Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix tflint failed code #21

Merged
merged 1 commit into from
Feb 24, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion modules/access-analyzer/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ This module creates following resources.

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.2 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.22 |

## Providers
Expand Down
2 changes: 1 addition & 1 deletion modules/access-analyzer/versions.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 1.2"
required_version = ">= 1.3"

required_providers {
aws = {
Expand Down
2 changes: 1 addition & 1 deletion modules/cloudtrail-event-data-store/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ This module creates following resources.

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.2 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.53 |

## Providers
Expand Down
2 changes: 1 addition & 1 deletion modules/cloudtrail-event-data-store/iam.tf
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ module "role" {
]

inline_policies = {
"s3" = one(data.aws_iam_policy_document.s3.*.json)
"s3" = one(data.aws_iam_policy_document.s3[*].json)
}

resource_group_enabled = false
Expand Down
2 changes: 1 addition & 1 deletion modules/cloudtrail-event-data-store/versions.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 1.2"
required_version = ">= 1.3"

required_providers {
aws = {
Expand Down
8 changes: 4 additions & 4 deletions modules/cloudtrail-trail/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ This module creates following resources.

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.2 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.14 |

## Providers
Expand All @@ -26,7 +26,7 @@ This module creates following resources.
| Name | Source | Version |
|------|--------|---------|
| <a name="module_resource_group"></a> [resource\_group](#module\_resource\_group) | tedilabs/misc/aws//modules/resource-group | ~> 0.10.0 |
| <a name="module_role"></a> [role](#module\_role) | tedilabs/account/aws//modules/iam-role | ~> 0.20.0 |
| <a name="module_role"></a> [role](#module\_role) | tedilabs/account/aws//modules/iam-role | ~> 0.23.0 |

## Resources

Expand All @@ -49,8 +49,8 @@ This module creates following resources.
| <a name="input_delivery_s3_integrity_validation_enabled"></a> [delivery\_s3\_integrity\_validation\_enabled](#input\_delivery\_s3\_integrity\_validation\_enabled) | (Optional) To determine whether a log file was modified, deleted, or unchanged after AWS CloudTrail delivered it, use CloudTrail log file integrity validation. This feature is built using industry standard algorithms: SHA-256 for hashing and SHA-256 with RSA for digital signing. | `bool` | `true` | no |
| <a name="input_delivery_s3_key_prefix"></a> [delivery\_s3\_key\_prefix](#input\_delivery\_s3\_key\_prefix) | (Optional) The key prefix for the specified S3 bucket. | `string` | `null` | no |
| <a name="input_delivery_sns_topic"></a> [delivery\_sns\_topic](#input\_delivery\_sns\_topic) | (Optional) The name of the SNS topic for notification of log file delivery. | `string` | `null` | no |
| <a name="input_enabled"></a> [enabled](#input\_enabled) | (Optional) Whether the trail starts the recording of AWS API calls and log file delivery. | `bool` | `true` | no |
| <a name="input_insight_event"></a> [insight\_event](#input\_insight\_event) | (Optional) A configuration block for insight events logging to identify unusual operational activity. `insight_event` block as defined below.<br> (Required) `enabled` - Whether the trail to log insight events.<br> (Optional) `scopes` - A list of insight types to log on the trail. Valid values are `API_CALL_RATE` and `API_ERROR_RATE`. | <pre>object({<br> enabled = bool<br> scopes = list(string)<br> })</pre> | <pre>{<br> "enabled": false,<br> "scopes": []<br>}</pre> | no |
| <a name="input_enabled"></a> [enabled](#input\_enabled) | (Optional) Whether the trail starts the recording of AWS API calls and log file delivery. Defaults to `true`. | `bool` | `true` | no |
| <a name="input_insight_event"></a> [insight\_event](#input\_insight\_event) | (Optional) A configuration block for insight events logging to identify unusual operational activity. `insight_event` block as defined below.<br> (Required) `enabled` - Whether the trail to log insight events.<br> (Optional) `scopes` - A set of insight types to log on the trail. Valid values are `API_CALL_RATE` and `API_ERROR_RATE`. | <pre>object({<br> enabled = optional(bool, false)<br> scopes = optional(set(string), [])<br> })</pre> | `{}` | no |
| <a name="input_level"></a> [level](#input\_level) | (Optional) The level of the trail to decide whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Valid values are `ACCOUNT` and `ORGANIZATION`. Use `ORGANIZATION` level in Organization master account. Defaults to `ACCOUNT`. | `string` | `"ACCOUNT"` | no |
| <a name="input_management_event"></a> [management\_event](#input\_management\_event) | (Optional) A configuration block for management events logging to identify API activity for individual resources, or for all current and future resources in AWS account. `management_event` block as defined below.<br> (Required) `enabled` - Whether the trail to log management events.<br> (Optional) `scope` - The type of events to log. Valid values are `ALL`, `READ` and `WRITE`. Defaults to `ALL`.<br> (Optional) `exclude_event_sources` - A set of event sources to exclude. Valid values are `kms.amazonaws.com` and `rdsdata.amazonaws.com`. `management_event.enabled` must be set to true to allow this. | <pre>object({<br> enabled = bool<br> scope = string<br> exclude_event_sources = list(string)<br> })</pre> | <pre>{<br> "enabled": true,<br> "exclude_event_sources": [],<br> "scope": "ALL"<br>}</pre> | no |
| <a name="input_module_tags_enabled"></a> [module\_tags\_enabled](#input\_module\_tags\_enabled) | (Optional) Whether to create AWS Resource Tags for the module informations. | `bool` | `true` | no |
Expand Down
4 changes: 2 additions & 2 deletions modules/cloudtrail-trail/iam.tf
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ module "role" {
count = var.delivery_cloudwatch_logs_log_group != null ? 1 : 0

