docs: fix typos using codespell (#1114)

Author: RoseSecurity

CHANGELOG.md

@@ -531,7 +531,7 @@ Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0
 ### 🐛 Bug Fixes
 
 <details>
-  <summary>Karpenter bugfix, EKS add-ons to mangaed node group @Nuru (#816)</summary>
+  <summary>Karpenter bugfix, EKS add-ons to managed node group @Nuru (#816)</summary>
 
 ### what
 
@@ -553,7 +553,7 @@ Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0
 
 ### what
 
-- Upsteam the latest `ecs-service` component
+- Upstream the latest `ecs-service` component
 
 ### why
 
@@ -820,7 +820,7 @@ Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0
 
 ### why
 
-- to help future implementors of CloudPosse's architectures
+- to help future implementers of CloudPosse's architectures
 
 ### references
 
@@ -841,7 +841,7 @@ Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0
 
 - fix incorrect shape for one of the items in `aws_team_roles_rbac`
 - improve consistency
-- remove variables that are not appliable for the component
+- remove variables that are not applicable for the component
 
 ### references
 
@@ -3840,7 +3840,7 @@ N/A
 ### what
 
 - bumped ecr
-- remove unnecssary variable
+- remove unnecessary variable
 
 ### why
 
@@ -4627,7 +4627,7 @@ NOTE: I don't know if the default of `default` is valid or if it is `Default`. I
 
 ### what
 
-- Bump Versin of EC2 Client VPN
+- Bump Version of EC2 Client VPN
 
 ### why
 
@@ -4758,7 +4758,7 @@ This is an alternative way of deprovisioning - proactive one.
 
 ```
 There is another way to configure Karpenter to deprovision nodes called Consolidation.
-This mode is preferred for workloads such as microservices and is imcompatible with setting
+This mode is preferred for workloads such as microservices and is incompatible with setting
 up the ttlSecondsAfterEmpty . When set in consolidation mode Karpenter works to actively
 reduce cluster cost by identifying when nodes can be removed as their workloads will run
 on other nodes in the cluster and when nodes can be replaced with cheaper variants due

README.md

@@ -127,7 +127,7 @@ update:
         dry_run: no
 ```
 
-For the full documentation on how to use the Component Updater GitHub Action, please see the [Atmos Intergations](https://atmos.tools/integrations/github-actions/component-updater) documentation.
+For the full documentation on how to use the Component Updater GitHub Action, please see the [Atmos Integrations](https://atmos.tools/integrations/github-actions/component-updater) documentation.
 
