Updated references and examples

.pre-commit-config.yaml

@@ -1,16 +1,29 @@
 repos:
- - repo: https://github.com/squareops/pre-commit
- rev: v0.1.12
- hooks:
- - id: terraform-fmt
- - id: terraform-validate
- - id: tflint
- - repo: https://github.com/squareops/pre-commit-terraform
- rev: v1.47.0
- hooks:
- - id: terraform_docs
  - repo: https://github.com/pre-commit/pre-commit-hooks
  rev: v4.1.0
  hooks:
+ - id: trailing-whitespace
+ args: ['--markdown-linebreak-ext=md']
+ - id: end-of-file-fixer
  - id: check-merge-conflict
- # - id: end-of-file-fixer
+ - id: detect-private-key
+ - id: detect-aws-credentials
+ args: ['--allow-missing-credentials']
+ - repo: https://github.com/antonbabenko/pre-commit-terraform
+ rev: v1.77.0
+ hooks:
+ - id: terraform_fmt
+ - id: terraform_docs
+ args:
+ - '--args=--lockfile=false'
+ - --hook-config=--add-to-existing-file=true
+ - --hook-config=--create-file-if-not-exist=true
+
+ - id: terraform_tflint
+ args:
+ - --args=--config=.tflint.hcl
+ - id: terraform_tfsec
+ files: ^examples/ # only scan `examples/*` which are the implementation
+ args:
+ - --args=--config-file=__GIT_WORKING_DIR__/tfsec.yaml
+ - --args=--concise-output

.tflint.hcl

@@ -41,4 +41,4 @@ rule "terraform_naming_convention" {
  locals {
  format = "none"
  }
-}
+}

IAM.md

@@ -28,4 +28,4 @@ The Policy required to deploy this module:
  },
  ]
 }
-```
+```

README.md

@@ -72,9 +72,9 @@ The required IAM permissions to create resources from this module can be found [
 
 | Name | Version |
 |------|---------|
-| <a name="provider_archive"></a> [archive](#provider\_archive) | 2.4.0 |
+| <a name="provider_archive"></a> [archive](#provider\_archive) | n/a |
 | <a name="provider_aws"></a> [aws](#provider\_aws) | 5.13.1 |
-| <a name="provider_random"></a> [random](#provider\_random) | 3.5.1 |
+| <a name="provider_random"></a> [random](#provider\_random) | n/a |
 
 ## Modules
 
@@ -152,6 +152,7 @@ The required IAM permissions to create resources from this module can be found [
 | <a name="input_replicate_source_db"></a> [replicate\_source\_db](#input\_replicate\_source\_db) | Specifies that this resource is a replicate database, and uses the specified value as the source database identifier | `string` | `null` | no |
 | <a name="input_skip_final_snapshot"></a> [skip\_final\_snapshot](#input\_skip\_final\_snapshot) | Determines whether a final DB snapshot is created before the DB instance is deleted. If set to true, no DB snapshot is created. If set to false, a DB snapshot is created before the DB instance is deleted, using the value from final\_snapshot\_identifier | `bool` | `true` | no |
 | <a name="input_slack_channel"></a> [slack\_channel](#input\_slack\_channel) | The Slack channel where notifications will be posted. | `string` | `""` | no |
+| <a name="input_slack_notification_enabled"></a> [slack\_notification\_enabled](#input\_slack\_notification\_enabled) | Whether to enable/disable slack notification. | `bool` | `false` | no |
 | <a name="input_slack_username"></a> [slack\_username](#input\_slack\_username) | The username to use when sending notifications to Slack. | `string` | `""` | no |
 | <a name="input_slack_webhook_url"></a> [slack\_webhook\_url](#input\_slack\_webhook\_url) | The Slack Webhook URL where notifications will be sent. | `string` | `""` | no |
 | <a name="input_snapshot_identifier"></a> [snapshot\_identifier](#input\_snapshot\_identifier) | Specifies whether to create the database from a snapshot. Use the snapshot ID found in the RDS console, e.g., rds:production-2015-06-26-06-05 | `string` | `null` | no |
@@ -213,4 +214,4 @@ We believe that the key to success in the digital age is the ability to deliver
 
 We provide [support](https://squareops.com/contact-us/) on all of our projects, no matter how small or large they may be.
 
