diff --git a/src/integrations/aws_integration_automation/README.md b/src/integrations/aws_integration_automation/README.md new file mode 100644 index 0000000..a2933ab --- /dev/null +++ b/src/integrations/aws_integration_automation/README.md @@ -0,0 +1,285 @@ +# JIT AWS Integration Automation + +A Terraform module for automating AWS integration with JIT (Just-in-Time) security platform. This module supports both single AWS account and AWS Organization-wide integrations. + +## Features + +- **Dual Integration Types**: Support for both single account and organization-wide deployments +- **Multi-Region Support**: Monitor multiple AWS regions simultaneously +- **US/EU API Support**: Compatible with both US and EU JIT API endpoints +- **Error Handling**: Built-in validation and error handling with postconditions + +## Integration Types + +### Single Account Integration +Deploys JIT integration to a single AWS account using CloudFormation stack. + +### Organization Integration +Deploys JIT integration across an entire AWS Organization using a CloudFormation stack that creates internal StackSets, automatically including all current and future accounts in the organization. + +## Prerequisites + +1. **JIT API Credentials**: Client ID and Secret from JIT platform +2. **AWS Permissions**: Appropriate AWS permissions for CloudFormation operations +3. **Terraform**: Version 1.5 or higher +4. **For Organization Integration**: AWS Organizations service must be enabled + +## Quick Start + +### Single Account Integration + +```hcl +module "jit_aws_account_integration" { + source = "path/to/aws_integration_automation" + + # JIT Configuration + jit_client_id = var.jit_client_id + jit_secret = var.jit_secret + jit_region = "us" # Use "eu" for European API endpoint + + # Integration Type + integration_type = "account" + + # AWS Configuration + aws_regions_to_monitor = ["us-east-1", "us-west-2"] + + # Stack Configuration + stack_name = "JitAccountIntegration" + account_name = "Production Account" + resource_name_prefix = "JitProd" + + # CloudFormation Configuration + capabilities = ["CAPABILITY_NAMED_IAM"] +} +``` + +### Organization Integration + +```hcl +module "jit_aws_org_integration" { + source = "path/to/aws_integration_automation" + + # JIT Configuration + jit_client_id = var.jit_client_id + jit_secret = var.jit_secret + jit_region = "us" # Use "eu" for European API endpoint + + # Integration Type + integration_type = "org" + + # Organization Configuration + organization_root_id = "r-xxxxxxxxxxxx" + should_include_root_account = true + + # AWS Configuration + aws_regions_to_monitor = ["us-east-1", "us-west-2", "eu-west-1"] + + # Stack Configuration + stack_name = "JitOrgIntegration" + resource_name_prefix = "JitOrg" + + # CloudFormation Configuration + capabilities = ["CAPABILITY_IAM", "CAPABILITY_NAMED_IAM", "CAPABILITY_AUTO_EXPAND"] +} +``` + +## Input Variables + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| `jit_client_id` | Client ID for Jit API authentication | `string` | n/a | yes | +| `jit_secret` | Secret for Jit API authentication | `string` | n/a | yes | +| `integration_type` | Type of AWS integration (`account` or `org`) | `string` | n/a | yes | +| `jit_region` | Jit API region (`us` or `eu`) | `string` | `"us"` | no | +| `aws_regions_to_monitor` | List of AWS regions to monitor | `list(string)` | `["us-east-1"]` | no | +| `stack_name` | Name for the CloudFormation stack | `string` | `"JitIntegrationStack"` | no | +| `account_name` | Optional account name alias for Jit platform | `string` | `""` | no | +| `resource_name_prefix` | Prefix for CloudFormation resources (1-40 chars, alphanumeric, hyphens, underscores) | `string` | `null` (auto: "Jit" for account, "JitOrg" for org) | no | +| `organization_root_id` | AWS Organization Root ID (required for org type, format: `r-xxxxxxxxxx`) | `string` | `""` | no | +| `should_include_root_account` | Include root account in organization integration | `bool` | `false` | no | +| `capabilities` | CloudFormation capabilities required | `list(string)` | `["CAPABILITY_NAMED_IAM"]` | no | + +## State Token Management + +This module implements a **create-only** behavior for the JIT oauth/state-token endpoint using the REST API provider: + +1. **First Run**: Creates a new state token via JIT API +2. **Subsequent Runs**: Reuses the existing state token from Terraform state +3. **No Updates**: The state token is never updated or regenerated unless explicitly recreated + +### State