From f93b74ffaded96b5d3b8fd2725f0380416aa1879 Mon Sep 17 00:00:00 2001 From: Michael Barrientos Date: Wed, 21 Apr 2021 23:37:51 -0700 Subject: [PATCH] Update docs to use Terraform docs v0.12.1 * Adds support for linking to Terraform providers --- aws-acm-cert/README.md | 43 +++--- aws-aurora-mysql/README.md | 81 ++++++----- aws-aurora-postgres/README.md | 71 +++++----- aws-aurora/README.md | 91 ++++++------ aws-cloudfront-domain-redirect/README.md | 37 +++-- aws-cloudfront-logs-bucket/README.md | 45 +++--- aws-cloudwatch-log-group/README.md | 31 +++-- .../README.md | 38 +++-- aws-default-vpc-security/README.md | 25 +++- aws-ecs-job-fargate/README.md | 66 +++++---- aws-ecs-job/README.md | 58 +++++--- aws-ecs-service-fargate/README.md | 128 ++++++++++------- aws-ecs-service/README.md | 130 +++++++++++------- aws-efs-volume/README.md | 43 +++--- aws-iam-ecs-task-role/README.md | 30 ++-- aws-iam-group-assume-role/README.md | 35 +++-- aws-iam-group-console-login/README.md | 24 +++- aws-iam-instance-profile/README.md | 36 +++-- aws-iam-password-policy/README.md | 19 ++- aws-iam-policy-cwlogs/README.md | 23 +++- aws-iam-role-bless/README.md | 38 +++-- aws-iam-role-cloudfront-poweruser/README.md | 46 +++++-- aws-iam-role-crossacct/README.md | 44 +++--- aws-iam-role-ec2-poweruser/README.md | 43 ++++-- aws-iam-role-ecs-poweruser/README.md | 41 ++++-- aws-iam-role-infraci/README.md | 42 ++++-- aws-iam-role-poweruser/README.md | 48 ++++--- aws-iam-role-readonly/README.md | 45 +++--- .../README.md | 38 +++-- aws-iam-role-security-audit/README.md | 37 +++-- aws-iam-role/README.md | 46 ++++--- aws-iam-secrets-reader-policy/README.md | 25 +++- .../README.md | 31 +++-- aws-lambda-function/README.md | 83 ++++++----- aws-param/README.md | 27 ++-- aws-params-reader-policy/README.md | 34 +++-- aws-params-secrets-setup/README.md | 28 ++-- aws-params-writer/README.md | 30 ++-- aws-redis-node/README.md | 52 ++++--- aws-redis-replication-group/README.md | 60 ++++---- aws-s3-account-public-access-block/README.md | 19 ++- aws-s3-private-bucket/README.md | 54 +++++--- aws-s3-public-bucket/README.md | 46 ++++--- aws-single-page-static-site/README.md | 64 ++++++--- aws-sns-lambda/README.md | 54 +++++--- aws-ssm-params-writer/README.md | 28 ++-- aws-ssm-params/README.md | 25 ++-- bless-ca/README.md | 54 ++++++-- github-webhooks-to-s3/README.md | 66 +++++++-- snowflake-account-grant-all/README.md | 23 +++- snowflake-database-grant-all/README.md | 27 ++-- snowflake-integration-grant-all/README.md | 25 ++-- .../README.md | 25 ++-- snowflake-schema-grant-all/README.md | 31 +++-- snowflake-stage-grant-all/README.md | 33 +++-- snowflake-table-grant-all/README.md | 33 +++-- snowflake-view-grant-all/README.md | 33 +++-- snowflake-warehouse-grant-all/README.md | 25 ++-- 58 files changed, 1653 insertions(+), 904 deletions(-) diff --git a/aws-acm-cert/README.md b/aws-acm-cert/README.md index 8839d2e0..2f5482f0 100644 --- a/aws-acm-cert/README.md +++ b/aws-acm-cert/README.md @@ -33,35 +33,46 @@ module "cert" { | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_acm_certificate.cert](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate) | resource | +| [aws_acm_certificate_validation.cert](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate_validation) | resource | +| [aws_route53_record.cert_validation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| allow\_validation\_record\_overwrite | Allow the overwrite of validation records. This is needed if you are creating certificates in multiple regions. | `string` | `true` | no | -| aws\_route53\_zone\_id | n/a | `string` | n/a | yes | -| cert\_domain\_name | Like www.foo.bar.com or \*.foo.bar.com | `string` | n/a | yes | -| cert\_subject\_alternative\_names | A map of | `map(string)` | `{}` | no | -| cert\_subject\_alternative\_names\_count | The size of var.cert\_subject\_alternative\_names. Since var.cert\_subject\_alternative\_names can have dynamic keys/values we must hint terraform on its size. If you have no SANs then this should be 0. | `number` | `0` | no | -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| subject\_alternative\_names\_order | Order to list the subject alternative names in the ACM cert. Workaround for https://github.com/terraform-providers/terraform-provider-aws/issues/8531 | `list(string)` | `null` | no | -| validation\_record\_ttl | n/a | `string` | `60` | no | +| [allow\_validation\_record\_overwrite](#input\_allow\_validation\_record\_overwrite) | Allow the overwrite of validation records. This is needed if you are creating certificates in multiple regions. | `string` | `true` | no | +| [aws\_route53\_zone\_id](#input\_aws\_route53\_zone\_id) | n/a | `string` | n/a | yes | +| [cert\_domain\_name](#input\_cert\_domain\_name) | Like www.foo.bar.com or *.foo.bar.com | `string` | n/a | yes | +| [cert\_subject\_alternative\_names](#input\_cert\_subject\_alternative\_names) | A map of | `map(string)` | `{}` | no | +| [cert\_subject\_alternative\_names\_count](#input\_cert\_subject\_alternative\_names\_count) | The size of var.cert\_subject\_alternative\_names. Since var.cert\_subject\_alternative\_names can have dynamic keys/values we must hint terraform on its size. If you have no SANs then this should be 0. | `number` | `0` | no | +| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [owner](#input\_owner) | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [subject\_alternative\_names\_order](#input\_subject\_alternative\_names\_order) | Order to list the subject alternative names in the ACM cert. Workaround for https://github.com/terraform-providers/terraform-provider-aws/issues/8531 | `list(string)` | `null` | no | +| [validation\_record\_ttl](#input\_validation\_record\_ttl) | n/a | `string` | `60` | no | ## Outputs | Name | Description | |------|-------------| -| arn | n/a | -| id | n/a | - +| [arn](#output\_arn) | n/a | +| [id](#output\_id) | n/a | diff --git a/aws-aurora-mysql/README.md b/aws-aurora-mysql/README.md index ac175084..5b786580 100644 --- a/aws-aurora-mysql/README.md +++ b/aws-aurora-mysql/README.md @@ -35,53 +35,62 @@ module "db" { | Name | Version | |------|---------| -| aws | >= 2.44.0, < 3.0.0 | +| [aws](#requirement\_aws) | >= 2.44.0, < 3.0.0 | ## Providers -No provider. +No providers. + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [aurora](#module\_aurora) | ../aws-aurora | | + +## Resources + +No resources. ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| apply\_immediately | If false changes will not be applied until next maintenance window. | `string` | `false` | no | -| auto\_minor\_version\_upgrade | Set the databases to automatically upgrade minor versions. | `bool` | `true` | no | -| backtrack\_window | Turns on Backgrack for this many seconds. [Doc](https://aws.amazon.com/blogs/aws/amazon-aurora-backtrack-turn-back-time/) | `string` | `0` | no | -| ca\_cert\_identifier | Identifier for the certificate authority. rds-ca-2019 is the latest available version. | `string` | `"rds-ca-2019"` | no | -| database\_name | The name of the database to be created in the cluster. | `string` | n/a | yes | -| database\_password | Password for user that will be created. | `string` | n/a | yes | -| database\_subnet\_group | The name of an existing database subnet group to use. | `string` | n/a | yes | -| database\_username | Default user to be created. | `string` | n/a | yes | -| db\_deletion\_protection | n/a | `string` | `false` | no | -| db\_parameters | Instance params you can set. [Doc](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Reference.html#AuroraMySQL.Reference.Parameters.Instance) | `list(any)` | 
[
  {
    "apply_method": "pending-reboot",
    "name": "general_log",
    "value": 1
  },
  {
    "apply_method": "pending-reboot",
    "name": "slow_query_log",
    "value": "1"
  },
  {
    "apply_method": "pending-reboot",
    "name": "long_query_time",
    "value": "0"
  },
  {
    "apply_method": "pending-reboot",
    "name": "log_output",
    "value": "file"
  },
  {
    "apply_method": "pending-reboot",
    "name": "log_queries_not_using_indexes",
    "value": "1"
  }
]
| no | -| engine\_version | The version of the engine to be used for aurora-mysql. | `string` | `"5.7"` | no | -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| iam\_database\_authentication\_enabled | n/a | `string` | `false` | no | -| ingress\_cidr\_blocks | A list of CIDR blocks that should be allowed to communicate with this Aurora cluster. | `list(string)` | `[]` | no | -| ingress\_security\_groups | A list of security groups that should be allowed to communicate with this Aurora cluster. | `list(string)` | `[]` | no | -| instance\_class | See valid instance types [here](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Managing.Performance.html) | `string` | `"db.t2.small"` | no | -| instance\_count | Number of instances to create in this cluster. | `string` | `1` | no | -| kms\_key\_id | If provided, storage will be encrypted with this key, otherwise an AWS-managed key is used. (Encryption is always on). | `string` | `""` | no | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| params\_engine\_version | The engine version to be appended to the parameter group family. | `string` | `"5.7"` | no | -| performance\_insights\_enabled | n/a | `string` | `false` | no | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| publicly\_accessible | Avoid doing this - it gives access to the open internet. | `string` | `false` | no | -| rds\_cluster\_parameters | Cluster params you can set. [Doc](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Reference.html#AuroraMySQL.Reference.Parameters.Cluster) | `list(any)` | 
[
  {
    "apply_method": "pending-reboot",
    "name": "character_set_server",
    "value": "utf8"
  },
  {
    "apply_method": "pending-reboot",
    "name": "character_set_client",
    "value": "utf8"
  }
]
| no | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| skip\_final\_snapshot | When you destroy a database RDS will, by default, take snapshot. Set this to skip that step. | `string` | `false` | no | -| vpc\_id | The id of the existing VPC in which this cluster should be created. | `string` | n/a | yes | +| [apply\_immediately](#input\_apply\_immediately) | If false changes will not be applied until next maintenance window. | `string` | `false` | no | +| [auto\_minor\_version\_upgrade](#input\_auto\_minor\_version\_upgrade) | Set the databases to automatically upgrade minor versions. | `bool` | `true` | no | +| [backtrack\_window](#input\_backtrack\_window) | Turns on Backgrack for this many seconds. [Doc](https://aws.amazon.com/blogs/aws/amazon-aurora-backtrack-turn-back-time/) | `string` | `0` | no | +| [ca\_cert\_identifier](#input\_ca\_cert\_identifier) | Identifier for the certificate authority. rds-ca-2019 is the latest available version. | `string` | `"rds-ca-2019"` | no | +| [database\_name](#input\_database\_name) | The name of the database to be created in the cluster. | `string` | n/a | yes | +| [database\_password](#input\_database\_password) | Password for user that will be created. | `string` | n/a | yes | +| [database\_subnet\_group](#input\_database\_subnet\_group) | The name of an existing database subnet group to use. | `string` | n/a | yes | +| [database\_username](#input\_database\_username) | Default user to be created. | `string` | n/a | yes | +| [db\_deletion\_protection](#input\_db\_deletion\_protection) | n/a | `string` | `false` | no | +| [db\_parameters](#input\_db\_parameters) | Instance params you can set. [Doc](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Reference.html#AuroraMySQL.Reference.Parameters.Instance) | `list(any)` | 
[
  {
    "apply_method": "pending-reboot",
    "name": "general_log",
    "value": 1
  },
  {
    "apply_method": "pending-reboot",
    "name": "slow_query_log",
    "value": "1"
  },
  {
    "apply_method": "pending-reboot",
    "name": "long_query_time",
    "value": "0"
  },
  {
    "apply_method": "pending-reboot",
    "name": "log_output",
    "value": "file"
  },
  {
    "apply_method": "pending-reboot",
    "name": "log_queries_not_using_indexes",
    "value": "1"
  }
]
| no | +| [engine\_version](#input\_engine\_version) | The version of the engine to be used for aurora-mysql. | `string` | `"5.7"` | no | +| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [iam\_database\_authentication\_enabled](#input\_iam\_database\_authentication\_enabled) | n/a | `string` | `false` | no | +| [ingress\_cidr\_blocks](#input\_ingress\_cidr\_blocks) | A list of CIDR blocks that should be allowed to communicate with this Aurora cluster. | `list(string)` | `[]` | no | +| [ingress\_security\_groups](#input\_ingress\_security\_groups) | A list of security groups that should be allowed to communicate with this Aurora cluster. | `list(string)` | `[]` | no | +| [instance\_class](#input\_instance\_class) | See valid instance types [here](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Managing.Performance.html) | `string` | `"db.t2.small"` | no | +| [instance\_count](#input\_instance\_count) | Number of instances to create in this cluster. | `string` | `1` | no | +| [kms\_key\_id](#input\_kms\_key\_id) | If provided, storage will be encrypted with this key, otherwise an AWS-managed key is used. (Encryption is always on). | `string` | `""` | no | +| [owner](#input\_owner) | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [params\_engine\_version](#input\_params\_engine\_version) | The engine version to be appended to the parameter group family. | `string` | `"5.7"` | no | +| [performance\_insights\_enabled](#input\_performance\_insights\_enabled) | n/a | `string` | `false` | no | +| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [publicly\_accessible](#input\_publicly\_accessible) | Avoid doing this - it gives access to the open internet. | `string` | `false` | no | +| [rds\_cluster\_parameters](#input\_rds\_cluster\_parameters) | Cluster params you can set. [Doc](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Reference.html#AuroraMySQL.Reference.Parameters.Cluster) | `list(any)` | 
[
  {
    "apply_method": "pending-reboot",
    "name": "character_set_server",
    "value": "utf8"
  },
  {
    "apply_method": "pending-reboot",
    "name": "character_set_client",
    "value": "utf8"
  }
]
| no | +| [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [skip\_final\_snapshot](#input\_skip\_final\_snapshot) | When you destroy a database RDS will, by default, take snapshot. Set this to skip that step. | `string` | `false` | no | +| [vpc\_id](#input\_vpc\_id) | The id of the existing VPC in which this cluster should be created. | `string` | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| database\_name | n/a | -| db\_parameter\_group\_name | n/a | -| endpoint | n/a | -| engine | n/a | -| rds\_cluster\_id | n/a | -| reader\_endpoint | n/a | - +| [database\_name](#output\_database\_name) | n/a | +| [db\_parameter\_group\_name](#output\_db\_parameter\_group\_name) | n/a | +| [endpoint](#output\_endpoint) | n/a | +| [engine](#output\_engine) | n/a | +| [rds\_cluster\_id](#output\_rds\_cluster\_id) | n/a | +| [reader\_endpoint](#output\_reader\_endpoint) | n/a | diff --git a/aws-aurora-postgres/README.md b/aws-aurora-postgres/README.md index 3b591547..345fe563 100644 --- a/aws-aurora-postgres/README.md +++ b/aws-aurora-postgres/README.md @@ -34,48 +34,57 @@ module "db" { | Name | Version | |------|---------| -| aws | >= 2.44.0, < 3.0.0 | +| [aws](#requirement\_aws) | >= 2.44.0, < 3.0.0 | ## Providers -No provider. +No providers. + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [aurora](#module\_aurora) | ../aws-aurora | | + +## Resources + +No resources. ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| apply\_immediately | If false changes will not be applied until next maintenance window. | `string` | `false` | no | -| auto\_minor\_version\_upgrade | Set the databases to automatically upgrade minor versions. | `bool` | `true` | no | -| ca\_cert\_identifier | Identifier for the certificate authority. | `string` | `"rds-ca-2019"` | no | -| database\_name | The name of the database to be created in the cluster. | `string` | n/a | yes | -| database\_password | Password for user that will be created. | `string` | n/a | yes | -| database\_subnet\_group | The name of an existing database subnet group to use. | `string` | n/a | yes | -| database\_username | Default user to be created. | `string` | n/a | yes | -| db\_parameters | Instance params you can set. [Doc](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Reference.html#AuroraPostgreSQL.Reference.Parameters.Instance) | `list(any)` | `[]` | no | -| engine\_version | The version of Postgres to use. | `string` | `"10"` | no | -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| iam\_database\_authentication\_enabled | n/a | `string` | `false` | no | -| ingress\_cidr\_blocks | A list of CIDR blocks that should be allowed to communicate with this Aurora cluster. | `list(string)` | `[]` | no | -| ingress\_security\_groups | A list of security groups that should be allowed to communicate with this Aurora cluster. | `list(string)` | `[]` | no | -| instance\_class | See valid instance types [here](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Managing.html) | `string` | `"db.r4.large"` | no | -| instance\_count | Number of instances to create in this cluster. | `string` | `1` | no | -| kms\_key\_id | If provided, storage will be encrypted with this key, otherwise an AWS-managed key is used. (Encryption is always on). | `string` | `""` | no | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| performance\_insights\_enabled | n/a | `string` | `false` | no | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| publicly\_accessible | Avoid doing this - it gives access to the open internet. | `string` | `false` | no | -| rds\_cluster\_parameters | Cluster params you can set. [Doc](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Reference.html#AuroraPostgreSQL.Reference.Parameters.Cluster) | `list(any)` | `[]` | no | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| skip\_final\_snapshot | When you destroy a database RDS will, by default, take snapshot. Set this to skip that step. | `string` | `false` | no | -| vpc\_id | The id of the existing VPC in which this cluster should be created. | `string` | n/a | yes | +| [apply\_immediately](#input\_apply\_immediately) | If false changes will not be applied until next maintenance window. | `string` | `false` | no | +| [auto\_minor\_version\_upgrade](#input\_auto\_minor\_version\_upgrade) | Set the databases to automatically upgrade minor versions. | `bool` | `true` | no | +| [ca\_cert\_identifier](#input\_ca\_cert\_identifier) | Identifier for the certificate authority. | `string` | `"rds-ca-2019"` | no | +| [database\_name](#input\_database\_name) | The name of the database to be created in the cluster. | `string` | n/a | yes | +| [database\_password](#input\_database\_password) | Password for user that will be created. | `string` | n/a | yes | +| [database\_subnet\_group](#input\_database\_subnet\_group) | The name of an existing database subnet group to use. | `string` | n/a | yes | +| [database\_username](#input\_database\_username) | Default user to be created. | `string` | n/a | yes | +| [db\_parameters](#input\_db\_parameters) | Instance params you can set. [Doc](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Reference.html#AuroraPostgreSQL.Reference.Parameters.Instance) | `list(any)` | `[]` | no | +| [engine\_version](#input\_engine\_version) | The version of Postgres to use. | `string` | `"10"` | no | +| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [iam\_database\_authentication\_enabled](#input\_iam\_database\_authentication\_enabled) | n/a | `string` | `false` | no | +| [ingress\_cidr\_blocks](#input\_ingress\_cidr\_blocks) | A list of CIDR blocks that should be allowed to communicate with this Aurora cluster. | `list(string)` | `[]` | no | +| [ingress\_security\_groups](#input\_ingress\_security\_groups) | A list of security groups that should be allowed to communicate with this Aurora cluster. | `list(string)` | `[]` | no | +| [instance\_class](#input\_instance\_class) | See valid instance types [here](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Managing.html) | `string` | `"db.r4.large"` | no | +| [instance\_count](#input\_instance\_count) | Number of instances to create in this cluster. | `string` | `1` | no | +| [kms\_key\_id](#input\_kms\_key\_id) | If provided, storage will be encrypted with this key, otherwise an AWS-managed key is used. (Encryption is always on). | `string` | `""` | no | +| [owner](#input\_owner) | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [performance\_insights\_enabled](#input\_performance\_insights\_enabled) | n/a | `string` | `false` | no | +| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [publicly\_accessible](#input\_publicly\_accessible) | Avoid doing this - it gives access to the open internet. | `string` | `false` | no | +| [rds\_cluster\_parameters](#input\_rds\_cluster\_parameters) | Cluster params you can set. [Doc](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Reference.html#AuroraPostgreSQL.Reference.Parameters.Cluster) | `list(any)` | `[]` | no | +| [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [skip\_final\_snapshot](#input\_skip\_final\_snapshot) | When you destroy a database RDS will, by default, take snapshot. Set this to skip that step. | `string` | `false` | no | +| [vpc\_id](#input\_vpc\_id) | The id of the existing VPC in which this cluster should be created. | `string` | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| database\_name | n/a | -| endpoint | n/a | -| port | n/a | -| reader\_endpoint | n/a | - +| [database\_name](#output\_database\_name) | n/a | +| [endpoint](#output\_endpoint) | n/a | +| [port](#output\_port) | n/a | +| [reader\_endpoint](#output\_reader\_endpoint) | n/a | diff --git a/aws-aurora/README.md b/aws-aurora/README.md index 3c96e418..94c19dbf 100644 --- a/aws-aurora/README.md +++ b/aws-aurora/README.md @@ -7,58 +7,71 @@ This is a low-level module for creating AWS Aurora clusters. We strongly reccome | Name | Version | |------|---------| -| aws | >= 2.44.0, < 3.0.0 | +| [aws](#requirement\_aws) | >= 2.44.0, < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | >= 2.44.0, < 3.0.0 | +| [aws](#provider\_aws) | >= 2.44.0, < 3.