From 1f88be9af221c6859b1663b58c7894d74f02d84a Mon Sep 17 00:00:00 2001
From: Sean Nixon <smnixon@amazon.com>
Date: Tue, 7 Feb 2023 12:18:59 -0800
Subject: [PATCH 1/6] Create Terraform wrapper module 'cid-dashboards' for
 CloudFormation template

---
 .gitignore                                    |   6 +
 README.md                                     |   7 +-
 .../cid-dashboards/.terraform-docs.yml        |  10 ++
 terraform-modules/cid-dashboards/README.md    | 151 ++++++++++++++++++
 terraform-modules/cid-dashboards/main.tf      |  22 +++
 terraform-modules/cid-dashboards/outputs.tf   |   4 +
 terraform-modules/cid-dashboards/variables.tf |  65 ++++++++
 terraform-modules/cid-dashboards/versions.tf  |   9 ++
 8 files changed, 271 insertions(+), 3 deletions(-)
 create mode 100644 terraform-modules/cid-dashboards/.terraform-docs.yml
 create mode 100644 terraform-modules/cid-dashboards/README.md
 create mode 100644 terraform-modules/cid-dashboards/main.tf
 create mode 100644 terraform-modules/cid-dashboards/outputs.tf
 create mode 100644 terraform-modules/cid-dashboards/variables.tf
 create mode 100644 terraform-modules/cid-dashboards/versions.tf

diff --git a/.gitignore b/.gitignore
index 6b09e324..7537901b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -22,6 +22,12 @@ __pycache__/
 /.pytest_cache
 /.mypy_cache
 
+# Terraform specific
+.terraform/
+*.tfstate
+.terraform.lock.hcl
+*.tfvars
+
 # Environments
 .env
 .venv
diff --git a/README.md b/README.md
index ba000525..0c46d996 100644
--- a/README.md
+++ b/README.md
@@ -3,11 +3,12 @@
 [![PyPI version](https://badge.fury.io/py/cid-cmd.svg)](https://badge.fury.io/py/cid-cmd)
 
 ## Welcome to Cloud Intelligence Dashboards (CUDOS Framework) automation repository
-This repository contains CloudFormation templates and Command Line tool (cid-cmd) for managing various dashboards provided in AWS Well Architected LAB [Cloud Intelligence Dashboards](https://www.wellarchitectedlabs.com/cost/200_labs/200_cloud_intelligence/).
+This repository contains CloudFormation templates, Terraform modules, and a Command Line tool (cid-cmd) for managing various dashboards provided in AWS Well Architected LAB [Cloud Intelligence Dashboards](https://www.wellarchitectedlabs.com/cost/200_labs/200_cloud_intelligence/).
 
 There are several ways we can manage dashboards:
-1. CloudFormation Template (using cid-cmd tool in lambda) 
-2. Using cid-cmd tool from command line
+1. [CloudFormation Template](./cfn-templates/cid-cfn.yml) (using cid-cmd tool in lambda)
+2. [Terraform module](./terraform-modules/cid-dashboards/README.md) (wrapper around CloudFormation Template)
+3. Using cid-cmd tool from command line
 
 We recommend cid-cmd tool via [AWS CloudShell](https://console.aws.amazon.com/cloudshell/home).
 
