Add AWS integration automation files for JIT authentication

- Introduced .gitignore to exclude Terraform and IDE-related files.
- Added data.tf for JIT API authentication to retrieve access tokens.
- Configured REST API provider in providers.tf for global headers and authentication.
- Updated README.md to advise on moving the restapi provider for better module management when commenting out.

Author: arielbeckjit

src/integrations/aws_integration_automation/.gitignore

@@ -0,0 +1,36 @@
+# Terraform files
+*.tfstate
+*.tfstate.*
+.terraform/
+.terraform.lock.hcl
+crash.log
+crash.*.log
+
+# Terraform plan files
+*.tfplan
+*.tfplan.*
+
+# Environment variables
+.env
+.env.local
+
+# IDE files
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# OS files
+.DS_Store
+Thumbs.db
+
+# JIT state token file (contains sensitive data)
+.jit_state_token
+
+# Backup files
+*.backup
+*.bak
+
+# Log files
+*.log 

src/integrations/aws_integration_automation/README.md

@@ -122,6 +122,7 @@ The module uses the `restapi_object` resource for state token management:
 - To regenerate a state token, you must manually destroy and recreate the `restapi_object.jit_state_token` resource along with the created AWS stack.
 - **External ID Persistence**: The state token (external_id) should be created only once. Changing AWS regions, account configurations, or other integration parameters will not affect the existing integration's configuration or regenerate the token
 - **External ID Uniqueness**: The external_id is generated by JIT and cannot be reused across integrations. After a successful integration, changing or regenerating the external_id value will cause issues with the existing integration and may break the connection between JIT and your AWS environment
+- If you intend to comment out the entire module - it's better to move the restapi provider outside - to allow commenting it out without performing `terraform destroy`.
 
 ## CloudFormation Templates
 

src/integrations/aws_integration_automation/data.tf

@@ -0,0 +1,22 @@
+# Authentication with JIT API to get access token
+data "http" "jit_auth" {
+  url    = "${local.jit_api_endpoint}/authentication/login"
+  method = "POST"
+  
+  request_headers = {
+    "Accept"       = "application/json"
+    "Content-Type" = "application/json"
+  }
+  
+  request_body = jsonencode({
+    clientId = var.jit_client_id
+    secret   = var.jit_secret
+  })
+  
+  lifecycle {
+    postcondition {
+      condition     = self.status_code == 200
+      error_message = "JIT authentication failed with status ${self.status_code}"
+    }
+  }
+}

src/integrations/aws_integration_automation/main.tf

@@ -1,39 +1,3 @@
-# Configure the REST API provider with global headers
-provider "restapi" {
-  uri                   = local.jit_api_endpoint
-  write_returns_object  = true
-  create_returns_object = true
-  
-  headers = {
-    "Accept"        = "application/json"
-    "Content-Type"  = "application/json"
-    "Authorization" = "Bearer ${jsondecode(data.http.jit_auth.response_body).accessToken}"
-  }
-}
-
-# Authentication with JIT API to get access token
-data "http" "jit_auth" {
-  url    = "${local.jit_api_endpoint}/authentication/login"
-  method = "POST"
-  
-  request_headers = {
-    "Accept"       = "application/json"
-    "Content-Type" = "application/json"
-  }
-  
-  request_body = jsonencode({
-    clientId = var.jit_client_id
-    secret   = var.jit_secret
-  })
-  
-  lifecycle {
-    postcondition {
-      condition     = self.status_code == 200
-      error_message = "JIT authentication failed with status ${self.status_code}"
-    }
-  }
-}
-
 # Create state token using REST API provider
 resource "restapi_object" "jit_state_token" {
   path            = "/oauth/state-token"

src/integrations/aws_integration_automation/providers.tf

@@ -0,0 +1,12 @@
+# Configure the REST API provider with global headers
+provider "restapi" {
+  uri                   = local.jit_api_endpoint
+  write_returns_object  = true
+  create_returns_object = true
+  
+  headers = {
+    "Accept"        = "application/json"
+    "Content-Type"  = "application/json"
+    "Authorization" = "Bearer ${jsondecode(data.http.jit_auth.response_body).accessToken}"
+  }
+}