diff --git a/modules/api-gateway/README.md b/modules/api-gateway/README.md
index 7c845997..1fddbc22 100644
--- a/modules/api-gateway/README.md
+++ b/modules/api-gateway/README.md
@@ -193,19 +193,19 @@ provider "aws" {
| [body](#input\_body) | An OpenAPI/Sagger specification json string with description of paths/resources/methods, check AWS docs for more info: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-import-api.html | `string` | `null` | no |
| [create\_cloudwatch\_log\_role](#input\_create\_cloudwatch\_log\_role) | This allows to create cloudwatch role which is one per aws account and is not region specific | `bool` | `false` | no |
| [create\_iam\_user](#input\_create\_iam\_user) | Whether to create specific api access user to api gateway./[''871]. | `bool` | `true` | no |
-| [custom\_domain\_additional\_options](#input\_custom\_domain\_additional\_options) | Additional route53 configs in this list for using along side to custom\_domain listing | list(list(object({
set_identifier = string
geolocation_routing_policy = any
}))) | `[]` | no |
-| [custom\_domains](#input\_custom\_domains) | Allows to setup/attach custom domain to api gateway setup, it will create also r53 record and certificate. Note that all keys of object are required to pass when you need one | list(object({
name = string # this is just first/prefix/subdomain part of domain without zone part
zone_name = string
})) | `[]` | no |
+| [custom\_domain\_additional\_options](#input\_custom\_domain\_additional\_options) | Additional route53 configs in this list for using along side to custom\_domain listing | list(list(object({
set_identifier = string
geolocation_routing_policy = any
}))) | `[]` | no |
+| [custom\_domains](#input\_custom\_domains) | Allows to setup/attach custom domain to api gateway setup, it will create also r53 record and certificate. Note that all keys of object are required to pass when you need one | list(object({
name = string # this is just first/prefix/subdomain part of domain without zone part
zone_name = string
})) | `[]` | no |
| [enable\_access\_logs](#input\_enable\_access\_logs) | Weather enable or not the access logs on stage | `bool` | `true` | no |
| [enable\_monitoring](#input\_enable\_monitoring) | n/a | `bool` | `true` | no |
| [endpoint\_config\_type](#input\_endpoint\_config\_type) | API Gateway config type. Valid values: EDGE, REGIONAL or PRIVATE | `string` | `"REGIONAL"` | no |
| [method\_path](#input\_method\_path) | n/a | `string` | `"*/*"` | no |
-| [monitoring\_settings](#input\_monitoring\_settings) | n/a | `map` | {
"data_trace_enabled": true,
"logging_level": "INFO",
"metrics_enabled": true,
"throttling_burst_limit": 50,
"throttling_rate_limit": 100
} | no |
+| [monitoring\_settings](#input\_monitoring\_settings) | n/a | `map` | {
"data_trace_enabled": true,
"logging_level": "INFO",
"metrics_enabled": true,
"throttling_burst_limit": 50,
"throttling_rate_limit": 100
} | no |
| [name](#input\_name) | The name of API gateway | `string` | n/a | yes |
| [pgp\_key](#input\_pgp\_key) | Either a base-64 encoded PGP public key, or a keybase username in the form `keybase:username`. Used to encrypt password and access key. `pgp_key` is required when `create_iam_user_login_profile` is set to `true` | `string` | `null` | no |
-| [root\_resource\_configs](#input\_root\_resource\_configs) | The methods/methods\_responses/integrations configs for root '/' resource, the key is HTTPS method like ANY/POST/GET | `any` | {
"POST": {
"api_key_required": true,
"authorization": "NONE",
"integration": {
"endpoint_uri": "https://www.google.de",
"integration_http_method": null,
"request_parameters": {
"integration.request.header.x-api-key": "method.request.header.x-api-key"
},
"type": "HTTP"
},
"request_parameters": {},
"response": {
"models": null,
"status_code": "200"
}
}
} | no |
+| [root\_resource\_configs](#input\_root\_resource\_configs) | The methods/methods\_responses/integrations configs for root '/' resource, the key is HTTPS method like ANY/POST/GET | `any` | {
"POST": {
"api_key_required": true,
"authorization": "NONE",
"integration": {
"endpoint_uri": "https://www.google.de",
"integration_http_method": null,
"request_parameters": {
"integration.request.header.x-api-key": "method.request.header.x-api-key"
},
"type": "HTTP"
},
"request_parameters": {},
"response": {
"models": null,
"status_code": "200"
}
}
} | no |
| [set\_account\_settings](#input\_set\_account\_settings) | The account setting is important to have per account region level set before enabling logging as it have important setting set for cloudwatch role arn, also cloudwatch role should be created before enabling setting | `bool` | `false` | no |
| [stage\_name](#input\_stage\_name) | n/a | `string` | `"api-stage"` | no |
-| [usage\_plan\_values](#input\_usage\_plan\_values) | n/a | `any` | {
"quota_limit": 10000,
"quota_period": "MONTH",
"throttle_burst_limit": 1000,
"throttle_rate_limit": 500,
"usage_plan_description": "my description",
"usage_plan_name": "my-usage-plan"
} | no |
+| [usage\_plan\_values](#input\_usage\_plan\_values) | n/a | `any` | {
"quota_limit": 10000,
"quota_period": "MONTH",
"throttle_burst_limit": 1000,
"throttle_rate_limit": 500,
"usage_plan_description": "my description",
"usage_plan_name": "my-usage-plan"
} | no |
## Outputs
diff --git a/modules/api-gateway/custom-domain/README.md b/modules/api-gateway/custom-domain/README.md
index 69e0d44e..af434d4b 100644
--- a/modules/api-gateway/custom-domain/README.md
+++ b/modules/api-gateway/custom-domain/README.md
@@ -32,8 +32,8 @@ No requirements.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [api\_id](#input\_api\_id) | The API Gateway id | `string` | n/a | yes |
-| [custom\_domain\_additional\_options](#input\_custom\_domain\_additional\_options) | Additional route53 configs in this list for using along side to custom\_domain listing | list(list(object({
set_identifier = string
geolocation_routing_policy = any
}))) | `[]` | no |
-| [custom\_domains](#input\_custom\_domains) | Allows to setup/attach custom domain to api gateway setup, it will create also r53 record and certificate. Note that all keys of object are required to pass when you need one | list(object({
name = string # this is just first/prefix/subdomain part of domain without zone part
zone_name = string
})) | `[]` | no |
+| [custom\_domain\_additional\_options](#input\_custom\_domain\_additional\_options) | Additional route53 configs in this list for using along side to custom\_domain listing | list(list(object({
set_identifier = string
geolocation_routing_policy = any
}))) | `[]` | no |
+| [custom\_domains](#input\_custom\_domains) | Allows to setup/attach custom domain to api gateway setup, it will create also r53 record and certificate. Note that all keys of object are required to pass when you need one | list(object({
name = string # this is just first/prefix/subdomain part of domain without zone part
zone_name = string
})) | `[]` | no |
| [endpoint\_config\_type](#input\_endpoint\_config\_type) | API Gateway config type. Valid values: EDGE, REGIONAL or PRIVATE | `string` | `"REGIONAL"` | no |
| [stage\_name](#input\_stage\_name) | The API Gateway stage name | `string` | n/a | yes |
diff --git a/modules/appconfig/README.md b/modules/appconfig/README.md
index 311264a9..9b65fd8b 100644
--- a/modules/appconfig/README.md
+++ b/modules/appconfig/README.md
@@ -125,10 +125,10 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [configs](#input\_configs) | List of configuration profiles/flags | list(object({
name = string
content_type = optional(string, "application/json")
version = optional(string, "1")
content = optional(string, null) # in case some specific content needs to be set you can use this field instead of flags, but usually the flags should be used
flags = optional(list(object({
name = string
enabled = optional(bool, false)
deprecation_status = optional(string, null)
attributes = optional(list(object({
name = string
type = optional(string, "string")
required = optional(bool, true)
value = optional(string, "")
})), [])
})), [])
description = optional(string, "")
location_uri = optional(string, "hosted")
type = optional(string, "AWS.AppConfig.FeatureFlags")
validators = optional(list(object({
type = optional(string, "JSON_SCHEMA")
content = optional(string, null)
})), [])
})) | `[]` | no |
-| [deployment\_strategies](#input\_deployment\_strategies) | List of deployment strategies with configs | list(object({
name = string # the name should be unique
description = optional(string, null)
deployment_duration_in_minutes = optional(number, 3)
final_bake_time_in_minutes = optional(number, 4)
growth_factor = optional(number, 10)
growth_type = optional(string, "LINEAR")
replicate_to = optional(string, "NONE")
})) | `[]` | no |
+| [configs](#input\_configs) | List of configuration profiles/flags | list(object({
name = string
content_type = optional(string, "application/json")
version = optional(string, "1")
content = optional(string, null) # in case some specific content needs to be set you can use this field instead of flags, but usually the flags should be used
flags = optional(list(object({
name = string
enabled = optional(bool, false)
deprecation_status = optional(string, null)
attributes = optional(list(object({
name = string
type = optional(string, "string")
required = optional(bool, true)
value = optional(string, "")
})), [])
})), [])
description = optional(string, "")
location_uri = optional(string, "hosted")
type = optional(string, "AWS.AppConfig.FeatureFlags")
validators = optional(list(object({
type = optional(string, "JSON_SCHEMA")
content = optional(string, null)
})), [])
})) | `[]` | no |
+| [deployment\_strategies](#input\_deployment\_strategies) | List of deployment strategies with configs | list(object({
name = string # the name should be unique
description = optional(string, null)
deployment_duration_in_minutes = optional(number, 3)
final_bake_time_in_minutes = optional(number, 4)
growth_factor = optional(number, 10)
growth_type = optional(string, "LINEAR")
replicate_to = optional(string, "NONE")
})) | `[]` | no |
| [description](#input\_description) | Application description | `string` | `""` | no |
-| [environments](#input\_environments) | List of environments with configs | list(object({
name = string # the name should be unique
description = optional(string, null)
deployment_duration_in_minutes = optional(number, 3)
deploys = optional(list(object({
config = string
strategy = optional(string, "AppConfig.AllAtOnce")
version = optional(string, "1")
})), [])
monitors = optional(list(object({
alarm_arn = string
alarm_role_arn = string
})), [])
})) | `[]` | no |
+| [environments](#input\_environments) | List of environments with configs | list(object({
name = string # the name should be unique
