_creds = "your-username:your_app_password"
# }
# }]
# }
}
# Role Configuration
role_name = "team-developer-role"
# Templates that this role can access
# Add the templates available in your StackGuardian organization
template_list = [
"terraform-aws-vpc",
"terraform-aws-ec2",
"opentofu-aws-vpc"
]
# User/Group Assignment
# Format options:
# - Email: "user@example.com"
# - SSO Email: "sso-provider/user@example.com"
# - SSO Group: "sso-provider/group-id"
user_or_group = "user@example.com"
entity_type = "EMAIL" # Valid values: "EMAIL" or "GROUP"
# Optional: AWS Static Credentials (not recommended for production)
# aws_access_key_id = "AKIA..."
# aws_secret_access_key = "..."
# aws_default_region = "us-east-1"
# Optional: Azure Service Principal Credentials
# armTenantId = "your-tenant-id"
# armSubscriptionId = "your-subscription-id"
# armClientId = "your-client-id"
# armClientSecret = "your-client-secret"
# Optional: AWS OIDC Setup (uncomment to create AWS OIDC provider)
# account_number = 123456789012
# region = "us-east-1"
# aws_policy = "arn:aws:iam::aws:policy/ReadOnlyAccess"