 ## Using `pre-commit` Hooks
 

README.yaml

@@ -147,7 +147,7 @@ usage: |-
           dry_run: no
   ```
 
-  For the full documentation on how to use the Component Updater GitHub Action, please see the [Atmos Intergations](https://atmos.tools/integrations/github-actions/component-updater) documentation.
+  For the full documentation on how to use the Component Updater GitHub Action, please see the [Atmos Integrations](https://atmos.tools/integrations/github-actions/component-updater) documentation.
 
   ## Using `pre-commit` Hooks
 

deprecated/aws/backing-services/rds-replica.tf

@@ -45,7 +45,7 @@ variable "rds_replica_snapshot" {
 variable "rds_replica_multi_az" {
   type        = string
   default     = "false"
-  description = "Run instaces in multiple az"
+  description = "Run instances in multiple az"
 }
 
 variable "rds_replica_storage_type" {

deprecated/aws/backing-services/rds.tf

@@ -81,7 +81,7 @@ variable "rds_parameter_group_name" {
 variable "rds_multi_az" {
   type        = string
   default     = "false"
-  description = "Run instaces in multiple az"
+  description = "Run instances in multiple az"
 }
 
 variable "rds_storage_type" {

deprecated/aws/grafana-backing-services/aurora-mysql.tf

@@ -87,7 +87,7 @@ resource "random_string" "mysql_admin_password" {
 #  "Read SSM parameter to get allowed CIDR blocks"
 data "aws_ssm_parameter" "allowed_cidr_blocks" {
   # The data source will throw an error if it cannot find the parameter,
-  # so do not reference it unless it is neeeded.
+  # so do not reference it unless it is needed.
   count = local.allowed_cidr_blocks_use_ssm ? 1 : 0
 
   # name = substr(mysql_cluster_allowed_cidr_blocks, 0, 1) == "/" ? mysql_cluster_allowed_cidr_blocks : "/aws/service/global-infrastructure/version"
@@ -97,15 +97,15 @@ data "aws_ssm_parameter" "allowed_cidr_blocks" {
 #  "Read SSM parameter to get allowed VPC ID"
 data "aws_ssm_parameter" "vpc_id" {
   # The data source will throw an error if it cannot find the parameter,
-  # so do not reference it unless it is neeeded.
+  # so do not reference it unless it is needed.
   count = local.vpc_id_use_ssm ? 1 : 0
   name  = var.vpc_id
 }
 
 #  "Read SSM parameter to get allowed VPC subnet IDs"
 data "aws_ssm_parameter" "vpc_subnet_ids" {
   # The data source will throw an error if it cannot find the parameter,
-  # so do not reference it unless it is neeeded.
+  # so do not reference it unless it is needed.
   count = local.vpc_subnet_ids_use_ssm ? 1 : 0
   name  = var.vpc_subnet_ids
 }

deprecated/aws/keycloak-backing-services/README.md

@@ -43,7 +43,7 @@ an authorized local service.
 To keep the database encrypted, this module will have to be extended:
 1 Create a KMS key for encrypting the database. Using the RDS default key
 is not advisable since the only practical advantage of the key comes from
-limiting access to it, and the default key will likey have relatively
+limiting access to it, and the default key will likely have relatively
 wide access.
 1. Create an IAM role for Keycloak that has access to the key. Nodes running
 `kiam-server` will need to be able to assume this role.

deprecated/aws/kops/variables.tf

@@ -21,7 +21,7 @@ variable "name" {
 variable "region" {
   type        = string
   default     = ""
-  description = "AWS region for resources. Can be overriden by `resource_region` and `state_store_region`"
+  description = "AWS region for resources. Can be overridden by `resource_region` and `state_store_region`"
 }
 
 variable "state_store_region" {

deprecated/aws/sentry/aurora-postgres.tf

@@ -30,13 +30,13 @@ variable "postgres_db_name" {
 
 variable "aurora_postgres_engine_version" {
   type        = string
-  description = "Database Engine Version for Aurora PostgeSQL"
+  description = "Database Engine Version for Aurora postgresql"
   default     = "9.6.12"
 }
 
 variable "aurora_postgres_cluster_family" {
   type        = string
-  description = "Database Engine Version for Aurora PostgeSQL"
+  description = "Database Engine Version for Aurora postgresql"
   default     = "9.6.12"
 }
 

deprecated/aws/teleport/main.tf

@@ -91,7 +91,7 @@ resource "aws_iam_role" "teleport" {
 data "aws_iam_policy_document" "teleport" {
   // Teleport can use LetsEncrypt to get TLS certificates. For this  // it needs additional permissions which are not included here.
 
-  // Teleport can use SSM to publish "join tokens" and retreive the enterprise  // license, but that is not fully documented, so permissions to access SSM  // are not included at this time.
