revert ap-east-1 addition

nozaq · nozaq · commit 858fc75c491b · 2020-08-10T15:51:23.000+09:00
diff --git a/README.md b/README.md
@@ -53,7 +53,6 @@ module "secure_baseline" {
 
   providers = {
     aws                = aws
-    aws.ap-east-1      = aws.ap-east-1
     aws.ap-northeast-1 = aws.ap-northeast-1
     aws.ap-northeast-2 = aws.ap-northeast-2
     aws.ap-northeast-3 = aws.ap-northeast-3
@@ -166,7 +165,7 @@ This module is composed of several submodules and each of which can be used inde
 | support\_iam\_role\_policy\_name | The name of the support role policy. | `string` | `"IAM-Support-Role"` | no |
 | support\_iam\_role\_principal\_arns | List of ARNs of the IAM principal elements by which the support role could be assumed. | `list` | n/a | yes |
 | tags | Specifies object tags key and value. This applies to all resources created by this module. | `map` | `{}` | no |
-| target\_regions | A list of regions to set up with this module. | `list` | <pre>[<br>  "ap-east-1",<br>  "ap-northeast-1",<br>  "ap-northeast-2",<br>  "ap-south-1",<br>  "ap-southeast-1",<br>  "ap-southeast-2",<br>  "ca-central-1",<br>  "eu-central-1",<br>  "eu-north-1",<br>  "eu-west-1",<br>  "eu-west-2",<br>  "eu-west-3",<br>  "sa-east-1",<br>  "us-east-1",<br>  "us-east-2",<br>  "us-west-1",<br>  "us-west-2"<br>]</pre> | no |
+| target\_regions | A list of regions to set up with this module. | `list` | <pre>[<br>  "ap-northeast-1",<br>  "ap-northeast-2",<br>  "ap-south-1",<br>  "ap-southeast-1",<br>  "ap-southeast-2",<br>  "ca-central-1",<br>  "eu-central-1",<br>  "eu-north-1",<br>  "eu-west-1",<br>  "eu-west-2",<br>  "eu-west-3",<br>  "sa-east-1",<br>  "us-east-1",<br>  "us-east-2",<br>  "us-west-1",<br>  "us-west-2"<br>]</pre> | no |
 | use\_external\_audit\_log\_bucket | A boolean that indicates whether the specific audit log bucket already exists. Create a new S3 bucket if it is set to false. | `bool` | `false` | no |
 | vpc\_iam\_role\_name | The name of the IAM Role which VPC Flow Logs will use. | `string` | `"VPC-Flow-Logs-Publisher"` | no |
 | vpc\_iam\_role\_policy\_name | The name of the IAM Role Policy which VPC Flow Logs will use. | `string` | `"VPC-Flow-Logs-Publish-Policy"` | no |
diff --git a/config_baselines.tf b/config_baselines.tf
@@ -81,23 +81,6 @@ resource "aws_iam_role_policy_attachment" "recorder_read_policy" {
 # Needs to be set up in each region.
 # Global resource types are only recorded in the region specified by var.region.
 # --------------------------------------------------------------------------------------------------
-module "config_baseline_ap-east-1" {
-  source = "./modules/config-baseline"
-
-  providers = {
-    aws = aws.ap-east-1
-  }
-
-  enabled                       = contains(var.target_regions, "ap-east-1")
-  iam_role_arn                  = aws_iam_role.recorder.arn
-  s3_bucket_name                = local.audit_log_bucket_id
-  s3_key_prefix                 = var.config_s3_bucket_key_prefix
-  delivery_frequency            = var.config_delivery_frequency
-  sns_topic_name                = var.config_sns_topic_name
-  include_global_resource_types = var.region == "ap-east-1"
-  tags                          = var.tags
-}
-
 module "config_baseline_ap-northeast-1" {
   source = "./modules/config-baseline"
 