-To find more information about our company, visit [squareops.com](https://squareops.com/), follow us on [Linkedin](https://www.linkedin.com/company/squareops-technologies-pvt-ltd/), or fill out a [job application](https://squareops.com/careers/). If you have any questions or would like assistance with your cloud strategy and implementation, please don't hesitate to [contact us](https://squareops.com/contact-us/).
+To find more information about our company, visit [squareops.com](https://squareops.com/), follow us on [Linkedin](https://www.linkedin.com/company/squareops-technologies-pvt-ltd/), or fill out a [job application](https://squareops.com/careers/). If you have any questions or would like assistance with your cloud strategy and implementation, please don't hesitate to [contact us](https://squareops.com/contact-us/).

examples/complete-psql-replica/main.tf

@@ -1,15 +1,15 @@
 locals {
- region = "us-east-2"
- name = "postgresql"
- family = "postgres15"
- vpc_cidr = "10.20.0.0/16"
- environment = "prod"
- storage_type = "gp3"
- engine_version = "15.2"
- instance_class = "db.m5d.large"
- replica_enable = true
- replica_count = 1
- current_identity = data.aws_caller_identity.current.arn
+ region  = "us-east-2"
+ name  = "postgresql"
+ family  = "postgres15"
+ vpc_cidr  = "10.20.0.0/16"
+ environment  = "prod"
+ storage_type  = "gp3"
+ engine_version  = "15.2"
+ instance_class  = "db.m5d.large"
+ replica_enable  = true
+ replica_count  = 1
+ current_identity  = data.aws_caller_identity.current.arn
  allowed_security_groups = ["sg-0a680afd35"]
  additional_tags = {
  Owner = "Organization_Name"
@@ -32,11 +32,11 @@ module "kms" {
  multi_region = true
 
  # Policy
- enable_default_policy  = true
- key_owners  = [local.current_identity]
- key_administrators  = [local.current_identity]
- key_users  = [local.current_identity]
- key_service_users  = [local.current_identity]
+ enable_default_policy = true
+ key_owners = [local.current_identity]
+ key_administrators = [local.current_identity]
+ key_users = [local.current_identity]
+ key_service_users = [local.current_identity]
  key_statements = [
  {
  sid = "CloudWatchLogs"
@@ -66,17 +66,17 @@ module "kms" {
 
 
 module "vpc" {
- source = "squareops/vpc/aws"
- name = local.name
- vpc_cidr = local.vpc_cidr
- environment = local.environment
- availability_zones = ["us-east-2a", "us-east-2b"]
- public_subnet_enabled = true
- auto_assign_public_ip = true
- intra_subnet_enabled  = false
- private_subnet_enabled  = true
- one_nat_gateway_per_az  = false
- database_subnet_enabled  = true
+ source  = "squareops/vpc/aws"
+ name  = local.name
+ vpc_cidr  = local.vpc_cidr
+ environment  = local.environment
+ availability_zones  = ["us-east-2a", "us-east-2b"]
+ public_subnet_enabled  = true
+ auto_assign_public_ip  = true
+ intra_subnet_enabled = false
+ private_subnet_enabled = true
+ one_nat_gateway_per_az = false
+ database_subnet_enabled = true
 }
 
 module "rds-pg" {

examples/complete-psql-replica/output.tf

@@ -25,7 +25,7 @@ output "instance_username" {
 output "instance_password" {
  description = "Password for accessing the database (Note: Terraform does not track this password after initial creation)."
  value = module.rds-pg.db_instance_password
- sensitive = false
+ sensitive  = false
 }
 
 output "security_group" {
@@ -45,4 +45,4 @@ output "subnet_group_id" {
 
 output "master_user_secret_arn" {
  value = module.rds-pg.master_credential_secret_arn
-}
+}

examples/complete/main.tf

@@ -1,13 +1,13 @@
 locals {
- region = "us-east-2"
- name = "postgresql"
- family = "postgres15"
- vpc_cidr = "10.20.0.0/16"
- environment = "prod"
- engine_version = "15.2"
- instance_class = "db.m5d.large"
- storage_type = "gp3"
- current_identity = data.aws_caller_identity.current.arn
+ region  = "us-east-2"
+ name  = "postgresql"
+ family  = "postgres15"
+ vpc_cidr  = "10.20.0.0/16"
+ environment  = "prod"
+ engine_version  = "15.2"
+ instance_class  = "db.m5d.large"
+ storage_type  = "gp3"
+ current_identity  = data.aws_caller_identity.current.arn
  allowed_security_groups = ["sg-0a680afd35"]
  additional_tags = {
  Owner = "Organization_Name"
@@ -30,11 +30,11 @@ module "kms" {
  multi_region = true
 