diff --git a/terraform-modules/cid-dashboards/.terraform-docs.yml b/terraform-modules/cid-dashboards/.terraform-docs.yml
new file mode 100644
index 00000000..c84d1f47
--- /dev/null
+++ b/terraform-modules/cid-dashboards/.terraform-docs.yml
@@ -0,0 +1,10 @@
+output:
+  file: README.md
+  mode: inject
+formatter: "markdown document"
+sections:
+  hide:
+    - providers
+    - modules
+sort:
+  by: required
\ No newline at end of file
diff --git a/terraform-modules/cid-dashboards/README.md b/terraform-modules/cid-dashboards/README.md
new file mode 100644
index 00000000..ec2f1a7c
--- /dev/null
+++ b/terraform-modules/cid-dashboards/README.md
@@ -0,0 +1,151 @@
+# CID Terraform Module: cid-dashboards
+
+Terraform module to deploy CID dashboards. This module is a wrapper around CloudFormation
+to allow you to deploy CID dashboards using your existing Terraform workflows. Under th
+hood, the module will deploy a CloudFormation stack which will provision the necessary
+resources and a custom Lambda function to create the dashboards using `cid-cmd`.
+
+## Before You Start
+
+  - Existing S3 bucket to upload the CloudFormation template
+  - Complete prerequisites in [Before You Start](../../README.md#before-you-start) including CUR and Quicksight setup
+
+## Example Usage
+
+```hcl
+module "cid_dashboards" {
+    source = "github.com/aws-samples/aws-cudos-framework-deployment//terraform-modules/cid-dashboards"
+
+    stack_name       = "CIDDashboards"
+    template_bucket  = "UPDATEME"
+    stack_parameters = {
+      "PrerequisitesQuickSight"            = "yes"
+      "PrerequisitesQuickSightPermissions" = "yes"
+      "QuickSightUser"                     = "UPDATEME"
+      "DeployCUDOSDashboard"               = "yes"
+      "DeployCostIntelligenceDashboard"    = "yes"
+      "DeployKPIDashboard"                 = "yes"
+    }
+}
+```
+
+## Troubleshooting
+
+Because this module is primarily a wrapper for CloudFormation, Terraform output may not be sufficient
+for debugging if deployment fails. For additional troubleshooting information, refer to the CloudFormation
+console for details on stack operation, resources, and error output. Additionally, you can refer to logs
+for the custom resource Lambda function "CidCustomDashboardResource"if dashboards fail to deploy.
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+The following requirements are needed by this module:
+
+- <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) (>= 1.0)
+
+- <a name="requirement_aws"></a> [aws](#requirement\_aws) (>= 3.0)
+
+## Resources
+
+The following resources are used by this module:
+
+- [aws_cloudformation_stack.cid](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack) (resource)
+- [aws_s3_object.template](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_object) (resource)
+- [aws_s3_bucket.template_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/s3_bucket) (data source)
+
+## Required Inputs
+
+The following input variables are required:
+
+### <a name="input_stack_name"></a> [stack\_name](#input\_stack\_name)
+
+Description: CloudFormation stack name for CID deployment
+
+Type: `string`
+
+### <a name="input_stack_parameters"></a> [stack\_parameters](#input\_stack\_parameters)
+
+Description: CloudFormation stack parameters. For the full list of available parameters, refer to  
+https://github.com/aws-samples/aws-cudos-framework-deployment/blob/main/cfn-templates/cid-cfn.yml.  
+For most setups, you will want to set the following parameters:
+  - PrerequisitesQuickSight: yes/no
+  - PrerequisitesQuickSightPermissions: yes/no
+  - QuickSightUser: Existing quicksight user
+  - QuickSightDataSetRefreshSchedule: Cron expression to refresh spice datasets daily outside of business hours. Default is 4 AM UTC, which should work for most customers in US and EU time zones
+  - CURBucketPath: Leave as default is if CUR was created with CloudFormation (cur-aggregation.yaml). If it was a manually created CUR, the path entered below must be for the directory that contains the years partition (s3://curbucketname/prefix/curname/curname/).
+  - OptimizationDataCollectionBucketPath: The S3 path to the bucket created by the Cost Optimization Data Collection Lab. The path will need point to a folder containing /optics-data-collector folder. Required for TAO and Compute Optimizer dashboards.
+  - DataBuketsKmsKeyArns: Comma-delimited list of KMS key ARNs ("*" is also valid)
+  - DeployCUDOSDashboard: (yes/no, default no)
+  - DeployCostIntelligenceDashboard: (yes/no, default no)
+  - DeployKPIDashboard: (yes/no, default no)
+  - DeployTAODashboard: (yes/no, default no)
+  - DeployComputeOptimizerDashboard: (yes/no, default no)
+
+Type: `map(string)`
+
+### <a name="input_template_bucket"></a> [template\_bucket](#input\_template\_bucket)
+
+Description: S3 bucket where the Cloudformation template will be uploaded. Must already exist and be in the same region as the stack.
+
+Type: `string`
+
+## Optional Inputs
+
+The following input variables are optional (have default values):
+
+### <a name="input_stack_iam_role"></a> [stack\_iam\_role](#input\_stack\_iam\_role)
+
+Description: The ARN of an IAM role that AWS CloudFormation assumes to create the stack (default behavior is to use the previous role if available, or current user permissions otherwise).
+
+Type: `string`
+
+Default: `null`
+
+### <a name="input_stack_notification_arns"></a> [stack\_notification\_arns](#input\_stack\_notification\_arns)
+
+Description: A list of SNS topic ARNs to publish stack related events.
+
+Type: `list(string)`
+
+Default: `[]`
+
+### <a name="input_stack_policy_body"></a> [stack\_policy\_body](#input\_stack\_policy\_body)
+
+Description: String containing the stack policy body. Conflicts with stack\_policy\_url.
+
+Type: `string`
+
+Default: `null`
+
+### <a name="input_stack_policy_url"></a> [stack\_policy\_url](#input\_stack\_policy\_url)
+
+Description: Location of a file containing the stack policy body. Conflicts with stack\_policy\_body.