@@ -554,3 +537,4 @@ resource "aws_config_configuration_aggregator" "organization" {
 
   tags = var.tags
 }
+
diff --git a/examples/external-bucket/main.tf b/examples/external-bucket/main.tf
@@ -22,7 +22,6 @@ module "secure_baseline" {
 
   providers = {
     aws                = aws
-    aws.ap-east-1      = aws.ap-east-1
     aws.ap-northeast-1 = aws.ap-northeast-1
     aws.ap-northeast-2 = aws.ap-northeast-2
     aws.ap-northeast-3 = aws.ap-northeast-3
@@ -42,3 +41,4 @@ module "secure_baseline" {
     aws.us-west-2      = aws.us-west-2
   }
 }
+
diff --git a/examples/external-bucket/regions.tf b/examples/external-bucket/regions.tf
@@ -3,13 +3,6 @@
 # Reference: https://docs.aws.amazon.com/general/latest/gr/rande.html
 # --------------------------------------------------------------------------------------------------
 
-provider "aws" {
-  access_key = var.access_key
-  secret_key = var.secret_key
-  region     = "ap-east-1"
-  alias      = "ap-east-1"
-}
-
 provider "aws" {
   access_key = var.access_key
   secret_key = var.secret_key
@@ -128,3 +121,4 @@ provider "aws" {
   region     = "us-west-2"
   alias      = "us-west-2"
 }
+
diff --git a/examples/organization/master/main.tf b/examples/organization/master/main.tf
@@ -37,7 +37,6 @@ module "secure_baseline" {
 
   providers = {
     aws                = aws
-    aws.ap-east-1      = aws.ap-east-1
     aws.ap-northeast-1 = aws.ap-northeast-1
     aws.ap-northeast-2 = aws.ap-northeast-2
     aws.ap-northeast-3 = aws.ap-northeast-3
@@ -57,3 +56,4 @@ module "secure_baseline" {
     aws.us-west-2      = aws.us-west-2
   }
 }
+
diff --git a/examples/organization/master/regions.tf b/examples/organization/master/regions.tf
@@ -3,13 +3,6 @@
 # Reference: https://docs.aws.amazon.com/general/latest/gr/rande.html
 # --------------------------------------------------------------------------------------------------
 
-provider "aws" {
-  access_key = var.access_key
-  secret_key = var.secret_key
-  region     = "ap-east-1"
-  alias      = "ap-east-1"
-}
-
 provider "aws" {
   access_key = var.access_key
   secret_key = var.secret_key
@@ -128,3 +121,4 @@ provider "aws" {
   region     = "us-west-2"
   alias      = "us-west-2"
 }
+
diff --git a/examples/organization/member/main.tf b/examples/organization/member/main.tf
@@ -31,7 +31,6 @@ module "secure_baseline" {
 
   providers = {
     aws                = aws
-    aws.ap-east-1      = aws.ap-east-1
     aws.ap-northeast-1 = aws.ap-northeast-1
     aws.ap-northeast-2 = aws.ap-northeast-2
     aws.ap-northeast-3 = aws.ap-northeast-3
@@ -51,3 +50,4 @@ module "secure_baseline" {
     aws.us-west-2      = aws.us-west-2
   }
 }
+
diff --git a/examples/organization/member/regions.tf b/examples/organization/member/regions.tf
@@ -3,14 +3,6 @@
 # Reference: https://docs.aws.amazon.com/general/latest/gr/rande.html
 # --------------------------------------------------------------------------------------------------
 
-provider "aws" {
-  access_key = var.access_key
-  secret_key = var.secret_key
-  region     = "ap-east-1"
-  alias      = "ap-east-1"
-}
-
-
 provider "aws" {
   access_key = var.access_key
   secret_key = var.secret_key
@@ -129,3 +121,4 @@ provider "aws" {
   region     = "us-west-2"
   alias      = "us-west-2"
 }
+
diff --git a/examples/select-region/main.tf b/examples/select-region/main.tf
@@ -29,7 +29,6 @@ module "secure_baseline" {
   # all providers still need to be passed to the module.
   providers = {
     aws                = aws
-    aws.ap-east-1      = aws.ap-east-1
     aws.ap-northeast-1 = aws.ap-northeast-1
     aws.ap-northeast-2 = aws.ap-northeast-2
     aws.ap-northeast-3 = aws.ap-northeast-3
diff --git a/examples/select-region/regions.tf b/examples/select-region/regions.tf
@@ -3,14 +3,6 @@
 # Reference: https://docs.aws.amazon.com/general/latest/gr/rande.html
 # --------------------------------------------------------------------------------------------------
 