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_db_parameter_group.db](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_parameter_group) | resource | +| [aws_rds_cluster.db](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster) | resource | +| [aws_rds_cluster_instance.db](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster_instance) | resource | +| [aws_rds_cluster_parameter_group.db](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster_parameter_group) | resource | +| [aws_security_group.rds](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| apply\_immediately | n/a | `bool` | `false` | no | -| auto\_minor\_version\_upgrade | Set the databases to automatically upgrade minor versions. | `bool` | `true` | no | -| backtrack\_window | n/a | `number` | `0` | no | -| ca\_cert\_identifier | Identifier for the certificate authority. Use rds-ca-2019 for anything new. | `string` | `"rds-ca-2019"` | no | -| database\_name | n/a | `string` | n/a | yes | -| database\_password | n/a | `string` | n/a | yes | -| database\_subnet\_group | n/a | `string` | n/a | yes | -| database\_username | n/a | `string` | n/a | yes | -| db\_deletion\_protection | n/a | `string` | `false` | no | -| db\_parameters | n/a | `list(any)` | `[]` | no | -| enabled\_cloudwatch\_logs\_exports | n/a | `list(any)` | `[]` | no | -| engine | n/a | `string` | n/a | yes | -| engine\_version | n/a | `string` | n/a | yes | -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| iam\_database\_authentication\_enabled | n/a | `string` | `true` | no | -| ingress\_cidr\_blocks | A list of CIDR blocks that should be allowed to communicate with this Aurora cluster. | `list(string)` | `[]` | no | -| ingress\_security\_groups | A list of security groups that should be allowed to communicate with this Aurora cluster. | `list(string)` | `[]` | no | -| instance\_class | n/a | `string` | `"db.t2.small"` | no | -| instance\_count | n/a | `string` | `1` | no | -| kms\_key\_id | If supplied, RDS will use this key to encrypt data at rest. Empty string means that RDS will use an AWS-managed key. Encryption is always on with this module. | `string` | `""` | no | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| params\_engine\_version | n/a | `string` | n/a | yes | -| performance\_insights\_enabled | n/a | `string` | `true` | no | -| port | n/a | `string` | n/a | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| publicly\_accessible | n/a | `bool` | `false` | no | -| rds\_cluster\_parameters | n/a | `list(any)` | `[]` | no | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| skip\_final\_snapshot | n/a | `bool` | `false` | no | -| vpc\_id | n/a | `string` | n/a | yes | +| [apply\_immediately](#input\_apply\_immediately) | n/a | `bool` | `false` | no | +| [auto\_minor\_version\_upgrade](#input\_auto\_minor\_version\_upgrade) | Set the databases to automatically upgrade minor versions. | `bool` | `true` | no | +| [backtrack\_window](#input\_backtrack\_window) | n/a | `number` | `0` | no | +| [ca\_cert\_identifier](#input\_ca\_cert\_identifier) | Identifier for the certificate authority. Use rds-ca-2019 for anything new. | `string` | `"rds-ca-2019"` | no | +| [database\_name](#input\_database\_name) | n/a | `string` | n/a | yes | +| [database\_password](#input\_database\_password) | n/a | `string` | n/a | yes | +| [database\_subnet\_group](#input\_database\_subnet\_group) | n/a | `string` | n/a | yes | +| [database\_username](#input\_database\_username) | n/a | `string` | n/a | yes | +| [db\_deletion\_protection](#input\_db\_deletion\_protection) | n/a | `string` | `false` | no | +| [db\_parameters](#input\_db\_parameters) | n/a | `list(any)` | `[]` | no | +| [enabled\_cloudwatch\_logs\_exports](#input\_enabled\_cloudwatch\_logs\_exports) | n/a | `list(any)` | `[]` | no | +| [engine](#input\_engine) | n/a | `string` | n/a | yes | +| [engine\_version](#input\_engine\_version) | n/a | `string` | n/a | yes | +| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [iam\_database\_authentication\_enabled](#input\_iam\_database\_authentication\_enabled) | n/a | `string` | `true` | no | +| [ingress\_cidr\_blocks](#input\_ingress\_cidr\_blocks) | A list of CIDR blocks that should be allowed to communicate with this Aurora cluster. | `list(string)` | `[]` | no | +| [ingress\_security\_groups](#input\_ingress\_security\_groups) | A list of security groups that should be allowed to communicate with this Aurora cluster. | `list(string)` | `[]` | no | +| [instance\_class](#input\_instance\_class) | n/a | `string` | `"db.t2.small"` | no | +| [instance\_count](#input\_instance\_count) | n/a | `string` | `1` | no | +| [kms\_key\_id](#input\_kms\_key\_id) | If supplied, RDS will use this key to encrypt data at rest. Empty string means that RDS will use an AWS-managed key. Encryption is always on with this module. | `string` | `""` | no | +| [owner](#input\_owner) | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [params\_engine\_version](#input\_params\_engine\_version) | n/a | `string` | n/a | yes | +| [performance\_insights\_enabled](#input\_performance\_insights\_enabled) | n/a | `string` | `true` | no | +| [port](#input\_port) | n/a | `string` | n/a | yes | +| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [publicly\_accessible](#input\_publicly\_accessible) | n/a | `bool` | `false` | no | +| [rds\_cluster\_parameters](#input\_rds\_cluster\_parameters) | n/a | `list(any)` | `[]` | no | +| [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [skip\_final\_snapshot](#input\_skip\_final\_snapshot) | n/a | `bool` | `false` | no | +| [vpc\_id](#input\_vpc\_id) | n/a | `string` | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| database\_name | n/a | -| db\_parameter\_group\_name | n/a | -| endpoint | n/a | -| port | n/a | -| rds\_cluster\_id | n/a | -| reader\_endpoint | n/a | - +| [database\_name](#output\_database\_name) | n/a | +| [db\_parameter\_group\_name](#output\_db\_parameter\_group\_name) | n/a | +| [endpoint](#output\_endpoint) | n/a | +| [port](#output\_port) | n/a | +| [rds\_cluster\_id](#output\_rds\_cluster\_id) | n/a | +| [reader\_endpoint](#output\_reader\_endpoint) | n/a | diff --git a/aws-cloudfront-domain-redirect/README.md b/aws-cloudfront-domain-redirect/README.md index 1625ae40..f18af528 100644 --- a/aws-cloudfront-domain-redirect/README.md +++ b/aws-cloudfront-domain-redirect/README.md @@ -33,28 +33,43 @@ module domain-redirect { | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [cert](#module\_cert) | ../aws-acm-cert | | +| [security\_headers\_lambda](#module\_security\_headers\_lambda) | ../aws-lambda-edge-add-security-headers | | + +## Resources + +| Name | Type | +|------|------| +| [aws_cloudfront_distribution.cf](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution) | resource | +| [aws_route53_record.alias_ipv4](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | +| [aws_route53_record.alias_ipv6](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | +| [aws_s3_bucket.redirect_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| source\_domain | The domain that will be redirected from. | `string` | n/a | yes | -| source\_domain\_zone\_id | Route53 zone id for the source domain. | `string` | n/a | yes | -| target\_domain | The domain that will be redirected to. | `string` | n/a | yes | +| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [owner](#input\_owner) | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [source\_domain](#input\_source\_domain) | The domain that will be redirected from. | `string` | n/a | yes | +| [source\_domain\_zone\_id](#input\_source\_domain\_zone\_id) | Route53 zone id for the source domain. | `string` | n/a | yes | +| [target\_domain](#input\_target\_domain) | The domain that will be redirected to. | `string` | n/a | yes | ## Outputs -No output. - +No outputs. diff --git a/aws-cloudfront-logs-bucket/README.md b/aws-cloudfront-logs-bucket/README.md index 53e47792..f04daf7b 100644 --- a/aws-cloudfront-logs-bucket/README.md +++ b/aws-cloudfront-logs-bucket/README.md @@ -31,36 +31,47 @@ module "s3-bucket" { | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [aws-cloudfront-logs-bucket](#module\_aws-cloudfront-logs-bucket) | ../aws-s3-private-bucket | | + +## Resources + +| Name | Type | +|------|------| +| [aws_canonical_user_id.current_user](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/canonical_user_id) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| abort\_incomplete\_multipart\_upload\_days | Number of days after which an incomplete multipart upload is canceled. | `number` | `14` | no | -| bucket\_name | n/a | `string` | n/a | yes | -| bucket\_policy | n/a | `string` | `""` | no | -| enable\_versioning | Keep old versions of overwritten S3 objects. | `bool` | `true` | no | -| env | n/a | `string` | n/a | yes | -| lifecycle\_rules | List of maps containing configuration of object lifecycle management. | `any` | 
[
  {
    "enabled": true,
    "expiration": {
      "expired_object_delete_marker": true
    },
    "noncurrent_version_expiration": {
      "days": 365
    },
    "noncurrent_version_transition": {
      "days": 30,
      "storage_class": "STANDARD_IA"
    }
  }
]
| no | -| owner | n/a | `string` | n/a | yes | -| project | n/a | `string` | n/a | yes | -| public\_access\_block | n/a | `bool` | `true` | no | -| service | n/a | `string` | n/a | yes | +| [abort\_incomplete\_multipart\_upload\_days](#input\_abort\_incomplete\_multipart\_upload\_days) | Number of days after which an incomplete multipart upload is canceled. | `number` | `14` | no | +| [bucket\_name](#input\_bucket\_name) | n/a | `string` | n/a | yes | +| [bucket\_policy](#input\_bucket\_policy) | n/a | `string` | `""` | no | +| [enable\_versioning](#input\_enable\_versioning) | Keep old versions of overwritten S3 objects. | `bool` | `true` | no | +| [env](#input\_env) | n/a | `string` | n/a | yes | +| [lifecycle\_rules](#input\_lifecycle\_rules) | List of maps containing configuration of object lifecycle management. | `any` | 
[
  {
    "enabled": true,
    "expiration": {
      "expired_object_delete_marker": true
    },
    "noncurrent_version_expiration": {
      "days": 365
    },
    "noncurrent_version_transition": {
      "days": 30,
      "storage_class": "STANDARD_IA"
    }
  }
]
| no | +| [owner](#input\_owner) | n/a | `string` | n/a | yes | +| [project](#input\_project) | n/a | `string` | n/a | yes | +| [public\_access\_block](#input\_public\_access\_block) | n/a | `bool` | `true` | no | +| [service](#input\_service) | n/a | `string` | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| arn | n/a | -| domain\_name | n/a | -| id | n/a | -| name | HACK(el): we do this to hint TF dependency graph since modules can't depend\_on | - +| [arn](#output\_arn) | n/a | +| [domain\_name](#output\_domain\_name) | n/a | +| [id](#output\_id) | n/a | +| [name](#output\_name) | HACK(el): we do this to hint TF dependency graph since modules can't depend\_on | diff --git a/aws-cloudwatch-log-group/README.md b/aws-cloudwatch-log-group/README.md index fe3f6af1..6e492096 100644 --- a/aws-cloudwatch-log-group/README.md +++ b/aws-cloudwatch-log-group/README.md @@ -9,30 +9,39 @@ By default the name is `${var.project}-${var.env}-${var.service}`, but you can o | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_cloudwatch_log_group.group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| log\_group\_name | Name for the log group. If not set, it will be $project-$env-$service} | `string` | `""` | no | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| retention\_in\_days | N of days you want to retain log events. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653, and 0. | `number` | `0` | no | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [log\_group\_name](#input\_log\_group\_name) | Name for the log group. If not set, it will be $project-$env-$service} | `string` | `""` | no | +| [owner](#input\_owner) | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [retention\_in\_days](#input\_retention\_in\_days) | N of days you want to retain log events. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653, and 0. | `number` | `0` | no | +| [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| arn | n/a | -| name | n/a | - +| [arn](#output\_arn) | n/a | +| [name](#output\_name) | n/a | diff --git a/aws-cloudwatch-log-retention-manager/README.md b/aws-cloudwatch-log-retention-manager/README.md index 66304828..41dd0e8f 100644 --- a/aws-cloudwatch-log-retention-manager/README.md +++ b/aws-cloudwatch-log-retention-manager/README.md @@ -16,28 +16,44 @@ module log-retention-manager { | Name | Version | |------|---------| -| archive | ~> 2.0 | -| aws | < 3.0.0 | +| [archive](#requirement\_archive) | ~> 2.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| archive | ~> 2.0 | -| aws | < 3.0.0 | +| [archive](#provider\_archive) | ~> 2.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [lambda](#module\_lambda) | ../aws-lambda-function | | + +## Resources + +| Name | Type | +|------|------| +| [aws_cloudwatch_event_rule.trigger](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource | +| [aws_cloudwatch_event_target.trigger](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource | +| [aws_iam_role_policy.policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_lambda_permission.permission](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | +| [archive_file.lambda](https://registry.terraform.io/providers/hashicorp/archive/latest/docs/data-sources/file) | data source | +| [aws_iam_policy_document.policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| maximum\_retention | The default days of retention to apply to untagged Cloudwatch Log Groups. | `number` | n/a | yes | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [maximum\_retention](#input\_maximum\_retention) | The default days of retention to apply to untagged Cloudwatch Log Groups. | `number` | n/a | yes | +| [owner](#input\_owner) | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | ## Outputs -No output. - +No outputs. diff --git a/aws-default-vpc-security/README.md b/aws-default-vpc-security/README.md index e2c67c47..7c8fdc6a 100644 --- a/aws-default-vpc-security/README.md +++ b/aws-default-vpc-security/README.md @@ -40,22 +40,37 @@ You will need to invoke this module with a properly configured provider for ever | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_default_network_acl.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_network_acl) | resource | +| [aws_default_route_table.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_route_table) | resource | +| [aws_default_security_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_security_group) | resource | +| [aws_default_subnet.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_subnet) | resource | +| [aws_default_vpc.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_vpc) | resource | +| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | +| [aws_internet_gateway.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/internet_gateway) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| default\_sg\_lockdown | Restrict default security group to deny all traffic (you can selectively enable traffic with other security groups). | `bool` | `true` | no | +| [default\_sg\_lockdown](#input\_default\_sg\_lockdown) | Restrict default security group to deny all traffic (you can selectively enable traffic with other security groups). | `bool` | `true` | no | ## Outputs -No output. - +No outputs. diff --git a/aws-ecs-job-fargate/README.md b/aws-ecs-job-fargate/README.md index 11a17d6a..19ef8ed4 100644 --- a/aws-ecs-job-fargate/README.md +++ b/aws-ecs-job-fargate/README.md @@ -27,44 +27,60 @@ Since changing a service to use the new ARN requires destroying and recreating t | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_ecs_service.job](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service) | resource | +| [aws_ecs_service.unmanaged-job](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service) | resource | +| [aws_ecs_task_definition.job](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition) | resource | +| [aws_iam_role.task_execution_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy.task_execution_role_secretsmanager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy_attachment.task_execution_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_policy_document.execution_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.registry_secretsmanager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| cluster\_id | n/a | `string` | n/a | yes | -| container\_name | Name of the container. Must match name in task definition. If omitted, defaults to name derived from project/env/service. | `string` | `null` | no | -| cpu | CPU units for Fargate task. Used if task\_definition provided, or for initial stub task if externally managed. | `number` | `256` | no | -| deployment\_maximum\_percent | (Optional) The upper limit (as a percentage of the service's desiredCount) of the number of running tasks that can be running in a service during a deployment. Not valid when using the DAEMON scheduling strategy. | `number` | `200` | no | -| deployment\_minimum\_healthy\_percent | (Optional) The lower limit (as a percentage of the service's desiredCount) of the number of running tasks that must remain running and healthy in a service during a deployment. | `number` | `100` | no | -| desired\_count | n/a | `number` | n/a | yes | -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| manage\_task\_definition | If false, Terraform will not touch the task definition for the ECS service after initial creation | `bool` | `true` | no | -| memory | Memory in megabytes for Fargate task. Used if task\_definition provided, or for initial stub task if externally managed. | `number` | `512` | no | -| ordered\_placement\_strategy | Placement strategy for the task instances. | `list(object({ type = string, field = string }))` | `[]` | no | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| registry\_secretsmanager\_arn | ARN for AWS Secrets Manager secret for credentials to private registry | `string` | `null` | no | -| security\_group\_ids | Security group to use for the Fargate task. | `list(string)` | `[]` | no | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| tag\_service | Apply cost tags to the ECS service. Only specify false for backwards compatibility with old ECS services. | `bool` | `true` | no | -| task\_definition | JSON to describe task. If omitted, defaults to a stub task that is expected to be managed outside of Terraform. | `string` | `null` | no | -| task\_role\_arn | n/a | `string` | n/a | yes | -| task\_subnets | Subnets to launch Fargate task in. | `list(string)` | `[]` | no | +| [cluster\_id](#input\_cluster\_id) | n/a | `string` | n/a | yes | +| [container\_name](#input\_container\_name) | Name of the container. Must match name in task definition. If omitted, defaults to name derived from project/env/service. | `string` | `null` | no | +| [cpu](#input\_cpu) | CPU units for Fargate task. Used if task\_definition provided, or for initial stub task if externally managed. | `number` | `256` | no | +| [deployment\_maximum\_percent](#input\_deployment\_maximum\_percent) | (Optional) The upper limit (as a percentage of the service's desiredCount) of the number of running tasks that can be running in a service during a deployment. Not valid when using the DAEMON scheduling strategy. | `number` | `200` | no | +| [deployment\_minimum\_healthy\_percent](#input\_deployment\_minimum\_healthy\_percent) | (Optional) The lower limit (as a percentage of the service's desiredCount) of the number of running tasks that must remain running and healthy in a service during a deployment. | `number` | `100` | no | +| [desired\_count](#input\_desired\_count) | n/a | `number` | n/a | yes | +| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [manage\_task\_definition](#input\_manage\_task\_definition) | If false, Terraform will not touch the task definition for the ECS service after initial creation | `bool` | `true` | no | +| [memory](#input\_memory) | Memory in megabytes for Fargate task. Used if task\_definition provided, or for initial stub task if externally managed. | `number` | `512` | no | +| [ordered\_placement\_strategy](#input\_ordered\_placement\_strategy) | Placement strategy for the task instances. | `list(object({ type = string, field = string }))` | `[]` | no | +| [owner](#input\_owner) | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [registry\_secretsmanager\_arn](#input\_registry\_secretsmanager\_arn) | ARN for AWS Secrets Manager secret for credentials to private registry | `string` | `null` | no | +| [security\_group\_ids](#input\_security\_group\_ids) | Security group to use for the Fargate task. | `list(string)` | `[]` | no | +| [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [tag\_service](#input\_tag\_service) | Apply cost tags to the ECS service. Only specify false for backwards compatibility with old ECS services. | `bool` | `true` | no | +| [task\_definition](#input\_task\_definition) | JSON to describe task. If omitted, defaults to a stub task that is expected to be managed outside of Terraform. | `string` | `null` | no | +| [task\_role\_arn](#input\_task\_role\_arn) | n/a | `string` | n/a | yes | +| [task\_subnets](#input\_task\_subnets) | Subnets to launch Fargate task in. | `list(string)` | `[]` | no | ## Outputs | Name | Description | |------|-------------| -| ecs\_service\_arn | ARN for the ECS service. | -| ecs\_task\_definition\_family | The family of the task definition defined for the given/generated container definition. | -| task\_execution\_role\_arn | Task execution role for Fargate task. | - +| [ecs\_service\_arn](#output\_ecs\_service\_arn) | ARN for the ECS service. | +| [ecs\_task\_definition\_family](#output\_ecs\_task\_definition\_family) | The family of the task definition defined for the given/generated container definition. | +| [task\_execution\_role\_arn](#output\_task\_execution\_role\_arn) | Task execution role for Fargate task. | diff --git a/aws-ecs-job/README.md b/aws-ecs-job/README.md index 6564c00d..4701725d 100644 --- a/aws-ecs-job/README.md +++ b/aws-ecs-job/README.md @@ -28,40 +28,56 @@ service = false` argument can be removed. | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_ecs_service.job](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service) | resource | +| [aws_ecs_service.unmanaged-job](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service) | resource | +| [aws_ecs_task_definition.job](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition) | resource | +| [aws_iam_role.task_execution_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy.task_execution_role_secretsmanager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy_attachment.task_execution_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_policy_document.execution_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.registry_secretsmanager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| cluster\_id | n/a | `string` | n/a | yes | -| container\_name | Name of the container. Must match name in task definition. If omitted, defaults to name derived from project/env/service. | `string` | `null` | no | -| deployment\_maximum\_percent | (Optional) The upper limit (as a percentage of the service's desiredCount) of the number of running tasks that can be running in a service during a deployment. Not valid when using the DAEMON scheduling strategy. | `number` | `200` | no | -| deployment\_minimum\_healthy\_percent | (Optional) The lower limit (as a percentage of the service's desiredCount) of the number of running tasks that must remain running and healthy in a service during a deployment. | `number` | `100` | no | -| desired\_count | n/a | `number` | n/a | yes | -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| manage\_task\_definition | If false, Terraform will not touch the task definition for the ECS service after initial creation | `bool` | `true` | no | -| ordered\_placement\_strategy | Placement strategy for the task instances. | `list(object({ type = string, field = string }))` | `[]` | no | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| registry\_secretsmanager\_arn | ARN for AWS Secrets Manager secret for credentials to private registry | `string` | `null` | no | -| scheduling\_strategy | Scheduling strategy for the service: REPLICA or DAEMON. | `string` | `"REPLICA"` | no | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| tag\_service | Apply cost tags to the ECS service. Only specify false for backwards compatibility with old ECS services. | `bool` | `true` | no | -| task\_definition | JSON to describe task. If omitted, defaults to a stub task that is expected to be managed outside of Terraform. | `string` | `null` | no | -| task\_role\_arn | n/a | `string` | n/a | yes | +| [cluster\_id](#input\_cluster\_id) | n/a | `string` | n/a | yes | +| [container\_name](#input\_container\_name) | Name of the container. Must match name in task definition. If omitted, defaults to name derived from project/env/service. | `string` | `null` | no | +| [deployment\_maximum\_percent](#input\_deployment\_maximum\_percent) | (Optional) The upper limit (as a percentage of the service's desiredCount) of the number of running tasks that can be running in a service during a deployment. Not valid when using the DAEMON scheduling strategy. | `number` | `200` | no | +| [deployment\_minimum\_healthy\_percent](#input\_deployment\_minimum\_healthy\_percent) | (Optional) The lower limit (as a percentage of the service's desiredCount) of the number of running tasks that must remain running and healthy in a service during a deployment. | `number` | `100` | no | +| [desired\_count](#input\_desired\_count) | n/a | `number` | n/a | yes | +| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [manage\_task\_definition](#input\_manage\_task\_definition) | If false, Terraform will not touch the task definition for the ECS service after initial creation | `bool` | `true` | no | +| [ordered\_placement\_strategy](#input\_ordered\_placement\_strategy) | Placement strategy for the task instances. | `list(object({ type = string, field = string }))` | `[]` | no | +| [owner](#input\_owner) | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [registry\_secretsmanager\_arn](#input\_registry\_secretsmanager\_arn) | ARN for AWS Secrets Manager secret for credentials to private registry | `string` | `null` | no | +| [scheduling\_strategy](#input\_scheduling\_strategy) | Scheduling strategy for the service: REPLICA or DAEMON. | `string` | `"REPLICA"` | no | +| [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [tag\_service](#input\_tag\_service) | Apply cost tags to the ECS service. Only specify false for backwards compatibility with old ECS services. | `bool` | `true` | no | +| [task\_definition](#input\_task\_definition) | JSON to describe task. If omitted, defaults to a stub task that is expected to be managed outside of Terraform. | `string` | `null` | no | +| [task\_role\_arn](#input\_task\_role\_arn) | n/a | `string` | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| ecs\_service\_arn | ARN for the ECS service. | -| ecs\_task\_definition\_family | The family of the task definition defined for the given/generated container definition. | - +| [ecs\_service\_arn](#output\_ecs\_service\_arn) | ARN for the ECS service. | +| [ecs\_task\_definition\_family](#output\_ecs\_task\_definition\_family) | The family of the task definition defined for the given/generated container definition. | diff --git a/aws-ecs-service-fargate/README.md b/aws-ecs-service-fargate/README.md index e5afa2a9..ebee2255 100644 --- a/aws-ecs-service-fargate/README.md +++ b/aws-ecs-service-fargate/README.md @@ -148,68 +148,98 @@ service = false` argument can be removed. | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [alb-sg](#module\_alb-sg) | terraform-aws-modules/security-group/aws | 3.11.0 | +| [container-sg](#module\_container-sg) | terraform-aws-modules/security-group/aws | 3.11.0 | + +## Resources + +| Name | Type | +|------|------| +| [aws_ecs_service.job](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service) | resource | +| [aws_ecs_service.unmanaged-job](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service) | resource | +| [aws_ecs_task_definition.job](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition) | resource | +| [aws_iam_role.task_execution_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy.task_execution_role_secretsmanager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy_attachment.task_execution_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_lb.service](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb) | resource | +| [aws_lb_listener.http](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener) | resource | +| [aws_lb_listener.https](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener) | resource | +| [aws_lb_target_group.service](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_target_group) | resource | +| [aws_route53_record.ipv4](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | +| [aws_route53_record.ipv6](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | +| [aws_route53_record.www-ipv4](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | +| [aws_route53_record.www-ipv6](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | +| [aws_service_discovery_private_dns_namespace.discovery](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/service_discovery_private_dns_namespace) | resource | +| [aws_service_discovery_service.discovery](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/service_discovery_service) | resource | +| [aws_iam_policy_document.execution_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.registry_secretsmanager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_route53_zone.zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_logs\_bucket | S3 bucket to write alb access logs to. Null for no access logs. | `string` | `null` | no | -| acm\_certificate\_arn | Certificate for the HTTPS listener. | `string` | n/a | yes | -| cluster\_id | n/a | `string` | n/a | yes | -| container\_name | Name of the container. Must match name in task definition. If omitted, defaults to name derived from project/env/service. | `string` | `null` | no | -| container\_port | The port the container to be exposed to is listening on. | `number` | n/a | yes | -| cpu | CPU units for Fargate task. Used if task\_definition provided, or for initial stub task if externally managed. | `number` | `256` | no | -| desired\_count | n/a | `number` | n/a | yes | -| disable\_http\_redirect | Disable redirecting HTTP to HTTPS. | `bool` | `true` | no | -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| extra\_tags | Extra tags that will be added to components created by this module. | `map(string)` | `{}` | no | -| health\_check\_grace\_period\_seconds | Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. | `number` | `60` | no | -| health\_check\_interval | Time between health checks of the underlying service. | `number` | `null` | no | -| health\_check\_matcher | Range of HTTP status codes considered success for health checks. [Doc](https://www.terraform.io/docs/providers/aws/r/lb_target_group.html#matcher) | `string` | `"200-399"` | no | -| health\_check\_path | n/a | `string` | `"/"` | no | -| health\_check\_timeout | Timeout for a health check of the underlying service. | `number` | `null` | no | -| internal\_lb | n/a | `bool` | `false` | no | -| lb\_idle\_timeout\_seconds | n/a | `number` | `60` | no | -| lb\_ingress\_cidrs | n/a | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| lb\_ingress\_security\_group\_ids | n/a | `list(string)` | `[]` | no | -| lb\_subnets | List of subnets in which to deploy the load balancer. | `list(string)` | n/a | yes | -| manage\_task\_definition | If false, Terraform will not touch the task definition for the ECS service after initial creation | `bool` | `true` | no | -| memory | Memory in megabytes for Fargate task. Used if task\_definition provided, or for initial stub task if externally managed. | `number` | `512` | no | -| ordered\_placement\_strategy | Placement strategy for the task instances. | `list(object({ type = string, field = string }))` | `[]` | no | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| registry\_secretsmanager\_arn | ARN for AWS Secrets Manager secret for credentials to private registry | `string` | `null` | no | -| route53\_zone\_id | Zone in which to create an alias record to the ALB. | `string` | n/a | yes | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| ssl\_policy | ELB policy to determine which SSL/TLS encryption protocols are enabled. Probably don't touch this. | `string` | `null` | no | -| subdomain | Subdomain in the zone. Final domain name will be subdomain.zone | `string` | n/a | yes | -| tag\_service | Apply cost tags to the ECS service. Only specify false for backwards compatibility with old ECS services. | `bool` | `true` | no | -| task\_definition | JSON to describe task. If omitted, defaults to a stub task that is expected to be managed outside of Terraform. | `string` | `null` | no | -| task\_egress\_cidrs | CIDRs the task is allowed to communicate with for outbound traffic. | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| task\_egress\_security\_group\_ids | Security groups the task is allowed to communicate with for outbound traffic. Only used if awsvpc\_network is true. | `list(string)` | `[]` | no | -| task\_role\_arn | n/a | `string` | n/a | yes | -| task\_subnets | List of subnets in which to deploy the task for awsvpc networking mode. | `list(string)` | `[]` | no | -| vpc\_id | n/a | `string` | n/a | yes | -| with\_service\_discovery | Register the service with ECS service discovery. Adds a sub-zone to the given route53\_zone\_id. | `bool` | `false` | no | +| [access\_logs\_bucket](#input\_access\_logs\_bucket) | S3 bucket to write alb access logs to. Null for no access logs. | `string` | `null` | no | +| [acm\_certificate\_arn](#input\_acm\_certificate\_arn) | Certificate for the HTTPS listener. | `string` | n/a | yes | +| [cluster\_id](#input\_cluster\_id) | n/a | `string` | n/a | yes | +| [container\_name](#input\_container\_name) | Name of the container. Must match name in task definition. If omitted, defaults to name derived from project/env/service. | `string` | `null` | no | +| [container\_port](#input\_container\_port) | The port the container to be exposed to is listening on. | `number` | n/a | yes | +| [cpu](#input\_cpu) | CPU units for Fargate task. Used if task\_definition provided, or for initial stub task if externally managed. | `number` | `256` | no | +| [desired\_count](#input\_desired\_count) | n/a | `number` | n/a | yes | +| [disable\_http\_redirect](#input\_disable\_http\_redirect) | Disable redirecting HTTP to HTTPS. | `bool` | `true` | no | +| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [extra\_tags](#input\_extra\_tags) | Extra tags that will be added to components created by this module. | `map(string)` | `{}` | no | +| [health\_check\_grace\_period\_seconds](#input\_health\_check\_grace\_period\_seconds) | Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. | `number` | `60` | no | +| [health\_check\_interval](#input\_health\_check\_interval) | Time between health checks of the underlying service. | `number` | `null` | no | +| [health\_check\_matcher](#input\_health\_check\_matcher) | Range of HTTP status codes considered success for health checks. [Doc](https://www.terraform.io/docs/providers/aws/r/lb_target_group.html#matcher) | `string` | `"200-399"` | no | +| [health\_check\_path](#input\_health\_check\_path) | n/a | `string` | `"/"` | no | +| [health\_check\_timeout](#input\_health\_check\_timeout) | Timeout for a health check of the underlying service. | `number` | `null` | no | +| [internal\_lb](#input\_internal\_lb) | n/a | `bool` | `false` | no | +| [lb\_idle\_timeout\_seconds](#input\_lb\_idle\_timeout\_seconds) | n/a | `number` | `60` | no | +| [lb\_ingress\_cidrs](#input\_lb\_ingress\_cidrs) | n/a | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [lb\_ingress\_security\_group\_ids](#input\_lb\_ingress\_security\_group\_ids) | n/a | `list(string)` | `[]` | no | +| [lb\_subnets](#input\_lb\_subnets) | List of subnets in which to deploy the load balancer. | `list(string)` | n/a | yes | +| [manage\_task\_definition](#input\_manage\_task\_definition) | If false, Terraform will not touch the task definition for the ECS service after initial creation | `bool` | `true` | no | +| [memory](#input\_memory) | Memory in megabytes for Fargate task. Used if task\_definition provided, or for initial stub task if externally managed. | `number` | `512` | no | +| [ordered\_placement\_strategy](#input\_ordered\_placement\_strategy) | Placement strategy for the task instances. | `list(object({ type = string, field = string }))` | `[]` | no | +| [owner](#input\_owner) | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [registry\_secretsmanager\_arn](#input\_registry\_secretsmanager\_arn) | ARN for AWS Secrets Manager secret for credentials to private registry | `string` | `null` | no | +| [route53\_zone\_id](#input\_route53\_zone\_id) | Zone in which to create an alias record to the ALB. | `string` | n/a | yes | +| [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [ssl\_policy](#input\_ssl\_policy) | ELB policy to determine which SSL/TLS encryption protocols are enabled. Probably don't touch this. | `string` | `null` | no | +| [subdomain](#input\_subdomain) | Subdomain in the zone. Final domain name will be subdomain.zone | `string` | n/a | yes | +| [tag\_service](#input\_tag\_service) | Apply cost tags to the ECS service. Only specify false for backwards compatibility with old ECS services. | `bool` | `true` | no | +| [task\_definition](#input\_task\_definition) | JSON to describe task. If omitted, defaults to a stub task that is expected to be managed outside of Terraform. | `string` | `null` | no | +| [task\_egress\_cidrs](#input\_task\_egress\_cidrs) | CIDRs the task is allowed to communicate with for outbound traffic. | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [task\_egress\_security\_group\_ids](#input\_task\_egress\_security\_group\_ids) | Security groups the task is allowed to communicate with for outbound traffic. Only used if awsvpc\_network is true. | `list(string)` | `[]` | no | +| [task\_role\_arn](#input\_task\_role\_arn) | n/a | `string` | n/a | yes | +| [task\_subnets](#input\_task\_subnets) | List of subnets in which to deploy the task for awsvpc networking mode. | `list(string)` | `[]` | no | +| [vpc\_id](#input\_vpc\_id) | n/a | `string` | n/a | yes | +| [with\_service\_discovery](#input\_with\_service\_discovery) | Register the service with ECS service discovery. Adds a sub-zone to the given route53\_zone\_id. | `bool` | `false` | no | ## Outputs | Name | Description | |------|-------------| -| alb\_access\_logs\_prefix | ALB access logs S3 prefix | -| alb\_dns\_name | n/a | -| alb\_http\_listener\_arn | ALB HTTP listener ARN, only if HTTPS forwarding is disabled | -| alb\_https\_listener\_arn | ALB HTTPS listener ARN | -| alb\_route53\_zone\_id | n/a | -| container\_security\_group\_id | Security group id for the container. | -| ecs\_task\_definition\_family | The family of the task definition defined for the given/generated container definition. | -| private\_service\_discovery\_domain | Domain name for service discovery, if with\_service\_discovery=true. Only resolvable within the VPC. | - +| [alb\_access\_logs\_prefix](#output\_alb\_access\_logs\_prefix) | ALB access logs S3 prefix | +| [alb\_dns\_name](#output\_alb\_dns\_name) | n/a | +| [alb\_http\_listener\_arn](#output\_alb\_http\_listener\_arn) | ALB HTTP listener ARN, only if HTTPS forwarding is disabled | +| [alb\_https\_listener\_arn](#output\_alb\_https\_listener\_arn) | ALB HTTPS listener ARN | +| [alb\_route53\_zone\_id](#output\_alb\_route53\_zone\_id) | n/a | +| [container\_security\_group\_id](#output\_container\_security\_group\_id) | Security group id for the container. | +| [ecs\_task\_definition\_family](#output\_ecs\_task\_definition\_family) | The family of the task definition defined for the given/generated container definition. | +| [private\_service\_discovery\_domain](#output\_private\_service\_discovery\_domain) | Domain name for service discovery, if with\_service\_discovery=true. Only resolvable within the VPC. | diff --git a/aws-ecs-service/README.md b/aws-ecs-service/README.md index 4eba8787..0b504942 100644 --- a/aws-ecs-service/README.md +++ b/aws-ecs-service/README.md @@ -140,69 +140,99 @@ service = false` argument can be removed. | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [alb-sg](#module\_alb-sg) | terraform-aws-modules/security-group/aws | 3.11.0 | +| [container-sg](#module\_container-sg) | terraform-aws-modules/security-group/aws | 3.11.0 | + +## Resources + +| Name | Type | +|------|------| +| [aws_ecs_service.job](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service) | resource | +| [aws_ecs_service.unmanaged-job](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service) | resource | +| [aws_ecs_task_definition.job](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition) | resource | +| [aws_iam_role.task_execution_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy.task_execution_role_secretsmanager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy_attachment.task_execution_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_lb.service](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb) | resource | +| [aws_lb_listener.http](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener) | resource | +| [aws_lb_listener.https](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener) | resource | +| [aws_lb_target_group.service](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_target_group) | resource | +| [aws_route53_record.ipv4](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | +| [aws_route53_record.ipv6](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | +| [aws_route53_record.www-ipv4](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | +| [aws_route53_record.www-ipv6](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | +| [aws_service_discovery_private_dns_namespace.discovery](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/service_discovery_private_dns_namespace) | resource | +| [aws_service_discovery_service.discovery](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/service_discovery_service) | resource | +| [aws_iam_policy_document.execution_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.registry_secretsmanager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_route53_zone.zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| access\_logs\_bucket | S3 bucket to write alb access logs to. Null for no access logs. | `string` | `null` | no | -| acm\_certificate\_arn | Certificate for the HTTPS listener. | `string` | n/a | yes | -| awsvpc\_network\_mode | Give the task its own IP and security group if true. Use host EC2 network if false. | `bool` | `false` | no | -| cluster\_id | n/a | `string` | n/a | yes | -| container\_name | Name of the container. Must match name in task definition. If omitted, defaults to name derived from project/env/service. | `string` | `null` | no | -| container\_port | The port the container to be exposed to is listening on. | `number` | n/a | yes | -| desired\_count | n/a | `number` | n/a | yes | -| disable\_http\_redirect | Disable redirecting HTTP to HTTPS. | `bool` | `true` | no | -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| extra\_tags | Extra tags that will be added to components created by this module. | `map(string)` | `{}` | no | -| health\_check\_grace\_period\_seconds | Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. | `number` | `60` | no | -| health\_check\_interval | Time between health checks of the underlying service. | `number` | `null` | no | -| health\_check\_matcher | Range of HTTP status codes considered success for health checks. [Doc](https://www.terraform.io/docs/providers/aws/r/lb_target_group.html#matcher) | `string` | `"200-399"` | no | -| health\_check\_path | n/a | `string` | `"/"` | no | -| health\_check\_timeout | Timeout for a health check of the underlying service. | `number` | `null` | no | -| internal\_lb | n/a | `bool` | `false` | no | -| lb\_idle\_timeout\_seconds | n/a | `number` | `60` | no | -| lb\_ingress\_cidrs | n/a | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| lb\_ingress\_security\_group\_ids | n/a | `list(string)` | `[]` | no | -| lb\_subnets | List of subnets in which to deploy the load balancer. | `list(string)` | n/a | yes | -| manage\_task\_definition | If false, Terraform will not touch the task definition for the ECS service after initial creation | `bool` | `true` | no | -| ordered\_placement\_strategy | Placement strategy for the task instances. | `list(object({ type = string, field = string }))` | `[]` | no | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| registry\_secretsmanager\_arn | ARN for AWS Secrets Manager secret for credentials to private registry | `string` | `null` | no | -| route53\_zone\_id | Zone in which to create an alias record to the ALB. | `string` | n/a | yes | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| slow\_start | Seconds for targets to warm up before the load balancer sends them a full share of requests. 30-900 seconds or 0 to disable. | `number` | `60` | no | -| ssl\_policy | ELB policy to determine which SSL/TLS encryption protocols are enabled. Probably don't touch this. | `string` | `null` | no | -| subdomain | Subdomain in the zone. Final domain name will be subdomain.zone | `string` | n/a | yes | -| tag\_service | Apply cost tags to the ECS service. Only specify false for backwards compatibility with old ECS services. | `bool` | `true` | no | -| task\_definition | JSON to describe task. If omitted, defaults to a stub task that is expected to be managed outside of Terraform. | `string` | `null` | no | -| task\_egress\_cidrs | CIDR blocks the task is allowed to communicate with for outbound traffic. Only used if awsvpc\_network\_mode is true. | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| task\_egress\_security\_group\_ids | Security groups the task is allowed to communicate with for outbound traffic. Only used if awsvpc\_network\_mode is true. | `list(string)` | `[]` | no | -| task\_role\_arn | n/a | `string` | n/a | yes | -| task\_subnets | List of subnets in which to deploy the task for awsvpc networking mode. Only used if awsvpc\_network\_mode is true. | `list(string)` | `[]` | no | -| volumes | Volumes defined per the efs task definition [docs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition#volume) | `list` | `[]` | no | -| vpc\_id | n/a | `string` | n/a | yes | -| with\_service\_discovery | Register the service with ECS service discovery. Adds a sub-zone to the given route53\_zone\_id. | `bool` | `false` | no | +| [access\_logs\_bucket](#input\_access\_logs\_bucket) | S3 bucket to write alb access logs to. Null for no access logs. | `string` | `null` | no | +| [acm\_certificate\_arn](#input\_acm\_certificate\_arn) | Certificate for the HTTPS listener. | `string` | n/a | yes | +| [awsvpc\_network\_mode](#input\_awsvpc\_network\_mode) | Give the task its own IP and security group if true. Use host EC2 network if false. | `bool` | `false` | no | +| [cluster\_id](#input\_cluster\_id) | n/a | `string` | n/a | yes | +| [container\_name](#input\_container\_name) | Name of the container. Must match name in task definition. If omitted, defaults to name derived from project/env/service. | `string` | `null` | no | +| [container\_port](#input\_container\_port) | The port the container to be exposed to is listening on. | `number` | n/a | yes | +| [desired\_count](#input\_desired\_count) | n/a | `number` | n/a | yes | +| [disable\_http\_redirect](#input\_disable\_http\_redirect) | Disable redirecting HTTP to HTTPS. | `bool` | `true` | no | +| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [extra\_tags](#input\_extra\_tags) | Extra tags that will be added to components created by this module. | `map(string)` | `{}` | no | +| [health\_check\_grace\_period\_seconds](#input\_health\_check\_grace\_period\_seconds) | Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. | `number` | `60` | no | +| [health\_check\_interval](#input\_health\_check\_interval) | Time between health checks of the underlying service. | `number` | `null` | no | +| [health\_check\_matcher](#input\_health\_check\_matcher) | Range of HTTP status codes considered success for health checks. [Doc](https://www.terraform.io/docs/providers/aws/r/lb_target_group.html#matcher) | `string` | `"200-399"` | no | +| [health\_check\_path](#input\_health\_check\_path) | n/a | `string` | `"/"` | no | +| [health\_check\_timeout](#input\_health\_check\_timeout) | Timeout for a health check of the underlying service. | `number` | `null` | no | +| [internal\_lb](#input\_internal\_lb) | n/a | `bool` | `false` | no | +| [lb\_idle\_timeout\_seconds](#input\_lb\_idle\_timeout\_seconds) | n/a | `number` | `60` | no | +| [lb\_ingress\_cidrs](#input\_lb\_ingress\_cidrs) | n/a | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [lb\_ingress\_security\_group\_ids](#input\_lb\_ingress\_security\_group\_ids) | n/a | `list(string)` | `[]` | no | +| [lb\_subnets](#input\_lb\_subnets) | List of subnets in which to deploy the load balancer. | `list(string)` | n/a | yes | +| [manage\_task\_definition](#input\_manage\_task\_definition) | If false, Terraform will not touch the task definition for the ECS service after initial creation | `bool` | `true` | no | +| [ordered\_placement\_strategy](#input\_ordered\_placement\_strategy) | Placement strategy for the task instances. | `list(object({ type = string, field = string }))` | `[]` | no | +| [owner](#input\_owner) | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [registry\_secretsmanager\_arn](#input\_registry\_secretsmanager\_arn) | ARN for AWS Secrets Manager secret for credentials to private registry | `string` | `null` | no | +| [route53\_zone\_id](#input\_route53\_zone\_id) | Zone in which to create an alias record to the ALB. | `string` | n/a | yes | +| [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [slow\_start](#input\_slow\_start) | Seconds for targets to warm up before the load balancer sends them a full share of requests. 