description = optional(string, null)
deployment_duration_in_minutes = optional(number, 3)
deploys = optional(list(object({
config = string
strategy = optional(string, "AppConfig.AllAtOnce")
version = optional(string, "1")
})), [])
monitors = optional(list(object({
alarm_arn = string
alarm_role_arn = string
})), [])
})) | `[]` | no |
| [name](#input\_name) | Application name | `string` | n/a | yes |
## Outputs
diff --git a/modules/aws-alb-to-cloudwatch-lambda/README.md b/modules/aws-alb-to-cloudwatch-lambda/README.md
index 7bfb64b5..420c1b0b 100644
--- a/modules/aws-alb-to-cloudwatch-lambda/README.md
+++ b/modules/aws-alb-to-cloudwatch-lambda/README.md
@@ -187,11 +187,11 @@ If a `role` is not provided then one will be created automatically. There are va
| [codebuild\_queued\_timeout\_in\_minutes](#input\_codebuild\_queued\_timeout\_in\_minutes) | The number of minutes CodeBuild is allowed to be queued before it times out. | `number` | `15` | no |
| [codebuild\_timeout\_in\_minutes](#input\_codebuild\_timeout\_in\_minutes) | The number of minutes CodeBuild is allowed to run before it times out. | `number` | `60` | no |
| [create\_role](#input\_create\_role) | Create an IAM role for the function. Only required when `role` is a computed/unknown value. | `bool` | `null` | no |
-| [dead\_letter\_config](#input\_dead\_letter\_config) | Nested block to configure the function's dead letter queue. See details below. | object({
target_arn = string
}) | `null` | no |
+| [dead\_letter\_config](#input\_dead\_letter\_config) | Nested block to configure the function's dead letter queue. See details below. | object({
target_arn = string
}) | `null` | no |
| [description](#input\_description) | Description of what your Lambda Function does. | `string` | `null` | no |
| [empty\_dirs](#input\_empty\_dirs) | Include empty directories in the Lambda package. | `bool` | `false` | no |
| [enabled](#input\_enabled) | Create resources. | `bool` | `true` | no |
-| [environment](#input\_environment) | The Lambda environment's configuration settings. | object({
variables = map(string)
}) | `null` | no |
+| [environment](#input\_environment) | The Lambda environment's configuration settings. | object({
variables = map(string)
}) | `null` | no |
| [filename](#input\_filename) | The path to the function's deployment package within the local filesystem. If defined, The s3\_-prefixed options cannot be used. | `string` | `null` | no |
| [function\_name](#input\_function\_name) | A unique name for your Lambda Function. | `string` | n/a | yes |
| [handler](#input\_handler) | The function entrypoint in your code. | `string` | n/a | yes |
@@ -216,8 +216,8 @@ If a `role` is not provided then one will be created automatically. There are va
| [source\_dir](#input\_source\_dir) | Local source directory for the Lambda package. This will be zipped and uploaded to the S3 bucket. Requires `s3_bucket`. Conflicts with `s3_key`, `s3_object_version` and `filename`. | `string` | `""` | no |
| [tags](#input\_tags) | A mapping of tags to assign to the object. | `map(string)` | `null` | no |
| [timeout](#input\_timeout) | The amount of time your Lambda Function has to run in seconds. | `number` | `null` | no |
-| [tracing\_config](#input\_tracing\_config) | Provide this to configure tracing. | object({
mode = string
}) | `null` | no |
-| [vpc\_config](#input\_vpc\_config) | Provide this to allow your function to access your VPC. | object({
security_group_ids = list(string)
subnet_ids = list(string)
}) | `null` | no |
+| [tracing\_config](#input\_tracing\_config) | Provide this to configure tracing. | object({
mode = string
}) | `null` | no |
+| [vpc\_config](#input\_vpc\_config) | Provide this to allow your function to access your VPC. | object({
security_group_ids = list(string)
subnet_ids = list(string)
}) | `null` | no |
## Outputs
diff --git a/modules/aws-rds-postgres/README.md b/modules/aws-rds-postgres/README.md
index db2841ae..fdf8fa0d 100644
--- a/modules/aws-rds-postgres/README.md
+++ b/modules/aws-rds-postgres/README.md
@@ -54,7 +54,7 @@ No requirements.
| [name](#input\_name) | n/a | `string` | n/a | yes |
| [password](#input\_password) | n/a | `string` | `""` | no |
| [publicly\_accessible](#input\_publicly\_accessible) | Bool to control if instance is publicly accessible | `bool` | `false` | no |
-| [security\_group\_ids](#input\_security\_group\_ids) | Security group name | `list(string)` | [
""
]
| no |
+| [security\_group\_ids](#input\_security\_group\_ids) | Security group name | `list(string)` | [
""
]
| no |
| [storage](#input\_storage) | Storage voluem size - cannot be decreased after creation | `number` | `20` | no |
| [subnet\_ids](#input\_subnet\_ids) | n/a | `list(string)` | n/a | yes |
| [username](#input\_username) | n/a | `string` | n/a | yes |
diff --git a/modules/aws-vpn-vpnendpoint/README.md b/modules/aws-vpn-vpnendpoint/README.md
index 9e7c652a..71d64bc6 100644
--- a/modules/aws-vpn-vpnendpoint/README.md
+++ b/modules/aws-vpn-vpnendpoint/README.md
@@ -190,7 +190,7 @@ module "vpn" {
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [additional\_routes](#input\_additional\_routes) | A map where the key is a subnet ID of endpoint subnet for network association and value is a cidr to where traffic should be routed from that subnet. Useful in cases if you need to route beyond the VPC subnet, for instance peered VPC | `any` | `{}` | no |
-| [authorization\_ingress](#input\_authorization\_ingress) | Add authorization rules to grant clients access to the networks. | `list(string)` | [
"0.0.0.0/0"
]
| no |
+| [authorization\_ingress](#input\_authorization\_ingress) | Add authorization rules to grant clients access to the networks. | `list(string)` | [
"0.0.0.0/0"
]
| no |
| [certificate\_arn](#input\_certificate\_arn) | Certificate arn | `string` | n/a | yes |
| [client\_certificate\_arn](#input\_client\_certificate\_arn) | Client Certificate arn when we setup certificate-authentication type vpn | `string` | `""` | no |
| [cloudwatch\_log\_group\_kms\_key\_id](#input\_cloudwatch\_log\_group\_kms\_key\_id) | Specifies the ARN of the CMK to use when encrypting log data. | `string` | `null` | no |
@@ -202,7 +202,7 @@ module "vpn" {
| [endpoint\_subnets](#input\_endpoint\_subnets) | List of IDs of endpoint subnets for network association | `list(string)` | n/a | yes |
| [peering\_vpc\_ids](#input\_peering\_vpc\_ids) | n/a | `list(string)` | `[]` | no |
| [saml\_provider\_arn](#input\_saml\_provider\_arn) | The ARN of the IAM SAML identity provider. | `string` | `""` | no |
-| [security\_group\_rule](#input\_security\_group\_rule) | Security group inbound and outbound rules | `any` | {
"egress": {
"1": {
"cidr_blocks": [
"0.0.0.0/0"
],
"description": "Egress access",
"from_port": 0,
"protocol": "-1",
"to_port": 0
}
},
"ingress": {
"1": {
"cidr_blocks": [
"0.0.0.0/0"
],
"description": "Ingress access",
"from_port": 0,
"protocol": "-1",
"to_port": 0
}
}
} | no |
+| [security\_group\_rule](#input\_security\_group\_rule) | Security group inbound and outbound rules | `any` | {
"egress": {
"1": {
"cidr_blocks": [
"0.0.0.0/0"
],
"description": "Egress access",
"from_port": 0,
"protocol": "-1",
"to_port": 0
}
},
"ingress": {
"1": {
"cidr_blocks": [
"0.0.0.0/0"
],
"description": "Ingress access",
"from_port": 0,
"protocol": "-1",
"to_port": 0
}
}
} | no |
| [split\_tunnel](#input\_split\_tunnel) | n/a | `bool` | `true` | no |
| [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
| [vpc\_id](#input\_vpc\_id) | VPC ID | `string` | n/a | yes |
diff --git a/modules/budgets/README.md b/modules/budgets/README.md
index c9966f07..595f8c05 100644
--- a/modules/budgets/README.md
+++ b/modules/budgets/README.md
@@ -28,9 +28,9 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [aws\_budgets\_budget](#input\_aws\_budgets\_budget) | (Required) Provides a budgets budget resource. Budgets use the cost visualisation provided by Cost Explorer to show you the status of your budgets, to provide forecasts of your estimated costs, and to track your AWS usage, including your free tier usage. | object(
{
# The name of a budget. Unique within accounts.
name = string
# Whether this budget tracks monetary cost or usage.
budget_type = string
# Map of Cost Filters key/value pairs to apply to the budget.
cost_filters = map(any)
# The amount of cost or usage being measured for a budget.
limit_amount = string
# Object containing Budget Notifications. Can be used multiple times to define more than one budget notification
notification = list(any)
}
)
| n/a | yes |
-| [aws\_cloudwatch\_event\_rule](#input\_aws\_cloudwatch\_event\_rule) | (Optional) Provides an EventBridge Rule resource. | object(
{
# The name of the rule. If omitted, Terraform will assign a random, unique name. Conflicts with name_prefix.
name = string
# The scheduling expression. For example, cron(0 20 * * ? *) or rate(5 minutes). At least one of schedule_expression or event_pattern is required. Can only be used on the default event bus.
schedule_expression = string
# The description of the rule.
description = string
# Whether the rule should be enabled (defaults to true).
is_enabled = bool
}
)
| {
"description": "This cloudwatch event used for Budgets.",
"is_enabled": true,
"name": "budgets-cloudwatch-event-rule",
"schedule_expression": "cron(0 9 * * ? *)"
} | no |
-| [aws\_cloudwatch\_event\_target](#input\_aws\_cloudwatch\_event\_target) | (Required) Provides an EventBridge Target resource. | object(
{
# The Amazon Resource Name (ARN) associated of the target.
arn = string
}
)
| n/a | yes |
+| [aws\_budgets\_budget](#input\_aws\_budgets\_budget) | (Required) Provides a budgets budget resource. Budgets use the cost visualisation provided by Cost Explorer to show you the status of your budgets, to provide forecasts of your estimated costs, and to track your AWS usage, including your free tier usage. | object(
{
# The name of a budget. Unique within accounts.
name = string
# Whether this budget tracks monetary cost or usage.
budget_type = string
# Map of Cost Filters key/value pairs to apply to the budget.
cost_filters = map(any)
# The amount of cost or usage being measured for a budget.
limit_amount = string
# Object containing Budget Notifications. Can be used multiple times to define more than one budget notification
notification = list(any)
}
)
| n/a | yes |
+| [aws\_cloudwatch\_event\_rule](#input\_aws\_cloudwatch\_event\_rule) | (Optional) Provides an EventBridge Rule resource. | object(
{
# The name of the rule. If omitted, Terraform will assign a random, unique name. Conflicts with name_prefix.
name = string
# The scheduling expression. For example, cron(0 20 * * ? *) or rate(5 minutes). At least one of schedule_expression or event_pattern is required. Can only be used on the default event bus.