+
+Type: `string`
+
+Default: `null`
+
+### <a name="input_stack_tags"></a> [stack\_tags](#input\_stack\_tags)
+
+Description: Tag key-value pairs to apply to the stack
+
+Type: `map(string)`
+
+Default: `null`
+
+### <a name="input_template_key"></a> [template\_key](#input\_template\_key)
+
+Description: Name of the S3 path/key where the Cloudformation template will be created. Defaults to cid-cfn.yml
+
+Type: `string`
+
+Default: `"cid-cfn.yml"`
+
+## Outputs
+
+The following outputs are exported:
+
+### <a name="output_stack_outputs"></a> [stack\_outputs](#output\_stack\_outputs)
+
+Description: CloudFormation stack outputs (map of strings)
+<!-- END_TF_DOCS -->
\ No newline at end of file
diff --git a/terraform-modules/cid-dashboards/main.tf b/terraform-modules/cid-dashboards/main.tf
new file mode 100644
index 00000000..198085e6
--- /dev/null
+++ b/terraform-modules/cid-dashboards/main.tf
@@ -0,0 +1,22 @@
+data "aws_s3_bucket" "template_bucket" {
+  bucket = var.template_bucket
+}
+
+resource "aws_s3_object" "template" {
+  bucket = data.aws_s3_bucket.template_bucket.bucket
+  key    = var.template_key
+  source = "${path.module}/../../cfn-templates/cid-cfn.yml"
+  etag   = filemd5("${path.module}/../../cfn-templates/cid-cfn.yml")
+}
+
+resource "aws_cloudformation_stack" "cid" {
+  name              = var.stack_name
+  template_url      = "https://${data.aws_s3_bucket.template_bucket.bucket_regional_domain_name}/${aws_s3_object.template.key}?etag=${aws_s3_object.template.etag}"
+  capabilities      = ["CAPABILITY_NAMED_IAM"]
+  parameters        = var.stack_parameters
+  iam_role_arn      = var.stack_iam_role
+  policy_body       = var.stack_policy_body
+  policy_url        = var.stack_policy_url
+  notification_arns = var.stack_notification_arns
+  tags              = var.stack_tags
+}
\ No newline at end of file
diff --git a/terraform-modules/cid-dashboards/outputs.tf b/terraform-modules/cid-dashboards/outputs.tf
new file mode 100644
index 00000000..2b127963
--- /dev/null
+++ b/terraform-modules/cid-dashboards/outputs.tf
@@ -0,0 +1,4 @@
+output "stack_outputs" {
+  description = "CloudFormation stack outputs (map of strings)"
+  value       = aws_cloudformation_stack.cid.outputs
+}
\ No newline at end of file
diff --git a/terraform-modules/cid-dashboards/variables.tf b/terraform-modules/cid-dashboards/variables.tf
new file mode 100644
index 00000000..25f9e8e8
--- /dev/null
+++ b/terraform-modules/cid-dashboards/variables.tf
@@ -0,0 +1,65 @@
+variable "stack_name" {
+  type        = string
+  description = "CloudFormation stack name for CID deployment"
+}
+
+variable "template_bucket" {
+  type        = string
+  description = "S3 bucket where the Cloudformation template will be uploaded. Must already exist and be in the same region as the stack."
+}
+
+variable "template_key" {
+  type        = string
+  description = "Name of the S3 path/key where the Cloudformation template will be created. Defaults to cid-cfn.yml"
+  default     = "cid-cfn.yml"
+}
+variable "stack_parameters" {
+  type        = map(string)
+  description = <<-EOF
+    CloudFormation stack parameters. For the full list of available parameters, refer to
+    https://github.com/aws-samples/aws-cudos-framework-deployment/blob/main/cfn-templates/cid-cfn.yml.
+    For most setups, you will want to set the following parameters:
+      - PrerequisitesQuickSight: yes/no
+      - PrerequisitesQuickSightPermissions: yes/no
+      - QuickSightUser: Existing quicksight user
+      - QuickSightDataSetRefreshSchedule: Cron expression to refresh spice datasets daily outside of business hours. Default is 4 AM UTC, which should work for most customers in US and EU time zones
+      - CURBucketPath: Leave as default is if CUR was created with CloudFormation (cur-aggregation.yaml). If it was a manually created CUR, the path entered below must be for the directory that contains the years partition (s3://curbucketname/prefix/curname/curname/).
+      - OptimizationDataCollectionBucketPath: The S3 path to the bucket created by the Cost Optimization Data Collection Lab. The path will need point to a folder containing /optics-data-collector folder. Required for TAO and Compute Optimizer dashboards.
+      - DataBuketsKmsKeyArns: Comma-delimited list of KMS key ARNs ("*" is also valid)
+      - DeployCUDOSDashboard: (yes/no, default no)
+      - DeployCostIntelligenceDashboard: (yes/no, default no)
+      - DeployKPIDashboard: (yes/no, default no)
+      - DeployTAODashboard: (yes/no, default no)
+      - DeployComputeOptimizerDashboard: (yes/no, default no)
+  EOF
+}
+
+variable "stack_tags" {
+  type        = map(string)
+  description = "Tag key-value pairs to apply to the stack"
+  default     = null
+}
+
+variable "stack_policy_body" {
+  type        = string
+  description = "String containing the stack policy body. Conflicts with stack_policy_url."
+  default     = null
+}
+
+variable "stack_policy_url" {
+  type        = string
+  description = "Location of a file containing the stack policy body. Conflicts with stack_policy_body."
+  default     = null
+}
+
+variable "stack_notification_arns" {
+  type        = list(string)
+  description = "A list of SNS topic ARNs to publish stack related events."
+  default     = []
+}
+
+variable "stack_iam_role" {
+  type        = string
+  description = "The ARN of an IAM role that AWS CloudFormation assumes to create the stack (default behavior is to use the previous role if available, or current user permissions otherwise)."
+  default     = null
+}
\ No newline at end of file
diff --git a/terraform-modules/cid-dashboards/versions.tf b/terraform-modules/cid-dashboards/versions.tf
new file mode 100644
index 00000000..0bedb0e4
--- /dev/null
+++ b/terraform-modules/cid-dashboards/versions.tf
@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 1.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 3.0"
+    }
+  }
+}
\ No newline at end of file

