| Name | helsing-scm JSON |
| Version |
0.2.1
JSON |
| download |
| home_page | |
| Summary | |
| upload_time | 2023-05-19 12:30:37 |
| maintainer | |
| docs_url | None |
| author | Niklas Rosenstein |
| requires_python | >=3.10,<4.0 |
| license | MIT |
| keywords |
|
| VCS |
|
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
<img src="./secure-cloud.png" align="right">
# Secure Cloud Manager
SCM is a declarative configuration management tool to faciliate scalable management of IaC workflows.
The primary purpose of SCM is to act as a high-level abstraction with powerful primitives to manage IaC workflows
that may need to span multiple Terraform workspaces. SCM is designed to be used in conjunction with Terraform Cloud
or Terraform Enterprise.
Even if right now SCM generates code only for a single Terraform workspace, and technically all of it could be done
with Terraform itself, having SCM as a separate tool allows for a more powerful abstraction that means you don't have
to re-architect your Terraform code and workspace structure when you need to scale up or new features can only be
achieved by crossing workspace boundaries.
We try to keep things simple and intuitive, but when the need arises, SCM could become a service to unblock certain
features that are not possible with Terraform alone, all while not having to completely redesign how you manage your
IaC because SCM takes care of that.
Currently, SCM can be used to do the following:
* Create AWS Control Tower accounts
* Create Terraform workspaces in Terraform Cloud/Enterprise with access to credentials to any single AWS account
## Getting started
### Prerequisites
- Python 3.10 or newer
- The Terraform CLI (used for `terraform fmt`)
In order to run the generated Terraform code, you will need:
- An AWS Account with Control Tower enabled
- Terraform Cloud or Terraform Enterprise account
### Installation
SCM will be available on PyPI soon. For now, you can install it from GitHub:
$ pip install git+https://github.com/helsing-ai/scm.git
### Configuration
The backend for SCM is currently entirely Terraform-based. This means that you need to hand the respective AWS and
Terraform Cloud/Enterprise token to the initial Terraform workspace from which the execution of the generated Terraform
code is to take place.
- `AWS_REGION`
- `AWS_ACCESS_KEY_ID`
- `AWS_SECRET_ACCESS_KEY`
- `AWS_SESSION_TOKEN` (optional)
- `TFE_HOSTNAME`
- `TFE_TOKEN`
The AWS credentials should have permissions to create AWS Accounts via the AWS Account Factory. It must also have the
`servicecatalog:ListProvisioningArtifact` permission. The Terraform Cloud token should have permissions to create
workspaces and upload configuration versions. While a TFE Organization-level token can create workspaces, it cannot
upload configuration versions, which is why a Team-level or User-level token is required.
SCM understands "resources" that are defined in a YAML file that is largely inspired by Kubernetes resources. These
resources are powerful abstractions on the concepts of AWS accounts and Terraform workspaces.
__Example__
Check out the [example/manifests/](example/manifests/) folder for a complete example. The files define settings for the
code generation well as resources that inform the generated Terraform code. The generated code is then responsible, as
per the resource definitions, to create an AWS account and Terraform workspace.
You can run the following commands to generate the Terraform code for the example, and then initialize and apply it:
$ ( cd example && python -m helsing.scm manifests/*.yaml )
$ ( cd example/generated && terraform init )
$ ( cd example/generated && terraform plan )
Before you actually try this, you may need to update some values in the `settings.yaml` file. At the minimum, you
will need to update the `product_id` in the `AwsTerraformCodegenSettings` resource.