schedule_expression = string
# The description of the rule.
description = string
# Whether the rule should be enabled (defaults to true).
is_enabled = bool
}
)
| {
"description": "This cloudwatch event used for Budgets.",
"is_enabled": true,
"name": "budgets-cloudwatch-event-rule",
"schedule_expression": "cron(0 9 * * ? *)"
} | no |
+| [aws\_cloudwatch\_event\_target](#input\_aws\_cloudwatch\_event\_target) | (Required) Provides an EventBridge Target resource. | object(
{
# The Amazon Resource Name (ARN) associated of the target.
arn = string
}
)
| n/a | yes |
| [is\_enabled](#input\_is\_enabled) | (Optional) A boolean flag to enable/disable Budgets. Defaults true. | `bool` | `true` | no |
| [tags](#input\_tags) | (Optional) Key-value map of resource tags. | `map(any)` | `null` | no |
diff --git a/modules/cloudfront-ssl-hsts/README.md b/modules/cloudfront-ssl-hsts/README.md
index 685fba1e..eab77aad 100644
--- a/modules/cloudfront-ssl-hsts/README.md
+++ b/modules/cloudfront-ssl-hsts/README.md
@@ -140,7 +140,7 @@ module "cdn" {
| [realtime\_metrics\_subscription\_status](#input\_realtime\_metrics\_subscription\_status) | A flag that indicates whether additional CloudWatch metrics are enabled for a given CloudFront distribution. Valid values are `Enabled` and `Disabled`. | `string` | `"Enabled"` | no |
| [retain\_on\_delete](#input\_retain\_on\_delete) | Disables the distribution instead of deleting it when destroying the resource through Terraform. If this is set, the distribution needs to be deleted manually afterwards. | `bool` | `false` | no |
| [tags](#input\_tags) | A map of tags to assign to the resource. | `map(string)` | `null` | no |
-| [viewer\_certificate](#input\_viewer\_certificate) | The SSL configuration for this distribution | `any` | {
"cloudfront_default_certificate": false,
"minimum_protocol_version": "TLSv1.2_2021"
} | no |
+| [viewer\_certificate](#input\_viewer\_certificate) | The SSL configuration for this distribution | `any` | {
"cloudfront_default_certificate": false,
"minimum_protocol_version": "TLSv1.2_2021"
} | no |
| [wait\_for\_deployment](#input\_wait\_for\_deployment) | If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. | `bool` | `false` | no |
| [web\_acl\_id](#input\_web\_acl\_id) | If you're using AWS WAF to filter CloudFront requests, the Id of the AWS WAF web ACL that is associated with the distribution. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned. If using WAFv2, provide the ARN of the web ACL. | `string` | `null` | no |
| [zone](#input\_zone) | domen zones. | `list(string)` | n/a | yes |
diff --git a/modules/cloudfront-ssl-hsts/tests/basic/README.md b/modules/cloudfront-ssl-hsts/tests/basic/README.md
index 4b85f24a..5530c447 100644
--- a/modules/cloudfront-ssl-hsts/tests/basic/README.md
+++ b/modules/cloudfront-ssl-hsts/tests/basic/README.md
@@ -11,7 +11,7 @@
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | ~> 5.0 |
+| [aws](#provider\_aws) | 5.64.0 |
## Modules
diff --git a/modules/cloudfront-ssl-hsts/tests/s3-and-alb/README.md b/modules/cloudfront-ssl-hsts/tests/s3-and-alb/README.md
index 46247de3..e566f1ad 100644
--- a/modules/cloudfront-ssl-hsts/tests/s3-and-alb/README.md
+++ b/modules/cloudfront-ssl-hsts/tests/s3-and-alb/README.md
@@ -11,7 +11,7 @@
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | ~> 5.0 |
+| [aws](#provider\_aws) | 4.67.0 |
## Modules
diff --git a/modules/cloudfront/README.md b/modules/cloudfront/README.md
index fdc3949e..120036ce 100644
--- a/modules/cloudfront/README.md
+++ b/modules/cloudfront/README.md
@@ -173,6 +173,7 @@ module "cloudfront" {
| [connection\_timeout](#input\_connection\_timeout) | The number of seconds that CloudFront waits when trying to establish a connection to the origin. | `number` | `10` | no |
| [create\_lambda\_security\_headers](#input\_create\_lambda\_security\_headers) | Whether to create and attach a labda function to the distribution or not. | `bool` | `false` | no |
| [create\_response\_headers\_policy](#input\_create\_response\_headers\_policy) | Create cloudfront custom header policy | object({
enabled = optional(bool, false)
name = optional(string, "custom_response_headers")
security_headers = object({
frame_options = optional(string)
})
}) | {
"enabled": false,
"name": "custom_response_headers",
"security_headers": {}
} | no |
+| [custom\_error\_response](#input\_custom\_error\_response) | Cloudfront custom error response | object({
enabled = optional(bool, false)
error_caching_min_ttl = optional(number, 10)
error_code = optional(number, 404)
response_code = optional(number, 200)
response_page_path = optional(string, "/index.html")
}) | {
"enabled": false,
"error_caching_min_ttl": 10,
"error_code": 404,
"response_code": 200,
"response_page_path": "/index.html"
} | no |
| [custom\_origin\_config](#input\_custom\_origin\_config) | n/a | `map` | {
"http_port": 80,
"https_port": 443,
"origin_keepalive_timeout": 5,
"origin_protocol_policy": "http-only",
"origin_read_timeout": 30,
"origin_ssl_protocols": [
"TLSv1",
"TLSv1.1",
"TLSv1.2"
]
} | no |
| [default\_allowed\_methods](#input\_default\_allowed\_methods) | Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin. | `list(string)` | [
"DELETE",
"GET",
"HEAD",
"OPTIONS",
"PATCH",
"POST",
"PUT"
]
| no |
| [default\_cached\_methods](#input\_default\_cached\_methods) | Controls whether CloudFront caches the response to requests using the specified HTTP methods. | `list(string)` | [
"GET",
"HEAD"
]
| no |
diff --git a/modules/cloudtrail/README.md b/modules/cloudtrail/README.md
index ed748056..9eb40e4c 100644
--- a/modules/cloudtrail/README.md
+++ b/modules/cloudtrail/README.md
@@ -119,19 +119,19 @@ No requirements.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [alerts](#input\_alerts) | Provide CloudWatch Log Metric filters | object({
sns_topic_name = optional(string, "alerts-sns-topic")
events = optional(list(string), []) # Some possible values are: iam-user-creation-or-deletion, iam-role-creation-or-deletion, iam-policy-changes, s3-creation-or-deletion, root-account-usage, elastic-ip-association-and-disassociation and etc.
}) | {
"enabled": false
} | no |
+| [alerts](#input\_alerts) | Provide CloudWatch Log Metric filters | object({
sns_topic_name = optional(string, "alerts-sns-topic")
events = optional(list(string), []) # Some possible values are: iam-user-creation-or-deletion, iam-role-creation-or-deletion, iam-policy-changes, s3-creation-or-deletion, root-account-usage, elastic-ip-association-and-disassociation and etc.
}) | {
"enabled": false
} | no |
| [bucket\_name](#input\_bucket\_name) | n/a | `string` | `null` | no |
| [cloud\_watch\_logs\_group\_arn](#input\_cloud\_watch\_logs\_group\_arn) | Specifies a log group name using an Amazon Resource Name (ARN), that represents the log group to which CloudTrail logs will be delivered | `string` | `""` | no |
| [cloud\_watch\_logs\_group\_name](#input\_cloud\_watch\_logs\_group\_name) | Specifies a log group name that will be created to which CloudTrail logs will be delivered | `string` | `"aws-cloudtrail-logs"` | no |
| [cloud\_watch\_logs\_group\_retention](#input\_cloud\_watch\_logs\_group\_retention) | Specifies the number of days you want to retain log events in the specified log group. | `number` | `90` | no |
| [cloud\_watch\_logs\_role\_arn](#input\_cloud\_watch\_logs\_role\_arn) | Specifies the role for the CloudWatch Logs endpoint to assume to write to a user’s log group | `string` | `""` | no |
| [cloudtrail\_assume\_role\_policy\_document](#input\_cloudtrail\_assume\_role\_policy\_document) | Assume role policy document. | `string` | `"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"cloudtrail.amazonaws.com\"\n },\n \"Effect\": \"Allow\"\n }\n ]\n}\n"` | no |
-| [cmdb\_integration](#input\_cmdb\_integration) | CMDB Integration Configs | object({
enabled = optional(bool, false)
configs = optional(object({
subscriptions = optional(list(object({
protocol = optional(string, null)
endpoint = optional(string, null)
endpoint_auto_confirms = optional(bool, false)
dead_letter_queue_arn = optional(string) })), [])
}), {})
}) | `{}` | no |
+| [cmdb\_integration](#input\_cmdb\_integration) | CMDB Integration Configs | object({
enabled = optional(bool, false)
configs = optional(object({
subscriptions = optional(list(object({
protocol = optional(string, null)
endpoint = optional(string, null)
endpoint_auto_confirms = optional(bool, false)
dead_letter_queue_arn = optional(string) })), [])
}), {})
}) | `{}` | no |
| [create\_s3\_bucket](#input\_create\_s3\_bucket) | n/a | `bool` | `true` | no |
| [enable\_cloudwatch\_logs](#input\_enable\_cloudwatch\_logs) | Enable sending logs to CloudWatch | `bool` | `false` | no |
| [enable\_log\_file\_validation](#input\_enable\_log\_file\_validation) | Specifies whether log file integrity validation is enabled. Creates signed digest for validated contents of logs | `bool` | `true` | no |
| [enable\_logging](#input\_enable\_logging) | Enable logging for the trail | `bool` | `true` | no |
-| [event\_selector](#input\_event\_selector) | Specifies an event selector for enabling data event logging. See: https://www.terraform.io/docs/providers/aws/r/cloudtrail.html for details on this variable | list(object({
include_management_events = bool
read_write_type = string
data_resource = list(object({
type = string
values = list(string)
}))
})) | `[]` | no |
+| [event\_selector](#input\_event\_selector) | Specifies an event selector for enabling data event logging. See: https://www.terraform.io/docs/providers/aws/r/cloudtrail.html for details on this variable | list(object({
include_management_events = bool
read_write_type = string
data_resource = list(object({
type = string
values = list(string)
}))
})) | `[]` | no |
| [include\_global\_service\_events](#input\_include\_global\_service\_events) | Specifies whether the trail is publishing events from global services such as IAM to the log files | `bool` | `true` | no |
| [insight\_selectors](#input\_insight\_selectors) | Configuration block for identifying unusual operational activity. | `list(string)` | `[]` | no |
| [is\_multi\_region\_trail](#input\_is\_multi\_region\_trail) | Specifies whether the trail is created in the current region or in all regions | `bool` | `true` | no |
diff --git a/modules/cloudtrail/modules/cmdb-integration/README.md b/modules/cloudtrail/modules/cmdb-integration/README.md
index c7b6d9f0..09641c19 100644
--- a/modules/cloudtrail/modules/cmdb-integration/README.md
+++ b/modules/cloudtrail/modules/cmdb-integration/README.md
@@ -33,7 +33,7 @@ No requirements.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [bucket\_name](#input\_bucket\_name) | S3 bucket for s3 subscription | `string` | n/a | yes |
-| [configs](#input\_configs) | CMDB Integration Configs | object({
subscriptions = optional(list(object({ protocol = optional(string, null)
endpoint = optional(string, null)
endpoint_auto_confirms = optional(bool, false)
dead_letter_queue_arn = optional(string) })), [])
}) | `{}` | no |
+| [configs](#input\_configs) | CMDB Integration Configs | object({
subscriptions = optional(list(object({ protocol = optional(string, null)
endpoint = optional(string, null)
endpoint_auto_confirms = optional(bool, false)
dead_letter_queue_arn = optional(string) })), [])
}) | `{}` | no |
| [name](#input\_name) | Lambda name | `string` | n/a | yes |
## Outputs
diff --git a/modules/cognito-identity/README.md b/modules/cognito-identity/README.md
index 586e20ee..63076f46 100644
--- a/modules/cognito-identity/README.md
+++ b/modules/cognito-identity/README.md
@@ -108,11 +108,11 @@ No modules.
