elastio · Veetaha · Mar 21, 2025 · Mar 21, 2025 · Mar 21, 2025 · Mar 21, 2025
diff --git a/.githooks/pre-commit b/.githooks/pre-commit
@@ -9,7 +9,11 @@
 # ln -s ../../.githooks/pre-commit .git/hooks/pre-commit
 # ```
 
-set -euxo pipefail
+set -euo pipefail
+
+script_dir=$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")
+
+tf_modules=$("$script_dir/../.github/scripts/collect-modules.sh")
 
 function command_exists() {
   bin_name=$(basename "$1")
@@ -25,21 +29,17 @@ function command_exists() {
 
 files=$(git diff --cached --name-only --diff-filter=ACMR | sed 's| |\\ |g')
 
-if [[ -z "$files" ]]; then
-  echo "No files changed. Exiting the pre-commit hook..."
-  exit 0
-fi
-
 if command_exists typos; then
   echo "$files" | xargs typos
 fi
 
 if command_exists terraform-docs; then
-  pushd asset-account/terraform/stack-set
-  files="$files asset-account/terraform/stack-set/README.md"
+  for tf_module in $tf_modules; do
+    terraform-docs markdown "$tf_module" --output-file "README.md"
 
-  terraform-docs markdown . --output-file README.md
-  popd
+    # Extend `$files` to make `prettier` format the generated README.md
+    files="$files $tf_module/README.md"
+  done
 fi
 
 if command_exists ./node_modules/.bin/prettier; then

diff --git a/.github/actions/collect-modules/action.yaml b/.github/actions/collect-modules/action.yaml
@@ -13,21 +13,6 @@ runs:
     - name: Find modules
       id: find-modules
       run: |
-        set -eu
-
-        tf_modules=()
-        for module_cfg in $(find . -name .module.toml); do
-          case $(yq -o y .module.type $module_cfg) in
-            null)
-              echo "Warning:  module type not found in $module_cfg"
-              continue
-              ;;
-            terraform)
-              echo "Found Terraform module in $module_cfg"
-              tf_modules+=($(dirname $module_cfg))
-              ;;
-          esac
-        done
-
+        tf_modules=$(./.github/scripts/collect-modules.sh)
         echo tf-modules=$(printf '%s\n' "${tf_modules[@]}" | jq -cnR '[inputs]') > $GITHUB_OUTPUT
       shell: bash
diff --git a/.github/scripts/collect-modules.sh b/.github/scripts/collect-modules.sh
@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+tf_modules=()
+while IFS= read -r -d '' module_cfg; do
+    case $(yq -o y .module.type "$module_cfg") in
+    null)
+        echo "Warning: module type not found in $module_cfg" >&2
+        exit 1
+        ;;
+    terraform)
+        echo "Found Terraform module in $module_cfg" >&2
+        tf_modules+=("$(dirname "$module_cfg")")
+        ;;
+    esac
+done < <(find . -name .module.toml -print0)
+
+printf '%s\n' "${tf_modules[@]}"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -43,6 +43,7 @@ jobs:
         project:
           - asset-account/terraform/stack-set/examples/self-managed
           - asset-account/terraform/stack-set/examples/service-managed
+          - connector/terraform/examples/basic
 
     steps:
       - uses: actions/checkout@v4
@@ -91,6 +92,7 @@ jobs:
       - run: ./terraform-docs markdown . --output-file README.md
         working-directory: ${{ matrix.terraform_module }}
 
+      # Apply prettier to the generated docs before we check the diff
       - run: npx prettier -w .
 
       - run: >-

diff --git a/.tflint.hcl b/.tflint.hcl
@@ -23,3 +23,8 @@ plugin "azurerm" {
     version = "0.27.0"
     source  = "github.com/terraform-linters/tflint-ruleset-azurerm"
 }
+
+# There is no need to create empty `outputs.tf` or `variables.tf` files.
+rule "terraform_standard_module_structure" {
+  enabled = false
+}
diff --git a/asset-account/terraform/stack-set/.module.toml b/asset-account/terraform/stack-set/.module.toml
@@ -1,5 +1,5 @@
 [module]
 name = "aws-elastio-asset-account-stack-set"
-description = "Terraform module for creating an asset account stack"
+description = "Terraform module for creating the Elastio Asset Account stack"
 type = "terraform"
 version = "0.33.0"
diff --git a/asset-account/terraform/stack-set/README.md b/asset-account/terraform/stack-set/README.md
@@ -28,14 +28,14 @@ module "elastio_asset_account" {
 
 | Name                                                                     | Version |
 | ------------------------------------------------------------------------ | ------- |
-| <a name="requirement_terraform"></a> [terraform](#requirement_terraform) | >= 1.0  |
-| <a name="requirement_aws"></a> [aws](#requirement_aws)                   | >= 5.0  |
+| <a name="requirement_terraform"></a> [terraform](#requirement_terraform) | ~> 1.0  |
+| <a name="requirement_aws"></a> [aws](#requirement_aws)                   | ~> 5.0  |
 
 ## Providers
 
 | Name                                             | Version |
 | ------------------------------------------------ | ------- |
-| <a name="provider_aws"></a> [aws](#provider_aws) | >= 5.0  |
+| <a name="provider_aws"></a> [aws](#provider_aws) | ~> 5.0  |
 
