From 9d5798e3a0ff47602b7db6343dfd114cdbf5c8fa Mon Sep 17 00:00:00 2001 From: Eduardo Lopez Date: Mon, 22 Apr 2019 16:11:24 -0700 Subject: [PATCH] Update aws-params-writer to explicitly take a parameters count (#90) --- aws-acm-cert/README.md | 18 +++---- aws-aurora-mysql/README.md | 44 ++++++++-------- aws-aurora-postgres/README.md | 46 ++++++++-------- aws-aurora/README.md | 58 ++++++++++----------- aws-cloudwatch-log-group/README.md | 14 ++--- aws-default-vpc-security/README.md | 2 +- aws-iam-ecs-task-role/README.md | 14 ++--- aws-iam-group-assume-role/README.md | 12 ++--- aws-iam-group-console-login/README.md | 6 +-- aws-iam-instance-profile/README.md | 8 +-- aws-iam-policy-cwlogs/README.md | 4 +- aws-iam-role-bless/README.md | 10 ++-- aws-iam-role-cloudfront-poweruser/README.md | 10 ++-- aws-iam-role-crossacct/README.md | 10 ++-- aws-iam-role-ec2-poweruser/README.md | 10 ++-- aws-iam-role-ecs-poweruser/README.md | 8 +-- aws-iam-role-infraci/README.md | 8 +-- aws-iam-role-poweruser/README.md | 10 ++-- aws-iam-role-readonly/README.md | 10 ++-- aws-iam-role-security-audit/README.md | 6 +-- aws-param/README.md | 12 ++--- aws-params-reader-policy/README.md | 12 ++--- aws-params-secrets-setup/README.md | 10 ++-- aws-params-writer/README.md | 11 ++-- aws-params-writer/main.tf | 2 +- aws-params-writer/variables.tf | 6 +++ aws-redis-node/README.md | 30 +++++------ aws-single-page-static-site/README.md | 20 +++---- bless-ca/README.md | 18 +++---- 29 files changed, 218 insertions(+), 211 deletions(-) diff --git a/aws-acm-cert/README.md b/aws-acm-cert/README.md index 80ab4ccc..0b0b0e69 100644 --- a/aws-acm-cert/README.md +++ b/aws-acm-cert/README.md @@ -33,20 +33,20 @@ module "cert" { | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| aws\_route53\_zone\_id | - | string | - | yes | -| cert\_domain\_name | Like www.foo.bar.com or *.foo.bar.com | string | - | yes | +| aws\_route53\_zone\_id | | string | n/a | yes | +| cert\_domain\_name | Like www.foo.bar.com or *.foo.bar.com | string | n/a | yes | | cert\_subject\_alternative\_names | A map of | map | `` | no | -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | string | - | yes | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | string | - | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | string | - | yes | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | string | - | yes | -| validation\_record\_ttl | - | string | `60` | no | +| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | string | n/a | yes | +| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | string | n/a | yes | +| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | string | n/a | yes | +| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | string | n/a | yes | +| validation\_record\_ttl | | string | `"60"` | no | ## Outputs | Name | Description | |------|-------------| -| arn | - | -| id | - | +| arn | | +| id | | diff --git a/aws-aurora-mysql/README.md b/aws-aurora-mysql/README.md index 73d8f8cd..92f6626a 100644 --- a/aws-aurora-mysql/README.md +++ b/aws-aurora-mysql/README.md @@ -35,34 +35,34 @@ module "db" { | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| apply\_immediately | If false changes will not be applied until next maintenance window. | string | `false` | no | -| backtrack\_window | Turns on Backgrack for this many seconds. [Doc](https://aws.amazon.com/blogs/aws/amazon-aurora-backtrack-turn-back-time/) | string | `0` | no | -| database\_name | The name of the database to be created in the cluster. | string | - | yes | -| database\_password | Password for user that will be created. | string | - | yes | -| database\_subnet\_group | The name of an existing database subnet group to use. | string | - | yes | -| database\_username | Default user to be created. | string | - | yes | +| apply\_immediately | If false changes will not be applied until next maintenance window. | string | `"false"` | no | +| backtrack\_window | Turns on Backgrack for this many seconds. [Doc](https://aws.amazon.com/blogs/aws/amazon-aurora-backtrack-turn-back-time/) | string | `"0"` | no | +| database\_name | The name of the database to be created in the cluster. | string | n/a | yes | +| database\_password | Password for user that will be created. | string | n/a | yes | +| database\_subnet\_group | The name of an existing database subnet group to use. | string | n/a | yes | +| database\_username | Default user to be created. | string | n/a | yes | | db\_parameters | Instance params you can set. [Doc](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Reference.html#AuroraMySQL.Reference.Parameters.Instance) | list | `` | no | -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | string | - | yes | -| iam\_database\_authentication\_enabled | - | string | `false` | no | -| ingress\_cidr\_blocks | A list of CIDR blocks that should be allowed to communicate with this Aurora cluster. | list | - | yes | -| instance\_class | See valid instance types [here](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Managing.Performance.html) | string | `db.t2.small` | no | -| instance\_count | Number of instances to create in this cluster. | string | `1` | no | -| kms\_key\_id | If provided, storage will be encrypted with this key, otherwise an AWS-managed key is used. (Encryption is always on). | string | `` | no | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | string | - | yes | -| performance\_insights\_enabled | - | string | `false` | no | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | string | - | yes | -| publicly\_accessible | Avoid doing this - it gives access to the open internet. | string | `false` | no | +| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | string | n/a | yes | +| iam\_database\_authentication\_enabled | | string | `"false"` | no | +| ingress\_cidr\_blocks | A list of CIDR blocks that should be allowed to communicate with this Aurora cluster. | list | n/a | yes | +| instance\_class | See valid instance types [here](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Managing.Performance.html) | string | `"db.t2.small"` | no | +| instance\_count | Number of instances to create in this cluster. | string | `"1"` | no | +| kms\_key\_id | If provided, storage will be encrypted with this key, otherwise an AWS-managed key is used. (Encryption is always on). | string | `""` | no | +| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | string | n/a | yes | +| performance\_insights\_enabled | | string | `"false"` | no | +| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | string | n/a | yes | +| publicly\_accessible | Avoid doing this - it gives access to the open internet. | string | `"false"` | no | | rds\_cluster\_parameters | Cluster params you can set. [Doc](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Reference.html#AuroraMySQL.Reference.Parameters.Cluster) | list | `` | no | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | string | - | yes | -| skip\_final\_snapshot | When you destroy a database RDS will, by default, take snapshot. Set this to skip that step. | string | `false` | no | -| vpc\_id | The id of the existing VPC in which this cluster should be created. | string | - | yes | +| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | string | n/a | yes | +| skip\_final\_snapshot | When you destroy a database RDS will, by default, take snapshot. Set this to skip that step. | string | `"false"` | no | +| vpc\_id | The id of the existing VPC in which this cluster should be created. | string | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| database\_name | - | -| endpoint | - | -| reader\_endpoint | - | +| database\_name | | +| endpoint | | +| reader\_endpoint | | diff --git a/aws-aurora-postgres/README.md b/aws-aurora-postgres/README.md index f9822ff6..cb497f44 100644 --- a/aws-aurora-postgres/README.md +++ b/aws-aurora-postgres/README.md @@ -35,35 +35,35 @@ module "db" { | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| apply\_immediately | If false changes will not be applied until next maintenance window. | string | `false` | no | -| database\_name | The name of the database to be created in the cluster. | string | - | yes | -| database\_password | Password for user that will be created. | string | - | yes | -| database\_subnet\_group | The name of an existing database subnet group to use. | string | - | yes | -| database\_username | Default user to be created. | string | - | yes | +| apply\_immediately | If false changes will not be applied until next maintenance window. | string | `"false"` | no | +| database\_name | The name of the database to be created in the cluster. | string | n/a | yes | +| database\_password | Password for user that will be created. | string | n/a | yes | +| database\_subnet\_group | The name of an existing database subnet group to use. | string | n/a | yes | +| database\_username | Default user to be created. | string | n/a | yes | | db\_parameters | Instance params you can set. [Doc](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Reference.html#AuroraPostgreSQL.Reference.Parameters.Instance) | list | `` | no | -| engine\_version | The version of Postgres to use. | string | `9.6` | no | -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | string | - | yes | -| iam\_database\_authentication\_enabled | - | string | `false` | no | -| ingress\_cidr\_blocks | A list of CIDR blocks that should be allowed to communicate with this Aurora cluster. | list | - | yes | -| instance\_class | See valid instance types [here](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Managing.html) | string | `db.r4.large` | no | -| instance\_count | Number of instances to create in this cluster. | string | `1` | no | -| kms\_key\_id | If provided, storage will be encrypted with this key, otherwise an AWS-managed key is used. (Encryption is always on). | string | `` | no | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | string | - | yes | -| performance\_insights\_enabled | - | string | `false` | no | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | string | - | yes | -| publicly\_accessible | Avoid doing this - it gives access to the open internet. | string | `false` | no | +| engine\_version | The version of Postgres to use. | string | `"9.6"` | no | +| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | string | n/a | yes | +| iam\_database\_authentication\_enabled | | string | `"false"` | no | +| ingress\_cidr\_blocks | A list of CIDR blocks that should be allowed to communicate with this Aurora cluster. | list | n/a | yes | +| instance\_class | See valid instance types [here](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Managing.html) | string | `"db.r4.large"` | no | +| instance\_count | Number of instances