Token Implementation + +The module uses the `restapi_object` resource for state token management: + +- Creates state token via JIT API endpoint `/oauth/state-token` +- Stores token in Terraform state automatically +- Uses `ignore_changes` lifecycle rule to prevent updates + +### Important Notes + +- State token is managed entirely within Terraform state +- Token persists across Terraform runs and is only created once +- To regenerate a state token, you must manually destroy and recreate the `restapi_object.jit_state_token` resource along with the created AWS stack. +- **External ID Persistence**: The state token (external_id) should be created only once. Changing AWS regions, account configurations, or other integration parameters will not affect the existing integration's configuration or regenerate the token +- **External ID Uniqueness**: The external_id is generated by JIT and cannot be reused across integrations. After a successful integration, changing or regenerating the external_id value will cause issues with the existing integration and may break the connection between JIT and your AWS environment + +## CloudFormation Templates + +The module automatically selects the appropriate CloudFormation template: + +- **Account Integration**: `https://jit-aws-prod.s3.amazonaws.com/jit_aws_integration_stack.json` +- **Organization Integration**: `https://jit-aws-prod.s3.amazonaws.com/jit_aws_org_integration_stack.json` + +## Required Capabilities + +### Single Account Integration +```terraform +capabilities = ["CAPABILITY_NAMED_IAM"] +``` + +### Organization Integration +```terraform +capabilities = ["CAPABILITY_IAM", "CAPABILITY_NAMED_IAM", "CAPABILITY_AUTO_EXPAND"] +``` + +The organization integration requires additional capabilities because: +- `CAPABILITY_AUTO_EXPAND`: For creating nested stacks and StackSets within the CloudFormation template +- `CAPABILITY_IAM`: For creating IAM resources +- `CAPABILITY_NAMED_IAM`: For creating IAM resources with custom names + +## Resource Name Prefix + +The `resource_name_prefix` parameter controls the prefix used for CloudFormation resources: + +- **Default for Account Integration**: "Jit" +- **Default for Organization Integration**: "JitOrg" +- **Custom Prefix**: Provide your own prefix (1-40 characters, alphanumeric, hyphens, underscores only) +- **Validation**: The module validates the prefix format automatically + +## API Endpoints + +The module supports both JIT API regions: + +- **US Region**: `https://api.jit.io` (default) +- **EU Region**: `https://api.eu.jit.io` + +## Error Handling + +The module includes comprehensive error handling: + +- **Authentication Validation**: Ensures JIT API authentication succeeds with postconditions +- **Input Validation**: Validates required parameters and formats using Terraform validation blocks +- **Integration Type Validation**: Ensures integration_type is either "account" or "org" +- **Region Validation**: Ensures jit_region is either "us" or "eu" +- **Organization Root ID Validation**: Validates proper format for organization root IDs +- **Lifecycle Management**: Prevents accidental destruction of resources + +## Complete Working Examples + +The `examples/` directory contains complete working examples organized by integration type: + +### Single Account Integration +- **Directory**: [`examples/single_account/`](examples/single_account/) +- **Main File**: `account_integration.tf` +- **Variables**: `variables.tf` +- **Configuration**: `terraform.tfvars` + +To use the single account example: +```bash +cd examples/single_account/ +cp terraform.tfvars.example terraform.tfvars +# Edit terraform.tfvars with your values +terraform init +terraform plan +terraform apply +``` + +### Organization Integration +- **Directory**: [`examples/aws_organization/`](examples/aws_organization/) +- **Main File**: `organization_integration.tf` +- **Variables**: `variables.tf` +- **Configuration**: `terraform.tfvars` + +To use the organization example: +```bash +cd examples/aws_organization/ +cp terraform.tfvars.example terraform.tfvars +# Edit terraform.tfvars with your values +terraform init +terraform plan +terraform apply +``` + +## How Organization Integration Works + +The organization integration creates a **single CloudFormation stack** that internally: + +1. **Creates an IAM Role** for JIT to assume across the organization +2. **Creates a StackSet** (`JitOrganizationsStacksSetRocket`) that automatically deploys to all accounts in the organization +3. **Optionally creates a stack** in the root account if `should_include_root_account = true` + +The CloudFormation template handles the StackSet creation and deployment automatically using AWS Organizations' `SERVICE_MANAGED` permission model. + +## Security Considerations + +1. **Sensitive Variables**: `jit_client_id`, `jit_secret`, and `organization_root_id` are marked as sensitive +2. **State Files**: Ensure Terraform state files are stored securely (e.g., S3 with encryption) +3. **State Token**: Stored in Terraform state - secure your state backend appropriately +4. **IAM Permissions**: Follow principle of least privilege for AWS IAM permissions + +## Troubleshooting + +### Common Issues + +1. **Authentication Failure** + - Verify JIT client ID and secret are correct + - Check if the correct JIT region is specified + +2. **Organization Root ID Error** + - Ensure the organization root ID is in the correct format (`r-xxxxxxxxxxxx`) + - Verify AWS Organizations is enabled and accessible + +3. **CloudFormation Capabilities Error** + - For organization integration, ensure you have all three capabilities: `["CAPABILITY_IAM", "CAPABILITY_NAMED_IAM", "CAPABILITY_AUTO_EXPAND"]` + - For single account integration, use: `["CAPABILITY_NAMED_IAM"]` + +4. **CloudFormation Stack Errors** + - Verify AWS permissions for CloudFormation operations + - Check CloudFormation events in the AWS console for detailed error messages + - For organization integration, ensure AWS Organizations service is properly configured + +5. **Parameter Validation Errors** + - Verify `resource_name_prefix` meets length and character requirements (1-40 chars, alphanumeric, hyphens, underscores) + - Check that `organization_root_id` follows the correct pattern (`r-` followed by 4-32 alphanumeric characters) + - Ensure `integration_type` is exactly "account" or "org" + - Ensure `jit_region` is exactly "us" or "eu" + +### Debug Information + +Enable Terraform debug logging for detailed troubleshooting: + +```bash +export TF_LOG=DEBUG +terraform apply +``` + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 1.5 | +| aws | >= 5.0 | +| http | >= 3.0 | +| local | >= 2.0 | +| restapi | >= 1.19.1 | + +## Contributing + +1. Follow existing code patterns and documentation standards +2. Test changes with both integration types using the provided examples +3. Update examples and documentation as needed +4. Ensure all variables have proper validation where applicable + +## License + +This module is part of the JIT customer scripts repository. Please refer to the main repository license for usage terms. \ No newline at end of file diff --git a/src/integrations/aws_integration_automation/examples/aws_organization/organization_integration.tf b/src/integrations/aws_integration_automation/examples/aws_organization/organization_integration.tf new file mode 100644 index 0000000..daf0913 --- /dev/null +++ b/src/integrations/aws_integration_automation/examples/aws_organization/organization_integration.tf @@ -0,0 +1,43 @@ +# Example: AWS Organization Integration with Jit +# This example shows how to integrate an entire AWS organization with Jit + +terraform { + required_version = ">= 1.5" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 5.0" + } + } +} + +# Configure the AWS Provider +provider "aws" { + region = var.aws_region +} + +# Organization Integration Module +module "jit_aws_org_integration" { + source = "../../" + + # Jit API Configuration + jit_client_id = var.jit_client_id # Set via environment variable or terraform.tfvars + jit_secret = var.jit_secret # Set via environment variable or terraform.tfvars + jit_region = "us" # Use "eu" for European API endpoint + + # Integration Configuration + integration_type = "org" + aws_regions_to_monitor = var.regions_to_monitor + + # Organization Configuration + organization_root_id = var.organization_root_id # Your AWS Organization Root ID + should_include_root_account = var.should_include_root_account # Whether to include the management account + + # Stack Configuration + stack_name = "JitOrgIntegration" + resource_name_prefix = var.resource_name_prefix # Optional: Prefix for CloudFormation resources + + # CloudFormation Configuration + capabilities = ["CAPABILITY_IAM", "CAPABILITY_NAMED_IAM", "CAPABILITY_AUTO_EXPAND"] +} diff --git a/src/integrations/aws_integration_automation/examples/aws_organization/terraform.tfvars b/src/integrations/aws_integration_automation/examples/aws_organization/terraform.tfvars new file mode 