|------|-------------|------|---------|:--------:|
| [allow\_classic\_flow](#input\_allow\_classic\_flow) | Enables or disables the classic / basic authentication flow. | `bool` | `true` | no |
| [allow\_unauthenticated\_identities](#input\_allow\_unauthenticated\_identities) | Whether the identity pool supports unauthenticated logins or not. | `bool` | `false` | no |
-| [cognito\_identity\_providers](#input\_cognito\_identity\_providers) | An array of Amazon Cognito Identity user pools and their client IDs. | `list` | [
{
"client_id": null,
"provider_name": null,
"server_side_token_check": false
}
]
| no |
+| [cognito\_identity\_providers](#input\_cognito\_identity\_providers) | An array of Amazon Cognito Identity user pools and their client IDs. | `list` | [
{
"client_id": null,
"provider_name": null,
"server_side_token_check": false
}
]
| no |
| [identity\_pool\_name](#input\_identity\_pool\_name) | The Cognito Identity Pool name. | `string` | `""` | no |
-| [role\_mapping](#input\_role\_mapping) | ambiguous\_role\_resolution specifies the action to be taken if either no rules match the claim value for the Rules type, or there is no cognito:preferred\_role claim and there are multiple cognito:roles matches for the Token type. type is the role mapping type. | `map(any)` | {
"ambiguous_role_resolution": "",
"identity_provider": "",
"type": ""
} | no |
-| [roles](#input\_roles) | The map of roles associated with the identity pool. Each value will be the Role ARN. | `map(any)` | {
"authenticated": "",
"unauthenticated": ""
} | no |
-| [supported\_login\_providers](#input\_supported\_login\_providers) | Key-Value pairs mapping provider names to provider app IDs. | `map(any)` | {
"accounts.google.com": null,
"api.twitter.com": null,
"graph.facebook.com": null,
"www.amazon.com": null,
"www.digits.com": null
} | no |
+| [role\_mapping](#input\_role\_mapping) | ambiguous\_role\_resolution specifies the action to be taken if either no rules match the claim value for the Rules type, or there is no cognito:preferred\_role claim and there are multiple cognito:roles matches for the Token type. type is the role mapping type. | `map(any)` | {
"ambiguous_role_resolution": "",
"identity_provider": "",
"type": ""
} | no |
+| [roles](#input\_roles) | The map of roles associated with the identity pool. Each value will be the Role ARN. | `map(any)` | {
"authenticated": "",
"unauthenticated": ""
} | no |
+| [supported\_login\_providers](#input\_supported\_login\_providers) | Key-Value pairs mapping provider names to provider app IDs. | `map(any)` | {
"accounts.google.com": null,
"api.twitter.com": null,
"graph.facebook.com": null,
"www.amazon.com": null,
"www.digits.com": null
} | no |
## Outputs
diff --git a/modules/cognito-user-pool/README.md b/modules/cognito-user-pool/README.md
index 8c8fc7cd..7862aeab 100644
--- a/modules/cognito-user-pool/README.md
+++ b/modules/cognito-user-pool/README.md
@@ -136,7 +136,7 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [access\_token\_validity](#input\_access\_token\_validity) | Time limit, between 5 minutes and 1 day, after which the access token is no longer valid and cannot be used. This value will be overridden if you have entered a value in token\_validity\_units. | `number` | `120` | no |
-| [alias\_attributes](#input\_alias\_attributes) | Attributes supported as an alias for this user pool. | `list(string)` | [
"email",
"phone_number"
]
| no |
+| [alias\_attributes](#input\_alias\_attributes) | Attributes supported as an alias for this user pool. | `list(string)` | [
"email",
"phone_number"
]
| no |
| [allow\_admin\_create\_user\_only](#input\_allow\_admin\_create\_user\_only) | (Optional) Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app. | `bool` | `false` | no |
| [allowed\_oauth\_flows](#input\_allowed\_oauth\_flows) | List of allowed OAuth flows (code, implicit, client\_credentials). | `list(string)` | `[]` | no |
| [allowed\_oauth\_flows\_user\_pool\_client](#input\_allowed\_oauth\_flows\_user\_pool\_client) | Whether the client is allowed to follow the OAuth protocol when interacting with Cognito user pools. | `bool` | `false` | no |
@@ -153,30 +153,30 @@ No modules.
| [email\_verification\_message](#input\_email\_verification\_message) | String representing the email verification message. | `string` | `"Some message {####}"` | no |
| [email\_verification\_subject](#input\_email\_verification\_subject) | String representing the email verification subject. | `string` | `"Some subject"` | no |
| [enable\_token\_revocation](#input\_enable\_token\_revocation) | Enables or disables token revocation. | `bool` | `true` | no |
-| [explicit\_auth\_flows](#input\_explicit\_auth\_flows) | List of authentication flows. | `list(string)` | [
"ALLOW_REFRESH_TOKEN_AUTH",
"ALLOW_USER_PASSWORD_AUTH",
"ALLOW_USER_SRP_AUTH"
]
| no |
+| [explicit\_auth\_flows](#input\_explicit\_auth\_flows) | List of authentication flows. | `list(string)` | [
"ALLOW_REFRESH_TOKEN_AUTH",
"ALLOW_USER_PASSWORD_AUTH",
"ALLOW_USER_SRP_AUTH"
]
| no |
| [generate\_secret](#input\_generate\_secret) | Should an application secret be generated. | `bool` | `false` | no |
| [id\_token\_validity](#input\_id\_token\_validity) | Time limit, between 5 minutes and 1 day, after which the ID token is no longer valid and cannot be used. This value will be overridden if you have entered a value in token\_validity\_units. | `number` | `120` | no |
-| [invite\_message\_template](#input\_invite\_message\_template) | email\_message is a message template for email messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively. email\_subject is a subject line for email messages. sms\_message is a message template for SMS messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively. | `map` | {
"email_message": "Your username is {username} and temporary password is {####}. ",
"email_subject": "Your temporary password",
"sms_message": "Your username is {username} and temporary password is {####}. "
} | no |
+| [invite\_message\_template](#input\_invite\_message\_template) | email\_message is a message template for email messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively. email\_subject is a subject line for email messages. sms\_message is a message template for SMS messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively. | `map` | {
"email_message": "Your username is {username} and temporary password is {####}. ",
"email_subject": "Your temporary password",
"sms_message": "Your username is {username} and temporary password is {####}. "
} | no |
| [lambda\_config](#input\_lambda\_config) | n/a | `any` | `{}` | no |
| [logout\_urls](#input\_logout\_urls) | List of allowed logout URLs for the identity providers. | `list(string)` | `[]` | no |
| [mfa\_configuration](#input\_mfa\_configuration) | Multi-Factor Authentication (MFA) configuration for the User Pool. | `string` | `"OPTIONAL"` | no |
| [name](#input\_name) | Name of the pool that will be created | `string` | `"Pool name"` | no |
| [precedence](#input\_precedence) | The precedence of the user group. | `number` | `0` | no |
| [prevent\_user\_existence\_errors](#input\_prevent\_user\_existence\_errors) | Choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. | `string` | `"LEGACY"` | no |
-| [read\_attributes](#input\_read\_attributes) | List of user pool attributes the application client can read from. | `list(string)` | [
"address",
"birthdate",
"email",
"email_verified",
"family_name",
"gender",
"given_name",
"locale",
"middle_name",
"name",
"nickname",
"phone_number",
"phone_number_verified",
"picture",
"preferred_username",
"profile",
"updated_at",
"website",
"zoneinfo"
]
| no |
-| [recovery\_mechanism](#input\_recovery\_mechanism) | Name is the recovery method for a user. Priority is a positive integer specifying priority of a method with 1 being the highest priority. | `list` | [
{
"name": "verified_email",
"priority": 2
},
{
"name": "verified_phone_number",
"priority": 1
}
]
| no |
+| [read\_attributes](#input\_read\_attributes) | List of user pool attributes the application client can read from. | `list(string)` | [
"address",
"birthdate",
"email",
"email_verified",
"family_name",
"gender",
"given_name",
"locale",
"middle_name",
"name",
"nickname",
"phone_number",
"phone_number_verified",
"picture",
"preferred_username",
"profile",
"updated_at",
"website",
"zoneinfo"
]
| no |
+| [recovery\_mechanism](#input\_recovery\_mechanism) | Name is the recovery method for a user. Priority is a positive integer specifying priority of a method with 1 being the highest priority. | `list` | [
{
"name": "verified_email",
"priority": 2
},
{
"name": "verified_phone_number",
"priority": 1
}
]
| no |
| [refresh\_token\_validity](#input\_refresh\_token\_validity) | Time limit in days refresh tokens are valid for. | `number` | `7` | no |
| [role\_arn](#input\_role\_arn) | The ARN of the IAM role to be associated with the user group. | `string` | `""` | no |
-| [schema](#input\_schema) | n/a | `list` | [
{
"attribute_data_type": "String",
"developer_only_attribute": false,
"mutable": true,
"name": "email",
"required": true,
"string_attribute_constraints": {
"max_length": "",
"min_length": ""
}
}
]
| no |
+| [schema](#input\_schema) | n/a | `list` | [
{
"attribute_data_type": "String",
"developer_only_attribute": false,
"mutable": true,
"name": "email",
"required": true,
"string_attribute_constraints": {
"max_length": "",
"min_length": ""
}
}
]
| no |
| [sms\_authentication\_message](#input\_sms\_authentication\_message) | String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code. | `string` | `"SMS authentication message {####}"` | no |
-| [sms\_configuration](#input\_sms\_configuration) | external\_id is external ID used in IAM role trust relationships. sns\_caller\_arn is ARN of the Amazon SNS caller. | `map(any)` | {
"external_id": "",
"sns_caller_arn": ""
} | no |
+| [sms\_configuration](#input\_sms\_configuration) | external\_id is external ID used in IAM role trust relationships. sns\_caller\_arn is ARN of the Amazon SNS caller. | `map(any)` | {
"external_id": "",
"sns_caller_arn": ""
} | no |
| [sms\_verification\_message](#input\_sms\_verification\_message) | String representing the SMS verification message. | `string` | `"SMS verification message {####}"` | no |
| [software\_token\_mfa\_configuration](#input\_software\_token\_mfa\_configuration) | Whether to enable software token Multi-Factor (MFA) tokens, such as Time-based One-Time Password (TOTP). | `bool` | `true` | no |
| [supported\_identity\_providers](#input\_supported\_identity\_providers) | List of provider names for the identity providers that are supported on this client. | `list(string)` | `[]` | no |
-| [token\_validity\_units](#input\_token\_validity\_units) | access\_token is time unit in for the value in access\_token\_validity. id\_token is time unit in for the value in id\_token\_validity. refresh\_token is time unit in for the value in refresh\_token\_validity. | `map(any)` | {
"access_token": "minutes",
"id_token": "minutes",
"refresh_token": "days"
} | no |
