Merge pull request #9 from geekcell/missing-tags

Ic3w0lf · web-flow · commit c1737cf30c7c · 2023-09-28T13:18:14.000+02:00
fix: add missing tags
diff --git a/.github/.templatesyncignore b/.github/.templatesyncignore
@@ -2,4 +2,8 @@ README.md
 .github/workflows/*
 .terraform-docs.yml
 docs/20-badges.md
+docs/assets/logo.svg
 *.tf
+test/*
+go.mod
+go.sum
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,16 +1,18 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.76.0
+    rev: v1.80.0
     hooks:
       - id: terraform_docs
       - id: terraform_fmt
       - id: terraform_validate
+        args:
+          - --hook-config=--retry-once-with-cleanup=true
         exclude: '^[^/]+$'
       - id: terraform_tflint
         exclude: ^examples/
 
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.3.0
+    rev: v4.4.0
     hooks:
       - id: trailing-whitespace
       - id: end-of-file-fixer
diff --git a/README.md b/README.md
@@ -43,8 +43,10 @@ each module for more information. All modules are enabled by default.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_enable_cloudwatch_defaults"></a> [enable\_cloudwatch\_defaults](#input\_enable\_cloudwatch\_defaults) | Enable the Cloudwatch submodule. | `bool` | `true` | no |
+| <a name="input_enable_iam_access_analyzer"></a> [enable\_iam\_access\_analyzer](#input\_enable\_iam\_access\_analyzer) | Enable the IAM Access Analyzer submodule. | `bool` | `true` | no |
 | <a name="input_enable_iam_account_password_policy"></a> [enable\_iam\_account\_password\_policy](#input\_enable\_iam\_account\_password\_policy) | Enable the IAM Account Password Policy submodule. | `bool` | `true` | no |
 | <a name="input_enable_s3_defaults"></a> [enable\_s3\_defaults](#input\_enable\_s3\_defaults) | Enable the S3 submodule. | `bool` | `true` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources. | `map(string)` | `{}` | no |
 
 ## Outputs
 
diff --git a/main.tf b/main.tf
@@ -12,9 +12,18 @@ module "s3" {
 module "cloudwatch" {
   count  = var.enable_cloudwatch_defaults ? 1 : 0
   source = "./modules/cloudwatch"
+
+  tags = var.tags
 }
 
 module "iam_account_password_policy" {
   count  = var.enable_iam_account_password_policy ? 1 : 0
   source = "./modules/iam_password_policy"
 }
+
+module "iam_access_analyzer" {
+  count  = var.enable_iam_access_analyzer ? 1 : 0
+  source = "./modules/iam_access_analyzer"
+
+  tags = var.tags
+}
diff --git a/modules/cloudwatch/README.md b/modules/cloudwatch/README.md
@@ -16,6 +16,7 @@ terraform import 'aws\_cloudwatch\_log\_group.rds\_log\_group' 'RDSOSMetrics'
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_cloudwatch_log_group_rdsosmetrics_retention_in_days"></a> [cloudwatch\_log\_group\_rdsosmetrics\_retention\_in\_days](#input\_cloudwatch\_log\_group\_rdsosmetrics\_retention\_in\_days) | The number of days log events are kept in CloudWatch Logs for the default RDSOSMetrics group. | `number` | `365` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources. | `map(string)` | `{}` | no |
 