100644 index 0000000..1a92548 --- /dev/null +++ b/src/integrations/aws_integration_automation/examples/aws_organization/terraform.tfvars @@ -0,0 +1,20 @@ +# JIT API Credentials +# Follow the guide here - https://docs.jit.io/reference/credentials +# Create creds using "Engineering Manager" role +jit_client_id = "JIT_API_KEY_CLIENT_ID" +jit_secret = "JIT_API_KEY_SECRET" + +# Should manage also the root account in Jit (false to avoid it) +should_include_root_account = true + +# The organization's root ID - can be obtained under AWS Organizations -> AWS Accounts +organization_root_id = "r-xxxx" + +# AWS regions to monitor using Jit +regions_to_monitor = ["us-east-1", "us-west-2"] + +# AWS region to deploy the integration to +aws_region = "us-east-1" + +# Prefix for the resource name +resource_name_prefix = "JitOrg" \ No newline at end of file diff --git a/src/integrations/aws_integration_automation/examples/aws_organization/variables.tf b/src/integrations/aws_integration_automation/examples/aws_organization/variables.tf new file mode 100644 index 0000000..2512c5a --- /dev/null +++ b/src/integrations/aws_integration_automation/examples/aws_organization/variables.tf @@ -0,0 +1,41 @@ + +# Variables that should be defined in your root module or terraform.tfvars +variable "jit_client_id" { + description = "Jit API Client ID" + type = string + sensitive = true +} + +variable "jit_secret" { + description = "Jit API Secret" + type = string + sensitive = true +} + +variable "organization_root_id" { + description = "AWS Organization Root ID" + type = string + sensitive = true +} + +variable "should_include_root_account" { + description = "Whether to include the root account in the monitoring." + type = bool + default = false +} + +variable "regions_to_monitor" { + description = "AWS regions to monitor using Jit" + type = list(string) +} + +variable "aws_region" { + description = "AWS region to deploy the integration to" + type = string +} + +variable "resource_name_prefix" { + description = "Prefix for the resource name" + type = string + default = "JitOrg" +} \ No newline at end of file diff --git a/src/integrations/aws_integration_automation/examples/single_account/account_integration.tf b/src/integrations/aws_integration_automation/examples/single_account/account_integration.tf new file mode 100644 index 0000000..90a96cf --- /dev/null +++ b/src/integrations/aws_integration_automation/examples/single_account/account_integration.tf @@ -0,0 +1,40 @@ +# Example: AWS Account Integration with Jit +# This example shows how to integrate a single AWS account with Jit + +terraform { + required_version = ">= 1.5" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 5.0" + } + } +} + +# Configure the AWS Provider +provider "aws" { + region = var.aws_region +} + +# Single Account Integration Module +module "jit_aws_account_integration" { + source = "../../" + + # Jit API Configuration + jit_client_id = var.jit_client_id # Set via environment variable or terraform.tfvars + jit_secret = var.jit_secret # Set via environment variable or terraform.tfvars + jit_region = "us" # Use "eu" for European API endpoint + + # Integration Configuration + integration_type = "account" + aws_regions_to_monitor = var.regions_to_monitor + + # Stack Configuration + stack_name = "JitAccountIntegration" + account_name = var.account_name # Optional: Display name in Jit platform + resource_name_prefix = var.resource_name_prefix # Optional: Prefix for CloudFormation resources + + # CloudFormation Configuration + capabilities = ["CAPABILITY_NAMED_IAM"] +} diff --git a/src/integrations/aws_integration_automation/examples/single_account/terraform.tfvars b/src/integrations/aws_integration_automation/examples/single_account/terraform.tfvars new file mode 100644 index 0000000..e816caa --- /dev/null +++ b/src/integrations/aws_integration_automation/examples/single_account/terraform.tfvars @@ -0,0 +1,17 @@ +# JIT API Credentials +# Follow the guide here - https://docs.jit.io/reference/credentials +# Create creds using "Engineering Manager" role +jit_client_id = "JIT_API_KEY_CLIENT_ID" +jit_secret = "JIT_API_KEY_SECRET" + +# AWS regions to monitor using Jit +regions_to_monitor = ["us-east-1", "us-west-2"] + +# AWS region to deploy the integration to +aws_region = "us-east-1" + +# Prefix for the resource name +resource_name_prefix = "JitProd" + +# Name of the account to monitor +account_name = "My AWS Account" \ No newline at end of file diff --git