  # Policy
- enable_default_policy  = true
- key_owners  = [local.current_identity]
- key_administrators  = [local.current_identity]
- key_users  = [local.current_identity]
- key_service_users  = [local.current_identity]
+ enable_default_policy = true
+ key_owners = [local.current_identity]
+ key_administrators = [local.current_identity]
+ key_users = [local.current_identity]
+ key_service_users = [local.current_identity]
  key_statements = [
  {
  sid = "Allow use of the key"
@@ -49,22 +49,22 @@ module "kms" {
 
  principals = [
  {
- type  = "Service"
+ type = "Service"
  identifiers = [
  "monitoring.rds.amazonaws.com",
  "rds.amazonaws.com",
  ]
  }
  ]
  },
-  {
- sid = "Enable IAM User Permissions"
- actions = ["kms:*"]
+ {
+ sid  = "Enable IAM User Permissions"
+ actions  = ["kms:*"]
  resources = ["*"]
 
  principals = [
  {
- type  = "AWS"
+ type = "AWS"
  identifiers = [
  "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root",
  data.aws_caller_identity.current.arn,
@@ -82,17 +82,17 @@ module "kms" {
 
 
 module "vpc" {
- source = "squareops/vpc/aws"
- name = local.name
- vpc_cidr = local.vpc_cidr
- environment = local.environment
- availability_zones = ["us-east-2a", "us-east-2b"]
- public_subnet_enabled = true
- auto_assign_public_ip = true
- intra_subnet_enabled  = false
- private_subnet_enabled  = true
- one_nat_gateway_per_az  = false
- database_subnet_enabled  = true
+ source  = "squareops/vpc/aws"
+ name  = local.name
+ vpc_cidr  = local.vpc_cidr
+ environment  = local.environment
+ availability_zones  = ["us-east-2a", "us-east-2b"]
+ public_subnet_enabled  = true
+ auto_assign_public_ip  = true
+ intra_subnet_enabled = false
+ private_subnet_enabled = true
+ one_nat_gateway_per_az = false
+ database_subnet_enabled = true
 }
 
 module "rds-pg" {

examples/complete/output.tf

@@ -25,7 +25,7 @@ output "instance_username" {
 output "instance_password" {
  description = "Password for accessing the database (Note: Terraform does not track this password after initial creation)."
  value = module.rds-pg.db_instance_password
- sensitive = false
+ sensitive  = false
 }
 
 output "security_group" {
@@ -45,4 +45,4 @@ output "subnet_group_id" {
 
 output "master_user_secret_arn" {
  value = module.rds-pg.master_credential_secret_arn
-}
+}

lambda/README.md

@@ -16,7 +16,7 @@ No requirements.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.17.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
 
 ## Modules
 
@@ -56,4 +56,4 @@ No modules.
 | <a name="output_exec_role_id"></a> [exec\_role\_id](#output\_exec\_role\_id) | The ID of the Function's IAM Role. |
 | <a name="output_invoke_arn"></a> [invoke\_arn](#output\_invoke\_arn) | The ARN to be used for invoking Lambda Function from API Gateway. |
 | <a name="output_name"></a> [name](#output\_name) | The name of the Lambda Function. |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

lambda/sns_slack.py

@@ -33,7 +33,7 @@ def format_cloudwatch_alarm_message(event):
  return message
 
 def lambda_handler(event, context):
- url = slack_url 
+ url = slack_url
  msg = {
  "channel": slack_channel,
  "username": slack_user,
@@ -43,9 +43,9 @@ def lambda_handler(event, context):
 
  encoded_msg = json.dumps(msg).encode('utf-8')
  resp = http.request('POST', url, body=encoded_msg)
- 
+
  print({
  "message": msg,
  "status_code": resp.status,
  "response": resp.data
- })
+ })