Comments (4)
castrapel
commented on May 31, 2024
CC @datfinesoul
from iambic.
datfinesoul
commented on May 31, 2024
After #388 is implemented it will be easier to provide more detailed feedback as to how this would be useful. IMO it would be worth holding off until that one is done.
from iambic.
castrapel
commented on May 31, 2024
Internally, we're talking about a provider-agnostic way to ignore resources. A Pydantic model might look something like the following:
class ExcludedResources(BaseModel):
"""
The ExcludedResources class allows you to specify resources that should be excluded during the template generation process in IAMbic. This class provides a provider-agnostic mechanism to selectively ignore resources based on their attributes, such as template types, names, paths, and tags.
The exclusion criteria are defined using regular expressions, offering flexible matching capabilities. You can define multiple criteria within each attribute, and a resource must match all specified criteria to be excluded.
The exclusion logic works based on the AND/OR boolean logic. For instance, if you specify multiple tags, a resource will be excluded if it matches the template type AND any of the specified tags.
Attributes:
template_types: A list of template types to exclude. These should be defined in the form of regular expressions.
names: A list of resource names to exclude. These should be defined in the form of regular expressions.
paths: A list of paths to exclude. These should be defined in the form of regular expressions.
tags: A list of tags to exclude. Each tag is a dictionary with a 'key' and 'value', both of which should be defined in the form of regular expressions.
"""
template_types: Optional[list[str]] = Field(
description="A list of template types to exclude. Regular expressions are supported for defining the types."
)
names: Optional[list[str]] = Field(
description="A list of resource names to exclude. Regular expressions are supported for defining the names."
)
paths: Optional[list[str]] = Field(
description="A list of paths to exclude. Regular expressions are supported for defining the paths."
)
tags: Optional[list[dict]] = Field(
description="A list of tags to exclude. Each tag is a dictionary with 'key' and 'value' fields, both supporting regular expressions."
)Example template:
template_type: NOQ::Core::Config
version: '1'
core:
exclude_resources:
- template_types:
- 'NOQ::AWS::IAM::Role'
names:
- 'amplify-.*'
- template_types:
- 'NOQ::AWS::IAM::Role'
paths:
- '/aws-reserved/.*'
- '/cdk/.*'
- template_types:
- 'NOQ::AWS::.*'
tags:
- key: 'aws:cloudformation:stack-name'
value: '.*'
- key: 'aws:cdk:asset'from iambic.
castrapel
commented on May 31, 2024
Another option we discussed in Slack
(Join here) is a configuration specific to a provider. This would be an easier change because the AWS configuration is already passed around to the AWS provider plugin.
import_rules:
- match_tags:
- key: terraform
# optional `value` field
action: iambic_managed.import_only
- match_names:
- "AWS SSO Role*"
- "CDK*"
- "CloudFormation*"
action: ignore
- match_paths:
- "/service-role/*"
action: ignore
- match_tags:
- key: "ManagedBy"
value: "CDK"
action: ignore
- match_template_types:
- "NOQ::AWS::IAM::ManagedPolicy"
action: iambic_managed.import_onlyfrom iambic.
Related Issues (20)
- AWS IdentityCenter with AD Azure Connector that is not a fully qualified domain fail to import HOT 8
- Setup doesn't work on Windows OS HOT 1
- iambic setup does not check the CF Stacksets permission after the first detection HOT 2
- Encoding error when writing proposed_changes.txt file HOT 2
- Exception raised when iambic plan command is run on empty template file HOT 2
- IndexError('list index out of range') in import resources HOT 3
- ResourceNotFoundException in import resources HOT 6
- ValidationError(model='PermissionSetProperties') in iambic import HOT 2
- Assertion against new exclude_account during import.
- iambic does not throw warning/error for users/groups that do not exists in the Idp
- NOQ::AWS::Organizations::SCP Filter does not work
- iambic setup does not instruct the user regarding their AWS account cannot be use to setup AWS Organization
- Python Signal error on Windows OS HOT 2
- (continuous integration) we want to auto generate schema docs
- (aws role) the default description on a role should be None instead of ""
- Iambic Detect Fails AWS HOT 2
- (Google workspace) support user creation using iambic templates HOT 2
- Flag up attempts to change import_only resources HOT 1
- IAMbic plan fails for multi account yamls HOT 5
- Add import rules for Okta Configs
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from iambic.