+| [token\_validity\_units](#input\_token\_validity\_units) | access\_token is time unit in for the value in access\_token\_validity. id\_token is time unit in for the value in id\_token\_validity. refresh\_token is time unit in for the value in refresh\_token\_validity. | `map(any)` | {
"access_token": "minutes",
"id_token": "minutes",
"refresh_token": "days"
} | no |
| [user\_group](#input\_user\_group) | The name of the user group. | `string` | `""` | no |
-| [verification\_message\_template](#input\_verification\_message\_template) | email\_message\_by\_link is an email message template for sending a confirmation link to the user, it must contain the {##Click Here##} placeholder. email\_subject\_by\_link is an email message template for sending a confirmation link to the user, it must contain the {##Click Here##} placeholder. | `map(any)` | {
"email_message_by_link": "Please click the link below to verify your email address. {##Verify Email##} ",
"email_subject_by_link": "Your verification link. {##Verify Email##}"
} | no |
-| [write\_attributes](#input\_write\_attributes) | List of user pool attributes the application client can write to. | `list(string)` | [
"address",
"birthdate",
"email",
"family_name",
"gender",
"given_name",
"locale",
"middle_name",
"name",
"nickname",
"phone_number",
"picture",
"preferred_username",
"profile",
"updated_at",
"website",
"zoneinfo"
]
| no |
+| [verification\_message\_template](#input\_verification\_message\_template) | email\_message\_by\_link is an email message template for sending a confirmation link to the user, it must contain the {##Click Here##} placeholder. email\_subject\_by\_link is an email message template for sending a confirmation link to the user, it must contain the {##Click Here##} placeholder. | `map(any)` | {
"email_message_by_link": "Please click the link below to verify your email address. {##Verify Email##} ",
"email_subject_by_link": "Your verification link. {##Verify Email##}"
} | no |
+| [write\_attributes](#input\_write\_attributes) | List of user pool attributes the application client can write to. | `list(string)` | [
"address",
"birthdate",
"email",
"family_name",
"gender",
"given_name",
"locale",
"middle_name",
"name",
"nickname",
"phone_number",
"picture",
"preferred_username",
"profile",
"updated_at",
"website",
"zoneinfo"
]
| no |
| [zone\_id](#input\_zone\_id) | R53 zone. | `string` | `""` | no |
## Outputs
diff --git a/modules/ecr/README.md b/modules/ecr/README.md
index 48890922..384f29f3 100644
--- a/modules/ecr/README.md
+++ b/modules/ecr/README.md
@@ -54,7 +54,7 @@ No resources.
| [image\_tag\_mutability](#input\_image\_tag\_mutability) | The tag mutability setting for the repository. Must be one of: MUTABLE or IMMUTABLE | `string` | `"MUTABLE"` | no |
| [max\_image\_count](#input\_max\_image\_count) | How many Docker Image versions AWS ECR will store. | `number` | `20` | no |
| [principals\_readonly\_access](#input\_principals\_readonly\_access) | Principal ARNs to provide with readonly access to the ECR | `list(string)` | `[]` | no |
-| [protected\_tags](#input\_protected\_tags) | Image tags patterns (prefixes and wildcards) that should not be destroyed. If item contains asterisk symbol('*') it considered as wildcard, overwise as prefix matching | `set(string)` | [
"latest",
"image-keep",
"*prod*",
"*.*.*"
]
| no |
+| [protected\_tags](#input\_protected\_tags) | Image tags patterns (prefixes and wildcards) that should not be destroyed. If item contains asterisk symbol('*') it considered as wildcard, overwise as prefix matching | `set(string)` | [
"latest",
"image-keep",
"*prod*",
"*.*.*"
]
| no |
| [repos](#input\_repos) | 0 out of 256 characters maximum (2 minimum). The name must start with a letter and can only contain lowercase letters, numbers, hyphens, underscores, and forward slashes. | `list(string)` | `[]` | no |
## Outputs
diff --git a/modules/eks-iam-user-constrain/README.md b/modules/eks-iam-user-constrain/README.md
index 2288b381..0626153a 100644
--- a/modules/eks-iam-user-constrain/README.md
+++ b/modules/eks-iam-user-constrain/README.md
@@ -138,7 +138,7 @@ No modules.
|------|-------------|------|---------|:--------:|
| [create\_namespace](#input\_create\_namespace) | n/a | `bool` | `true` | no |
| [namespace](#input\_namespace) | n/a | `string` | n/a | yes |
-| [rule](#input\_rule) | n/a | `list(any)` | [
{
"api_groups": [
"",
"apps"
],
"resources": [
"pods",
"pods/log",
"configmaps",
"services",
"endpoints",
"crontabs",
"deployments",
"nodes"
],
"verbs": [
"*"
]
},
{
"api_groups": [
"extensions"
],
"resources": [
"pods",
"pods/log",
"configmaps",
"services",
"endpoints",
"crontabs",
"deployments",
"nodes"
],
"verbs": [
"*"
]
}
]
| no |
+| [rule](#input\_rule) | n/a | `list(any)` | [
{
"api_groups": [
"",
"apps"
],
"resources": [
"pods",
"pods/log",
"configmaps",
"services",
"endpoints",
"crontabs",
"deployments",
"nodes"
],
"verbs": [
"*"
]
},
{
"api_groups": [
"extensions"
],
"resources": [
"pods",
"pods/log",
"configmaps",
"services",
"endpoints",
"crontabs",
"deployments",
"nodes"
],
"verbs": [
"*"
]
}
]
| no |
| [usernames](#input\_usernames) | n/a | `list(string)` | n/a | yes |
## Outputs
diff --git a/modules/elastic-search/README.md b/modules/elastic-search/README.md
index 8562545d..25bcea90 100644
--- a/modules/elastic-search/README.md
+++ b/modules/elastic-search/README.md
@@ -72,7 +72,7 @@ module "elastic-search" {
| [random\_master\_password\_length](#input\_random\_master\_password\_length) | Length of random master password to create | `number` | `16` | no |
| [snapshot\_options\_automated\_snapshot\_start\_hour](#input\_snapshot\_options\_automated\_snapshot\_start\_hour) | The amount of ours to wait to snapshot of ES db | `number` | `0` | no |
| [timeouts\_update](#input\_timeouts\_update) | The timeout update of ES | `string` | `null` | no |
-| [vpc\_options\_security\_group\_whitelist\_cidr](#input\_vpc\_options\_security\_group\_whitelist\_cidr) | The list of security group cidr blocks to whitelist in ingress | `list(string)` | [
"0.0.0.0/0"
]
| no |
+| [vpc\_options\_security\_group\_whitelist\_cidr](#input\_vpc\_options\_security\_group\_whitelist\_cidr) | The list of security group cidr blocks to whitelist in ingress | `list(string)` | [
"0.0.0.0/0"
]
| no |
| [vpc\_options\_security\_group\_whitelist\_ids](#input\_vpc\_options\_security\_group\_whitelist\_ids) | The list of security group ids to whitelist in ingress | `list(string)` | `[]` | no |
| [vpc\_options\_subnet\_ids](#input\_vpc\_options\_subnet\_ids) | The list of vpc subnet ids, if availability\_zone\_count is two you have to pass two subnet ids | `list(string)` | n/a | yes |
| [zone\_awareness\_enabled](#input\_zone\_awareness\_enabled) | The zone awareness of ES | `bool` | `true` | no |
diff --git a/modules/external-secret-store/README.md b/modules/external-secret-store/README.md
index 4bbe0935..c14cd377 100644
--- a/modules/external-secret-store/README.md
+++ b/modules/external-secret-store/README.md
@@ -53,6 +53,7 @@ Any secret created in Secret Manager matching the prefix can be requested via th
| [aws\_role\_arn](#input\_aws\_role\_arn) | Role ARN used to pull secrets from Secret Manager. | `string` | `""` | no |
| [controller](#input\_controller) | Not sure what is this for yet. | `string` | `"dev"` | no |
| [create\_user](#input\_create\_user) | Create IAM user to read credentials or aws\_access\_key\_id / aws\_access\_secret combination should be used. | `bool` | `true` | no |
+| [external\_secrets\_api\_version](#input\_external\_secrets\_api\_version) | The external-secrets resource apiVersion to use when creating the resource | `string` | `"external-secrets.io/v1alpha1"` | no |
| [name](#input\_name) | Secret store name. | `string` | n/a | yes |
| [namespace](#input\_namespace) | n/a | `string` | `"default"` | no |
| [prefix](#input\_prefix) | This value is going be used as uniq prefix for secret store AWS resources like iam policy/user as for multi region setups we having collision | `string` | `""` | no |
diff --git a/modules/external-secret-store/secret-store.tmpl b/modules/external-secret-store/secret-store.tmpl
index 19994903..86edb759 100644
--- a/modules/external-secret-store/secret-store.tmpl
+++ b/modules/external-secret-store/secret-store.tmpl
@@ -1,4 +1,4 @@
-apiVersion: external-secrets.io/v1alpha1
+apiVersion: ${externalSecretsApiVersion}
kind: SecretStore
metadata:
name: ${name}
diff --git a/modules/external-secret-store/store.tf b/modules/external-secret-store/store.tf
index 09353221..d6f35713 100644
--- a/modules/external-secret-store/store.tf
+++ b/modules/external-secret-store/store.tf
@@ -1,9 +1,10 @@
resource "kubectl_manifest" "main" {
yaml_body = templatefile("${path.module}/secret-store.tmpl", {
- name = local.sanitized-name
- namespace = var.namespace
- region = data.aws_region.current.name
- controller = var.controller
+ name = local.sanitized-name
+ namespace = var.namespace
+ region = data.aws_region.current.name
+ controller = var.controller
+ externalSecretsApiVersion = var.external_secrets_api_version
})
depends_on = [
diff --git a/modules/external-secret-store/variables.tf b/modules/external-secret-store/variables.tf
index 80326e1a..2c89c7e4 100644
--- a/modules/external-secret-store/variables.tf
+++ b/modules/external-secret-store/variables.tf
@@ -43,3 +43,9 @@ variable "prefix" {
default = ""
description = "This value is going be used as uniq prefix for secret store AWS resources like iam policy/user as for multi region setups we having collision"
}
+
+variable "external_secrets_api_version" {
+ type = string
+ default = "external-secrets.io/v1alpha1" # TODO: the new version external-secrets.io/v1beta1 is available in external-secret operator, please update to new version as soon as you upgrade operator(the new dasmeta eks module already uses the new one)
+ description = "The external-secrets resource apiVersion to use when creating the resource"
+}
diff --git a/modules/fluent-bit-logs-s3-to-cloudwatch/README.md b/modules/fluent-bit-logs-s3-to-cloudwatch/README.md
index 9c51d4a0..ca9e4037 100644
--- a/modules/fluent-bit-logs-s3-to-cloudwatch/README.md
+++ b/modules/fluent-bit-logs-s3-to-cloudwatch/README.md
@@ -56,7 +56,7 @@ module "s3-to-cloudwatch" {
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [assume\_role\_arn](#input\_assume\_role\_arn) | AWS Acounts Assume roles arn which access bucket write | `list(string)` | [
"arn:aws:iam::*:role/eks-cluster-fluent-bit-role"
]
| no |
+| [assume\_role\_arn](#input\_assume\_role\_arn) | AWS Acounts Assume roles arn which access bucket write | `list(string)` | [
"arn:aws:iam::*:role/eks-cluster-fluent-bit-role"
]
| no |
| [bucket\_name](#input\_bucket\_name) | n/a | `string` | `"test-fluent-bit-bla"` | no |
| [create\_bucket](#input\_create\_bucket) | n/a | `bool` | `true` | no |
| [create\_lambda\_s3\_to\_cloudwatch](#input\_create\_lambda\_s3\_to\_cloudwatch) | n/a | `bool` | `true` | no |
diff --git a/modules/goldilocks/README.md b/modules/goldilocks/README.md
index f6ea4612..54293411 100644
--- a/modules/goldilocks/README.md
+++ b/modules/goldilocks/README.md
@@ -56,12 +56,12 @@ No requirements.