+  // Teleport can use SSM to publish "join tokens" and retrieve the enterprise  // license, but that is not fully documented, so permissions to access SSM  // are not included at this time.
 
   // S3 permissions are needed to save and replay SSH sessions
   statement {

deprecated/aws/vpc-peering-intra-account/variables.tf

@@ -9,13 +9,13 @@ variable "aws_assume_role_arn" {
 
 variable "requestor_vpc_id" {
   type        = string
-  description = "Requestor VPC ID"
+  description = "Requester VPC ID"
   default     = ""
 }
 
 variable "requestor_vpc_tags" {
   type        = map(string)
-  description = "Requestor VPC tags"
+  description = "Requester VPC tags"
   default     = {}
 }
 
@@ -38,12 +38,12 @@ variable "auto_accept" {
 
 variable "acceptor_allow_remote_vpc_dns_resolution" {
   default     = "true"
-  description = "Allow acceptor VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the requestor VPC"
+  description = "Allow acceptor VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the requester VPC"
 }
 
 variable "requestor_allow_remote_vpc_dns_resolution" {
   default     = "true"
-  description = "Allow requestor VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the acceptor VPC"
+  description = "Allow requester VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the acceptor VPC"
 }
 
 variable "namespace" {

deprecated/aws/vpc/outputs.tf

@@ -23,7 +23,7 @@ output "cidr_block" {
 }
 
 output "availability_zones" {
-  description = "Comma-separated string list of avaialbility zones where subnets have been created"
+  description = "Comma-separated string list of availability zones where subnets have been created"
   value       = aws_ssm_parameter.availability_zones.value
 }
 

deprecated/aws/vpc/variables.tf

@@ -30,7 +30,7 @@ variable "region" {
 
 variable "max_subnet_count" {
   default     = 0
-  description = "Sets the maximum amount of subnets to deploy.  0 will deploy a subnet for every provided availablility zone (in `availability_zones` variable) within the region"
+  description = "Sets the maximum amount of subnets to deploy.  0 will deploy a subnet for every provided availability zone (in `availability_zones` variable) within the region"
 }
 
 variable "availability_zones" {

deprecated/eks/eks-without-spotinst/main.tf

@@ -56,7 +56,7 @@ module "eks_cluster" {
   # exec_auth is more reliable than data_auth when the aws CLI is available
   # Details at https://github.com/cloudposse/terraform-aws-eks-cluster/releases/tag/0.42.0
   kube_exec_auth_enabled = !var.kubeconfig_file_enabled
-  # If using `exec` method (recommended) for authentication, provide an explict
+  # If using `exec` method (recommended) for authentication, provide an explicit
   # IAM role ARN to exec as for authentication to EKS cluster.
   kube_exec_auth_role_arn         = coalesce(var.import_role_arn, module.iam_roles.terraform_role_arn)
   kube_exec_auth_role_arn_enabled = true

deprecated/github-actions-runner/variables.tf

@@ -192,7 +192,7 @@ variable "runner_configurations" {
     error_message = "Variable runner_configurations can contain only one target key of either `repo` or `org` not both."
   }
 
-  # runner_configuration may only conatain map keys "repo", "org", "runner_type", "autoscale_type"
+  # runner_configuration may only contain map keys "repo", "org", "runner_type", "autoscale_type"
   validation {
     condition     = alltrue([for r in var.runner_configurations : alltrue([for k in keys(r) : contains(["repo", "org", "runner_type", "autoscale_type"], k)])])
     error_message = "Unknown map key, must be one of repo, org, runner_type or autoscale_type."

deprecated/securityhub/securityhub/common/README.md

@@ -133,7 +133,7 @@ done
 |------|-------------|------|---------|:--------:|
 | <a name="input_account_map_tenant"></a> [account\_map\_tenant](#input\_account\_map\_tenant) | The tenant where the `account_map` component required by remote-state is deployed | `string` | `""` | no |
 | <a name="input_additional_tag_map"></a> [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.<br>This is for some rare cases where resources want additional configuration of tags<br>and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no |