30-900 seconds or 0 to disable. | `number` | `60` | no | +| [ssl\_policy](#input\_ssl\_policy) | ELB policy to determine which SSL/TLS encryption protocols are enabled. Probably don't touch this. | `string` | `null` | no | +| [subdomain](#input\_subdomain) | Subdomain in the zone. Final domain name will be subdomain.zone | `string` | n/a | yes | +| [tag\_service](#input\_tag\_service) | Apply cost tags to the ECS service. Only specify false for backwards compatibility with old ECS services. | `bool` | `true` | no | +| [task\_definition](#input\_task\_definition) | JSON to describe task. If omitted, defaults to a stub task that is expected to be managed outside of Terraform. | `string` | `null` | no | +| [task\_egress\_cidrs](#input\_task\_egress\_cidrs) | CIDR blocks the task is allowed to communicate with for outbound traffic. Only used if awsvpc\_network\_mode is true. | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [task\_egress\_security\_group\_ids](#input\_task\_egress\_security\_group\_ids) | Security groups the task is allowed to communicate with for outbound traffic. Only used if awsvpc\_network\_mode is true. | `list(string)` | `[]` | no | +| [task\_role\_arn](#input\_task\_role\_arn) | n/a | `string` | n/a | yes | +| [task\_subnets](#input\_task\_subnets) | List of subnets in which to deploy the task for awsvpc networking mode. Only used if awsvpc\_network\_mode is true. | `list(string)` | `[]` | no | +| [volumes](#input\_volumes) | Volumes defined per the efs task definition [docs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition#volume) | `list` | `[]` | no | +| [vpc\_id](#input\_vpc\_id) | n/a | `string` | n/a | yes | +| [with\_service\_discovery](#input\_with\_service\_discovery) | Register the service with ECS service discovery. Adds a sub-zone to the given route53\_zone\_id. | `bool` | `false` | no | ## Outputs | Name | Description | |------|-------------| -| alb\_access\_logs\_prefix | ALB access logs S3 prefix | -| alb\_dns\_name | n/a | -| alb\_http\_listener\_arn | ALB HTTP listener ARN, only if HTTPS forwarding is disabled | -| alb\_https\_listener\_arn | ALB HTTPS listener ARN | -| alb\_route53\_zone\_id | n/a | -| container\_security\_group\_id | Security group id for the container. | -| ecs\_task\_definition\_family | The family of the task definition defined for the given/generated container definition. | -| private\_service\_discovery\_domain | Domain name for service discovery, if with\_service\_discovery=true. Only resolvable within the VPC. | - +| [alb\_access\_logs\_prefix](#output\_alb\_access\_logs\_prefix) | ALB access logs S3 prefix | +| [alb\_dns\_name](#output\_alb\_dns\_name) | n/a | +| [alb\_http\_listener\_arn](#output\_alb\_http\_listener\_arn) | ALB HTTP listener ARN, only if HTTPS forwarding is disabled | +| [alb\_https\_listener\_arn](#output\_alb\_https\_listener\_arn) | ALB HTTPS listener ARN | +| [alb\_route53\_zone\_id](#output\_alb\_route53\_zone\_id) | n/a | +| [container\_security\_group\_id](#output\_container\_security\_group\_id) | Security group id for the container. | +| [ecs\_task\_definition\_family](#output\_ecs\_task\_definition\_family) | The family of the task definition defined for the given/generated container definition. | +| [private\_service\_discovery\_domain](#output\_private\_service\_discovery\_domain) | Domain name for service discovery, if with\_service\_discovery=true. Only resolvable within the VPC. | diff --git a/aws-efs-volume/README.md b/aws-efs-volume/README.md index bf621aaa..9d33ef62 100644 --- a/aws-efs-volume/README.md +++ b/aws-efs-volume/README.md @@ -3,35 +3,46 @@ | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_efs_file_system.efs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_file_system) | resource | +| [aws_efs_mount_target.efs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_mount_target) | resource | +| [aws_security_group.efs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| cidr\_blocks | A list of CIDR blocks that should be allowed to communicate with this EFS volume | `list(string)` | `[]` | no | -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| kms\_key\_id | If supplied, EFS will use this key to encrypt data at rest. Empty string means that EFS will use an AWS-managed key. Encryption is always on with this module. | `string` | `""` | no | -| owner | n/a | `string` | n/a | yes | -| project | n/a | `string` | n/a | yes | -| security\_groups | A list of security groups that should be allowed to communicate with this EFS volume. | `list(string)` | `[]` | no | -| service | n/a | `string` | n/a | yes | -| subnet\_ids | A list of subnets that need EFS targets created for this resource | `list(string)` | `[]` | no | -| volume\_name | Name of the volume | `string` | n/a | yes | -| vpc\_id | n/a | `string` | n/a | yes | +| [cidr\_blocks](#input\_cidr\_blocks) | A list of CIDR blocks that should be allowed to communicate with this EFS volume | `list(string)` | `[]` | no | +| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [kms\_key\_id](#input\_kms\_key\_id) | If supplied, EFS will use this key to encrypt data at rest. Empty string means that EFS will use an AWS-managed key. Encryption is always on with this module. | `string` | `""` | no | +| [owner](#input\_owner) | n/a | `string` | n/a | yes | +| [project](#input\_project) | n/a | `string` | n/a | yes | +| [security\_groups](#input\_security\_groups) | A list of security groups that should be allowed to communicate with this EFS volume. | `list(string)` | `[]` | no | +| [service](#input\_service) | n/a | `string` | n/a | yes | +| [subnet\_ids](#input\_subnet\_ids) | A list of subnets that need EFS targets created for this resource | `list(string)` | `[]` | no | +| [volume\_name](#input\_volume\_name) | Name of the volume | `string` | n/a | yes | +| [vpc\_id](#input\_vpc\_id) | n/a | `string` | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| dns\_name | n/a | -| id | HACK(el): we do this to hint TF dependency graph since modules can't depend\_on | -| security\_group | n/a | - +| [dns\_name](#output\_dns\_name) | n/a | +| [id](#output\_id) | HACK(el): we do this to hint TF dependency graph since modules can't depend\_on | +| [security\_group](#output\_security\_group) | n/a | diff --git a/aws-iam-ecs-task-role/README.md b/aws-iam-ecs-task-role/README.md index 9c993337..a0038f38 100644 --- a/aws-iam-ecs-task-role/README.md +++ b/aws-iam-ecs-task-role/README.md @@ -25,29 +25,39 @@ output "ecs-role-arn" { | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_role.role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_policy_document.role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| env | Environment name. For example– dev, staging or prod. | `string` | n/a | yes | -| iam\_path | IAM path for the role. | `string` | `"/"` | no | -| owner | Email address of the owner. Can be a group address. | `string` | n/a | yes | -| project | High-level project, should be unique across the organization. | `string` | n/a | yes | -| service | Name of this thing we're running. | `string` | n/a | yes | +| [env](#input\_env) | Environment name. For example– dev, staging or prod. | `string` | n/a | yes | +| [iam\_path](#input\_iam\_path) | IAM path for the role. | `string` | `"/"` | no | +| [owner](#input\_owner) | Email address of the owner. Can be a group address. | `string` | n/a | yes | +| [project](#input\_project) | High-level project, should be unique across the organization. | `string` | n/a | yes | +| [service](#input\_service) | Name of this thing we're running. | `string` | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| arn | n/a | -| name | n/a | - +| [arn](#output\_arn) | n/a | +| [name](#output\_name) | n/a | diff --git a/aws-iam-group-assume-role/README.md b/aws-iam-group-assume-role/README.md index 94a7bd8c..0aa68018 100644 --- a/aws-iam-group-assume-role/README.md +++ b/aws-iam-group-assume-role/README.md @@ -28,30 +28,43 @@ output "group_name" { | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_group.assume-role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group) | resource | +| [aws_iam_group_membership.assume-role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group_membership) | resource | +| [aws_iam_group_policy_attachment.assume-role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group_policy_attachment) | resource | +| [aws_iam_policy.assume-role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy_document.assume-role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| dependencies | Pseudo depends\_on because Terraform modules do not support depends\_on | `list(any)` | `[]` | no | -| group\_name | The name of the group this module will create. | `string` | n/a | yes | -| iam\_path | The IAM path under which the group and policies will be created. Useful for avoiding naming conflicts. | `string` | `"/"` | no | -| target\_accounts | List of accounts in which this role should be assume-able. | `list(any)` | n/a | yes | -| target\_role | Name of the role to be assume-able. If not specified or given as empty string, then the group name will be used as the role name. | `string` | `""` | no | -| users | List of user's names who should be added to this group. | `list(any)` | `[]` | no | +| [dependencies](#input\_dependencies) | Pseudo depends\_on because Terraform modules do not support depends\_on | `list(any)` | `[]` | no | +| [group\_name](#input\_group\_name) | The name of the group this module will create. | `string` | n/a | yes | +| [iam\_path](#input\_iam\_path) | The IAM path under which the group and policies will be created. Useful for avoiding naming conflicts. | `string` | `"/"` | no | +| [target\_accounts](#input\_target\_accounts) | List of accounts in which this role should be assume-able. | `list(any)` | n/a | yes | +| [target\_role](#input\_target\_role) | Name of the role to be assume-able. If not specified or given as empty string, then the group name will be used as the role name. | `string` | `""` | no | +| [users](#input\_users) | List of user's names who should be added to this group. | `list(any)` | `[]` | no | ## Outputs | Name | Description | |------|-------------| -| group\_arn | n/a | -| group\_name | n/a | - +| [group\_arn](#output\_group\_arn) | n/a | +| [group\_name](#output\_group\_name) | n/a | diff --git a/aws-iam-group-console-login/README.md b/aws-iam-group-console-login/README.md index 9aa7370a..b9646c2c 100644 --- a/aws-iam-group-console-login/README.md +++ b/aws-iam-group-console-login/README.md @@ -22,25 +22,37 @@ output "group_name" { | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_group.login](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group) | resource | +| [aws_iam_group_policy_attachment.self-iam](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group_policy_attachment) | resource | +| [aws_iam_policy.self-iam](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy_document.self-iam](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| group\_name | Name of the group to be created. | `string` | `"console-login"` | no | -| iam\_path | IAM path under which resources will be created. | `string` | `"/"` | no | +| [group\_name](#input\_group\_name) | Name of the group to be created. | `string` | `"console-login"` | no | +| [iam\_path](#input\_iam\_path) | IAM path under which resources will be created. | `string` | `"/"` | no | ## Outputs | Name | Description | |------|-------------| -| group\_name | n/a | - +| [group\_name](#output\_group\_name) | n/a | diff --git a/aws-iam-instance-profile/README.md b/aws-iam-instance-profile/README.md index 788c3ca7..b1308f70 100644 --- a/aws-iam-instance-profile/README.md +++ b/aws-iam-instance-profile/README.md @@ -33,31 +33,43 @@ resource "aws_instance" "instance" { | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_instance_profile.profile](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource | +| [aws_iam_role.role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.cloudwatch-agent](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_policy_document.assume-role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| create\_role | Creates a role for use with the instance profile. | `bool` | `true` | no | -| existing\_role\_name | Use existing role with the given name instead of creating a new role. Attaches all standard policies to given role. Only used if create\_role is false. | `string` | `null` | no | -| iam\_path | The IAM path to the role. | `string` | `"/"` | no | -| name\_prefix | Creates a unique name for both the role and instance profile beginning with the specified prefix. Max 32 characters long. | `string` | n/a | yes | -| role\_description | The description of the IAM role. | `string` | `""` | no | +| [create\_role](#input\_create\_role) | Creates a role for use with the instance profile. | `bool` | `true` | no | +| [existing\_role\_name](#input\_existing\_role\_name) | Use existing role with the given name instead of creating a new role. Attaches all standard policies to given role. Only used if create\_role is false. | `string` | `null` | no | +| [iam\_path](#input\_iam\_path) | The IAM path to the role. | `string` | `"/"` | no | +| [name\_prefix](#input\_name\_prefix) | Creates a unique name for both the role and instance profile beginning with the specified prefix. Max 32 characters long. | `string` | n/a | yes | +| [role\_description](#input\_role\_description) | The description of the IAM role. | `string` | `""` | no | ## Outputs | Name | Description | |------|-------------| -| profile\_arn | The ARN assigned by AWS to the instance profile. | -| profile\_name | The instance profile's name. | -| role\_arn | The Amazon Resource Name (ARN) specifying the role. | -| role\_name | The name of the role. | - +| [profile\_arn](#output\_profile\_arn) | The ARN assigned by AWS to the instance profile. | +| [profile\_name](#output\_profile\_name) | The instance profile's name. | +| [role\_arn](#output\_role\_arn) | The Amazon Resource Name (ARN) specifying the role. | +| [role\_name](#output\_role\_name) | The name of the role. | diff --git a/aws-iam-password-policy/README.md b/aws-iam-password-policy/README.md index 3777f2a7..577fbd25 100644 --- a/aws-iam-password-policy/README.md +++ b/aws-iam-password-policy/README.md @@ -15,20 +15,29 @@ module "password-policy" { | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_account_password_policy.strict](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_account_password_policy) | resource | ## Inputs -No input. +No inputs. ## Outputs -No output. - +No outputs. diff --git a/aws-iam-policy-cwlogs/README.md b/aws-iam-policy-cwlogs/README.md index f9d0a05c..f16275e9 100644 --- a/aws-iam-policy-cwlogs/README.md +++ b/aws-iam-policy-cwlogs/README.md @@ -22,23 +22,34 @@ module "policy" { | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_policy.logs-policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy_attachment.attach-logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource | +| [aws_iam_policy_document.logs-policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| iam\_path | n/a | `string` | `"/"` | no | -| role\_name | The role to which this policy should be attached. | `string` | n/a | yes | +| [iam\_path](#input\_iam\_path) | n/a | `string` | `"/"` | no | +| [role\_name](#input\_role\_name) | The role to which this policy should be attached. | `string` | n/a | yes | ## Outputs -No output. - +No outputs. diff --git a/aws-iam-role-bless/README.md b/aws-iam-role-bless/README.md index 3a7a320f..7b7fe7fa 100644 --- a/aws-iam-role-bless/README.md +++ b/aws-iam-role-bless/README.md @@ -24,32 +24,44 @@ output "..." { | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [client](#module\_client) | ../aws-iam-role-crossacct | | + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_role_policy.client](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_policy_document.client](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| bless\_lambda\_arns | List of bless lambda arns | `list(any)` | n/a | yes | -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| iam\_path | IAM path | `string` | `"/"` | no | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| role\_name | The name for the role | `string` | n/a | yes | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| source\_account\_id | The source aws account id to allow sts:AssumeRole. DEPRECATED: Please use source\_account\_ids | `string` | n/a | yes | -| source\_account\_ids | The source aws account ids to allow sts:AssumeRole | `set(string)` | `[]` | no | +| [bless\_lambda\_arns](#input\_bless\_lambda\_arns) | List of bless lambda arns | `list(any)` | n/a | yes | +| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [iam\_path](#input\_iam\_path) | IAM path | `string` | `"/"` | no | +| [owner](#input\_owner) | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [role\_name](#input\_role\_name) | The name for the role | `string` | n/a | yes | +| [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [source\_account\_id](#input\_source\_account\_id) | The source aws account id to allow sts:AssumeRole. DEPRECATED: Please use source\_account\_ids | `string` | n/a | yes | +| [source\_account\_ids](#input\_source\_account\_ids) | The source aws account ids to allow sts:AssumeRole | `set(string)` | `[]` | no | ## Outputs | Name | Description | |------|-------------| -| role\_name | n/a | - +| [role\_name](#output\_role\_name) | n/a | diff --git a/aws-iam-role-cloudfront-poweruser/README.md b/aws-iam-role-cloudfront-poweruser/README.md index 1d6c7db0..6d6778a6 100644 --- a/aws-iam-role-cloudfront-poweruser/README.md +++ b/aws-iam-role-cloudfront-poweruser/README.md @@ -7,34 +7,50 @@ This module will create a role which is granted poweruser control over AWS Cloud | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_policy.cloudfront](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_role.role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.cloudfront](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_policy_document.assume-role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.cloudfront](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| iam\_path | n/a | `string` | `"/"` | no | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| role\_name | Name of the role to create | `string` | n/a | yes | -| s3\_bucket\_prefixes | Limits role permissions to buckets with specific prefixes. Empty for all buckets. | `list(any)` | 
[
  ""
]
| no | -| saml\_idp\_arn | The AWS SAML IDP arn to establish a trust relationship. Ignored if empty or not provided. | `string` | `""` | no | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| source\_account\_id | The source AWS account to establish a trust relationship. Ignored if empty or not provided. DEPRECATED: Please use source\_account\_ids. | `string` | `""` | no | -| source\_account\_ids | The source AWS account IDs to establish a trust relationship. Ignored if empty or not provided. | `set(string)` | `[]` | no | +| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [iam\_path](#input\_iam\_path) | n/a | `string` | `"/"` | no | +| [owner](#input\_owner) | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [role\_name](#input\_role\_name) | Name of the role to create | `string` | n/a | yes | +| [s3\_bucket\_prefixes](#input\_s3\_bucket\_prefixes) | Limits role permissions to buckets with specific prefixes. Empty for all buckets. | `list(any)` | 
[
  ""
]
| no | +| [saml\_idp\_arn](#input\_saml\_idp\_arn) | The AWS SAML IDP arn to establish a trust relationship. Ignored if empty or not provided. | `string` | `""` | no | +| [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [source\_account\_id](#input\_source\_account\_id) | The source AWS account to establish a trust relationship. Ignored if empty or not provided. DEPRECATED: Please use source\_account\_ids. | `string` | `""` | no | +| [source\_account\_ids](#input\_source\_account\_ids) | The source AWS account IDs to establish a trust relationship. Ignored if empty or not provided. | `set(string)` | `[]` | no | ## Outputs | Name | Description | |------|-------------| -| role\_arn | n/a | -| role\_name | n/a | - +| [role\_arn](#output\_role\_arn) | n/a | +| [role\_name](#output\_role\_name) | n/a | diff --git a/aws-iam-role-crossacct/README.md b/aws-iam-role-crossacct/README.md index 053d3949..8608b886 100644 --- a/aws-iam-role-crossacct/README.md +++ b/aws-iam-role-crossacct/README.md @@ -21,36 +21,46 @@ module "group" { | Name | Version | |------|---------| -| aws | >= 2.60.0 | +| [aws](#requirement\_aws) | >= 2.60.0 | ## Providers | Name | Version | |------|---------| -| aws | >= 2.60.0 | +| [aws](#provider\_aws) | >= 2.60.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_role.role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_policy_document.assume-role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| iam\_path | The IAM path to put this role in. | `string` | `"/"` | no | -| max\_session\_duration | The maximum session duration (in seconds) for the role. | `number` | `3600` | no | -| oidc | A list of AWS OIDC IDPs to establish a trust relationship for this role. | 
list(object(
    {
      idp_arn : string,          # the AWS IAM IDP arn
      client_ids : list(string), # a list of oidc client ids
      provider : string          # your provider url, such as foo.okta.com
    }
  ))
| `[]` | no | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| role\_name | The name of the role. | `string` | n/a | yes | -| saml\_idp\_arn | The AWS SAML IDP arn to establish a trust relationship. Ignored if empty or not provided. | `string` | `""` | no | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| source\_account\_id | The source AWS account to establish a trust relationship. Ignored if empty or not provided. DEPRECATED: Please use source\_account\_ids. | `string` | `""` | no | -| source\_account\_ids | The source AWS account IDs to establish a trust relationship. Ignored if empty or not provided. | `set(string)` | `[]` | no | +| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [iam\_path](#input\_iam\_path) | The IAM path to put this role in. | `string` | `"/"` | no | +| [max\_session\_duration](#input\_max\_session\_duration) | The maximum session duration (in seconds) for the role. | `number` | `3600` | no | +| [oidc](#input\_oidc) | A list of AWS OIDC IDPs to establish a trust relationship for this role. | 
list(object(
    {
      idp_arn : string,          # the AWS IAM IDP arn
      client_ids : list(string), # a list of oidc client ids
      provider : string          # your provider url, such as foo.okta.com
    }
  ))