| [alb\_certificate\_arn](#input\_alb\_certificate\_arn) | Domain Certificate ARN | `string` | `""` | no |
| [alb\_name](#input\_alb\_name) | ALB name | `string` | `"goldilocks-dashboard"` | no |
| [alb\_subnet](#input\_alb\_subnet) | Ingress Annotations Add EKS Public Subnet | `string` | `""` | no |
-| [auth](#input\_auth) | Cognito User pool info(userPoolARN,userPoolClientID,userPoolDomain) | object({
userPoolARN = string,
userPoolClientID = string,
userPoolDomain = string
}) | {
"userPoolARN": "",
"userPoolClientID": "",
"userPoolDomain": ""
} | no |
+| [auth](#input\_auth) | Cognito User pool info(userPoolARN,userPoolClientID,userPoolDomain) | object({
userPoolARN = string,
userPoolClientID = string,
userPoolDomain = string
}) | {
"userPoolARN": "",
"userPoolClientID": "",
"userPoolDomain": ""
} | no |
| [create\_dashboard\_ingress](#input\_create\_dashboard\_ingress) | Access Goldilocks Dashboard | `bool` | `true` | no |
| [create\_metric\_server](#input\_create\_metric\_server) | Create metric server | `bool` | `true` | no |
| [create\_vpa\_server](#input\_create\_vpa\_server) | VPA configure in the cluster | `bool` | `true` | no |
| [hostname](#input\_hostname) | Hostname | `string` | `"goldilocks.example.com"` | no |
-| [namespaces](#input\_namespaces) | Goldilocks labels on your namespaces | `set(string)` | [
"default"
]
| no |
+| [namespaces](#input\_namespaces) | Goldilocks labels on your namespaces | `set(string)` | [
"default"
]
| no |
| [zone\_name](#input\_zone\_name) | Domain Name | `string` | `null` | no |
## Outputs
diff --git a/modules/ingress/README.md b/modules/ingress/README.md
index d73ff16b..5d69988b 100644
--- a/modules/ingress/README.md
+++ b/modules/ingress/README.md
@@ -128,10 +128,10 @@ spec:
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [additional\_hostnames](#input\_additional\_hostnames) | Additional hosts besides the main one: for example, if hostname is dasmeta.com, an additional hostname can be *.dasmeta.com | `list(string)` | `[]` | no |
-| [alarms](#input\_alarms) | Alarms for ALB | object({
enabled = optional(bool, true)
sns_topic = string
custom_values = optional(any, {})
}) | n/a | yes |
+| [alarms](#input\_alarms) | Alarms for ALB | object({
enabled = optional(bool, true)
sns_topic = string
custom_values = optional(any, {})
}) | n/a | yes |
| [backend\_protocol](#input\_backend\_protocol) | Specifies the protocol used when route traffic to pods. | `string` | `"HTTP"` | no |
| [certificate\_arn](#input\_certificate\_arn) | Specifies the ARN of one or more certificate managed by AWS Certificate Manager. If the alb.ingress.kubernetes.io/certificate-arn annotation is not specified, the controller will attempt to add certificates to listeners that require it by matching available certs from ACM with the host field in each listener's ingress rule. | `string` | `""` | no |
-| [default\_backend](#input\_default\_backend) | n/a | object({
service_name = string
service_port = string
}) | {
"service_name": null,
"service_port": null
} | no |
+| [default\_backend](#input\_default\_backend) | n/a | object({
service_name = string
service_port = string
}) | {
"service_name": null,
"service_port": null
} | no |
| [enable\_send\_alb\_logs\_to\_cloudwatch](#input\_enable\_send\_alb\_logs\_to\_cloudwatch) | Send ALB logs to Cloudwatch if you enable enable\_send\_alb\_logs\_to\_s3 you should desable it will enable automaticlly | `bool` | `false` | no |
| [enable\_send\_alb\_logs\_to\_s3](#input\_enable\_send\_alb\_logs\_to\_s3) | Send ALB logs to s3 if you enable enable\_send\_alb\_logs\_to\_cloudwatch you don't need enable this it will enable automaticlly | `bool` | `false` | no |
| [healthcheck\_path](#input\_healthcheck\_path) | Specifies the HTTP path when performing health check on targets. | `string` | `"/"` | no |
@@ -141,7 +141,7 @@ spec:
| [log\_retention\_days](#input\_log\_retention\_days) | Log Retention days for s3 | `number` | `7` | no |
| [name](#input\_name) | Name of the Ingress, must be unique. | `string` | n/a | yes |
| [namespace](#input\_namespace) | K8s namespace where the Ingress will be created. | `string` | `"default"` | no |
-| [path](#input\_path) | Path array of path regex associated with a backend. Incoming urls matching the path are forwarded to the backend. | list(object({
name = string
port = string
path = string
})) | `null` | no |
+| [path](#input\_path) | Path array of path regex associated with a backend. Incoming urls matching the path are forwarded to the backend. | list(object({
name = string
port = string
path = string
})) | `null` | no |
| [scheme](#input\_scheme) | Specifies whether your LoadBalancer will be internet facing. | `string` | `"internet-facing"` | no |
| [ssl\_policy](#input\_ssl\_policy) | Specifies the Security Policy that should be assigned to the ALB. | `string` | `"ELBSecurityPolicy-TLS13-1-2-2021-06"` | no |
| [ssl\_redirect](#input\_ssl\_redirect) | Redirects HTTP traffic into HTTPs if set true. | `bool` | `true` | no |
diff --git a/modules/metric-filter/README.md b/modules/metric-filter/README.md
index 3baf3124..9588724b 100644
--- a/modules/metric-filter/README.md
+++ b/modules/metric-filter/README.md
@@ -43,7 +43,7 @@ No modules.
|------|-------------|------|---------|:--------:|
| [log\_group\_name](#input\_log\_group\_name) | n/a | `string` | n/a | yes |
| [metrics\_namespace](#input\_metrics\_namespace) | n/a | `string` | `"Log_Filters"` | no |
-| [metrics\_patterns](#input\_metrics\_patterns) | n/a | `any` | [
{
"dimensions": {},
"name": "",
"pattern": "",
"unit": ""
}
]
| no |
+| [metrics\_patterns](#input\_metrics\_patterns) | n/a | `any` | [
{
"dimensions": {},
"name": "",
"pattern": "",
"unit": ""
}
]
| no |
## Outputs
diff --git a/modules/mongodb-atlas/README.md b/modules/mongodb-atlas/README.md
index 3fa43818..c8f2db7f 100644
--- a/modules/mongodb-atlas/README.md
+++ b/modules/mongodb-atlas/README.md
@@ -113,7 +113,7 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [access\_users](#input\_access\_users) | Access Users | list(object({
username = string,
roles = list(string),
project_roles = set(string)
})) | `[]` | no |
+| [access\_users](#input\_access\_users) | Access Users | list(object({
username = string,
roles = list(string),
project_roles = set(string)
})) | `[]` | no |
| [alert\_delay\_min](#input\_alert\_delay\_min) | Number of minutes to wait after an alert condition is detected before sending out the first notification. | `number` | `0` | no |
| [alert\_email\_enabled](#input\_alert\_email\_enabled) | Flag indicating if email notifications should be sent. | `bool` | `true` | no |
| [alert\_event\_type](#input\_alert\_event\_type) | The type of event that will trigger an alert. | `string` | `"OUTSIDE_METRIC_THRESHOLD"` | no |
@@ -121,34 +121,34 @@ No modules.