 ## Modules
 

diff --git a/asset-account/terraform/stack-set/examples/self-managed/outputs.tf b/asset-account/terraform/stack-set/examples/self-managed/outputs.tf
diff --git a/asset-account/terraform/stack-set/examples/self-managed/versions.tf b/asset-account/terraform/stack-set/examples/self-managed/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = "~> 1.0"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.0"
+      version = "~> 5.0"
     }
   }
 }
diff --git a/asset-account/terraform/stack-set/examples/service-managed/outputs.tf b/asset-account/terraform/stack-set/examples/service-managed/outputs.tf
diff --git a/asset-account/terraform/stack-set/examples/service-managed/versions.tf b/asset-account/terraform/stack-set/examples/service-managed/versions.tf
@@ -1,3 +1,3 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = "~> 1.0"
 }
diff --git a/asset-account/terraform/stack-set/outputs.tf b/asset-account/terraform/stack-set/outputs.tf
@@ -1,4 +1,3 @@
-
 output "stack_set" {
   value       = aws_cloudformation_stack_set.this
   description = <<DESCR

diff --git a/asset-account/terraform/stack-set/versions.tf b/asset-account/terraform/stack-set/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = "~> 1.0"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.0"
+      version = "~> 5.0"
     }
   }
 }
diff --git a/connector/terraform/.module.toml b/connector/terraform/.module.toml
@@ -0,0 +1,5 @@
+[module]
+name = "aws-elastio-connector"
+description = "Terraform module for creating the Elastio Connector Account and Region stacks"
+type = "terraform"
+version = "0.33.0"
diff --git a/connector/terraform/README.md b/connector/terraform/README.md
diff --git a/connector/terraform/examples/basic/.terraform.lock.hcl b/connector/terraform/examples/basic/.terraform.lock.hcl
diff --git a/connector/terraform/examples/basic/main.tf b/connector/terraform/examples/basic/main.tf
@@ -0,0 +1,15 @@
+module "elastio_connectors" {
+  source = "../../"
+
+  elastio_tenant = var.elastio_tenant
+  elastio_pat    = var.elastio_pat
+
+  elastio_cloud_connectors = [
+    {
+      region = "us-east-1"
+    },
+    {
+      region = "us-east-2",
+    }
+  ]
+}
diff --git a/connector/terraform/examples/basic/variables.tf b/connector/terraform/examples/basic/variables.tf
@@ -0,0 +1,12 @@
+variable "elastio_pat" {
+  description = "Personal Access Token generated by the Elastio Portal"
+  sensitive   = true
+  type        = string
+  nullable    = false
+}
+
+variable "elastio_tenant" {
+  description = "Name of your Elastio tenant. For example `mycompany.app.elastio.com`"
+  type        = string
+  nullable    = false
+}
diff --git a/connector/terraform/examples/basic/versions.tf b/connector/terraform/examples/basic/versions.tf
@@ -0,0 +1,3 @@
+terraform {
+  required_version = "~> 1.0"
+}
diff --git a/connector/terraform/main.tf b/connector/terraform/main.tf
@@ -0,0 +1,47 @@
+locals {
+  connectors = {
+    for connector in var.elastio_cloud_connectors :
+    connector.region => connector
+  }
+}
+
+module "account" {
+  source = "./modules/account"
+
+  elastio_pat    = var.elastio_pat
+  elastio_tenant = var.elastio_tenant
+
+  regional_configs                      = var.elastio_cloud_connectors
+  encrypt_with_cmk                      = var.encrypt_with_cmk
+  lambda_tracing                        = var.lambda_tracing
+  global_managed_policies               = var.global_managed_policies
+  global_permission_boundary            = var.global_permission_boundary
+  iam_resource_names_prefix             = var.iam_resource_names_prefix
+  iam_resource_names_suffix             = var.iam_resource_names_suffix
+  iam_resource_names_static             = var.iam_resource_names_static
+  disable_customer_managed_iam_policies = var.disable_customer_managed_iam_policies
+  service_linked_roles                  = var.service_linked_roles
+  ecr_public_prefix                     = var.ecr_public_prefix
+  network_configuration                 = var.network_configuration
+}
+
+module "region" {
+  source   = "./modules/region"
+  for_each = local.connectors
+
+  elastio_pat    = var.elastio_pat
+  elastio_tenant = var.elastio_tenant
+
+  region                  = each.value.region
+  vpc_id                  = each.value.vpc_id
+  subnet_ids              = each.value.subnet_ids
+  connector_account_stack = module.account.cloudformation_stack
+}
+
+module "nat_provision" {
+  source   = "./modules/nat-provision"
+  for_each = var.elastio_nat_provision_stack == null ? {} : local.connectors
+
+  template_version        = var.elastio_nat_provision_stack
+  connector_account_stack = module.account.cloudformation_stack
+}
diff --git a/connector/terraform/modules/account/.module.toml b/connector/terraform/modules/account/.module.toml
@@ -0,0 +1,5 @@
+[module]
+name = "aws-elastio-connector-account"
+description = "Terraform module for creating the Elastio Connector Account stack"
+type = "terraform"
+version = "0.33.0"