to create in this cluster. | string | `"1"` | no | +| kms\_key\_id | If provided, storage will be encrypted with this key, otherwise an AWS-managed key is used. (Encryption is always on). | string | `""` | no | +| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | string | n/a | yes | +| performance\_insights\_enabled | | string | `"false"` | no | +| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | string | n/a | yes | +| publicly\_accessible | Avoid doing this - it gives access to the open internet. | string | `"false"` | no | | rds\_cluster\_parameters | Cluster params you can set. [Doc](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Reference.html#AuroraPostgreSQL.Reference.Parameters.Cluster) | list | `` | no | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | string | - | yes | -| skip\_final\_snapshot | When you destroy a database RDS will, by default, take snapshot. Set this to skip that step. | string | `false` | no | -| vpc\_id | The id of the existing VPC in which this cluster should be created. | string | - | yes | +| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | string | n/a | yes | +| skip\_final\_snapshot | When you destroy a database RDS will, by default, take snapshot. Set this to skip that step. | string | `"false"` | no | +| vpc\_id | The id of the existing VPC in which this cluster should be created. | string | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| database\_name | - | -| endpoint | - | -| port | - | -| reader\_endpoint | - | +| database\_name | | +| endpoint | | +| port | | +| reader\_endpoint | | diff --git a/aws-aurora/README.md b/aws-aurora/README.md index 41f73ad2..4d9bfdfa 100644 --- a/aws-aurora/README.md +++ b/aws-aurora/README.md @@ -7,39 +7,39 @@ This is a low-level module for creating AWS Aurora clusters. We strongly reccome | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| apply\_immediately | - | string | `false` | no | -| backtrack\_window | - | string | `0` | no | -| database\_name | - | string | - | yes | -| database\_password | - | string | - | yes | -| database\_subnet\_group | - | string | - | yes | -| database\_username | - | string | - | yes | -| db\_parameters | - | list | `` | no | -| enabled\_cloudwatch\_logs\_exports | - | list | `` | no | -| engine | - | string | - | yes | -| engine\_version | - | string | - | yes | -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | string | - | yes | -| iam\_database\_authentication\_enabled | - | string | `true` | no | -| ingress\_cidr\_blocks | - | list | - | yes | -| instance\_class | - | string | `db.t2.small` | no | -| instance\_count | - | string | `1` | no | -| kms\_key\_id | If supplied, RDS will use this key to encrypt data at rest. Empty string means that RDS will use an AWS-managed key. Encryption is always on with this module. | string | `` | no | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | string | - | yes | -| performance\_insights\_enabled | - | string | `true` | no | -| port | - | string | - | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | string | - | yes | -| publicly\_accessible | - | string | `false` | no | -| rds\_cluster\_parameters | - | list | `` | no | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | string | - | yes | -| skip\_final\_snapshot | - | string | `false` | no | -| vpc\_id | - | string | - | yes | +| apply\_immediately | | string | `"false"` | no | +| backtrack\_window | | string | `"0"` | no | +| database\_name | | string | n/a | yes | +| database\_password | | string | n/a | yes | +| database\_subnet\_group | | string | n/a | yes | +| database\_username | | string | n/a | yes | +| db\_parameters | | list | `` | no | +| enabled\_cloudwatch\_logs\_exports | | list | `` | no | +| engine | | string | n/a | yes | +| engine\_version | | string | n/a | yes | +| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | string | n/a | yes | +| iam\_database\_authentication\_enabled | | string | `"true"` | no | +| ingress\_cidr\_blocks | | list | n/a | yes | +| instance\_class | | string | `"db.t2.small"` | no | +| instance\_count | | string | `"1"` | no | +| kms\_key\_id | If supplied, RDS will use this key to encrypt data at rest. Empty string means that RDS will use an AWS-managed key. Encryption is always on with this module. | string | `""` | no | +| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | string | n/a | yes | +| performance\_insights\_enabled | | string | `"true"` | no | +| port | | string | n/a | yes | +| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | string | n/a | yes | +| publicly\_accessible | | string | `"false"` | no | +| rds\_cluster\_parameters | | list | `` | no | +| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | string | n/a | yes | +| skip\_final\_snapshot | | string | `"false"` | no | +| vpc\_id | | string | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| database\_name | - | -| endpoint | - | -| port | - | -| reader\_endpoint | - | +| database\_name | | +| endpoint | | +| port | | +| reader\_endpoint | | diff --git a/aws-cloudwatch-log-group/README.md b/aws-cloudwatch-log-group/README.md index ad116cb5..3a0ddecb 100644 --- a/aws-cloudwatch-log-group/README.md +++ b/aws-cloudwatch-log-group/README.md @@ -9,17 +9,17 @@ By default the name is `${var.project}-${var.env}-${var.service}`, but you can o | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | string | - | yes | -| log\_group\_name | Name for the log group. If not set, it will be $project-$env-$service} | string | `` | no | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | string | - | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | string | - | yes | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | string | - | yes | +| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | string | n/a | yes | +| log\_group\_name | Name for the log group. If not set, it will be $project-$env-$service} | string | `""` | no | +| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | string | n/a | yes | +| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | string | n/a | yes | +| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | string | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| arn | - | -| name | - | +| arn | | +| name | | diff --git a/aws-default-vpc-security/README.md b/aws-default-vpc-security/README.md index 62680ed4..822234d7 100644 --- a/aws-default-vpc-security/README.md +++ b/aws-default-vpc-security/README.md @@ -40,6 +40,6 @@ You will need to invoke this module with a properly configured provider for ever | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| default\_sg\_lockdown | Restrict default security group to deny all traffic (you can selectively enable traffic with other security groups). | string | `true` | no | +| default\_sg\_lockdown | Restrict default security group to deny all traffic (you can selectively enable traffic with other security groups). | string | `"true"` | no | diff --git a/aws-iam-ecs-task-role/README.md b/aws-iam-ecs-task-role/README.md index d106e831..68b3d71d 100644 --- a/aws-iam-ecs-task-role/README.md +++ b/aws-iam-ecs-task-role/README.md @@ -25,17 +25,17 @@ output "ecs-role-arn" { | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| env | Environment name. For example– dev, staging or prod. | string | - | yes | -| iam\_path | IAM path for the role. | string | `/` | no | -| owner | Email address of the owner. Can be a group address. | string | - | yes | -| project | High-level project, should be unique across the organization. | string | - | yes | -| service | Name of this thing we're running. | string | - | yes | +| env | Environment name. For example– dev, staging or prod. | string | n/a | yes | +| iam\_path | IAM path for the role. | string | `"/"` | no | +| owner | Email address of the owner. Can be a group address. | string | n/a | yes | +| project | High-level project, should be unique across the organization. | string | n/a | yes | +| service | Name of this thing we're running. | string | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| arn | - | -| name | - | +| arn | | +| name | | diff --git a/aws-iam-group-assume-role/README.md b/aws-iam-group-assume-role/README.md index df581f29..d481d559 100644 --- a/aws-iam-group-assume-role/README.md +++ b/aws-iam-group-assume-role/README.md @@ -29,17 +29,17 @@ output "group_name" { | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| | depends\_on | Pseudo depends_on because Terraform modules do not support depends_on | list | `` | no | -| group\_name | The name of the group this module will create. | string | - | yes | -| iam\_path | The IAM path under which the group and policies will be created. Useful for avoiding naming conflicts. | string | `/` | no | -| target\_accounts | List of accounts in which this role should be assume-able. | list | - | yes | -| target\_role | Name of the role to be assume-able. If not specified or given as empty string, then the group name will be used as the role name. | string | `` | no | +| group\_name | The name of the group this module will create. | string | n/a | yes | +| iam\_path | The IAM path under which the group and policies will be created. Useful for avoiding naming conflicts. | string | `"/"` | no | +| target\_accounts | List of accounts in which this role should be assume-able. | list | n/a | yes | +| target\_role | Name of the role to be assume-able. If not specified or given as empty string, then the group name will be used as the role name. | string | `""` | no | | users | List of user's names who should be added to this group. | list | `` | no | ## Outputs | Name | Description | |------|-------------| -| group\_arn | - | -| group\_name | - | +| group\_arn | | +| group\_name | | diff --git a/aws-iam-group-console-login/README.md b/aws-iam-group-console-login/README.md index 5319e504..d5a25ca3 100644 --- a/aws-iam-group-console-login/README.md +++ b/aws-iam-group-console-login/README.md @@ -22,13 +22,13 @@ output "group_name" { | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| group\_name | Name of the group to be created. | string | `console-login` | no | -| iam\_path | IAM path under which resources will be created. | string | `/` | no | +| group\_name | Name of the group to be created. | string | `"console-login"` | no | +| iam\_path | IAM path under which resources will be created. | string | `"/"` | no | ## Outputs | Name | Description | |------|-------------| -| group\_name | - | +| group\_name | | diff --git a/aws-iam-instance-profile/README.md b/aws-iam-instance-profile/README.md index d0bae57e..6ec3ee16 100644 --- a/aws-iam-instance-profile/README.md +++ b/aws-iam-instance-profile/README.md @@ -33,10 +33,10 @@ resource "aws_instance" "instance" { | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| enable\_ssm | Attach the appropriate policies to allow the instance to integrate with AWS Systems Manager. | string | `true` | no | -| iam\_path | The IAM path to the role. | string | `/` | no | -| name\_prefix | Creates a unique name for both the role and instance profile beginning with the specified prefix. Max 32 characters long. | string | - | yes | -| role\_description | The description of the IAM role. | string | `` | no | +| enable\_ssm | Attach the appropriate policies to allow the instance to integrate with AWS Systems Manager. | string | `"true"` | no | +| iam\_path | The IAM path to the role. | string | `"/"` | no | +| name\_prefix | Creates a unique name for both the role and instance profile beginning with the specified prefix. Max 32 characters long. | string | n/a | yes | +| role\_description | The description of the IAM role. | string | `""` | no | ## Outputs diff --git a/aws-iam-policy-cwlogs/README.md b/aws-iam-policy-cwlogs/README.md index 224f9ef5..56ef5098 100644 --- a/aws-iam-policy-cwlogs/README.md +++ b/aws-iam-policy-cwlogs/README.md @@ -22,7 +22,7 @@ module "policy" { | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| iam\_path | - | string | `/` | no | -| role\_name | The role to which this policy should be attached. | string | - | yes | +| iam\_path | | string | `"/"` | no | +| role\_name | The role to which this policy should be attached. | string | n/a | yes | diff --git a/aws-iam-role-bless/README.md b/aws-iam-role-bless/README.md index 6ddc655f..c7106d4d 100644 --- a/aws-iam-role-bless/README.md +++ b/aws-iam-role-bless/README.md @@ -24,15 +24,15 @@ output "..." { | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| bless\_lambda\_arns | List of bless lambda arns | list | - | yes | -| iam\_path | IAM path | string | `/` | no | -| role\_name | The name for the role | string | - | yes | -| source\_account\_id | The source aws account id to allow sts:AssumeRole | string | - | yes | +| bless\_lambda\_arns | List of bless lambda arns | list | n/a | yes | +| iam\_path | IAM path | string | `"/"` | no | +| role\_name | The name for the role | string | n/a | yes | +| source\_account\_id | The source aws account id to allow sts:AssumeRole | string | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| role\_name | - | +| role\_name | | diff --git a/aws-iam-role-cloudfront-poweruser/README.md b/aws-iam-role-cloudfront-poweruser/README.md index 59e991db..7edd9bf8 100644 --- a/aws-iam-role-cloudfront-poweruser/README.md +++ b/aws-iam-role-cloudfront-poweruser/README.md @@ -7,16 +7,16 @@ This module will create a role which is granted poweruser control over AWS Cloud | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| iam\_path | - | string | `/` | no | -| role\_name | Name of the role to create | string | - | yes | +| iam\_path | | string | `"/"` | no | +| role\_name | Name of the role to create | string | n/a | yes | | s3\_bucket\_prefixes | Limits role permissions to buckets with specific prefixes. Empty for all buckets. | list | `` | no | -| source\_account\_id | AWS Account that can assume this role. | string | - | yes | +| source\_account\_id | AWS Account that can assume this role. | string | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| role\_arn | - | -| role\_name | - | +| role\_arn | | +| role\_name | | diff --git a/aws-iam-role-crossacct/README.md b/aws-iam-role-crossacct/README.md index 835d4e73..0e1c1ec3 100644 --- a/aws-iam-role-crossacct/README.md +++ b/aws-iam-role-crossacct/README.md @@ -21,15 +21,15 @@ module "group" { | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| iam\_path | The IAM path to put this role in. | string | `/` | no | -| role\_name | The name of the role. | string | - | yes | -| source\_account\_id | The AWS account id that should be able to assume this role. | string | - | yes | +| iam\_path | The IAM path to put this role in. | string | `"/"` | no | +| role\_name | The name of the role. | string | n/a | yes | +| source\_account\_id | The AWS account id that should be able to assume this role. | string | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| iam\_path | - | -| role\_name | - | +| iam\_path | | +| role\_name | | diff --git a/aws-iam-role-ec2-poweruser/README.md b/aws-iam-role-ec2-poweruser/README.md index 6e1c700d..4469b671 100644 --- a/aws-iam-role-ec2-poweruser/README.md +++ b/aws-iam-role-ec2-poweruser/README.md @@ -23,15 +23,15 @@ module "ec2-poweruser" { | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| iam\_path | - | string | `/` | no | -| role\_name | - | string | - | yes | -| source\_account\_id | - | string | - | yes | +| iam\_path | | string | `"/"` | no | +| role\_name | | string | n/a | yes | +| source\_account\_id | | string | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| arn | - | -| role\_name | - | +| arn | | +| role\_name | | diff --git a/aws-iam-role-ecs-poweruser/README.md b/aws-iam-role-ecs-poweruser/README.md index 7ba4dd1f..a2d2c2f7 100644 --- a/aws-iam-role-ecs-poweruser/README.md +++ b/aws-iam-role-ecs-poweruser/README.md @@ -22,14 +22,14 @@ module "ec2-poweruser" { | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| iam\_path | - | string | `/` | no | -| role\_name | - | string | - | yes | -| source\_account\_id | - | string | - | yes | +| iam\_path | | string | `"/"` | no | +| role\_name | | string | n/a | yes | +| source\_account\_id | | string | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| arn | - | +| arn | | diff --git a/aws-iam-role-infraci/README.md b/aws-iam-role-infraci/README.md index c2e3cfb5..ad1e7af7 100644 --- a/aws-iam-role-infraci/README.md +++ b/aws-iam-role-infraci/README.md @@ -7,14 +7,14 @@ Creates a role useful for running `terraform plan` in CI jobs. | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| iam\_path | - | string | `/` | no | -| role\_name | - | string | `infraci` | no | -| source\_account\_id | - | string | - | yes | +| iam\_path | | string | `"/"` | no | +| role\_name | | string | `"infraci"` | no | +| source\_account\_id | | string | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| role\_name | - | +| role\_name | | diff --git a/aws-iam-role-poweruser/README.md b/aws-iam-role-poweruser/README.md index ad17b853..7b2fbab5 100644 --- a/aws-iam-role-poweruser/README.md +++ b/aws-iam-role-poweruser/README.md @@ -21,15 +21,15 @@ module "group" { | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| iam\_path | - | string | `/` | no | -| role\_name | - | string | `poweruser` | no | -| source\_account\_id | - | string | - | yes | +| iam\_path | | string | `"/"` | no | +| role\_name | | string | `"poweruser"` | no | +| source\_account\_id | | string | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| arn | - | -| role\_name | - | +| arn | | +| role\_name | | diff --git a/aws-iam-role-readonly/README.md b/aws-iam-role-readonly/README.md index 606431f0..ca2f74c4 100644 --- a/aws-iam-role-readonly/README.md +++ b/aws-iam-role-readonly/README.md @@ -25,15 +25,15 @@ output "role_name" { | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| iam\_path | - | string | `/` | no | -| role\_name | - | string | `readonly` | no | -| source\_account\_id | The AWS account from which this role should be assumeable. | string | - | yes | +| iam\_path | | string | `"/"` | no | +| role\_name | | string | `"readonly"` | no | +| source\_account\_id | The AWS account from which this role should be assumeable. | string | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| arn | - | -| role\_name | - | +| arn | | +| role\_name | | diff --git a/aws-iam-role-security-audit/README.md b/aws-iam-role-security-audit/README.md index 6262a655..82f1b120 100644 --- a/aws-iam-role-security-audit/README.md +++ b/aws-iam-role-security-audit/README.md @@ -17,8 +17,8 @@ module "group" { | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| iam\_path | - | string | `/` | no | -| role\_name | The name of this role. | string | `security-audit` | no | -| source\_account\_id | The AWS account from which this role should be assumeable. | string | - | yes | +| iam\_path | | string | `"/"` | no | +| role\_name | The name of this role. | string | `"security-audit"` | no | +| source\_account\_id | The AWS account from which this role should be assumeable. | string | n/a | yes | diff --git a/aws-param/README.md b/aws-param/README.md index cfddd040..95f5cdad 100644 --- a/aws-param/README.md +++ b/aws-param/README.md @@ -28,16 +28,16 @@ output "secret" { | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | string | - | yes | -| name | The name of the secret. | string | - | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | string | - | yes | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | string | - | yes | -| use\_paths | This exists to support data written by Chamber before version 2.0.0, which used '.' instead of '/' as a separator. | string | `true` | no | +| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | string | n/a | yes | +| name | The name of the secret. | string | n/a | yes | +| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | string | n/a | yes | +| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | string | n/a | yes | +| use\_paths | This exists to support data written by Chamber before version 2.0.0, which used '.' instead of '/' as a separator. | string | `"true"` | no | ## Outputs | Name | Description | |------|-------------| -| value | - | +| value | | diff --git a/aws-params-reader-policy/README.md b/aws-params-reader-policy/README.md index 29063bf5..eeb51b95 100644 --- a/aws-params-reader-policy/README.md +++ b/aws-params-reader-policy/README.md @@ -7,11 +7,11 @@ Creates a policy to access encrypted parameters in Parameter Store for a given s | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | string | - | yes | -| parameter\_store\_key\_alias | Alias of the encryption key used to encrypt parameter store values. | string | `parameter_store_key` | no | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | string | - | yes | -| region | Region the parameter store values can be read from. Defaults to all. | string | `*` | no | -| role\_name | Name of the role to assign the policy to. | string | - | yes | -| service | Name of the service to load secrets for. | string | - | yes | +| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | string | n/a | yes | +| parameter\_store\_key\_alias | Alias of the encryption key used to encrypt parameter store values. | string | `"parameter_store_key"` | no | +| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | string | n/a | yes | +| region | Region the parameter store values can be read from. Defaults to all. | string | `"*"` | no | +| role\_name | Name of the role to assign the policy