| [alert\_metric\_name](#input\_alert\_metric\_name) | Name of the metric to check. | `string` | `"NORMALIZED_SYSTEM_CPU_USER"` | no |
| [alert\_mode](#input\_alert\_mode) | This must be set to AVERAGE. Atlas computes the current metric value as an average. | `string` | `"AVERAGE"` | no |
| [alert\_operator](#input\_alert\_operator) | Operator to apply when checking the current metric value against the threshold value. | `string` | `"GREATER_THAN"` | no |
-| [alert\_roles](#input\_alert\_roles) | The following roles grant privileges within a project. | `list(string)` | [
"GROUP_CLUSTER_MANAGER",
"GROUP_OWNER"
]
| no |
+| [alert\_roles](#input\_alert\_roles) | The following roles grant privileges within a project. | `list(string)` | [
"GROUP_CLUSTER_MANAGER",
"GROUP_OWNER"
]
| no |
| [alert\_sms\_enabled](#input\_alert\_sms\_enabled) | Flag indicating if text message notifications should be sent. | `bool` | `false` | no |
| [alert\_threshold](#input\_alert\_threshold) | Threshold value outside of which an alert will be triggered. | `number` | `99` | no |
| [alert\_type\_name](#input\_alert\_type\_name) | The type of alert notification. | `string` | `"GROUP"` | no |
| [alert\_units](#input\_alert\_units) | The units for the threshold value. Depends on the type of metric. | `string` | `"RAW"` | no |
-| [audit\_filter](#input\_audit\_filter) | JSON-formatted audit filter. All filters are chosen by default. | `map` | {
"$or": [
{
"users": []
},
{
"$and": [
{
"$or": [
{
"users": {
"$elemMatch": {
"$or": [
{
"db": "admin"
},
{
"db": "$external"
}
]
}
}
},
{
"roles": {
"$elemMatch": {
"$or": [
{
"db": "admin"
}
]
}
}
}
]
},
{
"$or": [
{
"atype": "authCheck",
"param.command": {
"$in": [
"aggregate",
"count",
"distinct",
"group",
"mapReduce",
"geoNear",
"geoSearch",
"eval",
"find",
"getLastError",
"getMore",
"getPrevError",
"parallelCollectionScan",
"delete",
"findAndModify",
"insert",
"update",
"resetError"
]
}
},
{
"atype": {
"$in": [
"authenticate",
"createCollection",
"createDatabase",
"createIndex",
"renameCollection",
"dropCollection",
"dropDatabase",
"dropIndex",
"createUser",
"dropUser",
"dropAllUsersFromDatabase",
"updateUser",
"grantRolesToUser",
"revokeRolesFromUser",
"createRole",
"updateRole",
"dropRole",
"dropAllRolesFromDatabase",
"grantRolesToRole",
"revokeRolesFromRole",
"grantPrivilegesToRole",
"revokePrivilegesFromRole",
"enableSharding",
"shardCollection",
"addShard",
"removeShard",
"shutdown",
"applicationMessage"
]
}
}
]
}
]
}
]
} | no |
+| [audit\_filter](#input\_audit\_filter) | JSON-formatted audit filter. All filters are chosen by default. | `map` | {
"$or": [
{
"users": []
},
{
"$and": [
{
"$or": [
{
"users": {
"$elemMatch": {
"$or": [
{
"db": "admin"
},
{
"db": "$external"
}
]
}
}
},
{
"roles": {
"$elemMatch": {
"$or": [
{
"db": "admin"
}
]
}
}
}
]
},
{
"$or": [
{
"atype": "authCheck",
"param.command": {
"$in": [
"aggregate",
"count",
"distinct",
"group",
"mapReduce",
"geoNear",
"geoSearch",
"eval",
"find",
"getLastError",
"getMore",
"getPrevError",
"parallelCollectionScan",
"delete",
"findAndModify",
"insert",
"update",
"resetError"
]
}
},
{
"atype": {
"$in": [
"authenticate",
"createCollection",
"createDatabase",
"createIndex",
"renameCollection",
"dropCollection",
"dropDatabase",
"dropIndex",
"createUser",
"dropUser",
"dropAllUsersFromDatabase",
"updateUser",
"grantRolesToUser",
"revokeRolesFromUser",
"createRole",
"updateRole",
"dropRole",
"dropAllRolesFromDatabase",
"grantRolesToRole",
"revokeRolesFromRole",
"grantPrivilegesToRole",
"revokePrivilegesFromRole",
"enableSharding",
"shardCollection",
"addShard",
"removeShard",
"shutdown",
"applicationMessage"
]
}
}
]
}
]
}
]
} | no |
| [backing\_provider\_name](#input\_backing\_provider\_name) | Cloud service provider on which the server for a multi-tenant cluster is provisioned, valid for only when instanceSizeName is M2 or M5. | `string` | `null` | no |
| [cloud\_backup](#input\_cloud\_backup) | Enable Cloud Backup. | `bool` | `true` | no |
-| [cluster\_configs](#input\_cluster\_configs) | Mongo atlas cluster configurations | object({
cluster_type = string,
replication_specs = object({
num_shards = number
region_name = string
electable_nodes = number
priority = number
read_only_nodes = number
})
auto_scaling_disk_gb_enabled = bool
provider_name = string # TODO: not sure if we really need to configure mongo atlas cluster provider, as we can use global variable var.provider_name. needs checking
disk_size_gb = number
provider_instance_size_name = string
}) | {
"auto_scaling_disk_gb_enabled": true,
"cluster_type": "REPLICASET",
"disk_size_gb": 100,
"provider_instance_size_name": "M10",
"provider_name": "AWS",
"replication_specs": {
"electable_nodes": 3,
"num_shards": 1,
"priority": 7,
"read_only_nodes": 0,
"region_name": "EU_CENTRAL_1"
}
} | no |
+| [cluster\_configs](#input\_cluster\_configs) | Mongo atlas cluster configurations | object({
cluster_type = string,
replication_specs = object({
num_shards = number
region_name = string
electable_nodes = number
priority = number
read_only_nodes = number
})
auto_scaling_disk_gb_enabled = bool
provider_name = string # TODO: not sure if we really need to configure mongo atlas cluster provider, as we can use global variable var.provider_name. needs checking
disk_size_gb = number
provider_instance_size_name = string
}) | {
"auto_scaling_disk_gb_enabled": true,
"cluster_type": "REPLICASET",
"disk_size_gb": 100,
"provider_instance_size_name": "M10",
"provider_name": "AWS",
"replication_specs": {
"electable_nodes": 3,
"num_shards": 1,
"priority": 7,
"read_only_nodes": 0,
"region_name": "EU_CENTRAL_1"
}
} | no |
| [create\_alert\_configuration](#input\_create\_alert\_configuration) | Whether to create mongodbatlas\_alert\_configuration or not. | `bool` | `true` | no |
| [enable\_auditing](#input\_enable\_auditing) | Whether to create mongodbatlas\_auditing or not. | `bool` | `false` | no |
| [ip\_addresses](#input\_ip\_addresses) | MongoDB Atlas IP Access List | `list(string)` | `[]` | no |
| [mongo\_db\_major\_version](#input\_mongo\_db\_major\_version) | Mongo Atlas cluster version. | `string` | `"4.4"` | no |
-| [network\_peering](#input\_network\_peering) | Network peering configs | list(object({
accepter_region_name = string
aws_account_id = string
vpc_id = string
# this option is for identifying private route table and creating route table record with target to mongodb peering, so you need to pass one of private subnets id
# TODO: find better way for identifying vpc private route table, instead of using one of private subnets id
subnet_id = string
# IMPORTANT NOTE: this is something that you can chose from private address space and it should not overlap with VPC cidr,
# please check the following links for more info:
# * https://www.mongodb.com/docs/atlas/security-vpc-peering/
# * https://registry.terraform.io/providers/mongodb/mongodbatlas/latest/docs/resources/network_peering
# * https://datatracker.ietf.org/doc/html/rfc1918.html#section-3
atlas_cidr_block = string
})) | `[]` | no |
+| [network\_peering](#input\_network\_peering) | Network peering configs | list(object({
accepter_region_name = string
aws_account_id = string
vpc_id = string
# this option is for identifying private route table and creating route table record with target to mongodb peering, so you need to pass one of private subnets id
# TODO: find better way for identifying vpc private route table, instead of using one of private subnets id
subnet_id = string
# IMPORTANT NOTE: this is something that you can chose from private address space and it should not overlap with VPC cidr,
# please check the following links for more info:
# * https://www.mongodb.com/docs/atlas/security-vpc-peering/
# * https://registry.terraform.io/providers/mongodb/mongodbatlas/latest/docs/resources/network_peering
# * https://datatracker.ietf.org/doc/html/rfc1918.html#section-3
atlas_cidr_block = string
})) | `[]` | no |
| [org\_id](#input\_org\_id) | MongoDB Atlas Organisation ID | `string` | n/a | yes |
| [org\_invitation\_enabled](#input\_org\_invitation\_enabled) | Allows to controll wheather the invitation for organization will be created | `bool` | `false` | no |
-| [policy\_item\_daily](#input\_policy\_item\_daily) | n/a | `map` | {
"frequency_interval": 1,
"retention_unit": "days",
"retention_value": 7
} | no |
-| [policy\_item\_hourly](#input\_policy\_item\_hourly) | frequency\_interval - Desired frequency of the new backup policy item specified by frequency\_type. retention\_unit - Scope of the backup policy item: days, weeks, or months. retention\_value - Value to associate with retention\_unit. | `map` | {
"frequency_interval": 6,
"retention_unit": "days",
"retention_value": 2
} | no |
-| [policy\_item\_monthly](#input\_policy\_item\_monthly) | n/a | `map` | {
"frequency_interval": 40,
"retention_unit": "months",
"retention_value": 12
} | no |
-| [policy\_item\_weekly](#input\_policy\_item\_weekly) | n/a | `map` | {
"frequency_interval": 6,
"retention_unit": "weeks",
"retention_value": 4
} | no |
+| [policy\_item\_daily](#input\_policy\_item\_daily) | n/a | `map` | {
"frequency_interval": 1,
"retention_unit": "days",
"retention_value": 7
} | no |
+| [policy\_item\_hourly](#input\_policy\_item\_hourly) | frequency\_interval - Desired frequency of the new backup policy item specified by frequency\_type. retention\_unit - Scope of the backup policy item: days, weeks, or months. retention\_value - Value to associate with retention\_unit. | `map` | {
"frequency_interval": 6,
"retention_unit": "days",
"retention_value": 2
} | no |
+| [policy\_item\_monthly](#input\_policy\_item\_monthly) | n/a | `map` | {
"frequency_interval": 40,
"retention_unit": "months",
"retention_value": 12
} | no |
+| [policy\_item\_weekly](#input\_policy\_item\_weekly) | n/a | `map` | {
"frequency_interval": 6,
"retention_unit": "weeks",
"retention_value": 4
} | no |
| [project\_name](#input\_project\_name) | MongoDB Atlas Project Name | `string` | `"project"` | no |
| [provider\_name](#input\_provider\_name) | Cloud provider to whom the peering connection is being made. | `string` | `"AWS"` | no |
| [provider\_region\_name](#input\_provider\_region\_name) | Cloud service provider on which the server for a multi-tenant cluster is provisioned, valid for only when instanceSizeName is M2 or M5. | `string` | `null` | no |
| [schedule\_restore\_window\_days](#input\_schedule\_restore\_window\_days) | Number of days back in time you can restore to with point-in-time accuracy. | `number` | `1` | no |
-| [teams](#input\_teams) | n/a | list(object({
team_id = string
role_names = list(string)
})) | `[]` | no |
+| [teams](#input\_teams) | n/a | list(object({
team_id = string
role_names = list(string)
})) | `[]` | no |
| [use\_cloud\_backup\_schedule](#input\_use\_cloud\_backup\_schedule) | As use\_cloud\_provider\_snapshot\_backup\_policy is deprecated, this resource should be used, but it can't be used with the other one, so only one of these must be true. | `bool` | `false` | no |
| [use\_cloud\_provider\_snapshot\_backup\_policy](#input\_use\_cloud\_provider\_snapshot\_backup\_policy) | mongodbatlas\_cloud\_provider\_snapshot\_backup\_policy is deprecated, but make use\_cloud\_provider\_snapshot\_backup\_policy true to use this resource. | `bool` | `false` | no |
-| [users](#input\_users) | MongoDB Atlas users list, roles and scopes. | `list` | [
{
"roles": [
{
"database_name": "development",
"role_name": "readWrite"
}
],
"scopes": [
{
"name": "cluster",
"type": "CLUSTER"
}
],
"username": "alice"
}
]
| no |
+| [users](#input\_users) | MongoDB Atlas users list, roles and scopes. | `list` | [
{
"roles": [
{
"database_name": "development",
"role_name": "readWrite"
}
],
"scopes": [
{
"name": "cluster",
"type": "CLUSTER"
}
],
"username": "alice"
}
]
| no |
| [with\_default\_alerts\_settings](#input\_with\_default\_alerts\_settings) | It allows users to disable the creation of the default alert settings. | `bool` | `true` | no |
## Outputs
diff --git a/modules/mongodb/README.md b/modules/mongodb/README.md
index c58a2101..0ee009fa 100644
--- a/modules/mongodb/README.md
+++ b/modules/mongodb/README.md
@@ -48,7 +48,7 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [arbiter\_resources](#input\_arbiter\_resources) | Allows to set cpu/memory resources Limits/Requests for arbiter. | object({
limits = object({
cpu = string
memory = string
})
requests = object({
cpu = string
memory = string
})
}) | {
"limits": {
"cpu": "",
"memory": ""
},
"requests": {
"cpu": "",
"memory": ""
}
} | no |
+| [arbiter\_resources](#input\_arbiter\_resources) | Allows to set cpu/memory resources Limits/Requests for arbiter. | object({
limits = object({
cpu = string
memory = string
})
requests = object({
cpu = string
memory = string
})
}) | {
"limits": {
"cpu": "",
"memory": ""
},
"requests": {
"cpu": "",
"memory": ""
}
} | no |
| [architecture](#input\_architecture) | n/a | `string` | `"replicaset"` | no |
| [image\_tag](#input\_image\_tag) | n/a | `string` | `"4.4.11-debian-10-r5"` | no |
| [livenessprobe\_initialdelayseconds](#input\_livenessprobe\_initialdelayseconds) | n/a | `string` | `"30"` | no |
@@ -58,7 +58,7 @@ No modules.