 ## Outputs
 
diff --git a/modules/cloudwatch/main.tf b/modules/cloudwatch/main.tf
@@ -14,4 +14,6 @@
 resource "aws_cloudwatch_log_group" "rdsosmetrics" {
   name              = "RDSOSMetrics"
   retention_in_days = var.cloudwatch_log_group_rdsosmetrics_retention_in_days
+
+  tags = var.tags
 }
diff --git a/modules/cloudwatch/variables.tf b/modules/cloudwatch/variables.tf
@@ -1,3 +1,9 @@
+variable "tags" {
+  description = "A map of tags to add to all resources."
+  type        = map(string)
+  default     = {}
+}
+
 variable "cloudwatch_log_group_rdsosmetrics_retention_in_days" {
   description = "The number of days log events are kept in CloudWatch Logs for the default RDSOSMetrics group."
   default     = 365
diff --git a/modules/iam_access_analyzer/.terraform-docs.yml b/modules/iam_access_analyzer/.terraform-docs.yml
@@ -0,0 +1,13 @@
+content: |-
+  {{ .Header }}
+
+  {{ .Inputs }}
+
+  {{ .Outputs }}
+
+  {{ .Providers }}
+
+  ## Resources
+  {{ range .Module.Resources }}
+  - {{ .GetMode }}.{{ .Spec }} ({{ .Position.Filename }}#{{ .Position.Line }})
+  {{- end }}
diff --git a/modules/iam_access_analyzer/README.md b/modules/iam_access_analyzer/README.md
@@ -0,0 +1,27 @@
+<!-- BEGIN_TF_DOCS -->
+# Terraform AWS Account Defaults Access Analyzer
+
+Creates an AWS Access Analyzer for the account or organization.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_access_analyzer_name"></a> [access\_analyzer\_name](#input\_access\_analyzer\_name) | The name of the analyzer. | `string` | `"account-default"` | no |
+| <a name="input_access_analyzer_type"></a> [access\_analyzer\_type](#input\_access\_analyzer\_type) | The type of analyzer, ACCOUNT or ORGANIZATION. | `string` | `"ACCOUNT"` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources. | `map(string)` | `{}` | no |
+
+## Outputs
+
+No outputs.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 4.0 |
+
+## Resources
+
+- resource.aws_accessanalyzer_analyzer.main (modules/iam_access_analyzer/main.tf#6)
+<!-- END_TF_DOCS -->
diff --git a/modules/iam_access_analyzer/main.tf b/modules/iam_access_analyzer/main.tf
@@ -0,0 +1,11 @@
+/**
+* # Terraform AWS Account Defaults Access Analyzer
+*
+* Creates an AWS Access Analyzer for the account or organization.
+*/
+resource "aws_accessanalyzer_analyzer" "main" {
+  analyzer_name = var.access_analyzer_name
+  type          = var.access_analyzer_type
+
+  tags = var.tags
+}
diff --git a/modules/iam_access_analyzer/variables.tf b/modules/iam_access_analyzer/variables.tf
@@ -0,0 +1,17 @@
+variable "tags" {
+  description = "A map of tags to add to all resources."
+  type        = map(string)
+  default     = {}
+}
+
+variable "access_analyzer_name" {
+  description = "The name of the analyzer."
+  default     = "account-default"
+  type        = string
+}
+
+variable "access_analyzer_type" {
+  description = "The type of analyzer, ACCOUNT or ORGANIZATION."
+  default     = "ACCOUNT"
+  type        = string
+}
diff --git a/modules/iam_access_analyzer/versions.tf b/modules/iam_access_analyzer/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.3"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.0"
+    }
+  }
+}
diff --git a/variables.tf b/variables.tf
@@ -1,3 +1,9 @@
+variable "tags" {
+  description = "A map of tags to add to all resources."
+  type        = map(string)
+  default     = {}
+}
+
 ## S3 PUBLIC ACCESS
 variable "enable_s3_defaults" {
   description = "Enable the S3 submodule."
@@ -18,3 +24,10 @@ variable "enable_iam_account_password_policy" {
   default     = true
   type        = bool
 }
+
+## IAM ACCESS ANALYZER
+variable "enable_iam_access_analyzer" {
+  description = "Enable the IAM Access Analyzer submodule."
+  default     = true
+  type        = bool
+}

Original file line number	Diff line number	Diff line change
`@@ -14,4 +14,6 @@`
`14`	`14`	`resource "aws_cloudwatch_log_group" "rdsosmetrics" {`
`15`	`15`	`name = "RDSOSMetrics"`
`16`	`16`	`retention_in_days = var.cloudwatch_log_group_rdsosmetrics_retention_in_days`
	`17`	`+`
	`18`	`+ tags = var.tags`
`17`	`19`	`}`