| `[]` | no | +| [owner](#input\_owner) | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [role\_name](#input\_role\_name) | The name of the role. | `string` | n/a | yes | +| [saml\_idp\_arn](#input\_saml\_idp\_arn) | The AWS SAML IDP arn to establish a trust relationship. Ignored if empty or not provided. | `string` | `""` | no | +| [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [source\_account\_id](#input\_source\_account\_id) | The source AWS account to establish a trust relationship. Ignored if empty or not provided. DEPRECATED: Please use source\_account\_ids. | `string` | `""` | no | +| [source\_account\_ids](#input\_source\_account\_ids) | The source AWS account IDs to establish a trust relationship. Ignored if empty or not provided. | `set(string)` | `[]` | no | ## Outputs | Name | Description | |------|-------------| -| iam\_path | n/a | -| role\_arn | n/a | -| role\_name | n/a | - +| [iam\_path](#output\_iam\_path) | n/a | +| [role\_arn](#output\_role\_arn) | n/a | +| [role\_name](#output\_role\_name) | n/a | diff --git a/aws-iam-role-ec2-poweruser/README.md b/aws-iam-role-ec2-poweruser/README.md index a12603da..1a707fda 100644 --- a/aws-iam-role-ec2-poweruser/README.md +++ b/aws-iam-role-ec2-poweruser/README.md @@ -23,34 +23,47 @@ module "ec2-poweruser" { | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_policy.ec2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_role.ec2-poweruser](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.ec2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_policy_document.assume-role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.ec2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| default\_iam\_policy | If this role should use a custom IAM policy (managed outside the module), set this to false | `bool` | `true` | no | -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| iam\_path | n/a | `string` | `"/"` | no | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| role\_name | n/a | `string` | n/a | yes | -| saml\_idp\_arn | The AWS SAML IDP arn to establish a trust relationship. Ignored if empty or not provided. | `string` | `""` | no | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| source\_account\_id | The source AWS account to establish a trust relationship. Ignored if empty or not provided. DEPRECATED: Please use source\_account\_ids. | `string` | `""` | no | -| source\_account\_ids | The source AWS account IDs to establish a trust relationship. Ignored if empty or not provided. | `set(string)` | `[]` | no | +| [default\_iam\_policy](#input\_default\_iam\_policy) | If this role should use a custom IAM policy (managed outside the module), set this to false | `bool` | `true` | no | +| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [iam\_path](#input\_iam\_path) | n/a | `string` | `"/"` | no | +| [owner](#input\_owner) | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [role\_name](#input\_role\_name) | n/a | `string` | n/a | yes | +| [saml\_idp\_arn](#input\_saml\_idp\_arn) | The AWS SAML IDP arn to establish a trust relationship. Ignored if empty or not provided. | `string` | `""` | no | +| [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [source\_account\_id](#input\_source\_account\_id) | The source AWS account to establish a trust relationship. Ignored if empty or not provided. DEPRECATED: Please use source\_account\_ids. | `string` | `""` | no | +| [source\_account\_ids](#input\_source\_account\_ids) | The source AWS account IDs to establish a trust relationship. Ignored if empty or not provided. | `set(string)` | `[]` | no | ## Outputs | Name | Description | |------|-------------| -| arn | n/a | -| role\_name | n/a | - +| [arn](#output\_arn) | n/a | +| [role\_name](#output\_role\_name) | n/a | diff --git a/aws-iam-role-ecs-poweruser/README.md b/aws-iam-role-ecs-poweruser/README.md index 94eca0e2..a869b9d7 100644 --- a/aws-iam-role-ecs-poweruser/README.md +++ b/aws-iam-role-ecs-poweruser/README.md @@ -22,32 +22,47 @@ module "ec2-poweruser" { | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_policy.secrets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_role.ecs-poweruser](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.ecr-poweruser](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.ecs-fullaccess](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.secrets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_policy_document.assume-role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.secrets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| iam\_path | n/a | `string` | `"/"` | no | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| role\_name | n/a | `string` | n/a | yes | -| saml\_idp\_arn | The AWS SAML IDP arn to establish a trust relationship. Ignored if empty or not provided. | `string` | `""` | no | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| source\_account\_id | The source AWS account to establish a trust relationship. Ignored if empty or not provided. DEPRECATED: Please use source\_account\_ids. | `string` | `""` | no | -| source\_account\_ids | The source AWS account IDs to establish a trust relationship. Ignored if empty or not provided. | `set(string)` | `[]` | no | +| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [iam\_path](#input\_iam\_path) | n/a | `string` | `"/"` | no | +| [owner](#input\_owner) | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [role\_name](#input\_role\_name) | n/a | `string` | n/a | yes | +| [saml\_idp\_arn](#input\_saml\_idp\_arn) | The AWS SAML IDP arn to establish a trust relationship. Ignored if empty or not provided. | `string` | `""` | no | +| [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [source\_account\_id](#input\_source\_account\_id) | The source AWS account to establish a trust relationship. Ignored if empty or not provided. DEPRECATED: Please use source\_account\_ids. | `string` | `""` | no | +| [source\_account\_ids](#input\_source\_account\_ids) | The source AWS account IDs to establish a trust relationship. Ignored if empty or not provided. | `set(string)` | `[]` | no | ## Outputs | Name | Description | |------|-------------| -| arn | n/a | - +| [arn](#output\_arn) | n/a | diff --git a/aws-iam-role-infraci/README.md b/aws-iam-role-infraci/README.md index 2164f00f..98ea4f91 100644 --- a/aws-iam-role-infraci/README.md +++ b/aws-iam-role-infraci/README.md @@ -7,33 +7,47 @@ Creates a role useful for running `terraform plan` in CI jobs. | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_policy.secrets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_role.infraci](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.infraci](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.secrets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_policy_document.assume-role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.secrets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| iam\_path | n/a | `string` | `"/"` | no | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| role\_name | n/a | `string` | `"infraci"` | no | -| saml\_idp\_arn | The AWS SAML IDP arn to establish a trust relationship. Ignored if empty or not provided. | `string` | `""` | no | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| source\_account\_id | The source AWS account to establish a trust relationship. Ignored if empty or not provided. DEPRECATED: Pleaase use source\_account\_ids. | `string` | `""` | no | -| source\_account\_ids | The source AWS account IDs to establish a trust relationship. Ignored if empty or not provided. | `set(string)` | `[]` | no | -| terraform\_state\_lock\_dynamodb\_arns | ARNs of the state file DynamoDB tables | `list(string)` | `[]` | no | +| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [iam\_path](#input\_iam\_path) | n/a | `string` | `"/"` | no | +| [owner](#input\_owner) | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [role\_name](#input\_role\_name) | n/a | `string` | `"infraci"` | no | +| [saml\_idp\_arn](#input\_saml\_idp\_arn) | The AWS SAML IDP arn to establish a trust relationship. Ignored if empty or not provided. | `string` | `""` | no | +| [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [source\_account\_id](#input\_source\_account\_id) | The source AWS account to establish a trust relationship. Ignored if empty or not provided. DEPRECATED: Pleaase use source\_account\_ids. | `string` | `""` | no | +| [source\_account\_ids](#input\_source\_account\_ids) | The source AWS account IDs to establish a trust relationship. Ignored if empty or not provided. | `set(string)` | `[]` | no | +| [terraform\_state\_lock\_dynamodb\_arns](#input\_terraform\_state\_lock\_dynamodb\_arns) | ARNs of the state file DynamoDB tables | `list(string)` | `[]` | no | ## Outputs | Name | Description | |------|-------------| -| role\_name | n/a | - +| [role\_name](#output\_role\_name) | n/a | diff --git a/aws-iam-role-poweruser/README.md b/aws-iam-role-poweruser/README.md index 5f2e6c34..8caaf1a9 100644 --- a/aws-iam-role-poweruser/README.md +++ b/aws-iam-role-poweruser/README.md @@ -21,36 +21,50 @@ module "group" { | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_policy.misc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_role.poweruser](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.misc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.poweruser](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_policy_document.assume-role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.misc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| authorize\_iam | Indicates if we should augment the PowerUserAccess policy with certain IAM actions. | `bool` | `true` | no | -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| iam\_path | n/a | `string` | `"/"` | no | -| max\_session\_duration | The maximum session duration (in seconds) for the role. | `number` | `3600` | no | -| oidc | A list of AWS OIDC IDPs to establish a trust relationship for this role. | 
list(object(
    {
      idp_arn : string,          # the AWS IAM IDP arn
      client_ids : list(string), # a list of oidc client ids
      provider : string          # your provider url, such as foo.okta.com
    }
  ))
| `[]` | no | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| role\_name | n/a | `string` | `"poweruser"` | no | -| saml\_idp\_arn | The AWS SAML IDP arn to establish a trust relationship. Ignored if empty or not provided. | `string` | `""` | no | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| source\_account\_id | The source AWS account to establish a trust relationship. Ignored if empty or not provided. DEPRECATED: Please use source\_account\_ids. | `string` | `""` | no | -| source\_account\_ids | The source AWS account IDs to establish a trust relationship. Ignored if empty or not provided. | `set(string)` | `[]` | no | +| [authorize\_iam](#input\_authorize\_iam) | Indicates if we should augment the PowerUserAccess policy with certain IAM actions. | `bool` | `true` | no | +| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [iam\_path](#input\_iam\_path) | n/a | `string` | `"/"` | no | +| [max\_session\_duration](#input\_max\_session\_duration) | The maximum session duration (in seconds) for the role. | `number` | `3600` | no | +| [oidc](#input\_oidc) | A list of AWS OIDC IDPs to establish a trust relationship for this role. | 
list(object(
    {
      idp_arn : string,          # the AWS IAM IDP arn
      client_ids : list(string), # a list of oidc client ids
      provider : string          # your provider url, such as foo.okta.com
    }
  ))
| `[]` | no | +| [owner](#input\_owner) | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [role\_name](#input\_role\_name) | n/a | `string` | `"poweruser"` | no | +| [saml\_idp\_arn](#input\_saml\_idp\_arn) | The AWS SAML IDP arn to establish a trust relationship. Ignored if empty or not provided. | `string` | `""` | no | +| [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [source\_account\_id](#input\_source\_account\_id) | The source AWS account to establish a trust relationship. Ignored if empty or not provided. DEPRECATED: Please use source\_account\_ids. | `string` | `""` | no | +| [source\_account\_ids](#input\_source\_account\_ids) | The source AWS account IDs to establish a trust relationship. Ignored if empty or not provided. | `set(string)` | `[]` | no | ## Outputs | Name | Description | |------|-------------| -| arn | n/a | -| role\_name | n/a | - +| [arn](#output\_arn) | n/a | +| [role\_name](#output\_role\_name) | n/a | diff --git a/aws-iam-role-readonly/README.md b/aws-iam-role-readonly/README.md index c484f564..d852a9a6 100644 --- a/aws-iam-role-readonly/README.md +++ b/aws-iam-role-readonly/README.md @@ -25,35 +25,48 @@ output "role_name" { | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_role.readonly](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy.secrets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy_attachment.readonly](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_policy_document.assume-role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.secrets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| authorize\_read\_secrets | Should this role also be authorized to decrypt and read secrets. | `bool` | `true` | no | -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| iam\_path | n/a | `string` | `"/"` | no | -| oidc | A list of AWS OIDC IDPs to establish a trust relationship for this role. | 
list(object(
    {
      idp_arn : string,          # the AWS IAM IDP arn
      client_ids : list(string), # a list of oidc client ids
      provider : string          # your provider url, such as foo.okta.com
    }
  ))
| `[]` | no | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| role\_name | n/a | `string` | `"readonly"` | no | -| saml\_idp\_arn | The AWS SAML IDP arn to establish a trust relationship. Ignored if empty or not provided. | `string` | `""` | no | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| source\_account\_id | The source AWS account to establish a trust relationship. Ignored if empty or not provided. DEPRECATED: Please use source\_account\_ids. | `string` | `""` | no | -| source\_account\_ids | The source AWS account IDs to establish a trust relationship. Ignored if empty or not provided. | `set(string)` | `[]` | no | +| [authorize\_read\_secrets](#input\_authorize\_read\_secrets) | Should this role also be authorized to decrypt and read secrets. | `bool` | `true` | no | +| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [iam\_path](#input\_iam\_path) | n/a | `string` | `"/"` | no | +| [oidc](#input\_oidc) | A list of AWS OIDC IDPs to establish a trust relationship for this role. | 
list(object(
    {
      idp_arn : string,          # the AWS IAM IDP arn
      client_ids : list(string), # a list of oidc client ids
      provider : string          # your provider url, such as foo.okta.com
    }
  ))
| `[]` | no | +| [owner](#input\_owner) | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [role\_name](#input\_role\_name) | n/a | `string` | `"readonly"` | no | +| [saml\_idp\_arn](#input\_saml\_idp\_arn) | The AWS SAML IDP arn to establish a trust relationship. Ignored if empty or not provided. | `string` | `""` | no | +| [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [source\_account\_id](#input\_source\_account\_id) | The source AWS account to establish a trust relationship. Ignored if empty or not provided. DEPRECATED: Please use source\_account\_ids. | `string` | `""` | no | +| [source\_account\_ids](#input\_source\_account\_ids) | The source AWS account IDs to establish a trust relationship. Ignored if empty or not provided. | `set(string)` | `[]` | no | ## Outputs | Name | Description | |------|-------------| -| arn | n/a | -| role\_name | n/a | - +| [arn](#output\_arn) | n/a | +| [role\_name](#output\_role\_name) | n/a | diff --git a/aws-iam-role-route53domains-poweruser/README.md b/aws-iam-role-route53domains-poweruser/README.md index f57744eb..204a9155 100644 --- a/aws-iam-role-route53domains-poweruser/README.md +++ b/aws-iam-role-route53domains-poweruser/README.md @@ -22,32 +22,44 @@ module "route53domains-poweruser" { | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_role.route53domains-poweruser](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.route53-readonly](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.route53domains-fullaccess](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_policy_document.assume-role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| iam\_path | n/a | `string` | `"/"` | no | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| role\_name | n/a | `string` | `"route53domains-poweruser"` | no | -| saml\_idp\_arn | The AWS SAML IDP arn to establish a trust relationship. Ignored if empty or not provided. | `string` | `""` | no | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| source\_account\_id | The source AWS account to establish a trust relationship. Ignored if empty or not provided. DEPRECATED: Please use source\_account\_ids. | `string` | `""` | no | -| source\_account\_ids | The source AWS account IDs to establish a trust relationship. Ignored if empty or not provided. | `set(string)` | `[]` | no | +| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [iam\_path](#input\_iam\_path) | n/a | `string` | `"/"` | no | +| [owner](#input\_owner) | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [role\_name](#input\_role\_name) | n/a | `string` | `"route53domains-poweruser"` | no | +| [saml\_idp\_arn](#input\_saml\_idp\_arn) | The AWS SAML IDP arn to establish a trust relationship. Ignored if empty or not provided. | `string` | `""` | no | +| [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [source\_account\_id](#input\_source\_account\_id) | The source AWS account to establish a trust relationship. Ignored if empty or not provided. DEPRECATED: Please use source\_account\_ids. | `string` | `""` | no | +| [source\_account\_ids](#input\_source\_account\_ids) | The source AWS account IDs to establish a trust relationship. Ignored if empty or not provided. | `set(string)` | `[]` | no | ## Outputs | Name | Description | |------|-------------| -| arn | n/a | - +| [arn](#output\_arn) | n/a | diff --git a/aws-iam-role-security-audit/README.md b/aws-iam-role-security-audit/README.md index 4cc3f570..f7bf5102 100644 --- a/aws-iam-role-security-audit/README.md +++ b/aws-iam-role-security-audit/README.md @@ -17,30 +17,41 @@ module "group" { | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_role.security-audit](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.security-audit](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_policy_document.assume-role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| iam\_path | n/a | `string` | `"/"` | no | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| role\_name | The name of this role. | `string` | `"security-audit"` | no | -| saml\_idp\_arn | The AWS SAML IDP arn to establish a trust relationship. Ignored if empty or not provided. | `string` | `""` | no | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| source\_account\_id | The source AWS account to establish a trust relationship. Ignored if empty or not provided. DEPRECATED: Please use source\_account\_ids. | `string` | `""` | no | -| source\_account\_ids | The source AWS account IDs to establish a trust relationship. Ignored if empty or not provided. | `set(string)` | `[]` | no | +| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [iam\_path](#input\_iam\_path) | n/a | `string` | `"/"` | no | +| [owner](#input\_owner) | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [role\_name](#input\_role\_name) | The name of this role. | `string` | `"security-audit"` | no | +| [saml\_idp\_arn](#input\_saml\_idp\_arn) | The AWS SAML IDP arn to establish a trust relationship. Ignored if empty or not provided. | `string` | `""` | no | +| [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [source\_account\_id](#input\_source\_account\_id) | The source AWS account to establish a trust relationship. Ignored if empty or not provided. DEPRECATED: Please use source\_account\_ids. | `string` | `""` | no | +| [source\_account\_ids](#input\_source\_account\_ids) | The source AWS account IDs to establish a trust relationship. Ignored if empty or not provided. | `set(string)` | `[]` | no | ## Outputs -No output. - +No outputs. diff --git a/aws-iam-role/README.md b/aws-iam-role/README.md index 70fb6f57..a04c14bb 100644 --- a/aws-iam-role/README.md +++ b/aws-iam-role/README.md @@ -30,36 +30,48 @@ module iam-role { | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_role.role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy.policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy_attachment.policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_policy_document.assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| attached\_policies\_names\_arns | Map of policy names to the respective ARNs to be attached to the IAM role. | `map(string)` | `{}` | no | -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| iam\_path | The IAM path under which the IAM role will be created. | `string` | `null` | no | -| inline\_policies | List of inline policies to be associated with the IAM role. | `list(object({ name = string, policy = string }))` | `[]` | no | -| max\_session\_duration | The maximum amount of time, in seconds, that a principal can assume this role. | `number` | `3600` | no | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| principals | AWS IAM Principals which will be able to assume this role. | `list(object({ type = string, identifiers = list(string) }))` | n/a | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| role\_description | IAM role description. | `string` | `null` | no | -| role\_name | IAM role name. | `string` | n/a | yes | -| saml\_idp\_arn | The AWS SAML IDP arn to establish a trust relationship. Ignored if empty or not provided. | `string` | `""` | no | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [attached\_policies\_names\_arns](#input\_attached\_policies\_names\_arns) | Map of policy names to the respective ARNs to be attached to the IAM role. | `map(string)` | `{}` | no | +| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [iam\_path](#input\_iam\_path) | The IAM path under which the IAM role will be created. | `string` | `null` | no | +| [inline\_policies](#input\_inline\_policies) | List of inline policies to be associated with the IAM role. | `list(object({ name = string, policy = string }))` | `[]` | no | +| [max\_session\_duration](#input\_max\_session\_duration) | The maximum amount of time, in seconds, that a principal can assume this role. | `number` | `3600` | no | +| [owner](#input\_owner) | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [principals](#input\_principals) | AWS IAM Principals which will be able to assume this role. | `list(object({ type = string, identifiers = list(string) }))` | n/a | yes | +| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [role\_description](#input\_role\_description) | IAM role description. | `string` | `null` | no | +| [role\_name](#input\_role\_name) | IAM role name. | `string` | n/a | yes | +| [saml\_idp\_arn](#input\_saml\_idp\_arn) | The AWS SAML IDP arn to establish a trust relationship. Ignored if empty or not provided. | `string` | `""` | no | +| [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| role\_arn | IAM role ARN. | -| role\_name | IAM role name. | - +| [role\_arn](#output\_role\_arn) | IAM role ARN. | +| [role\_name](#output\_role\_name) | IAM role name. | diff --git a/aws-iam-secrets-reader-policy/README.md b/aws-iam-secrets-reader-policy/README.md index cefa9d90..af64da7b 100644 --- a/aws-iam-secrets-reader-policy/README.md +++ b/aws-iam-secrets-reader-policy/README.md @@ -20,24 +20,35 @@ module "policy" { | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_policy.policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy_attachment.attach](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource | +| [aws_iam_policy_document.policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| iam\_path | n/a | `string` | `"/"` | no | -| role\_name | The role to which this policy should be attached. | `string` | n/a | yes | -| secrets\_arns | List of secrets ARNs for reading. | `list(string)` | n/a | yes | +| [iam\_path](#input\_iam\_path) | n/a | `string` | `"/"` | no | +| [role\_name](#input\_role\_name) | The role to which this policy should be attached. | `string` | n/a | yes | +| [secrets\_arns](#input\_secrets\_arns) | List of secrets ARNs for reading. | `list(string)` | n/a | yes | ## Outputs -No output. - +No outputs. diff --git a/aws-lambda-edge-add-security-headers/README.md b/aws-lambda-edge-add-security-headers/README.md index ba0fdcb7..5b61209e 100644 --- a/aws-lambda-edge-add-security-headers/README.md +++ b/aws-lambda-edge-add-security-headers/README.md @@ -37,29 +37,40 @@ resource aws_cloudfront_distribution cf { | Name | Version | |------|---------| -| archive | ~> 2.0 | -| aws | < 3.0.0 | +| [archive](#requirement\_archive) | ~> 2.