| [priority\_class\_name](#input\_priority\_class\_name) | Priority class name for pods. Useful if mongodb is co-located with other resources and consumes lot of memory. | `string` | `""` | no |
| [readinessprobe\_initialdelayseconds](#input\_readinessprobe\_initialdelayseconds) | n/a | `string` | `"5"` | no |
| [replicaset\_key](#input\_replicaset\_key) | n/a | `string` | n/a | yes |
-| [resources](#input\_resources) | Allows to set cpu/memory resources Limits/Requests for deployment. | object({
limits = object({
cpu = string
memory = string
})
requests = object({
cpu = string
memory = string
})
}) | {
"limits": {
"cpu": "300m",
"memory": "500Mi"
},
"requests": {
"cpu": "300m",
"memory": "500Mi"
}
} | no |
+| [resources](#input\_resources) | Allows to set cpu/memory resources Limits/Requests for deployment. | object({
limits = object({
cpu = string
memory = string
})
requests = object({
cpu = string
memory = string
})
}) | {
"limits": {
"cpu": "300m",
"memory": "500Mi"
},
"requests": {
"cpu": "300m",
"memory": "500Mi"
}
} | no |
| [root\_password](#input\_root\_password) | n/a | `string` | n/a | yes |
## Outputs
diff --git a/modules/route53-alerts-notify/README.md b/modules/route53-alerts-notify/README.md
index f2dfaa7c..3e12c7cc 100644
--- a/modules/route53-alerts-notify/README.md
+++ b/modules/route53-alerts-notify/README.md
@@ -86,7 +86,7 @@ module "healthcheck" {
| [period](#input\_period) | Period. | `string` | `"60"` | no |
| [port](#input\_port) | Port number of checking service. | `number` | `443` | no |
| [reference\_name](#input\_reference\_name) | Reference name of health check. | `string` | `""` | no |
-| [regions](#input\_regions) | (Optional) A list of AWS regions that you want Amazon Route 53 health checkers to check the specified endpoint from. | `list(string)` | [
"us-east-1",
"eu-west-1",
"ap-northeast-1"
]
| no |
+| [regions](#input\_regions) | (Optional) A list of AWS regions that you want Amazon Route 53 health checkers to check the specified endpoint from. | `list(string)` | [
"us-east-1",
"eu-west-1",
"ap-northeast-1"
]
| no |
| [request\_interval](#input\_request\_interval) | The number of seconds between the time that Amazon Route 53 gets a response from your endpoint and the time that it sends the next health-check request. | `string` | `"30"` | no |
| [resource\_path](#input\_resource\_path) | Path name coming after fqdn. | `string` | `""` | no |
| [slack\_channel](#input\_slack\_channel) | Slack Channel | `string` | `null` | no |
diff --git a/modules/sqs/README.md b/modules/sqs/README.md
index ac8f938e..9cff9d04 100644
--- a/modules/sqs/README.md
+++ b/modules/sqs/README.md
@@ -46,7 +46,7 @@ No requirements.
| [delay\_seconds](#input\_delay\_seconds) | The time in seconds that the delivery of all messages in the queue will be delayed. An integer from 0 to 900 (15 minutes) | `number` | `0` | no |
| [fifo\_queue](#input\_fifo\_queue) | Boolean designating a FIFO queue | `bool` | `false` | no |
| [fifo\_throughput\_limit](#input\_fifo\_throughput\_limit) | Specifies whether the FIFO queue throughput quota applies to the entire queue or per message group | `string` | `null` | no |
-| [iam\_user\_actions](#input\_iam\_user\_actions) | The allowed actions that created user can perform on this created bucket. | `list(string)` | [
"sqs:*"
]
| no |
+| [iam\_user\_actions](#input\_iam\_user\_actions) | The allowed actions that created user can perform on this created bucket. | `list(string)` | [
"sqs:*"
]
| no |
| [kms\_data\_key\_reuse\_period\_seconds](#input\_kms\_data\_key\_reuse\_period\_seconds) | The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again. An integer representing seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours) | `number` | `300` | no |
| [kms\_master\_key\_id](#input\_kms\_master\_key\_id) | The ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK | `string` | `null` | no |
| [max\_message\_size](#input\_max\_message\_size) | The limit of how many bytes a message can contain before Amazon SQS rejects it. An integer from 1024 bytes (1 KiB) up to 262144 bytes (256 KiB) | `number` | `262144` | no |
diff --git a/modules/ssl-certificate/README.md b/modules/ssl-certificate/README.md
index bd2b3903..e7193c1b 100644
--- a/modules/ssl-certificate/README.md
+++ b/modules/ssl-certificate/README.md
@@ -104,7 +104,7 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [alternative\_domains](#input\_alternative\_domains) | Subdomain or other domain or wildcard for the certificate. | `list(string)` | `[]` | no |
-| [alternative\_zones](#input\_alternative\_zones) | This variable uses route53. Must equal to alternative\_domains. (Note. When you use wildcard must be equal to main zone) | `list(string)` | [
""
]
| no |
+| [alternative\_zones](#input\_alternative\_zones) | This variable uses route53. Must equal to alternative\_domains. (Note. When you use wildcard must be equal to main zone) | `list(string)` | [
""
]
| no |
| [domain](#input\_domain) | Main domain name for ssl certificate. | `string` | n/a | yes |
| [tags](#input\_tags) | tags | `any` | `{}` | no |
| [validate](#input\_validate) | Whether validate the certificate in R53 zone or not. | `bool` | `true` | no |
diff --git a/modules/waf/README.md b/modules/waf/README.md
index c1921041..5a4167a1 100644
--- a/modules/waf/README.md
+++ b/modules/waf/README.md
@@ -357,7 +357,7 @@ module "waf_alb" {
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [alarms](#input\_alarms) | n/a | object({
enabled = optional(bool, true)
sns_topic = string
custom_values = optional(any, {})
}) | n/a | yes |
+| [alarms](#input\_alarms) | n/a | object({
enabled = optional(bool, true)
sns_topic = string
custom_values = optional(any, {})
}) | n/a | yes |
| [alb\_arn](#input\_alb\_arn) | Application Load Balancer ARN | `string` | `""` | no |
| [alb\_arn\_list](#input\_alb\_arn\_list) | Application Load Balancer ARN list | `list(string)` | `[]` | no |
| [allow\_default\_action](#input\_allow\_default\_action) | Set to true for WAF to allow requests by default. Set to false for WAF to block requests by default. | `bool` | `true` | no |
@@ -370,7 +370,7 @@ module "waf_alb" {
| [rules](#input\_rules) | List of WAF rules. | `any` | `[]` | no |
| [scope](#input\_scope) | Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider. | `string` | `"REGIONAL"` | no |
| [tags](#input\_tags) | List of WAF rules. | `any` | `{}` | no |
-| [visibility\_config](#input\_visibility\_config) | Visibility config for WAFv2 web acl. https://www.terraform.io/docs/providers/aws/r/wafv2_web_acl.html#visibility-configuration | `any` | {
"metric_name": "test-waf-setup-waf-main-metrics"
} | no |
+| [visibility\_config](#input\_visibility\_config) | Visibility config for WAFv2 web acl. https://www.terraform.io/docs/providers/aws/r/wafv2_web_acl.html#visibility-configuration | `any` | {
"metric_name": "test-waf-setup-waf-main-metrics"
} | no |
| [whitelist\_ips](#input\_whitelist\_ips) | List of IPs to whitelist. NOTE that this is going to priority 1 so when you pass this list make sure that var.rules list do not contain priority=1 rule | `list(string)` | `[]` | no |
## Outputs
diff --git a/modules/waf/tests/alb-association-block-mode/README.md b/modules/waf/tests/alb-association-block-mode/README.md
index dca198c1..c34d6058 100644
--- a/modules/waf/tests/alb-association-block-mode/README.md
+++ b/modules/waf/tests/alb-association-block-mode/README.md
@@ -11,7 +11,7 @@
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | ~> 4.52 |
+| [aws](#provider\_aws) | 4.67.0 |
## Modules
diff --git a/modules/waf/tests/alb-association-count-mode/README.md b/modules/waf/tests/alb-association-count-mode/README.md
index dca198c1..c34d6058 100644
--- a/modules/waf/tests/alb-association-count-mode/README.md
+++ b/modules/waf/tests/alb-association-count-mode/README.md
@@ -11,7 +11,7 @@
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | ~> 4.52 |
+| [aws](#provider\_aws) | 4.67.0 |
## Modules
diff --git a/modules/waf/tests/overwrite-alarms/README.md b/modules/waf/tests/overwrite-alarms/README.md
index 73b26214..8f37bbe8 100644
--- a/modules/waf/tests/overwrite-alarms/README.md
+++ b/modules/waf/tests/overwrite-alarms/README.md
@@ -11,7 +11,7 @@
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | ~> 5.0 |
+| [aws](#provider\_aws) | 5.64.0 |
## Modules