to. | string | n/a | yes | +| service | Name of the service to load secrets for. | string | n/a | yes | diff --git a/aws-params-secrets-setup/README.md b/aws-params-secrets-setup/README.md index de8db1a2..5a21a359 100644 --- a/aws-params-secrets-setup/README.md +++ b/aws-params-secrets-setup/README.md @@ -10,10 +10,10 @@ Currently that just means creating an KMS key for encrypting the parameters stor | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| alias\_name | Chamber is hard coded to use a KMS alias with the name 'parameter_store_key'. | string | `parameter_store_key` | no | -| env | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | string | `` | no | -| owner | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | string | - | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | string | - | yes | -| service | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | string | `` | no | +| alias\_name | Chamber is hard coded to use a KMS alias with the name 'parameter_store_key'. | string | `"parameter_store_key"` | no | +| env | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | string | `""` | no | +| owner | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | string | n/a | yes | +| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | string | n/a | yes | +| service | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | string | `""` | no | diff --git a/aws-params-writer/README.md b/aws-params-writer/README.md index a78b455c..b892ea34 100644 --- a/aws-params-writer/README.md +++ b/aws-params-writer/README.md @@ -15,10 +15,11 @@ in the [Terraform docs](https://www.terraform.io/docs/state/sensitive-data.html) | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | string | - | yes | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | string | - | yes | -| parameters | Map from parameter names to values to set. | map | - | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | string | - | yes | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | string | - | yes | +| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | string | n/a | yes | +| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | string | n/a | yes | +| parameters | Map from parameter names to values to set. | map | n/a | yes | +| parameters\_count | HACK: The number of keys in var.parameters. To avoid hitting value of count cannot be computed. | string | n/a | yes | +| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | string | n/a | yes | +| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | string | n/a | yes | diff --git a/aws-params-writer/main.tf b/aws-params-writer/main.tf index 99c0494c..d2235da4 100755 --- a/aws-params-writer/main.tf +++ b/aws-params-writer/main.tf @@ -7,7 +7,7 @@ data "aws_kms_key" "key" { } resource "aws_ssm_parameter" "parameter" { - count = "${length(keys(var.parameters))}" + count = "${var.parameters_count}" name = "/${local.service_name}/${element(keys(var.parameters), count.index)}" value = "${lookup(var.parameters, element(keys(var.parameters), count.index))}" diff --git a/aws-params-writer/variables.tf b/aws-params-writer/variables.tf index c28b3f3f..d192df70 100755 --- a/aws-params-writer/variables.tf +++ b/aws-params-writer/variables.tf @@ -22,3 +22,9 @@ variable "parameters" { type = "map" description = "Map from parameter names to values to set." } + +// TODO(el): Remove once tf 0.12 is released +variable "parameters_count" { + type = "string" + description = "HACK: The number of keys in var.parameters. To avoid hitting value of count cannot be computed." +} diff --git a/aws-redis-node/README.md b/aws-redis-node/README.md index 82e468c5..a9b1eb14 100644 --- a/aws-redis-node/README.md +++ b/aws-redis-node/README.md @@ -8,25 +8,25 @@ parameters. | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| apply\_immediately | Whether changes should be applied immediately or during the next maintenance window. | string | `true` | no | -| availability\_zone | Availability zone in which this instance should run. | string | - | yes | -| engine\_version | The version of Redis to run. See [supported versions](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/supported-engine-versions.html) | string | `4.0.10` | no | -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | string | - | yes | -| ingress\_security\_group\_ids | Source security groups which should be able to contact this instance. | list | - | yes | -| instance\_type | The type of instance to run. See [supported node types](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html) | string | `cache.m4.large` | no | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | string | - | yes | -| parameter\_group\_name | - | string | `default.redis3.2` | no | -| port | - | string | `6379` | no | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | string | - | yes | -| resource\_name | If not set, name will be ${var.project}-${var.env}-${var.name}. | string | `` | no | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | string | `redis` | no | -| subnets | List of subnets to which this EC instance should be attached. They should probably be private. | list | - | yes | +| apply\_immediately | Whether changes should be applied immediately or during the next maintenance window. | string | `"true"` | no | +| availability\_zone | Availability zone in which this instance should run. | string | n/a | yes | +| engine\_version | The version of Redis to run. See [supported versions](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/supported-engine-versions.html) | string | `"4.0.10"` | no | +| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | string | n/a | yes | +| ingress\_security\_group\_ids | Source security groups which should be able to contact this instance. | list | n/a | yes | +| instance\_type | The type of instance to run. See [supported node types](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html) | string | `"cache.m4.large"` | no | +| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | string | n/a | yes | +| parameter\_group\_name | | string | `"default.redis3.2"` | no | +| port | | string | `"6379"` | no | +| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | string | n/a | yes | +| resource\_name | If not set, name will be ${var.project}-${var.env}-${var.name}. | string | `""` | no | +| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | string | `"redis"` | no | +| subnets | List of subnets to which this EC instance should be attached. They should probably be private. | list | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| address | - | -| port | - | +| address | | +| port | | diff --git a/aws-single-page-static-site/README.md b/aws-single-page-static-site/README.md index 91f4f1dc..5a0e9454 100644 --- a/aws-single-page-static-site/README.md +++ b/aws-single-page-static-site/README.md @@ -43,15 +43,15 @@ module "site" { | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| | aliases | Vanity aliases. Make sure your provided cert supports these. | list | `` | no | -| aws\_acm\_cert\_arn | An AWS ACM cert. Note that Cloudfront requires certs to be in us-east-1. | string | - | yes | -| aws\_route53\_zone\_id | A route53 zone ID used to write records. | string | - | yes | -| cloudfront\_price\_class | Cloudfront [price class](https://aws.amazon.com/cloudfront/pricing/). | string | `PriceClass_100` | no | -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | string | - | yes | -| index\_document\_path | The path to the index document of your site. | string | `index.html` | no | -| minimum\_tls\_version | Minimum TLS version to accept. | string | `TLSv1_2016` | no | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | string | - | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | string | - | yes | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | string | - | yes | -| subdomain | The subdomain for this static site. | string | - | yes | +| aws\_acm\_cert\_arn | An AWS ACM cert. Note that Cloudfront requires certs to be in us-east-1. | string | n/a | yes | +| aws\_route53\_zone\_id | A route53 zone ID used to write records. | string | n/a | yes | +| cloudfront\_price\_class | Cloudfront [price class](https://aws.amazon.com/cloudfront/pricing/). | string | `"PriceClass_100"` | no | +| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | string | n/a | yes | +| index\_document\_path | The path to the index document of your site. | string | `"index.html"` | no | +| minimum\_tls\_version | Minimum TLS version to accept. | string | `"TLSv1_2016"` | no | +| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | string | n/a | yes | +| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | string | n/a | yes | +| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | string | n/a | yes | +| subdomain | The subdomain for this static site. | string | n/a | yes | diff --git a/bless-ca/README.md b/bless-ca/README.md index 9d41ac78..3dddf15c 100644 --- a/bless-ca/README.md +++ b/bless-ca/README.md @@ -99,19 +99,19 @@ You can read more about Bless and SSH certificates here: | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| | authorized\_users | A list of IAM users authorized ot invoke bless and the corresponding kmsauth key. | list | `` | no | -| bless\_logging\_level | Bless lambda logging level. | string | `INFO` | no | -| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | string | - | yes | -| iam\_path | The IAM path under which the Bless lambda will be run. | string | `/` | no | -| kmsauth\_iam\_group\_name\_format | Formatting string to tell bless which IAM groups are relevant when checking SSH certificate principal validity. | string | `{}` | no | -| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | string | - | yes | -| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | string | - | yes | -| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | string | - | yes | +| bless\_logging\_level | Bless lambda logging level. | string | `"INFO"` | no | +| env | Env for tagging and naming. See [doc](../README.md#consistent-tagging) | string | n/a | yes | +| iam\_path | The IAM path under which the Bless lambda will be run. | string | `"/"` | no | +| kmsauth\_iam\_group\_name\_format | Formatting string to tell bless which IAM groups are relevant when checking SSH certificate principal validity. | string | `"{}"` | no | +| owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging) | string | n/a | yes | +| project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | string | n/a | yes | +| service | Service for tagging and naming. See [doc](../README.md#consistent-tagging) | string | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| ca\_public\_key | - | -| lambda\_arn | - | +| ca\_public\_key | | +| lambda\_arn | |