-| <a name="input_admin_delegated"></a> [admin\_delegated](#input\_admin\_delegated) | A flag to indicate if the Security Hub Admininstrator account has been designated from the root account.<br><br>  This component should be applied with this variable set to `false`, then the securityhub/root component should be applied<br>  to designate the administrator account, then this component should be applied again with this variable set to `true`. | `bool` | `false` | no |
+| <a name="input_admin_delegated"></a> [admin\_delegated](#input\_admin\_delegated) | A flag to indicate if the Security Hub Administrator account has been designated from the root account.<br><br>  This component should be applied with this variable set to `false`, then the securityhub/root component should be applied<br>  to designate the administrator account, then this component should be applied again with this variable set to `true`. | `bool` | `false` | no |
 | <a name="input_attributes"></a> [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,<br>in the order they appear in the list. New attributes are appended to the<br>end of the list. The elements of the list are joined by the `delimiter`<br>and treated as a single ID element. | `list(string)` | `[]` | no |
 | <a name="input_central_resource_collector_account"></a> [central\_resource\_collector\_account](#input\_central\_resource\_collector\_account) | The name of the account that is the centralized aggregation account | `string` | n/a | yes |
 | <a name="input_central_resource_collector_region"></a> [central\_resource\_collector\_region](#input\_central\_resource\_collector\_region) | The region that collects findings | `string` | n/a | yes |

deprecated/securityhub/securityhub/common/variables.tf

@@ -67,7 +67,7 @@ variable "admin_delegated" {
   type        = bool
   default     = false
   description = <<DOC
-  A flag to indicate if the Security Hub Admininstrator account has been designated from the root account.
+  A flag to indicate if the Security Hub Administrator account has been designated from the root account.
 
   This component should be applied with this variable set to `false`, then the securityhub/root component should be applied
   to designate the administrator account, then this component should be applied again with this variable set to `true`.

deprecated/spacelift/docs/spacelift-overview.md

@@ -6,7 +6,7 @@ large-scale installations - dozens of teams, hundreds of engineers and tens of t
 
 ## Projects & Configuration
 
-There are two projects located in this repository that are required for the deplyoment & day-to-day operation of
+There are two projects located in this repository that are required for the deployment & day-to-day operation of
 Spacelift.
 
 | Project                 | Description                                             |

deprecated/tgw/cross-region-hub-connector/providers.tf

@@ -1,6 +1,6 @@
 # Assuming region-a is default.
 # tgw_this_region is network of region-b
-# tgw_home_reigon is netowrk of region-a
+# tgw_home_reigon is network of region-a
 
 provider "aws" {
   alias  = "tgw_this_region"

modules/account-map/modules/iam-roles/providers.tf

@@ -4,7 +4,7 @@ provider "awsutils" {
   alias = "iam-roles"
 
   # If the provider block is empty, Terraform will output a deprecation warning,
-  # because earlier versions of Terraform used empty provider blocks to decalare provider requirements,
+  # because earlier versions of Terraform used empty provider blocks to declare provider requirements,
   # which is now deprecated in favor of the required_providers block.
   # So we add a useless setting to the provider block to avoid the deprecation warning.
   profile = null

modules/account/README.md

@@ -33,7 +33,7 @@ unintended and a security risk.
 
 **IMPORTANT**: Account Name building blocks (such as tenant, stage, environment) must not contain dashes. Doing so will
 lead to unpredictable resource names as a `-` is the default delimiter. Additionally, account names must be lower case
-alpha-numeric with no special characters. For example:
+alphanumeric with no special characters. For example:
 
 | Key              | Value           | Correctness |
 | ---------------- | --------------- | ----------- |
@@ -362,8 +362,8 @@ other steps, for example while waiting for Terraform to create resources.
    save the account number in a separate field.
 
 2. Log in using the new password, choose "My Security Credentials" from the account dropdown menu and set up
-   Multi-Factor Authentication (MFA) to use a Virutal MFA device. Save the MFA TOTP key in 1Password by using
-   1Password's TOTP field and built-in screen scanner. Also, save the Virutal MFA ARN (sometimes shown as "serial