-provider "aws" {
-  access_key = var.access_key
-  secret_key = var.secret_key
-  region     = "ap-east-1"
-  alias      = "ap-east-1"
-}
-
-
 provider "aws" {
   access_key = var.access_key
   secret_key = var.secret_key
@@ -129,3 +121,4 @@ provider "aws" {
   region     = "us-west-2"
   alias      = "us-west-2"
 }
+
diff --git a/examples/simple/main.tf b/examples/simple/main.tf
@@ -26,7 +26,6 @@ module "secure_baseline" {
 
   providers = {
     aws                = aws
-    aws.ap-east-1      = aws.ap-east-1
     aws.ap-northeast-1 = aws.ap-northeast-1
     aws.ap-northeast-2 = aws.ap-northeast-2
     aws.ap-northeast-3 = aws.ap-northeast-3
@@ -46,3 +45,4 @@ module "secure_baseline" {
     aws.us-west-2      = aws.us-west-2
   }
 }
+
diff --git a/examples/simple/regions.tf b/examples/simple/regions.tf
@@ -3,13 +3,6 @@
 # Reference: https://docs.aws.amazon.com/general/latest/gr/rande.html
 # --------------------------------------------------------------------------------------------------
 
-provider "aws" {
-  access_key = var.access_key
-  secret_key = var.secret_key
-  region     = "ap-east-1"
-  alias      = "ap-east-1"
-}
-
 provider "aws" {
   access_key = var.access_key
   secret_key = var.secret_key
@@ -128,3 +121,4 @@ provider "aws" {
   region     = "us-west-2"
   alias      = "us-west-2"
 }
+
diff --git a/guardduty_baselines.tf b/guardduty_baselines.tf
@@ -8,21 +8,6 @@ locals {
   guardduty_member_accounts   = var.member_accounts
 }
 
-module "guardduty_baseline_ap-east-1" {
-  source = "./modules/guardduty-baseline"
-
-  providers = {
-    aws = aws.ap-east-1
-  }
-
-  enabled                      = contains(var.target_regions, "ap-east-1")
-  disable_email_notification   = var.guardduty_disable_email_notification
-  finding_publishing_frequency = var.guardduty_finding_publishing_frequency
-  invitation_message           = var.guardduty_invitation_message
-  master_account_id            = local.guardduty_master_account_id
-  member_accounts              = local.guardduty_member_accounts
-}
-
 module "guardduty_baseline_ap-northeast-1" {
   source = "./modules/guardduty-baseline"
 
diff --git a/outputs.tf b/outputs.tf
@@ -58,7 +58,6 @@ output "config_configuration_recorder" {
   description = "The configuration recorder in each region."
 
   value = {
-    "ap-east-1"      = module.config_baseline_ap-east-1.configuration_recorder
     "ap-northeast-1" = module.config_baseline_ap-northeast-1.configuration_recorder
     "ap-northeast-2" = module.config_baseline_ap-northeast-2.configuration_recorder
     "ap-south-1"     = module.config_baseline_ap-south-1.configuration_recorder
@@ -81,7 +80,6 @@ output "config_sns_topic" {
   description = "The SNS topic that AWS Config delivers notifications to."
 
   value = {
-    "ap-east-1"      = module.config_baseline_ap-east-1.config_sns_topic
     "ap-northeast-1" = module.config_baseline_ap-northeast-1.config_sns_topic
     "ap-northeast-2" = module.config_baseline_ap-northeast-2.config_sns_topic
     "ap-south-1"     = module.config_baseline_ap-south-1.config_sns_topic
@@ -109,7 +107,6 @@ output "guardduty_detector" {
   description = "The GuardDuty detector in each region."
 
   value = {
-    "ap-east-1"      = module.guardduty_baseline_ap-east-1.guardduty_detector
     "ap-northeast-1" = module.guardduty_baseline_ap-northeast-1.guardduty_detector
     "ap-northeast-2" = module.guardduty_baseline_ap-northeast-2.guardduty_detector
     "ap-south-1"     = module.guardduty_baseline_ap-south-1.guardduty_detector
@@ -160,7 +157,6 @@ output "vpc_flow_logs_group" {
   description = "The CloudWatch Logs log group which stores VPC Flow Logs in each region."
 