a/src/integrations/aws_integration_automation/examples/single_account/variables.tf b/src/integrations/aws_integration_automation/examples/single_account/variables.tf new file mode 100644 index 0000000..466138b --- /dev/null +++ b/src/integrations/aws_integration_automation/examples/single_account/variables.tf @@ -0,0 +1,34 @@ + +# Variables that should be defined in your root module or terraform.tfvars +variable "jit_client_id" { + description = "Jit API Client ID" + type = string + sensitive = true +} + +variable "jit_secret" { + description = "Jit API Secret" + type = string + sensitive = true +} + +variable "regions_to_monitor" { + description = "AWS regions to monitor using Jit" + type = list(string) +} + +variable "aws_region" { + description = "AWS region to deploy the integration to" + type = string +} + +variable "account_name" { + description = "Name of the account to monitor" + type = string +} + +variable "resource_name_prefix" { + description = "Prefix for the resource name" + type = string + default = "JitProd" +} \ No newline at end of file diff --git a/src/integrations/aws_integration_automation/locals.tf b/src/integrations/aws_integration_automation/locals.tf new file mode 100644 index 0000000..967cb16 --- /dev/null +++ b/src/integrations/aws_integration_automation/locals.tf @@ -0,0 +1,32 @@ +locals { + # JIT API Configuration + jit_api_endpoint = var.jit_region == "us" ? "https://api.jit.io" : "https://api.eu.jit.io" + + # CloudFormation template URLs based on integration type + cloudformation_template_url = var.integration_type == "org" ? "https://jit-aws-prod.s3.amazonaws.com/jit_aws_org_integration_stack.json" : "https://jit-aws-prod.s3.amazonaws.com/jit_aws_integration_stack.json" + + # Resource name prefix with integration-specific defaults + resource_name_prefix = var.resource_name_prefix != null ? var.resource_name_prefix : (var.integration_type == "org" ? "JitOrg" : "Jit") + + # Base extra parameters for state token request + base_extra_params = { + regions_to_monitor = var.aws_regions_to_monitor + integration_type = var.integration_type + } + + # Additional parameters for organization integration + org_extra_params = var.integration_type == "org" ? { + organizationRootId = var.organization_root_id + shouldIncludeRootAccount = var.should_include_root_account + } : {} + + # State token request body with correct structure + state_token_request_body = { + vendor = "aws" + token_ttl = 1440 + extra = merge( + local.base_extra_params, + local.org_extra_params + ) + } +} \ No newline at end of file diff --git a/src/integrations/aws_integration_automation/main.tf b/src/integrations/aws_integration_automation/main.tf new file mode 100644 index 0000000..c994ee3 --- /dev/null +++ b/src/integrations/aws_integration_automation/main.tf @@ -0,0 +1,105 @@ +# Configure the REST API provider with global headers +provider "restapi" { + uri = local.jit_api_endpoint + write_returns_object = true + create_returns_object = true + + headers = { + "Accept" = "application/json" + "Content-Type" = "application/json" + "Authorization" = "Bearer ${jsondecode(data.http.jit_auth.response_body).accessToken}" + } +} + +# Authentication with JIT API to get access token +data "http" "jit_auth" { + url = "${local.jit_api_endpoint}/authentication/login" + method = "POST" + + request_headers = { + "Accept" = "application/json" + "Content-Type" = "application/json" + } + + request_body = jsonencode({ + clientId = var.jit_client_id + secret = var.jit_secret + }) + + lifecycle { + postcondition { + condition = self.status_code == 200 + error_message = "JIT authentication failed with status ${self.status_code}" + } + } +} + +# Create state token using REST API provider +resource "restapi_object" "jit_state_token" { + path = "/oauth/state-token" + create_method = "POST" + read_path = "/oauth/state-token/{id}/echo" + id_attribute = "id" + ignore_changes_to = ["token"] + # Request body with state token parameters + data = jsonencode(local.state_token_request_body) + + # Ignore changes to data since read endpoint returns different structure + lifecycle { + ignore_changes = [data] + } + + depends_on = [data.http.jit_auth] +} + +# CloudFormation Stack for single account integration +resource "aws_cloudformation_stack" "jit_integration_account" { + count = var.integration_type == "account" ? 