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| archive | ~> 2.0 | +| [archive](#provider\_archive) | ~> 2.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [lambda](#module\_lambda) | ../aws-lambda-function | | + +## Resources + +| Name | Type | +|------|------| +| [archive_file.lambda](https://registry.terraform.io/providers/hashicorp/archive/latest/docs/data-sources/file) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| function\_name | The name for the lambda function. | `string` | `null` | no | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [function\_name](#input\_function\_name) | The name for the lambda function. | `string` | `null` | no | +| [owner](#input\_owner) | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| qualified\_arn | The qualified arn (version number included) of the latest published lambda version. | - +| [qualified\_arn](#output\_qualified\_arn) | The qualified arn (version number included) of the latest published lambda version. | diff --git a/aws-lambda-function/README.md b/aws-lambda-function/README.md index 6351a500..439fb5c9 100644 --- a/aws-lambda-function/README.md +++ b/aws-lambda-function/README.md @@ -24,51 +24,70 @@ module lambda { | Name | Version | |------|---------| -| aws | >= 2.60.0 | +| [aws](#requirement\_aws) | >= 2.60.0 | ## Providers | Name | Version | |------|---------| -| aws | >= 2.60.0 | +| [aws](#provider\_aws) | >= 2.60.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_cloudwatch_log_group.log](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | +| [aws_iam_policy.lambda_logging](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_role.role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy.role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy_attachment.lambda_logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_lambda_function.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource | +| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_iam_policy_document.lambda_logging_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.lambda_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| at\_edge | Is this lambda going to be used with a Cloufront distribution? If you set this, you will not have control over log retention, and you cannot include environment variables. | `bool` | `false` | no | -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| environment | Map of environment variables. | `map(string)` | `{}` | no | -| filename | n/a | `string` | `null` | no | -| function\_description | Description for lambda function. | `string` | `""` | no | -| function\_name | If not set, function use default naming convention of $project-$env-$service. See local.name in main.tf | `string` | `null` | no | -| handler | Name of the lambda handler. | `string` | n/a | yes | -| kms\_key\_arn | KMS key used to encrypt environment variables. | `string` | `null` | no | -| lambda\_role\_path | The path to the IAM role for lambda. | `string` | `null` | no | -| log\_retention\_in\_days | n/a | `number` | `null` | no | -| memory\_size | Amount of memory to allocate to the lambda | `number` | `128` | no | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| publish\_lambda | Whether to publish creation/change as new lambda function version. | `bool` | `false` | no | -| reserved\_concurrent\_executions | Set reserved\_concurrent\_executions for this function. See [docs](https://docs.aws.amazon.com/lambda/latest/dg/configuration-concurrency.html). | `number` | `-1` | no | -| runtime | Lambda language runtime. | `string` | n/a | yes | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| source\_code\_hash | n/a | `string` | `null` | no | -| source\_s3\_bucket | Bucket holding lambda source code. | `string` | `null` | no | -| source\_s3\_key | Key identifying location of code. | `string` | `null` | no | -| timeout | Execution timeout for the lambda. | `number` | `null` | no | -| vpc\_config | The lambda's vpc configuration | 
object({
    subnet_ids         = list(string),
    security_group_ids = list(string)
  })
| `null` | no | +| [at\_edge](#input\_at\_edge) | Is this lambda going to be used with a Cloufront distribution? If you set this, you will not have control over log retention, and you cannot include environment variables. | `bool` | `false` | no | +| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [environment](#input\_environment) | Map of environment variables. | `map(string)` | `{}` | no | +| [filename](#input\_filename) | n/a | `string` | `null` | no | +| [function\_description](#input\_function\_description) | Description for lambda function. | `string` | `""` | no | +| [function\_name](#input\_function\_name) | If not set, function use default naming convention of $project-$env-$service. See local.name in main.tf | `string` | `null` | no | +| [handler](#input\_handler) | Name of the lambda handler. | `string` | n/a | yes | +| [kms\_key\_arn](#input\_kms\_key\_arn) | KMS key used to encrypt environment variables. | `string` | `null` | no | +| [lambda\_role\_path](#input\_lambda\_role\_path) | The path to the IAM role for lambda. | `string` | `null` | no | +| [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | n/a | `number` | `null` | no | +| [memory\_size](#input\_memory\_size) | Amount of memory to allocate to the lambda | `number` | `128` | no | +| [owner](#input\_owner) | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [publish\_lambda](#input\_publish\_lambda) | Whether to publish creation/change as new lambda function version. | `bool` | `false` | no | +| [reserved\_concurrent\_executions](#input\_reserved\_concurrent\_executions) | Set reserved\_concurrent\_executions for this function. See [docs](https://docs.aws.amazon.com/lambda/latest/dg/configuration-concurrency.html). | `number` | `-1` | no | +| [runtime](#input\_runtime) | Lambda language runtime. | `string` | n/a | yes | +| [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [source\_code\_hash](#input\_source\_code\_hash) | n/a | `string` | `null` | no | +| [source\_s3\_bucket](#input\_source\_s3\_bucket) | Bucket holding lambda source code. | `string` | `null` | no | +| [source\_s3\_key](#input\_source\_s3\_key) | Key identifying location of code. | `string` | `null` | no | +| [timeout](#input\_timeout) | Execution timeout for the lambda. | `number` | `null` | no | +| [vpc\_config](#input\_vpc\_config) | The lambda's vpc configuration | 
object({
    subnet_ids         = list(string),
    security_group_ids = list(string)
  })
| `null` | no | ## Outputs | Name | Description | |------|-------------| -| arn | n/a | -| function\_name | n/a | -| invoke\_arn | n/a | -| log\_group\_name | n/a | -| qualified\_arn | If the lambda function is published, the qualified\_arn points at the latest version number. | -| role\_id | n/a | -| role\_name | n/a | - +| [arn](#output\_arn) | n/a | +| [function\_name](#output\_function\_name) | n/a | +| [invoke\_arn](#output\_invoke\_arn) | n/a | +| [log\_group\_name](#output\_log\_group\_name) | n/a | +| [qualified\_arn](#output\_qualified\_arn) | If the lambda function is published, the qualified\_arn points at the latest version number. | +| [role\_id](#output\_role\_id) | n/a | +| [role\_name](#output\_role\_name) | n/a | diff --git a/aws-param/README.md b/aws-param/README.md index 9aa1554a..ccc6f564 100644 --- a/aws-param/README.md +++ b/aws-param/README.md @@ -30,28 +30,37 @@ output "secret" { | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_ssm_parameter.secret](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| name | The name of the secret. | `string` | n/a | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| use\_paths | This exists to support data written by Chamber before version 2.0.0, which used '.' instead of '/' as a separator. | `string` | `"true"` | no | +| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [name](#input\_name) | The name of the secret. | `string` | n/a | yes | +| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [use\_paths](#input\_use\_paths) | This exists to support data written by Chamber before version 2.0.0, which used '.' instead of '/' as a separator. | `string` | `"true"` | no | ## Outputs | Name | Description | |------|-------------| -| value | n/a | - +| [value](#output\_value) | n/a | diff --git a/aws-params-reader-policy/README.md b/aws-params-reader-policy/README.md index f291a65e..7af1fc40 100644 --- a/aws-params-reader-policy/README.md +++ b/aws-params-reader-policy/README.md @@ -7,28 +7,40 @@ Creates a policy to access encrypted parameters in Parameter Store for a given s | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_role_policy.policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_iam_policy_document.policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_kms_alias.parameter_store_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_alias) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| extra\_services | Extra services to be given parameter read access to, within the same project and environment. | `list(string)` | `[]` | no | -| parameter\_store\_key\_alias | Alias of the encryption key used to encrypt parameter store values. | `string` | `"parameter_store_key"` | no | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| region | Region the parameter store values can be read from. Defaults to all. | `string` | `"*"` | no | -| role\_name | Name of the role to assign the policy to. | `string` | n/a | yes | -| service | Name of the service to load secrets for. | `string` | n/a | yes | +| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [extra\_services](#input\_extra\_services) | Extra services to be given parameter read access to, within the same project and environment. | `list(string)` | `[]` | no | +| [parameter\_store\_key\_alias](#input\_parameter\_store\_key\_alias) | Alias of the encryption key used to encrypt parameter store values. | `string` | `"parameter_store_key"` | no | +| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [region](#input\_region) | Region the parameter store values can be read from. Defaults to all. | `string` | `"*"` | no | +| [role\_name](#input\_role\_name) | Name of the role to assign the policy to. | `string` | n/a | yes | +| [service](#input\_service) | Name of the service to load secrets for. | `string` | n/a | yes | ## Outputs -No output. - +No outputs. diff --git a/aws-params-secrets-setup/README.md b/aws-params-secrets-setup/README.md index 63254739..c34cf230 100644 --- a/aws-params-secrets-setup/README.md +++ b/aws-params-secrets-setup/README.md @@ -10,26 +10,36 @@ Currently that just means creating an KMS key for encrypting the parameters stor | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_kms_alias.parameter_store_alias](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource | +| [aws_kms_key.parameter_store](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| alias\_name | Chamber is hard coded to use a KMS alias with the name 'parameter\_store\_key'. | `string` | `"parameter_store_key"` | no | -| env | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | `""` | no | -| owner | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| service | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | `""` | no | +| [alias\_name](#input\_alias\_name) | Chamber is hard coded to use a KMS alias with the name 'parameter\_store\_key'. | `string` | `"parameter_store_key"` | no | +| [env](#input\_env) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | `""` | no | +| [owner](#input\_owner) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [service](#input\_service) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | `""` | no | ## Outputs -No output. - +No outputs. diff --git a/aws-params-writer/README.md b/aws-params-writer/README.md index 4e3033cd..398ba9ba 100644 --- a/aws-params-writer/README.md +++ b/aws-params-writer/README.md @@ -17,27 +17,37 @@ in the [Terraform docs](https://www.terraform.io/docs/state/sensitive-data.html) | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_ssm_parameter.parameter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_parameter) | resource | +| [aws_kms_key.key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_key) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| parameters | Map from parameter names to values to set. | `map(any)` | n/a | yes | -| parameters\_count | HACK: The number of keys in var.parameters. To avoid hitting value of count cannot be computed. | `string` | n/a | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [owner](#input\_owner) | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [parameters](#input\_parameters) | Map from parameter names to values to set. | `map(any)` | n/a | yes | +| [parameters\_count](#input\_parameters\_count) | HACK: The number of keys in var.parameters. To avoid hitting value of count cannot be computed. | `string` | n/a | yes | +| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | ## Outputs -No output. - +No outputs. diff --git a/aws-redis-node/README.md b/aws-redis-node/README.md index 367e467e..efdea8fe 100644 --- a/aws-redis-node/README.md +++ b/aws-redis-node/README.md @@ -8,39 +8,51 @@ parameters. | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [sg](#module\_sg) | terraform-aws-modules/security-group/aws | 3.12.0 | + +## Resources + +| Name | Type | +|------|------| +| [aws_elasticache_cluster.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_cluster) | resource | +| [aws_elasticache_subnet_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_subnet_group) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| apply\_immediately | Whether changes should be applied immediately or during the next maintenance window. | `bool` | `true` | no | -| availability\_zone | Availability zone in which this instance should run. | `string` | `null` | no | -| engine\_version | The version of Redis to run. See [supported versions](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/supported-engine-versions.html) | `string` | `"5.0.5"` | no | -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| ingress\_security\_group\_cidr\_blocks | Source CIDR blocks which should be able to contact this instance. | `list(string)` | `[]` | no | -| ingress\_security\_group\_ids | Source security groups which should be able to contact this instance. | `list(string)` | n/a | yes | -| instance\_type | The type of instance to run. See [supported node types](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html) | `string` | `"cache.m5.large"` | no | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| parameter\_group\_name | Parameter group to use for this Redis cache. | `string` | `"default.redis5.0"` | no | -| port | Port to host Redis on. | `number` | `6379` | no | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| resource\_name | If not set, name will be [var.project]-[var.env]-[var.name]. | `string` | `""` | no | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | `"redis"` | no | -| subnets | List of subnets to which this EC instance should be attached. They should probably be private. | `list(string)` | n/a | yes | -| vpc\_id | VPC where the cache will be deployed. | `string` | n/a | yes | +| [apply\_immediately](#input\_apply\_immediately) | Whether changes should be applied immediately or during the next maintenance window. | `bool` | `true` | no | +| [availability\_zone](#input\_availability\_zone) | Availability zone in which this instance should run. | `string` | `null` | no | +| [engine\_version](#input\_engine\_version) | The version of Redis to run. See [supported versions](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/supported-engine-versions.html) | `string` | `"5.0.5"` | no | +| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [ingress\_security\_group\_cidr\_blocks](#input\_ingress\_security\_group\_cidr\_blocks) | Source CIDR blocks which should be able to contact this instance. | `list(string)` | `[]` | no | +| [ingress\_security\_group\_ids](#input\_ingress\_security\_group\_ids) | Source security groups which should be able to contact this instance. | `list(string)` | n/a | yes | +| [instance\_type](#input\_instance\_type) | The type of instance to run. See [supported node types](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html) | `string` | `"cache.m5.large"` | no | +| [owner](#input\_owner) | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [parameter\_group\_name](#input\_parameter\_group\_name) | Parameter group to use for this Redis cache. | `string` | `"default.redis5.0"` | no | +| [port](#input\_port) | Port to host Redis on. | `number` | `6379` | no | +| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [resource\_name](#input\_resource\_name) | If not set, name will be [var.project]-[var.env]-[var.name]. | `string` | `""` | no | +| [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | `"redis"` | no | +| [subnets](#input\_subnets) | List of subnets to which this EC instance should be attached. They should probably be private. | `list(string)` | n/a | yes | +| [vpc\_id](#input\_vpc\_id) | VPC where the cache will be deployed. | `string` | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| address | n/a | -| port | n/a | - +| [address](#output\_address) | n/a | +| [port](#output\_port) | n/a | diff --git a/aws-redis-replication-group/README.md b/aws-redis-replication-group/README.md index 23831edc..9098eae8 100644 --- a/aws-redis-replication-group/README.md +++ b/aws-redis-replication-group/README.md @@ -8,43 +8,55 @@ a replication group with the given parameters. | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [sg](#module\_sg) | terraform-aws-modules/security-group/aws | 3.12.0 | + +## Resources + +| Name | Type | +|------|------| +| [aws_elasticache_replication_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_replication_group) | resource | +| [aws_elasticache_subnet_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_subnet_group) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| apply\_immediately | Whether changes should be applied immediately or during the next maintenance window. | `bool` | `true` | no | -| at\_rest\_encryption\_enabled | Whether to enable encryption at rest. Default: false. | `bool` | `false` | no | -| availability\_zones | Availability zone in which this instance should run. | `list(string)` | `null` | no | -| engine\_version | The version of Redis to run. See [supported versions](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/supported-engine-versions.html) | `string` | `"5.0.5"` | no | -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| ingress\_security\_group\_ids | Source security groups which should be able to contact this instance. | `list(string)` | n/a | yes | -| instance\_type | The type of instance to run. See [supported node types](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html) | `string` | `"cache.m5.large"` | no | -| number\_cache\_clusters | Number of cache clusters. Default 1. | `number` | `1` | no | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| parameter\_group\_name | Parameter group to use for this Redis cache. | `string` | `"default.redis5.0"` | no | -| port | Port to host Redis on. | `number` | `6379` | no | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| replication\_group\_description | A user-created description for the replication group. | `string` | n/a | yes | -| resource\_name | If not set, name will be [var.project]-[var.env]-[var.name]. | `string` | `""` | no | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | `"redis"` | no | -| subnets | List of subnets to which this EC instance should be attached. They should probably be private. | `list(string)` | n/a | yes | -| transit\_encryption\_enabled | Whether to enable encryption in transit. Default: false. | `bool` | `false` | no | -| vpc\_id | VPC where the cache will be deployed. | `string` | n/a | yes | +| [apply\_immediately](#input\_apply\_immediately) | Whether changes should be applied immediately or during the next maintenance window. | `bool` | `true` | no | +| [at\_rest\_encryption\_enabled](#input\_at\_rest\_encryption\_enabled) | Whether to enable encryption at rest. Default: false. | `bool` | `false` | no | +| [availability\_zones](#input\_availability\_zones) | Availability zone in which this instance should run. | `list(string)` | `null` | no | +| [engine\_version](#input\_engine\_version) | The version of Redis to run. See [supported versions](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/supported-engine-versions.html) | `string` | `"5.0.5"` | no | +| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [ingress\_security\_group\_ids](#input\_ingress\_security\_group\_ids) | Source security groups which should be able to contact this instance. | `list(string)` | n/a | yes | +| [instance\_type](#input\_instance\_type) | The type of instance to run. See [supported node types](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html) | `string` | `"cache.m5.large"` | no | +| [number\_cache\_clusters](#input\_number\_cache\_clusters) | Number of cache clusters. Default 1. | `number` | `1` | no | +| [owner](#input\_owner) | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [parameter\_group\_name](#input\_parameter\_group\_name) | Parameter group to use for this Redis cache. | `string` | `"default.redis5.0"` | no | +| [port](#input\_port) | Port to host Redis on. | `number` | `6379` | no | +| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [replication\_group\_description](#input\_replication\_group\_description) | A user-created description for the replication group. | `string` | n/a | yes | +| [resource\_name](#input\_resource\_name) | If not set, name will be [var.project]-[var.env]-[var.name]. | `string` | `""` | no | +| [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | `"redis"` | no | +| [subnets](#input\_subnets) | List of subnets to which this EC instance should be attached. They should probably be private. | `list(string)` | n/a | yes | +| [transit\_encryption\_enabled](#input\_transit\_encryption\_enabled) | Whether to enable encryption in transit. Default: false. | `bool` | `false` | no | +| [vpc\_id](#input\_vpc\_id) | VPC where the cache will be deployed. | `string` | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| configuration\_endpoint\_address | The configuration endpoint address to allow host discovery. | -| port | Redis TCP port. | -| primary\_endpoint\_address | The endpoint of the primary node in this node group (shard). | - +| [configuration\_endpoint\_address](#output\_configuration\_endpoint\_address) | The configuration endpoint address to allow host discovery. | +| [port](#output\_port) | Redis TCP port. | +| [primary\_endpoint\_address](#output\_primary\_endpoint\_address) | The endpoint of the primary node in this node group (shard). | diff --git a/aws-s3-account-public-access-block/README.md b/aws-s3-account-public-access-block/README.md index 0771b8a1..1613f6af 100644 --- a/aws-s3-account-public-access-block/README.md +++ b/aws-s3-account-public-access-block/README.md @@ -11,24 +11,33 @@ Restrict: | Name | Version | |------|---------| -| aws | > 2.0.0 | +| [aws](#requirement\_aws) | > 2.0.0 | ## Providers | Name | Version | |------|---------| -| aws | > 2.0.0 | +| [aws](#provider\_aws) | > 2.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_s3_account_public_access_block.block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_account_public_access_block) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| restrict | How restrictive should the account-wide access block be. Accepted values are `all`, `new`, `none`.
`all` blocks public access to all buckets in account.
`new` prevents you from granting public access to any more buckets, existing public buckets remain public.
`none` restricts no access. | `string` | `"all"` | no | +| [restrict](#input\_restrict) | How restrictive should the account-wide access block be. Accepted values are `all`, `new`, `none`.
`all` blocks public access to all buckets in account.
`new` prevents you from granting public access to any more buckets, existing public buckets remain public.