   value = {
-    "ap-east-1"      = module.vpc_baseline_ap-east-1.vpc_flow_logs_group
     "ap-northeast-1" = module.vpc_baseline_ap-northeast-1.vpc_flow_logs_group
     "ap-northeast-2" = module.vpc_baseline_ap-northeast-2.vpc_flow_logs_group
     "ap-south-1"     = module.vpc_baseline_ap-south-1.vpc_flow_logs_group
@@ -184,7 +180,6 @@ output "default_vpc" {
   description = "The default VPC."
 
   value = {
-    "ap-east-1"      = module.vpc_baseline_ap-east-1.default_vpc
     "ap-northeast-1" = module.vpc_baseline_ap-northeast-1.default_vpc
     "ap-northeast-2" = module.vpc_baseline_ap-northeast-2.default_vpc
     "ap-south-1"     = module.vpc_baseline_ap-south-1.default_vpc
@@ -208,7 +203,6 @@ output "default_security_group" {
   description = "The ID of the default security group."
 
   value = {
-    "ap-east-1"      = module.vpc_baseline_ap-east-1.default_security_group
     "ap-northeast-1" = module.vpc_baseline_ap-northeast-1.default_security_group
     "ap-northeast-2" = module.vpc_baseline_ap-northeast-2.default_security_group
     "ap-south-1"     = module.vpc_baseline_ap-south-1.default_security_group
@@ -232,7 +226,6 @@ output "default_network_acl" {
   description = "The default network ACL."
 
   value = {
-    "ap-east-1"      = module.vpc_baseline_ap-east-1.default_network_acl
     "ap-northeast-1" = module.vpc_baseline_ap-northeast-1.default_network_acl
     "ap-northeast-2" = module.vpc_baseline_ap-northeast-2.default_network_acl
     "ap-south-1"     = module.vpc_baseline_ap-south-1.default_network_acl
@@ -256,7 +249,6 @@ output "default_route_table" {
   description = "The default route table."
 
   value = {
-    "ap-east-1"      = module.vpc_baseline_ap-east-1.default_route_table
     "ap-northeast-1" = module.vpc_baseline_ap-northeast-1.default_route_table
     "ap-northeast-2" = module.vpc_baseline_ap-northeast-2.default_route_table
     "ap-south-1"     = module.vpc_baseline_ap-south-1.default_route_table
@@ -275,3 +267,4 @@ output "default_route_table" {
     "us-west-2"      = module.vpc_baseline_us-west-2.default_route_table
   }
 }
+
diff --git a/providers.tf b/providers.tf
@@ -6,10 +6,6 @@
 provider "aws" {
 }
 
-provider "aws" {
-  alias = "ap-east-1"
-}
-
 provider "aws" {
   alias = "ap-northeast-1"
 }
@@ -77,3 +73,4 @@ provider "aws" {
 provider "aws" {
   alias = "us-west-2"
 }
+
diff --git a/securityhub.tf b/securityhub.tf
@@ -1,20 +1,6 @@
 # --------------------------------------------------------------------------------------------------
 # SecurityHub Baseline
 # --------------------------------------------------------------------------------------------------
-
-module "securityhub_baseline_ap-east-1" {
-  source = "./modules/securityhub-baseline"
-
-  providers = {
-    aws = aws.ap-east-1
-  }
-
-  enabled                                      = contains(var.target_regions, "ap-east-1")
-  securityhub_enable_cis_standard              = var.securityhub_enable_cis_standard
-  securityhub_enable_pci_dss_standard          = var.securityhub_enable_pci_dss_standard
-  securityhub_enable_aws_foundational_standard = var.securityhub_enable_aws_foundational_standard
-}
-
 module "securityhub_baseline_ap-northeast-1" {
   source = "./modules/securityhub-baseline"
 
diff --git a/variables.tf b/variables.tf
@@ -32,7 +32,6 @@ variable "member_accounts" {
 variable "target_regions" {
   description = "A list of regions to set up with this module."
   default = [
-    "ap-east-1",
     "ap-northeast-1",
     "ap-northeast-2",
     "ap-south-1",
diff --git a/vpc_baselines.tf b/vpc_baselines.tf
@@ -44,21 +44,6 @@ resource "aws_iam_role_policy" "vpc_flow_logs_publish_policy" {
 # Needs to be set up in each region.
 # --------------------------------------------------------------------------------------------------
 