+   Multi-Factor Authentication (MFA) to use a Virtual MFA device. Save the MFA TOTP key in 1Password by using
+   1Password's TOTP field and built-in screen scanner. Also, save the Virtual MFA ARN (sometimes shown as "serial
    number").
 
 3. While logged in, enable optional regions as described in the next step, if needed.

modules/aurora-mysql/README.md

@@ -91,7 +91,7 @@ Example deployment with primary cluster deployed to us-east-1 in a `platform-dev
 ## Disaster Recovery with Cross-Region Replication
 
 This component is designed to support cross-region replication with continuous replication. If enabled and deployed, a
-secondary cluster will be deployed in a different region than the primary cluster. This approach is highly aggresive and
+secondary cluster will be deployed in a different region than the primary cluster. This approach is highly aggressive and
 costly, but in a disaster scenario where the primary cluster fails, the secondary cluster can be promoted to take its
 place. Follow these steps to handle a Disaster Recovery.
 

modules/aurora-postgres-resources/README.md

@@ -115,7 +115,7 @@ that type in the specified schema.
 |------|-------------|------|---------|:--------:|
 | <a name="input_additional_databases"></a> [additional\_databases](#input\_additional\_databases) | Additional databases to be created with the cluster | `set(string)` | `[]` | no |
 | <a name="input_additional_grants"></a> [additional\_grants](#input\_additional\_grants) | Create additional database user with specified grants.<br>If `var.ssm_password_source` is set, passwords will be retrieved from SSM parameter store,<br>otherwise, passwords will be generated and stored in SSM parameter store under the service's key. | <pre>map(list(object({<br>    grant : list(string)<br>    db : string<br>  })))</pre> | `{}` | no |
-| <a name="input_additional_schemas"></a> [additional\_schemas](#input\_additional\_schemas) | Create additonal schemas for a given database.<br>If no database is given, the schema will use the database used by the provider configuration | <pre>map(object({<br>    database : string<br>  }))</pre> | `{}` | no |
+| <a name="input_additional_schemas"></a> [additional\_schemas](#input\_additional\_schemas) | Create additional schemas for a given database.<br>If no database is given, the schema will use the database used by the provider configuration | <pre>map(object({<br>    database : string<br>  }))</pre> | `{}` | no |
 | <a name="input_additional_tag_map"></a> [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.<br>This is for some rare cases where resources want additional configuration of tags<br>and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no |
 | <a name="input_additional_users"></a> [additional\_users](#input\_additional\_users) | Create additional database user for a service, specifying username, grants, and optional password.<br>If no password is specified, one will be generated. Username and password will be stored in<br>SSM parameter store under the service's key. | <pre>map(object({<br>    db_user : string<br>    db_password : string<br>    grants : list(object({<br>      grant : list(string)<br>      db : string<br>      schema : string<br>      object_type : string<br>    }))<br>  }))</pre> | `{}` | no |
 | <a name="input_admin_password"></a> [admin\_password](#input\_admin\_password) | postgresql password for the admin user | `string` | `""` | no |

modules/aurora-postgres-resources/variables.tf

@@ -94,7 +94,7 @@ variable "additional_schemas" {
   }))
   default     = {}
   description = <<-EOT
-    Create additonal schemas for a given database.
+    Create additional schemas for a given database.
     If no database is given, the schema will use the database used by the provider configuration
   EOT
 }

modules/aws-config/README.md

@@ -98,7 +98,7 @@ component by default. Note that this can be overridden by the `scope` variable i
 >
 > #### Using the organization default_scope
 >
-> If default_scope == `organization`, AWS Config is global unless overriden in the `conformance_packs` items. You will
+> If default_scope == `organization`, AWS Config is global unless overridden in the `conformance_packs` items. You will
 > need to update your org to allow the `config-multiaccountsetup.amazonaws.com` service access principal for this to
 > work. If you are using our `account` component, just add that principal to the `aws_service_access_principals`
 > variable.