Initial commit

gazoakley · gazoakley · commit e34b53718775 · 2018-09-12T19:00:51.000+01:00
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,2 @@
+.terraform*
+terraform.tfstate*
diff --git a/README.md b/README.md
@@ -0,0 +1,19 @@
+# terraform-aws-session-manager-settings
+
+Session preferences let you specify a location to store log output for all sessions in your account. You can also enable server-side encryption using an AWS Key Management Service (KMS) key for a specified stream to ensure your session records are transferred securely.
+
+Requires `aws` provider >= 1.36.0
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `s3_bucket_name` - (Optional) The name of bucket to store session logs. Specifying this enables writing session output to an Amazon S3 bucket.
+* `s3_key_prefix` - (Optional) To write output to a sub-folder, enter a sub-folder name.
+* `s3_encryption_enabled` - (Optional) Encrypt log data.
+* `cloudwatch_log_group_name` - (Optional) The name of the log group to upload session logs to. Specifying this enables sending session output to CloudWatch Logs.
+* `cloudwatch_encryption_enabled` - (Optional) Encrypt log data.
+
+## Attributes Reference
+
+No extra attributes are exported.
diff --git a/main.tf b/main.tf
@@ -0,0 +1,28 @@
+terraform {
+  required_version = ">= 0.11"
+
+  required_providers {
+    aws = ">= 1.36.0"
+  }
+}
+
+resource "aws_ssm_document" "session_manager_prefs" {
+  name            = "SSM-SessionManagerRunShell"
+  document_type   = "Session"
+  document_format = "JSON"
+
+  content = <<DOC
+{
+    "schemaVersion": "1.0",
+    "description": "Document to hold regional settings for Session Manager",
+    "sessionType": "Standard_Stream",
+    "inputs": {
+        "s3BucketName": "${var.s3_bucket_name}",
+        "s3KeyPrefix": "${var.s3_key_prefix}",
+        "s3EncryptionEnabled": ${var.s3_encryption_enabled ? "true" : "false"},
+        "cloudWatchLogGroupName": "${var.cloudwatch_log_group_name}",
+        "cloudWatchEncryptionEnabled": ${var.cloudwatch_encryption_enabled ? "true" : "false"}
+    }
+}
+DOC
+}
diff --git a/variables.tf b/variables.tf
@@ -0,0 +1,19 @@
+variable "s3_bucket_name" {
+  default = ""
+}
+
+variable "s3_key_prefix" {
+  default = ""
+}
+
+variable "s3_encryption_enabled" {
+  default = true
+}
+
+variable "cloudwatch_log_group_name" {
+  default = ""
+}
+
+variable "cloudwatch_encryption_enabled" {
+  default = true
+}