`none` restricts no access. | `string` | `"all"` | no | ## Outputs | Name | Description | |------|-------------| -| block\_settings | The computed block configuration | - +| [block\_settings](#output\_block\_settings) | The computed block configuration | diff --git a/aws-s3-private-bucket/README.md b/aws-s3-private-bucket/README.md index c2f26637..d1747465 100644 --- a/aws-s3-private-bucket/README.md +++ b/aws-s3-private-bucket/README.md @@ -35,40 +35,52 @@ module "s3-bucket" { | Name | Version | |------|---------| -| aws | >= 2.60.0 | +| [aws](#requirement\_aws) | >= 2.60.0 | ## Providers | Name | Version | |------|---------| -| aws | >= 2.60.0 | +| [aws](#provider\_aws) | >= 2.60.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_s3_bucket.bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | +| [aws_s3_bucket_policy.bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource | +| [aws_s3_bucket_public_access_block.bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource | +| [aws_iam_policy_document.bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| abort\_incomplete\_multipart\_upload\_days | Number of days after which an incomplete multipart upload is canceled. The value for this variable is set for all lifecycle rules, to specify the abort\_incomplete\_multipart\_upload\_days for each rule, you can specify it in the lifecycle\_rules variable. | `number` | `14` | no | -| bucket\_name | n/a | `string` | n/a | yes | -| bucket\_policy | n/a | `string` | `""` | no | -| cors\_rules | List of maps containing the cors rule configuration objects. | `any` | `[]` | no | -| enable\_versioning | Keep old versions of overwritten S3 objects. | `bool` | `true` | no | -| env | n/a | `string` | n/a | yes | -| grants | A list of objects containing the grant configurations. Used when we want to grant permissions to AWS accounts via the S3 ACL system. | `any` | `[]` | no | -| lifecycle\_rules | List of maps containing configuration of object lifecycle management. | `any` | 
[
  {
    "abort_incomplete_multipart_upload_days": 7,
    "enabled": true,
    "expiration": {
      "expired_object_delete_marker": true
    },
    "noncurrent_version_expiration": {
      "days": 365
    },
    "noncurrent_version_transition": {
      "days": 30,
      "storage_class": "STANDARD_IA"
    }
  }
]
| no | -| logging\_bucket | Log bucket name and prefix to enable logs for this bucket | `object({ name = string, prefix = string })` | `null` | no | -| owner | n/a | `string` | n/a | yes | -| project | n/a | `string` | n/a | yes | -| public\_access\_block | n/a | `bool` | `true` | no | -| service | n/a | `string` | n/a | yes | -| transfer\_acceleration | n/a | `bool` | `false` | no | +| [abort\_incomplete\_multipart\_upload\_days](#input\_abort\_incomplete\_multipart\_upload\_days) | Number of days after which an incomplete multipart upload is canceled. The value for this variable is set for all lifecycle rules, to specify the abort\_incomplete\_multipart\_upload\_days for each rule, you can specify it in the lifecycle\_rules variable. | `number` | `14` | no | +| [bucket\_name](#input\_bucket\_name) | n/a | `string` | n/a | yes | +| [bucket\_policy](#input\_bucket\_policy) | n/a | `string` | `""` | no | +| [cors\_rules](#input\_cors\_rules) | List of maps containing the cors rule configuration objects. | `any` | `[]` | no | +| [enable\_versioning](#input\_enable\_versioning) | Keep old versions of overwritten S3 objects. | `bool` | `true` | no | +| [env](#input\_env) | n/a | `string` | n/a | yes | +| [grants](#input\_grants) | A list of objects containing the grant configurations. Used when we want to grant permissions to AWS accounts via the S3 ACL system. | `any` | `[]` | no | +| [lifecycle\_rules](#input\_lifecycle\_rules) | List of maps containing configuration of object lifecycle management. | `any` | 
[
  {
    "abort_incomplete_multipart_upload_days": 7,
    "enabled": true,
    "expiration": {
      "expired_object_delete_marker": true
    },
    "noncurrent_version_expiration": {
      "days": 365
    },
    "noncurrent_version_transition": {
      "days": 30,
      "storage_class": "STANDARD_IA"
    }
  }
]
| no | +| [logging\_bucket](#input\_logging\_bucket) | Log bucket name and prefix to enable logs for this bucket | `object({ name = string, prefix = string })` | `null` | no | +| [owner](#input\_owner) | n/a | `string` | n/a | yes | +| [project](#input\_project) | n/a | `string` | n/a | yes | +| [public\_access\_block](#input\_public\_access\_block) | n/a | `bool` | `true` | no | +| [service](#input\_service) | n/a | `string` | n/a | yes | +| [transfer\_acceleration](#input\_transfer\_acceleration) | n/a | `bool` | `false` | no | ## Outputs | Name | Description | |------|-------------| -| arn | n/a | -| domain\_name | n/a | -| id | n/a | -| name | HACK(el): we do this to hint TF dependency graph since modules can't depend\_on | - +| [arn](#output\_arn) | n/a | +| [domain\_name](#output\_domain\_name) | n/a | +| [id](#output\_id) | n/a | +| [name](#output\_name) | HACK(el): we do this to hint TF dependency graph since modules can't depend\_on | diff --git a/aws-s3-public-bucket/README.md b/aws-s3-public-bucket/README.md index 55843c4a..db1ee2cf 100644 --- a/aws-s3-public-bucket/README.md +++ b/aws-s3-public-bucket/README.md @@ -3,37 +3,47 @@ | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_s3_bucket.bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | +| [aws_iam_policy_document.bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| allow\_public\_list | Allow public to list bucket contents. | `bool` | `false` | no | -| bucket\_contents | Describe the data within this bucket. | `string` | n/a | yes | -| bucket\_name | The name of the bucket. Note that `-public` will be appended to `bucket_name`s that don't contain a `public` substring. This module will output the computed `bucket_name`. | `string` | n/a | yes | -| bucket\_policy | A policy to attach to this bucket. | `string` | `""` | no | -| enable\_versioning | Keep old versions of objects in this bucket. | `bool` | `true` | no | -| env | Env for tagging and naming. | `string` | n/a | yes | -| owner | Owner for tagging and naming. | `string` | n/a | yes | -| project | Project for tagging and naming. | `string` | n/a | yes | -| public\_read\_justification | Describe why this bucket must be public and what it is being used for. | `string` | n/a | yes | -| require\_tls | Require TLS to read objects from this bucket. | `bool` | `true` | no | -| service | Service for tagging and naming. | `string` | n/a | yes | +| [allow\_public\_list](#input\_allow\_public\_list) | Allow public to list bucket contents. | `bool` | `false` | no | +| [bucket\_contents](#input\_bucket\_contents) | Describe the data within this bucket. | `string` | n/a | yes | +| [bucket\_name](#input\_bucket\_name) | The name of the bucket. Note that `-public` will be appended to `bucket_name`s that don't contain a `public` substring. This module will output the computed `bucket_name`. | `string` | n/a | yes | +| [bucket\_policy](#input\_bucket\_policy) | A policy to attach to this bucket. | `string` | `""` | no | +| [enable\_versioning](#input\_enable\_versioning) | Keep old versions of objects in this bucket. | `bool` | `true` | no | +| [env](#input\_env) | Env for tagging and naming. | `string` | n/a | yes | +| [owner](#input\_owner) | Owner for tagging and naming. | `string` | n/a | yes | +| [project](#input\_project) | Project for tagging and naming. | `string` | n/a | yes | +| [public\_read\_justification](#input\_public\_read\_justification) | Describe why this bucket must be public and what it is being used for. | `string` | n/a | yes | +| [require\_tls](#input\_require\_tls) | Require TLS to read objects from this bucket. | `bool` | `true` | no | +| [service](#input\_service) | Service for tagging and naming. | `string` | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| arn | Public bucket ARN | -| domain\_name | Domain where you host the public bucket | -| id | Public Bucket ID | -| name | Name of this public bucket. It should have `public` in its name | - +| [arn](#output\_arn) | Public bucket ARN | +| [domain\_name](#output\_domain\_name) | Domain where you host the public bucket | +| [id](#output\_id) | Public Bucket ID | +| [name](#output\_name) | Name of this public bucket. It should have `public` in its name | diff --git a/aws-single-page-static-site/README.md b/aws-single-page-static-site/README.md index fb1044d2..a1663e1c 100644 --- a/aws-single-page-static-site/README.md +++ b/aws-single-page-static-site/README.md @@ -42,41 +42,61 @@ module "site" { | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [security\_headers\_lambda](#module\_security\_headers\_lambda) | ../aws-lambda-edge-add-security-headers | | + +## Resources + +| Name | Type | +|------|------| +| [aws_cloudfront_distribution.s3_distribution](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution) | resource | +| [aws_cloudfront_origin_access_identity.origin_access_identity](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_origin_access_identity) | resource | +| [aws_route53_record.ipv4-record](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | +| [aws_route53_record.ipv6-record](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | +| [aws_route53_record.www-ipv4-record](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | +| [aws_route53_record.www-ipv6-record](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | +| [aws_s3_bucket.bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | +| [aws_s3_bucket_public_access_block.bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource | +| [aws_iam_policy_document.bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_route53_zone.zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| aliases | Vanity aliases. Make sure your provided cert supports these. | `list(any)` | `[]` | no | -| aws\_acm\_cert\_arn | An AWS ACM cert. Note that Cloudfront requires certs to be in us-east-1. | `string` | n/a | yes | -| aws\_route53\_zone\_id | A route53 zone ID used to write records. | `string` | n/a | yes | -| bucket\_name | Name of the bucket to created. If not given, it will use the domain name. | `string` | `""` | no | -| cloudfront\_price\_class | Cloudfront [price class](https://aws.amazon.com/cloudfront/pricing/). | `string` | `"PriceClass_100"` | no | -| custom\_error\_response\_codes | The http response codes for which to return the default index page. | `list(number)` | 
[
  404,
  403,
  503
]
| no | -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| index\_document\_path | The path to the index document of your site. | `string` | `"index.html"` | no | -| minimum\_tls\_version | Minimum TLS version to accept. | `string` | `"TLSv1.1_2016"` | no | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| path\_pattern | The pattern (for example, images/\*.jpg) that specifies which requests you want this cache behavior to apply to. | `string` | `"*"` | no | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| subdomain | The subdomain for this static site. | `string` | n/a | yes | +| [aliases](#input\_aliases) | Vanity aliases. Make sure your provided cert supports these. | `list(any)` | `[]` | no | +| [aws\_acm\_cert\_arn](#input\_aws\_acm\_cert\_arn) | An AWS ACM cert. Note that Cloudfront requires certs to be in us-east-1. | `string` | n/a | yes | +| [aws\_route53\_zone\_id](#input\_aws\_route53\_zone\_id) | A route53 zone ID used to write records. | `string` | n/a | yes | +| [bucket\_name](#input\_bucket\_name) | Name of the bucket to created. If not given, it will use the domain name. | `string` | `""` | no | +| [cloudfront\_price\_class](#input\_cloudfront\_price\_class) | Cloudfront [price class](https://aws.amazon.com/cloudfront/pricing/). | `string` | `"PriceClass_100"` | no | +| [custom\_error\_response\_codes](#input\_custom\_error\_response\_codes) | The http response codes for which to return the default index page. | `list(number)` | 
[
  404,
  403,
  503
]
| no | +| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [index\_document\_path](#input\_index\_document\_path) | The path to the index document of your site. | `string` | `"index.html"` | no | +| [minimum\_tls\_version](#input\_minimum\_tls\_version) | Minimum TLS version to accept. | `string` | `"TLSv1.1_2016"` | no | +| [owner](#input\_owner) | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [path\_pattern](#input\_path\_pattern) | The pattern (for example, images/*.jpg) that specifies which requests you want this cache behavior to apply to. | `string` | `"*"` | no | +| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [subdomain](#input\_subdomain) | The subdomain for this static site. | `string` | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| bucket\_arn | n/a | -| bucket\_name | n/a | -| cloudfront\_arn | n/a | -| cloudfront\_domain\_name | n/a | -| cloudfront\_hosted\_zone\_id | n/a | - +| [bucket\_arn](#output\_bucket\_arn) | n/a | +| [bucket\_name](#output\_bucket\_name) | n/a | +| [cloudfront\_arn](#output\_cloudfront\_arn) | n/a | +| [cloudfront\_domain\_name](#output\_cloudfront\_domain\_name) | n/a | +| [cloudfront\_hosted\_zone\_id](#output\_cloudfront\_hosted\_zone\_id) | n/a | diff --git a/aws-sns-lambda/README.md b/aws-sns-lambda/README.md index d87d2b7a..32b35473 100644 --- a/aws-sns-lambda/README.md +++ b/aws-sns-lambda/README.md @@ -52,40 +52,52 @@ data "archive_file" "lambda_archive" { | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [lambda](#module\_lambda) | ../aws-lambda-function | | + +## Resources + +| Name | Type | +|------|------| +| [aws_sns_topic.sns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource | +| [aws_sns_topic_subscription.sns_subscription](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| env | Env for tagging and naming. | `string` | n/a | yes | -| function\_description | Description for the lambda function. | `string` | `""` | no | -| lambda\_environment | Environment for lambda. | `map(any)` | `{}` | no | -| lambda\_function\_name | Name for lambda function. If not set, function use default naming convention of $project-$env-$service. | `string` | `null` | no | -| lambda\_handler | Name of the lambda handler. | `string` | n/a | yes | -| lambda\_role\_path | Path of the IAM role for lambda. | `string` | `null` | no | -| lambda\_runtime | Lambda language runtime. | `string` | n/a | yes | -| lambda\_source\_code\_hash | Lambda source code, used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file. | `string` | `null` | no | -| lambda\_timeout | Execution timeout for the lambda. | `number` | `null` | no | -| lambda\_zip\_file | The path to the function's deployment package within the local filesystem. | `string` | n/a | yes | -| log\_retention\_in\_days | The number of days to retain log events in the log group for lambda. | `number` | `null` | no | -| owner | Owner for tagging and naming. | `string` | n/a | yes | -| project | Project for tagging and naming. | `string` | n/a | yes | -| publish\_lambda | Whether to publish creation/change as new Lambda Function Version. | `bool` | `false` | no | -| service | Service for tagging and naming | `string` | n/a | yes | -| sns\_configurations | List of objects containing the SNS configurations. | `list(any)` | `[]` | no | +| [env](#input\_env) | Env for tagging and naming. | `string` | n/a | yes | +| [function\_description](#input\_function\_description) | Description for the lambda function. | `string` | `""` | no | +| [lambda\_environment](#input\_lambda\_environment) | Environment for lambda. | `map(any)` | `{}` | no | +| [lambda\_function\_name](#input\_lambda\_function\_name) | Name for lambda function. If not set, function use default naming convention of $project-$env-$service. | `string` | `null` | no | +| [lambda\_handler](#input\_lambda\_handler) | Name of the lambda handler. | `string` | n/a | yes | +| [lambda\_role\_path](#input\_lambda\_role\_path) | Path of the IAM role for lambda. | `string` | `null` | no | +| [lambda\_runtime](#input\_lambda\_runtime) | Lambda language runtime. | `string` | n/a | yes | +| [lambda\_source\_code\_hash](#input\_lambda\_source\_code\_hash) | Lambda source code, used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file. | `string` | `null` | no | +| [lambda\_timeout](#input\_lambda\_timeout) | Execution timeout for the lambda. | `number` | `null` | no | +| [lambda\_zip\_file](#input\_lambda\_zip\_file) | The path to the function's deployment package within the local filesystem. | `string` | n/a | yes | +| [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | The number of days to retain log events in the log group for lambda. | `number` | `null` | no | +| [owner](#input\_owner) | Owner for tagging and naming. | `string` | n/a | yes | +| [project](#input\_project) | Project for tagging and naming. | `string` | n/a | yes | +| [publish\_lambda](#input\_publish\_lambda) | Whether to publish creation/change as new Lambda Function Version. | `bool` | `false` | no | +| [service](#input\_service) | Service for tagging and naming | `string` | n/a | yes | +| [sns\_configurations](#input\_sns\_configurations) | List of objects containing the SNS configurations. | `list(any)` | `[]` | no | ## Outputs | Name | Description | |------|-------------| -| lambda\_role\_name | Name for the lambda execution role. | -| sns\_topic\_arns | SNS topic ARNs. | - +| [lambda\_role\_name](#output\_lambda\_role\_name) | Name for the lambda execution role. | +| [sns\_topic\_arns](#output\_sns\_topic\_arns) | SNS topic ARNs. | diff --git a/aws-ssm-params-writer/README.md b/aws-ssm-params-writer/README.md index 17b14b92..13bce534 100644 --- a/aws-ssm-params-writer/README.md +++ b/aws-ssm-params-writer/README.md @@ -15,26 +15,36 @@ in the [Terraform docs](https://www.terraform.io/docs/state/sensitive-data.html) | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_ssm_parameter.parameter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_parameter) | resource | +| [aws_kms_key.key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_key) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | -| parameters | Map from parameter names to values to set. | `map(string)` | n/a | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [owner](#input\_owner) | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | +| [parameters](#input\_parameters) | Map from parameter names to values to set. | `map(string)` | n/a | yes | +| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | `string` | n/a | yes | ## Outputs -No output. - +No outputs. diff --git a/aws-ssm-params/README.md b/aws-ssm-params/README.md index 231aa6b6..bb1e25e7 100644 --- a/aws-ssm-params/README.md +++ b/aws-ssm-params/README.md @@ -28,27 +28,36 @@ output "secret" { | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_ssm_parameter.secret](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| parameters | Set of names of secrets. | `set(string)` | n/a | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [parameters](#input\_parameters) | Set of names of secrets. | `set(string)` | n/a | yes | +| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| values | Map from keys to corresponding values stored in the SSM Parameter Store. | - +| [values](#output\_values) | Map from keys to corresponding values stored in the SSM Parameter Store. | diff --git a/bless-ca/README.md b/bless-ca/README.md index 5409df4f..4e527412 100644 --- a/bless-ca/README.md +++ b/bless-ca/README.md @@ -98,34 +98,58 @@ You can read more about Bless and SSH certificates here: | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | -| bless | n/a | -| random | n/a | +| [aws](#provider\_aws) | < 3.0.0 | +| [bless](#provider\_bless) | n/a | +| [random](#provider\_random) | n/a | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [lambda](#module\_lambda) | ../aws-lambda-function | | +| [logs\_policy](#module\_logs\_policy) | ../aws-iam-policy-cwlogs | | + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_role.bless](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_kms_alias.bless](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource | +| [aws_kms_alias.bless_kms_auth](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource | +| [aws_kms_key.bless](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource | +| [aws_kms_key.bless_kms_auth](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource | +| [bless_ca.bless](https://registry.terraform.io/providers/hashicorp/bless/latest/docs/resources/ca) | resource | +| [random_id.path](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource | +| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.kmsauth](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [bless_lambda.code](https://registry.terraform.io/providers/hashicorp/bless/latest/docs/data-sources/lambda) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| authorized\_users | A list of IAM users authorized ot invoke bless and the corresponding kmsauth key. | `list(any)` | `[]` | no | -| bless\_logging\_level | Bless lambda logging level. | `string` | `"INFO"` | no | -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| iam\_path | The IAM path under which the Bless lambda will be run. | `string` | `"/"` | no | -| kmsauth\_iam\_group\_name\_format | Formatting string to tell bless which IAM groups are relevant when checking SSH certificate principal validity. | `string` | `"{}"` | no | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [authorized\_users](#input\_authorized\_users) | A list of IAM users authorized ot invoke bless and the corresponding kmsauth key. | `list(any)` | `[]` | no | +| [bless\_logging\_level](#input\_bless\_logging\_level) | Bless lambda logging level. | `string` | `"INFO"` | no | +| [env](#input\_env) | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [iam\_path](#input\_iam\_path) | The IAM path under which the Bless lambda will be run. | `string` | `"/"` | no | +| [kmsauth\_iam\_group\_name\_format](#input\_kmsauth\_iam\_group\_name\_format) | Formatting string to tell bless which IAM groups are relevant when checking SSH certificate principal validity. | `string` | `"{}"` | no | +| [owner](#input\_owner) | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [project](#input\_project) | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | +| [service](#input\_service) | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | `string` | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| ca\_public\_key | n/a | -| lambda\_arn | n/a | - +| [ca\_public\_key](#output\_ca\_public\_key) | n/a | +| [lambda\_arn](#output\_lambda\_arn) | n/a | diff --git a/github-webhooks-to-s3/README.md b/github-webhooks-to-s3/README.md index bf5bfb38..505bf7ee 100644 --- a/github-webhooks-to-s3/README.md +++ b/github-webhooks-to-s3/README.md @@ -29,32 +29,68 @@ module "archiver" { | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#requirement\_aws) | < 3.0.0 | ## Providers | Name | Version | |------|---------| -| aws | < 3.0.0 | +| [aws](#provider\_aws) | < 3.0.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [attach-logs](#module\_attach-logs) | ../aws-iam-policy-cwlogs | | +| [bucket](#module\_bucket) | ../aws-s3-private-bucket | | +| [github\_secret](#module\_github\_secret) | ../aws-ssm-params | | + +## Resources + +| Name | Type | +|------|------| +| [aws_api_gateway_base_path_mapping.github](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_base_path_mapping) | resource | +| [aws_api_gateway_deployment.github](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_deployment) | resource | +| [aws_api_gateway_domain_name.github](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_domain_name) | resource | +| [aws_api_gateway_integration.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_integration) | resource | +| [aws_api_gateway_integration.lambda_root](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_integration) | resource | +| [aws_api_gateway_method.github](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_method) | resource | +| [aws_api_gateway_method.github_root](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_method) | resource | +| [aws_api_gateway_resource.github](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_resource) | resource | +| [aws_api_gateway_rest_api.github](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_rest_api) | resource | +| [aws_cloudwatch_log_group.firehose](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | +| [aws_cloudwatch_log_stream.firehose](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_stream) | resource | +| [aws_iam_role.firehose](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy.firehose](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy.firehose-s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_kinesis_firehose_delivery_stream.firehose](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kinesis_firehose_delivery_stream) | resource | +| [aws_lambda_function.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource | +| [aws_lambda_permission.apigw](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | +| [aws_route53_record.github](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | +| [aws_route53_record.github-ipv6](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | +| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.firehose](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.firehose-to-s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.firehose-write](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| certificate\_arn | A certificate in us-east-1 for var.fqdn | `string` | n/a | yes | -| env | Env for tagging and naming. | `string` | n/a | yes | -| fqdn | The fqdn to expose the api gateway as | `string` | n/a | yes | -| iam\_path | n/a | `string` | `"/"` | no | -| lambda\_source\_s3\_bucket | The s3 bucket where to find the lambda executable | `string` | `"shared-infra-prod-assets"` | no | -| lambda\_source\_s3\_key | The s3 key where to find the lambda executable | `string` | `"go-misc/lambdas/2019/06/03/github_to_firehose.zip"` | no | -| owner | Owner for tagging and naming. | `string` | n/a | yes | -| project | Project for tagging and naming. | `string` | n/a | yes | -| route53\_zone\_id | The route53 zone id for fqdn's domain | `string` | n/a | yes | -| s3\_prefix | Firehose will add this prefix to files it writes to the s3 bucket | `string` | `""` | no | -| service | Service for tagging and naming. | `string` | n/a | yes | +| [certificate\_arn](#input\_certificate\_arn) | A certificate in us-east-1 for var.fqdn | `string` | n/a | yes | +| [env](#input\_env) | Env for tagging and naming. | `string` | n/a | yes | +| [fqdn](#input\_fqdn) | The fqdn to expose the api gateway as | `string` | n/a | yes | +| [iam\_path](#input\_iam\_path) | n/a | `string` | `"/"` | no | +| [lambda\_source\_s3\_bucket](#input\_lambda\_source\_s3\_bucket) | The s3 bucket where to find the lambda executable | `string` | `"shared-infra-prod-assets"` | no | +| [lambda\_source\_s3\_key](#input\_lambda\_source\_s3\_key) | The s3 key where to find the lambda executable | `string` | `"go-misc/lambdas/2019/06/03/github_to_firehose.zip"` | no | +| [owner](#input\_owner) | Owner for tagging and naming. | `string` | n/a | yes | +| [project](#input\_project) | Project for tagging and naming. | `string` | n/a | yes | +| [route53\_zone\_id](#input\_route53\_zone\_id) | The route53 zone id for fqdn's domain | `string` | n/a | yes | +| [s3\_prefix](#input\_s3\_prefix) | Firehose will add this prefix to files it writes to the s3 bucket | `string` | `""` | no | +| [service](#input\_service) | Service for tagging and naming. | `string` | n/a | yes | ## Outputs -No output. - +No outputs. diff --git a/snowflake-account-grant-all/README.md b/snowflake-account-grant-all/README.md index d396248b..1c20945e 100644 --- a/snowflake-account-grant-all/README.md +++ b/snowflake-account-grant-all/README.md @@ -3,26 +3,35 @@ | Name | Version | |------|---------| -| snowflake | >= 0.20.0 | +| [snowflake](#requirement\_snowflake) | >= 0.20.0 | ## Providers | Name | Version | |------|---------| -| snowflake | >= 0.20.0 | +| [snowflake](#provider\_snowflake) | >= 0.20.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [snowflake_account_grant.all](https://registry.terraform.io/providers/chanzuckerberg/snowflake/latest/docs/resources/account_grant) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| per\_privilege\_grants | A map of privileges to authorized roles and shares. Privileges must be UPPER case.