Raw data
{
"_id": null,
"home_page": "",
"name": "helsing-scm",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.10,<4.0",
"maintainer_email": "",
"keywords": "",
"author": "Niklas Rosenstein",
"author_email": "rosensteinniklas@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/fd/78/d29e5f164c51cabccb902bb60d7e3e3817f59b451e2e668b6bc8fd3dd13d/helsing_scm-0.2.1.tar.gz",
"platform": null,
"description": "<img src=\"./secure-cloud.png\" align=\"right\">\n\n# Secure Cloud Manager\n\nSCM is a declarative configuration management tool to faciliate scalable management of IaC workflows.\n\nThe primary purpose of SCM is to act as a high-level abstraction with powerful primitives to manage IaC workflows\nthat may need to span multiple Terraform workspaces. SCM is designed to be used in conjunction with Terraform Cloud\nor Terraform Enterprise.\n\nEven if right now SCM generates code only for a single Terraform workspace, and technically all of it could be done\nwith Terraform itself, having SCM as a separate tool allows for a more powerful abstraction that means you don't have\nto re-architect your Terraform code and workspace structure when you need to scale up or new features can only be\nachieved by crossing workspace boundaries.\n\nWe try to keep things simple and intuitive, but when the need arises, SCM could become a service to unblock certain\nfeatures that are not possible with Terraform alone, all while not having to completely redesign how you manage your\nIaC because SCM takes care of that.\n\nCurrently, SCM can be used to do the following:\n\n* Create AWS Control Tower accounts\n* Create Terraform workspaces in Terraform Cloud/Enterprise with access to credentials to any single AWS account\n\n## Getting started\n\n### Prerequisites\n\n- Python 3.10 or newer\n- The Terraform CLI (used for `terraform fmt`)\n\nIn order to run the generated Terraform code, you will need:\n\n- An AWS Account with Control Tower enabled\n- Terraform Cloud or Terraform Enterprise account\n\n### Installation\n\nSCM will be available on PyPI soon. For now, you can install it from GitHub:\n\n $ pip install git+https://github.com/helsing-ai/scm.git\n\n### Configuration\n\nThe backend for SCM is currently entirely Terraform-based. This means that you need to hand the respective AWS and\nTerraform Cloud/Enterprise token to the initial Terraform workspace from which the execution of the generated Terraform\ncode is to take place.\n\n- `AWS_REGION`\n- `AWS_ACCESS_KEY_ID`\n- `AWS_SECRET_ACCESS_KEY`\n- `AWS_SESSION_TOKEN` (optional)\n- `TFE_HOSTNAME`\n- `TFE_TOKEN`\n\nThe AWS credentials should have permissions to create AWS Accounts via the AWS Account Factory. It must also have the\n`servicecatalog:ListProvisioningArtifact` permission. The Terraform Cloud token should have permissions to create\nworkspaces and upload configuration versions. While a TFE Organization-level token can create workspaces, it cannot\nupload configuration versions, which is why a Team-level or User-level token is required.\n\nSCM understands \"resources\" that are defined in a YAML file that is largely inspired by Kubernetes resources. These\nresources are powerful abstractions on the concepts of AWS accounts and Terraform workspaces.\n\n__Example__\n\nCheck out the [example/manifests/](example/manifests/) folder for a complete example. The files define settings for the\ncode generation well as resources that inform the generated Terraform code. The generated code is then responsible, as\nper the resource definitions, to create an AWS account and Terraform workspace.\n\nYou can run the following commands to generate the Terraform code for the example, and then initialize and apply it:\n\n $ ( cd example && python -m helsing.scm manifests/*.yaml )\n $ ( cd example/generated && terraform init )\n $ ( cd example/generated && terraform plan )\n\nBefore you actually try this, you may need to update some values in the `settings.yaml` file. At the minimum, you\nwill need to update the `product_id` in the `AwsTerraformCodegenSettings` resource.\n\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "",
"version": "0.2.1",
"project_urls": null,
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "c056e642f8631e408eeb4592820442808cfe63783115f2d153fd56cec26671fe",
"md5": "96529eafb8f89208d3383a4b9a5c6907",
"sha256": "1c860bf5b21e0599d1e764f81f367f0be148426080b38357f51e9166d35f0327"
},
"downloads": -1,
"filename": "helsing_scm-0.2.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "96529eafb8f89208d3383a4b9a5c6907",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.10,<4.0",
"size": 18303,
"upload_time": "2023-05-19T12:30:35",
"upload_time_iso_8601": "2023-05-19T12:30:35.237173Z",
"url": "https://files.pythonhosted.org/packages/c0/56/e642f8631e408eeb4592820442808cfe63783115f2d153fd56cec26671fe/helsing_scm-0.2.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "fd78d29e5f164c51cabccb902bb60d7e3e3817f59b451e2e668b6bc8fd3dd13d",
"md5": "554b3db3de8a0be29966a56132ac4811",
"sha256": "036b632836140bfd18c375b5fd3722c16dc7e3836ccc728e9a8cbc366453f230"
},
"downloads": -1,
"filename": "helsing_scm-0.2.1.tar.gz",
"has_sig": false,
"md5_digest": "554b3db3de8a0be29966a56132ac4811",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.10,<4.0",
"size": 13105,
"upload_time": "2023-05-19T12:30:37",
"upload_time_iso_8601": "2023-05-19T12:30:37.001423Z",
"url": "https://files.pythonhosted.org/packages/fd/78/d29e5f164c51cabccb902bb60d7e3e3817f59b451e2e668b6bc8fd3dd13d/helsing_scm-0.2.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-05-19 12:30:37",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"lcname": "helsing-scm"
}