1 : 0 + + name = var.stack_name + template_url = local.cloudformation_template_url + capabilities = var.capabilities + + parameters = { + "ExternalId" = jsondecode(restapi_object.jit_state_token.create_response)["token"] + "ResourceNamePrefix" = local.resource_name_prefix + "AccountName" = var.account_name + "ShouldIncludeRootAccount" = tostring(var.should_include_root_account) + } + + lifecycle { + prevent_destroy = true + } + + depends_on = [ + data.http.jit_auth, + restapi_object.jit_state_token + ] +} + +# CloudFormation Stack for organization integration +resource "aws_cloudformation_stack" "jit_integration_org" { + count = var.integration_type == "org" ? 1 : 0 + + name = var.stack_name + template_url = local.cloudformation_template_url + capabilities = var.capabilities + + parameters = { + "ExternalId" = jsondecode(restapi_object.jit_state_token.create_response)["token"] + "ResourceNamePrefix" = local.resource_name_prefix + "OrganizationRootId" = var.organization_root_id + "ShouldIncludeRootAccount" = tostring(var.should_include_root_account) + } + + lifecycle { + prevent_destroy = true + } + + depends_on = [ + data.http.jit_auth, + restapi_object.jit_state_token + ] +} + + diff --git a/src/integrations/aws_integration_automation/variables.tf b/src/integrations/aws_integration_automation/variables.tf new file mode 100644 index 0000000..8d88fba --- /dev/null +++ b/src/integrations/aws_integration_automation/variables.tf @@ -0,0 +1,84 @@ +variable "jit_client_id" { + description = "Client ID for Jit API authentication" + type = string + sensitive = true +} + +variable "jit_secret" { + description = "Secret for Jit API authentication" + type = string + sensitive = true +} + +variable "jit_region" { + description = "Jit API region - determines which endpoint to use" + type = string + default = "us" + validation { + condition = contains(["us", "eu"], var.jit_region) + error_message = "The jit_region must be either 'us' or 'eu'." + } +} + +variable "integration_type" { + description = "Type of AWS integration: 'account' for single account, 'org' for organization" + type = string + validation { + condition = contains(["account", "org"], var.integration_type) + error_message = "The integration_type must be either 'account' or 'org'." + } +} + +variable "aws_regions_to_monitor" { + description = "List of AWS regions to monitor" + type = list(string) + default = ["us-east-1"] +} + +variable "stack_name" { + description = "Name for the CloudFormation stack or stackset" + type = string + default = "JitIntegrationStack" +} + +variable "account_name" { + description = "Optional account name alias to be used in Jit platform. If not provided, the account ID will be displayed." + type = string + default = "" +} + +variable "resource_name_prefix" { + description = "Prefix to use for the resources created by the CloudFormation template" + type = string + default = null + validation { + condition = var.resource_name_prefix == null || ( + length(var.resource_name_prefix) >= 1 && + length(var.resource_name_prefix) <= 40 && + can(regex("^[a-zA-Z0-9-_]*$", var.resource_name_prefix)) + ) + error_message = "The resource_name_prefix must be 1-40 characters and contain only alphanumeric characters, hyphens, and underscores." + } +} + +variable "organization_root_id" { + description = "AWS Organization Root ID (required for org integration type). Must start with 'r-'" + type = string + default = "" + validation { + condition = var.organization_root_id == "" || can(regex("^r-[a-z0-9]{4,32}$", var.organization_root_id)) + error_message = "The organization_root_id must be a valid organization root ID starting with 'r-' followed by 4-32 alphanumeric characters." + } +} + +variable "should_include_root_account" { + description = "Whether to include the root account in organization integration" + type = bool + default = false +} + +variable "capabilities" { + description = "CloudFormation capabilities required for stack creation" + type = list(string) + default = ["CAPABILITY_NAMED_IAM"] +} \ No newline at end of file diff --git a/src/integrations/aws_integration_automation/versions.tf b/src/integrations/aws_integration_automation/versions.tf new file mode 100644 index 0000000..16c8e54 --- /dev/null +++ b/src/integrations/aws_integration_automation/versions.tf @@ -0,0 +1,25 @@ +terraform { + required_version = ">= 1.5" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 5.0" + } + + http = { + source = "hashicorp/http" + version = ">= 3.0" + } + + local = { + source = "hashicorp/local" + version = ">= 2.0" + } + + restapi = { + source = "Mastercard/restapi" + version = ">= 1.19.1" + } + } +} \ No newline at end of file