This allows you to authorize extra roles/shares for specific privileges. | `map(object({roles = list(string)}))` | `{}` | no | -| roles | Grants privilege to these roles. | `set(string)` | `null` | no | -| with\_grant\_option | When this is set to true, allows the recipient role to grant the privileges to other roles. | `bool` | `null` | no | +| [per\_privilege\_grants](#input\_per\_privilege\_grants) | A map of privileges to authorized roles and shares. Privileges must be UPPER case.
This allows you to authorize extra roles/shares for specific privileges. | `map(object({roles = list(string)}))` | `{}` | no | +| [roles](#input\_roles) | Grants privilege to these roles. | `set(string)` | `null` | no | +| [with\_grant\_option](#input\_with\_grant\_option) | When this is set to true, allows the recipient role to grant the privileges to other roles. | `bool` | `null` | no | ## Outputs | Name | Description | |------|-------------| -| privileges | Privileges that make up the ALL set. | - +| [privileges](#output\_privileges) | Privileges that make up the ALL set. | diff --git a/snowflake-database-grant-all/README.md b/snowflake-database-grant-all/README.md index 22aace3f..cf8451b2 100644 --- a/snowflake-database-grant-all/README.md +++ b/snowflake-database-grant-all/README.md @@ -3,28 +3,37 @@ | Name | Version | |------|---------| -| snowflake | >= 0.20.0 | +| [snowflake](#requirement\_snowflake) | >= 0.20.0 | ## Providers | Name | Version | |------|---------| -| snowflake | >= 0.20.0 | +| [snowflake](#provider\_snowflake) | >= 0.20.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [snowflake_database_grant.all](https://registry.terraform.io/providers/chanzuckerberg/snowflake/latest/docs/resources/database_grant) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| database\_name | The name of the database on which to grant privileges. | `string` | `null` | no | -| per\_privilege\_grants | A map of privileges to authorized roles and shares. Privileges must be UPPER case.
This allows you to authorize extra roles/shares for specific privileges. | `map(object({shares = list(string),roles = list(string)}))` | `{}` | no | -| roles | Grants privilege to these roles. | `set(string)` | `null` | no | -| shares | Grants privilege to these shares. | `set(string)` | `null` | no | -| with\_grant\_option | When this is set to true, allows the recipient role to grant the privileges to other roles. | `bool` | `null` | no | +| [database\_name](#input\_database\_name) | The name of the database on which to grant privileges. | `string` | `null` | no | +| [per\_privilege\_grants](#input\_per\_privilege\_grants) | A map of privileges to authorized roles and shares. Privileges must be UPPER case.
This allows you to authorize extra roles/shares for specific privileges. | `map(object({shares = list(string),roles = list(string)}))` | `{}` | no | +| [roles](#input\_roles) | Grants privilege to these roles. | `set(string)` | `null` | no | +| [shares](#input\_shares) | Grants privilege to these shares. | `set(string)` | `null` | no | +| [with\_grant\_option](#input\_with\_grant\_option) | When this is set to true, allows the recipient role to grant the privileges to other roles. | `bool` | `null` | no | ## Outputs | Name | Description | |------|-------------| -| privileges | Privileges that make up the ALL set. | - +| [privileges](#output\_privileges) | Privileges that make up the ALL set. | diff --git a/snowflake-integration-grant-all/README.md b/snowflake-integration-grant-all/README.md index bcb95f66..f0b0f909 100644 --- a/snowflake-integration-grant-all/README.md +++ b/snowflake-integration-grant-all/README.md @@ -3,27 +3,36 @@ | Name | Version | |------|---------| -| snowflake | >= 0.20.0 | +| [snowflake](#requirement\_snowflake) | >= 0.20.0 | ## Providers | Name | Version | |------|---------| -| snowflake | >= 0.20.0 | +| [snowflake](#provider\_snowflake) | >= 0.20.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [snowflake_integration_grant.all](https://registry.terraform.io/providers/chanzuckerberg/snowflake/latest/docs/resources/integration_grant) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| integration\_name | Identifier for the integration; must be unique for your account. | `string` | `null` | no | -| per\_privilege\_grants | A map of privileges to authorized roles and shares. Privileges must be UPPER case.
This allows you to authorize extra roles/shares for specific privileges. | `map(object({roles = list(string)}))` | `{}` | no | -| roles | Grants privilege to these roles. | `set(string)` | `null` | no | -| with\_grant\_option | When this is set to true, allows the recipient role to grant the privileges to other roles. | `bool` | `null` | no | +| [integration\_name](#input\_integration\_name) | Identifier for the integration; must be unique for your account. | `string` | `null` | no | +| [per\_privilege\_grants](#input\_per\_privilege\_grants) | A map of privileges to authorized roles and shares. Privileges must be UPPER case.
This allows you to authorize extra roles/shares for specific privileges. | `map(object({roles = list(string)}))` | `{}` | no | +| [roles](#input\_roles) | Grants privilege to these roles. | `set(string)` | `null` | no | +| [with\_grant\_option](#input\_with\_grant\_option) | When this is set to true, allows the recipient role to grant the privileges to other roles. | `bool` | `null` | no | ## Outputs | Name | Description | |------|-------------| -| privileges | Privileges that make up the ALL set. | - +| [privileges](#output\_privileges) | Privileges that make up the ALL set. | diff --git a/snowflake-resource-monitor-grant-all/README.md b/snowflake-resource-monitor-grant-all/README.md index b6c3b63d..9afbe8b2 100644 --- a/snowflake-resource-monitor-grant-all/README.md +++ b/snowflake-resource-monitor-grant-all/README.md @@ -3,27 +3,36 @@ | Name | Version | |------|---------| -| snowflake | >= 0.20.0 | +| [snowflake](#requirement\_snowflake) | >= 0.20.0 | ## Providers | Name | Version | |------|---------| -| snowflake | >= 0.20.0 | +| [snowflake](#provider\_snowflake) | >= 0.20.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [snowflake_resource_monitor_grant.all](https://registry.terraform.io/providers/chanzuckerberg/snowflake/latest/docs/resources/resource_monitor_grant) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| monitor\_name | Identifier for the resource monitor; must be unique for your account. | `string` | `null` | no | -| per\_privilege\_grants | A map of privileges to authorized roles and shares. Privileges must be UPPER case.
This allows you to authorize extra roles/shares for specific privileges. | `map(object({roles = list(string)}))` | `{}` | no | -| roles | Grants privilege to these roles. | `set(string)` | `null` | no | -| with\_grant\_option | When this is set to true, allows the recipient role to grant the privileges to other roles. | `bool` | `null` | no | +| [monitor\_name](#input\_monitor\_name) | Identifier for the resource monitor; must be unique for your account. | `string` | `null` | no | +| [per\_privilege\_grants](#input\_per\_privilege\_grants) | A map of privileges to authorized roles and shares. Privileges must be UPPER case.
This allows you to authorize extra roles/shares for specific privileges. | `map(object({roles = list(string)}))` | `{}` | no | +| [roles](#input\_roles) | Grants privilege to these roles. | `set(string)` | `null` | no | +| [with\_grant\_option](#input\_with\_grant\_option) | When this is set to true, allows the recipient role to grant the privileges to other roles. | `bool` | `null` | no | ## Outputs | Name | Description | |------|-------------| -| privileges | Privileges that make up the ALL set. | - +| [privileges](#output\_privileges) | Privileges that make up the ALL set. | diff --git a/snowflake-schema-grant-all/README.md b/snowflake-schema-grant-all/README.md index 0b8492b4..40fee0ac 100644 --- a/snowflake-schema-grant-all/README.md +++ b/snowflake-schema-grant-all/README.md @@ -3,30 +3,39 @@ | Name | Version | |------|---------| -| snowflake | >= 0.20.0 | +| [snowflake](#requirement\_snowflake) | >= 0.20.0 | ## Providers | Name | Version | |------|---------| -| snowflake | >= 0.20.0 | +| [snowflake](#provider\_snowflake) | >= 0.20.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [snowflake_schema_grant.all](https://registry.terraform.io/providers/chanzuckerberg/snowflake/latest/docs/resources/schema_grant) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| database\_name | The name of the database containing the schema on which to grant privileges. | `string` | `null` | no | -| on\_future | When this is set to true, apply this grant on all future schemas in the given database. The schema\_name and shares fields must be unset in order to use on\_future. | `bool` | `null` | no | -| per\_privilege\_grants | A map of privileges to authorized roles and shares. Privileges must be UPPER case.
This allows you to authorize extra roles/shares for specific privileges. | `map(object({shares = list(string),roles = list(string)}))` | `{}` | no | -| roles | Grants privilege to these roles. | `set(string)` | `null` | no | -| schema\_name | The name of the schema on which to grant privileges. | `string` | `null` | no | -| shares | Grants privilege to these shares (only valid if on\_future is unset). | `set(string)` | `null` | no | -| with\_grant\_option | When this is set to true, allows the recipient role to grant the privileges to other roles. | `bool` | `null` | no | +| [database\_name](#input\_database\_name) | The name of the database containing the schema on which to grant privileges. | `string` | `null` | no | +| [on\_future](#input\_on\_future) | When this is set to true, apply this grant on all future schemas in the given database. The schema\_name and shares fields must be unset in order to use on\_future. | `bool` | `null` | no | +| [per\_privilege\_grants](#input\_per\_privilege\_grants) | A map of privileges to authorized roles and shares. Privileges must be UPPER case.
This allows you to authorize extra roles/shares for specific privileges. | `map(object({shares = list(string),roles = list(string)}))` | `{}` | no | +| [roles](#input\_roles) | Grants privilege to these roles. | `set(string)` | `null` | no | +| [schema\_name](#input\_schema\_name) | The name of the schema on which to grant privileges. | `string` | `null` | no | +| [shares](#input\_shares) | Grants privilege to these shares (only valid if on\_future is unset). | `set(string)` | `null` | no | +| [with\_grant\_option](#input\_with\_grant\_option) | When this is set to true, allows the recipient role to grant the privileges to other roles. | `bool` | `null` | no | ## Outputs | Name | Description | |------|-------------| -| privileges | Privileges that make up the ALL set. | - +| [privileges](#output\_privileges) | Privileges that make up the ALL set. | diff --git a/snowflake-stage-grant-all/README.md b/snowflake-stage-grant-all/README.md index 8fa5f441..2afae9a2 100644 --- a/snowflake-stage-grant-all/README.md +++ b/snowflake-stage-grant-all/README.md @@ -3,31 +3,40 @@ | Name | Version | |------|---------| -| snowflake | >= 0.20.0 | +| [snowflake](#requirement\_snowflake) | >= 0.20.0 | ## Providers | Name | Version | |------|---------| -| snowflake | >= 0.20.0 | +| [snowflake](#provider\_snowflake) | >= 0.20.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [snowflake_stage_grant.all](https://registry.terraform.io/providers/chanzuckerberg/snowflake/latest/docs/resources/stage_grant) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| database\_name | The name of the database containing the current stage on which to grant privileges. | `string` | `null` | no | -| on\_future | When this is set to true and a schema\_name is provided, apply this grant on all future stages in the given schema. When this is true and no schema\_name is provided apply this grant on all future stages in the given database. The stage\_name and shares fields must be unset in order to use on\_future. | `bool` | `null` | no | -| per\_privilege\_grants | A map of privileges to authorized roles and shares. Privileges must be UPPER case.
This allows you to authorize extra roles/shares for specific privileges. | `map(object({shares = list(string),roles = list(string)}))` | `{}` | no | -| roles | Grants privilege to these roles. | `set(string)` | `null` | no | -| schema\_name | The name of the schema containing the current stage on which to grant privileges. | `string` | `null` | no | -| shares | Grants privilege to these shares (only valid if on\_future is false). | `set(string)` | `null` | no | -| stage\_name | The name of the stage on which to grant privilege (only valid if on\_future is false). | `string` | `null` | no | -| with\_grant\_option | When this is set to true, allows the recipient role to grant the privileges to other roles. | `bool` | `null` | no | +| [database\_name](#input\_database\_name) | The name of the database containing the current stage on which to grant privileges. | `string` | `null` | no | +| [on\_future](#input\_on\_future) | When this is set to true and a schema\_name is provided, apply this grant on all future stages in the given schema. When this is true and no schema\_name is provided apply this grant on all future stages in the given database. The stage\_name and shares fields must be unset in order to use on\_future. | `bool` | `null` | no | +| [per\_privilege\_grants](#input\_per\_privilege\_grants) | A map of privileges to authorized roles and shares. Privileges must be UPPER case.
This allows you to authorize extra roles/shares for specific privileges. | `map(object({shares = list(string),roles = list(string)}))` | `{}` | no | +| [roles](#input\_roles) | Grants privilege to these roles. | `set(string)` | `null` | no | +| [schema\_name](#input\_schema\_name) | The name of the schema containing the current stage on which to grant privileges. | `string` | `null` | no | +| [shares](#input\_shares) | Grants privilege to these shares (only valid if on\_future is false). | `set(string)` | `null` | no | +| [stage\_name](#input\_stage\_name) | The name of the stage on which to grant privilege (only valid if on\_future is false). | `string` | `null` | no | +| [with\_grant\_option](#input\_with\_grant\_option) | When this is set to true, allows the recipient role to grant the privileges to other roles. | `bool` | `null` | no | ## Outputs | Name | Description | |------|-------------| -| privileges | Privileges that make up the ALL set. | - +| [privileges](#output\_privileges) | Privileges that make up the ALL set. | diff --git a/snowflake-table-grant-all/README.md b/snowflake-table-grant-all/README.md index 6efb7a0d..e044d7ac 100644 --- a/snowflake-table-grant-all/README.md +++ b/snowflake-table-grant-all/README.md @@ -3,31 +3,40 @@ | Name | Version | |------|---------| -| snowflake | >= 0.20.0 | +| [snowflake](#requirement\_snowflake) | >= 0.20.0 | ## Providers | Name | Version | |------|---------| -| snowflake | >= 0.20.0 | +| [snowflake](#provider\_snowflake) | >= 0.20.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [snowflake_table_grant.all](https://registry.terraform.io/providers/chanzuckerberg/snowflake/latest/docs/resources/table_grant) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| database\_name | The name of the database containing the current or future tables on which to grant privileges. | `string` | `null` | no | -| on\_future | When this is set to true and a schema\_name is provided, apply this grant on all future tables in the given schema. When this is true and no schema\_name is provided apply this grant on all future tables in the given database. The table\_name and shares fields must be unset in order to use on\_future. | `bool` | `null` | no | -| per\_privilege\_grants | A map of privileges to authorized roles and shares. Privileges must be UPPER case.
This allows you to authorize extra roles/shares for specific privileges. | `map(object({shares = list(string),roles = list(string)}))` | `{}` | no | -| roles | Grants privilege to these roles. | `set(string)` | `null` | no | -| schema\_name | The name of the schema containing the current or future tables on which to grant privileges. | `string` | `null` | no | -| shares | Grants privilege to these shares (only valid if on\_future is unset). | `set(string)` | `null` | no | -| table\_name | The name of the table on which to grant privileges immediately (only valid if on\_future is unset). | `string` | `null` | no | -| with\_grant\_option | When this is set to true, allows the recipient role to grant the privileges to other roles. | `bool` | `null` | no | +| [database\_name](#input\_database\_name) | The name of the database containing the current or future tables on which to grant privileges. | `string` | `null` | no | +| [on\_future](#input\_on\_future) | When this is set to true and a schema\_name is provided, apply this grant on all future tables in the given schema. When this is true and no schema\_name is provided apply this grant on all future tables in the given database. The table\_name and shares fields must be unset in order to use on\_future. | `bool` | `null` | no | +| [per\_privilege\_grants](#input\_per\_privilege\_grants) | A map of privileges to authorized roles and shares. Privileges must be UPPER case.
This allows you to authorize extra roles/shares for specific privileges. | `map(object({shares = list(string),roles = list(string)}))` | `{}` | no | +| [roles](#input\_roles) | Grants privilege to these roles. | `set(string)` | `null` | no | +| [schema\_name](#input\_schema\_name) | The name of the schema containing the current or future tables on which to grant privileges. | `string` | `null` | no | +| [shares](#input\_shares) | Grants privilege to these shares (only valid if on\_future is unset). | `set(string)` | `null` | no | +| [table\_name](#input\_table\_name) | The name of the table on which to grant privileges immediately (only valid if on\_future is unset). | `string` | `null` | no | +| [with\_grant\_option](#input\_with\_grant\_option) | When this is set to true, allows the recipient role to grant the privileges to other roles. | `bool` | `null` | no | ## Outputs | Name | Description | |------|-------------| -| privileges | Privileges that make up the ALL set. | - +| [privileges](#output\_privileges) | Privileges that make up the ALL set. | diff --git a/snowflake-view-grant-all/README.md b/snowflake-view-grant-all/README.md index 262e850f..34783f8b 100644 --- a/snowflake-view-grant-all/README.md +++ b/snowflake-view-grant-all/README.md @@ -3,31 +3,40 @@ | Name | Version | |------|---------| -| snowflake | >= 0.20.0 | +| [snowflake](#requirement\_snowflake) | >= 0.20.0 | ## Providers | Name | Version | |------|---------| -| snowflake | >= 0.20.0 | +| [snowflake](#provider\_snowflake) | >= 0.20.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [snowflake_view_grant.all](https://registry.terraform.io/providers/chanzuckerberg/snowflake/latest/docs/resources/view_grant) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| database\_name | The name of the database containing the current or future views on which to grant privileges. | `string` | `null` | no | -| on\_future | When this is set to true and a schema\_name is provided, apply this grant on all future views in the given schema. When this is true and no schema\_name is provided apply this grant on all future views in the given database. The view\_name and shares fields must be unset in order to use on\_future. | `bool` | `null` | no | -| per\_privilege\_grants | A map of privileges to authorized roles and shares. Privileges must be UPPER case.
This allows you to authorize extra roles/shares for specific privileges. | `map(object({shares = list(string),roles = list(string)}))` | `{}` | no | -| roles | Grants privilege to these roles. | `set(string)` | `null` | no | -| schema\_name | The name of the schema containing the current or future views on which to grant privileges. | `string` | `null` | no | -| shares | Grants privilege to these shares (only valid if on\_future is unset). | `set(string)` | `null` | no | -| view\_name | The name of the view on which to grant privileges immediately (only valid if on\_future is unset). | `string` | `null` | no | -| with\_grant\_option | When this is set to true, allows the recipient role to grant the privileges to other roles. | `bool` | `null` | no | +| [database\_name](#input\_database\_name) | The name of the database containing the current or future views on which to grant privileges. | `string` | `null` | no | +| [on\_future](#input\_on\_future) | When this is set to true and a schema\_name is provided, apply this grant on all future views in the given schema. When this is true and no schema\_name is provided apply this grant on all future views in the given database. The view\_name and shares fields must be unset in order to use on\_future. | `bool` | `null` | no | +| [per\_privilege\_grants](#input\_per\_privilege\_grants) | A map of privileges to authorized roles and shares. Privileges must be UPPER case.
This allows you to authorize extra roles/shares for specific privileges. | `map(object({shares = list(string),roles = list(string)}))` | `{}` | no | +| [roles](#input\_roles) | Grants privilege to these roles. | `set(string)` | `null` | no | +| [schema\_name](#input\_schema\_name) | The name of the schema containing the current or future views on which to grant privileges. | `string` | `null` | no | +| [shares](#input\_shares) | Grants privilege to these shares (only valid if on\_future is unset). | `set(string)` | `null` | no | +| [view\_name](#input\_view\_name) | The name of the view on which to grant privileges immediately (only valid if on\_future is unset). | `string` | `null` | no | +| [with\_grant\_option](#input\_with\_grant\_option) | When this is set to true, allows the recipient role to grant the privileges to other roles. | `bool` | `null` | no | ## Outputs | Name | Description | |------|-------------| -| privileges | Privileges that make up the ALL set. | - +| [privileges](#output\_privileges) | Privileges that make up the ALL set. | diff --git a/snowflake-warehouse-grant-all/README.md b/snowflake-warehouse-grant-all/README.md index 558746db..07f568e0 100644 --- a/snowflake-warehouse-grant-all/README.md +++ b/snowflake-warehouse-grant-all/README.md @@ -3,27 +3,36 @@ | Name | Version | |------|---------| -| snowflake | >= 0.20.0 | +| [snowflake](#requirement\_snowflake) | >= 0.20.0 | ## Providers | Name | Version | |------|---------| -| snowflake | >= 0.20.0 | +| [snowflake](#provider\_snowflake) | >= 0.20.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [snowflake_warehouse_grant.all](https://registry.terraform.io/providers/chanzuckerberg/snowflake/latest/docs/resources/warehouse_grant) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| per\_privilege\_grants | A map of privileges to authorized roles and shares. Privileges must be UPPER case.
This allows you to authorize extra roles/shares for specific privileges. | `map(object({roles = list(string)}))` | `{}` | no | -| roles | Grants privilege to these roles. | `set(string)` | `null` | no | -| warehouse\_name | The name of the warehouse on which to grant privileges. | `string` | `null` | no | -| with\_grant\_option | When this is set to true, allows the recipient role to grant the privileges to other roles. | `bool` | `null` | no | +| [per\_privilege\_grants](#input\_per\_privilege\_grants) | A map of privileges to authorized roles and shares. Privileges must be UPPER case.
This allows you to authorize extra roles/shares for specific privileges. | `map(object({roles = list(string)}))` | `{}` | no | +| [roles](#input\_roles) | Grants privilege to these roles. | `set(string)` | `null` | no | +| [warehouse\_name](#input\_warehouse\_name) | The name of the warehouse on which to grant privileges. | `string` | `null` | no | +| [with\_grant\_option](#input\_with\_grant\_option) | When this is set to true, allows the recipient role to grant the privileges to other roles. | `bool` | `null` | no | ## Outputs | Name | Description | |------|-------------| -| privileges | Privileges that make up the ALL set. | - +| [privileges](#output\_privileges) | Privileges that make up the ALL set. |