source = "tedilabs/account/aws//modules/iam-role"
version = "~> 0.20.0"
version = "~> 0.23.0"

name = "cloudtrail-${local.metadata.name}"
path = "/"
Expand All @@ -21,7 +21,7 @@ module "role" {
trusted_services = ["cloudtrail.amazonaws.com"]

inline_policies = {
"cloudwatch" = one(data.aws_iam_policy_document.cloudwatch.*.json)
"cloudwatch" = one(data.aws_iam_policy_document.cloudwatch[*].json)
}

resource_group_enabled = false
Expand Down
4 changes: 2 additions & 2 deletions modules/cloudtrail-trail/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ resource "aws_cloudtrail" "this" {

## Delivery - CloudWatch Logs
cloud_watch_logs_group_arn = var.delivery_cloudwatch_logs_log_group != null ? "${local.cloudwatch_log_group_arn}:*" : null
cloud_watch_logs_role_arn = var.delivery_cloudwatch_logs_log_group != null ? one(module.role.*.arn) : null
cloud_watch_logs_role_arn = var.delivery_cloudwatch_logs_log_group != null ? one(module.role[*].arn) : null

## Event Selector - Management Events
event_selector {
Expand All @@ -66,7 +66,7 @@ resource "aws_cloudtrail" "this" {

## Event Selector - Insight Events
dynamic "insight_selector" {
for_each = var.insight_event.enabled ? try(var.insight_event.scopes, []) : []
for_each = var.insight_event.enabled ? var.insight_event.scopes : []

content {
insight_type = local.insight_types[insight_selector.value]
Expand Down
4 changes: 2 additions & 2 deletions modules/cloudtrail-trail/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,8 @@ output "scope" {
output "iam_role" {
description = "The IAM Role for the CloudTrail trail."
value = {
arn = one(module.role.*.arn)
name = one(module.role.*.name)
arn = one(module.role[*].arn)
name = one(module.role[*].name)
}
}

Expand Down
21 changes: 12 additions & 9 deletions modules/cloudtrail-trail/variables.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
variable "name" {
description = "(Required) The name of the trail. The name can only contain uppercase letters, lowercase letters, numbers, periods (.), hyphens (-), and underscores (_)."
type = string
nullable = false

validation {
condition = can(regex("^[0-9A-Za-z-_\\.]+$", var.name))
Expand All @@ -9,7 +10,7 @@ variable "name" {
}

variable "enabled" {
description = "(Optional) Whether the trail starts the recording of AWS API calls and log file delivery."
description = "(Optional) Whether the trail starts the recording of AWS API calls and log file delivery. Defaults to `true`."
type = bool
default = true
nullable = false
Expand Down Expand Up @@ -106,21 +107,18 @@ variable "insight_event" {
description = <<EOF
(Optional) A configuration block for insight events logging to identify unusual operational activity. `insight_event` block as defined below.
(Required) `enabled` - Whether the trail to log insight events.
(Optional) `scopes` - A list of insight types to log on the trail. Valid values are `API_CALL_RATE` and `API_ERROR_RATE`.
(Optional) `scopes` - A set of insight types to log on the trail. Valid values are `API_CALL_RATE` and `API_ERROR_RATE`.
EOF
type = object({
enabled = bool
scopes = list(string)
enabled = optional(bool, false)
scopes = optional(set(string), [])
})
default = {
enabled = false
scopes = []
}
default = {}
nullable = false