-module "vpc_baseline_ap-east-1" {
-  source = "./modules/vpc-baseline"
-
-  providers = {
-    aws = aws.ap-east-1
-  }
-
-  enabled                    = contains(var.target_regions, "ap-east-1")
-  vpc_log_group_name         = var.vpc_log_group_name
-  vpc_flow_logs_iam_role_arn = aws_iam_role.vpc_flow_logs_publisher.arn
-  vpc_log_retention_in_days  = var.vpc_log_retention_in_days
-
-  tags = var.tags
-}
-
 module "vpc_baseline_ap-northeast-1" {
   source = "./modules/vpc-baseline"
 
@@ -298,3 +283,4 @@ module "vpc_baseline_us-west-2" {
 
   tags = var.tags
 }
+

Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,6 @@ module "secure_baseline" {`
`22`	`22`
`23`	`23`	`providers = {`
`24`	`24`	`aws = aws`
`25`		`- aws.ap-east-1 = aws.ap-east-1`
`26`	`25`	`aws.ap-northeast-1 = aws.ap-northeast-1`
`27`	`26`	`aws.ap-northeast-2 = aws.ap-northeast-2`
`28`	`27`	`aws.ap-northeast-3 = aws.ap-northeast-3`
`@@ -42,3 +41,4 @@ module "secure_baseline" {`
`42`	`41`	`aws.us-west-2 = aws.us-west-2`
`43`	`42`	`}`
`44`	`43`	`}`
	`44`	`+`
Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,6 @@ module "secure_baseline" {`
`37`	`37`
`38`	`38`	`providers = {`
`39`	`39`	`aws = aws`
`40`		`- aws.ap-east-1 = aws.ap-east-1`
`41`	`40`	`aws.ap-northeast-1 = aws.ap-northeast-1`
`42`	`41`	`aws.ap-northeast-2 = aws.ap-northeast-2`
`43`	`42`	`aws.ap-northeast-3 = aws.ap-northeast-3`
`@@ -57,3 +56,4 @@ module "secure_baseline" {`
`57`	`56`	`aws.us-west-2 = aws.us-west-2`
`58`	`57`	`}`
`59`	`58`	`}`
	`59`	`+`
Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,6 @@ module "secure_baseline" {`
`31`	`31`
`32`	`32`	`providers = {`
`33`	`33`	`aws = aws`
`34`		`- aws.ap-east-1 = aws.ap-east-1`
`35`	`34`	`aws.ap-northeast-1 = aws.ap-northeast-1`
`36`	`35`	`aws.ap-northeast-2 = aws.ap-northeast-2`
`37`	`36`	`aws.ap-northeast-3 = aws.ap-northeast-3`
`@@ -51,3 +50,4 @@ module "secure_baseline" {`
`51`	`50`	`aws.us-west-2 = aws.us-west-2`
`52`	`51`	`}`
`53`	`52`	`}`
	`53`	`+`
Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,6 @@ module "secure_baseline" {`
`26`	`26`
`27`	`27`	`providers = {`
`28`	`28`	`aws = aws`
`29`		`- aws.ap-east-1 = aws.ap-east-1`
`30`	`29`	`aws.ap-northeast-1 = aws.ap-northeast-1`
`31`	`30`	`aws.ap-northeast-2 = aws.ap-northeast-2`
`32`	`31`	`aws.ap-northeast-3 = aws.ap-northeast-3`
`@@ -46,3 +45,4 @@ module "secure_baseline" {`
`46`	`45`	`aws.us-west-2 = aws.us-west-2`
`47`	`46`	`}`
`48`	`47`	`}`
	`48`	`+`
Original file line number	Diff line number	Diff line change
`@@ -6,10 +6,6 @@`
`6`	`6`	`provider "aws" {`
`7`	`7`	`}`
`8`	`8`
`9`		`-provider "aws" {`
`10`		`- alias = "ap-east-1"`
`11`		`-}`
`12`		`-`
`13`	`9`	`provider "aws" {`
`14`	`10`	`alias = "ap-northeast-1"`
`15`	`11`	`}`
`@@ -77,3 +73,4 @@ provider "aws" {`
`77`	`73`	`provider "aws" {`
`78`	`74`	`alias = "us-west-2"`
`79`	`75`	`}`
	`76`	`+`