validation {
condition = alltrue([
for scope in try(var.insight_event.scopes, []) :
for scope in var.insight_event.scopes :
contains(["API_CALL_RATE", "API_ERROR_RATE"], scope)
])
error_message = "Valid values for `insight_event.scopes` are `API_CALL_RATE`, `API_ERROR_RATE`."
Expand All @@ -131,12 +129,14 @@ variable "tags" {
description = "(Optional) A map of tags to add to all resources."
type = map(string)
default = {}
nullable = false
}

variable "module_tags_enabled" {
description = "(Optional) Whether to create AWS Resource Tags for the module informations."
type = bool
default = true
nullable = false
}


Expand All @@ -148,16 +148,19 @@ variable "resource_group_enabled" {
description = "(Optional) Whether to create Resource Group to find and group AWS resources which are created by this module."
type = bool
default = true
nullable = false
}

variable "resource_group_name" {
description = "(Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with `AWS` or `aws`."
type = string
default = ""
nullable = false
}

variable "resource_group_description" {
description = "(Optional) The description of Resource Group."
type = string
default = "Managed by Terraform."
nullable = false
}
2 changes: 1 addition & 1 deletion modules/cloudtrail-trail/versions.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 1.2"
required_version = ">= 1.3"

required_providers {
aws = {
Expand Down
2 changes: 1 addition & 1 deletion modules/config-managed-rule/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ This module creates following resources.

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.2 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.14 |

## Providers
Expand Down
2 changes: 1 addition & 1 deletion modules/config-managed-rule/versions.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 1.2"
required_version = ">= 1.3"

required_providers {
aws = {
Expand Down
2 changes: 1 addition & 1 deletion modules/config-recorder/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ This module creates following resources.

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.2 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.14 |

## Providers
Expand Down
2 changes: 1 addition & 1 deletion modules/config-recorder/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,7 @@ resource "aws_config_configuration_aggregator" "organization" {
organization_aggregation_source {
all_regions = try(length(var.organization_aggregation.regions) < 1, true)
regions = try(var.organization_aggregation.regions, null)
role_arn = module.role__aggregator.*.arn[0]
role_arn = module.role__aggregator[0].arn
}

tags = merge(
Expand Down
12 changes: 6 additions & 6 deletions modules/config-recorder/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -71,11 +71,11 @@ output "account_aggregations" {
output "organization_aggregation" {
description = "The configuration to aggregate config data from organization accounts."
value = try({
arn = aws_config_configuration_aggregator.organization.*.arn[0]
id = aws_config_configuration_aggregator.organization.*.id[0]
name = aws_config_configuration_aggregator.organization.*.name[0]
all_regions = aws_config_configuration_aggregator.organization.*.organization_aggregation_source[0][0].all_regions
regions = aws_config_configuration_aggregator.organization.*.organization_aggregation_source[0][0].regions
role_arn = aws_config_configuration_aggregator.organization.*.organization_aggregation_source[0][0].role_arn
arn = aws_config_configuration_aggregator.organization[*].arn[0]
id = aws_config_configuration_aggregator.organization[*].id[0]
name = aws_config_configuration_aggregator.organization[*].name[0]
all_regions = aws_config_configuration_aggregator.organization[*].organization_aggregation_source[0][0].all_regions
regions = aws_config_configuration_aggregator.organization[*].organization_aggregation_source[0][0].regions
role_arn = aws_config_configuration_aggregator.organization[*].organization_aggregation_source[0][0].role_arn
}, null)
}
2 changes: 1 addition & 1 deletion modules/config-recorder/versions.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 1.2"
required_version = ">= 1.3"

required_providers {
aws = {
Expand Down
4 changes: 2 additions & 2 deletions modules/macie-account/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,14 +11,14 @@ This module creates following resources.

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.2 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.14 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.52.0 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.53.0 |

## Modules

Expand Down
2 changes: 1 addition & 1 deletion modules/macie-account/versions.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 1.2"
required_version = ">= 1.3"

required_providers {
aws = {
Expand Down