From f5a2cee8b8527dc842fffae393012b16187b1215 Mon Sep 17 00:00:00 2001
From: Sean Nixon <smnixon@amazon.com>
Date: Tue, 7 Feb 2023 12:25:48 -0800
Subject: [PATCH 2/6] Fix typo and adjust terraform-docs config to remove
 anchors

---
 .../cid-dashboards/.terraform-docs.yml        |  4 ++-
 terraform-modules/cid-dashboards/README.md    | 26 +++++++++----------
 2 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/terraform-modules/cid-dashboards/.terraform-docs.yml b/terraform-modules/cid-dashboards/.terraform-docs.yml
index c84d1f47..79772427 100644
--- a/terraform-modules/cid-dashboards/.terraform-docs.yml
+++ b/terraform-modules/cid-dashboards/.terraform-docs.yml
@@ -7,4 +7,6 @@ sections:
     - providers
     - modules
 sort:
-  by: required
\ No newline at end of file
+  by: required
+settings:
+  anchor: false
\ No newline at end of file
diff --git a/terraform-modules/cid-dashboards/README.md b/terraform-modules/cid-dashboards/README.md
index ec2f1a7c..9b49a0cd 100644
--- a/terraform-modules/cid-dashboards/README.md
+++ b/terraform-modules/cid-dashboards/README.md
@@ -1,7 +1,7 @@
 # CID Terraform Module: cid-dashboards
 
 Terraform module to deploy CID dashboards. This module is a wrapper around CloudFormation
-to allow you to deploy CID dashboards using your existing Terraform workflows. Under th
+to allow you to deploy CID dashboards using your existing Terraform workflows. Under the
 hood, the module will deploy a CloudFormation stack which will provision the necessary
 resources and a custom Lambda function to create the dashboards using `cid-cmd`.
 
@@ -41,9 +41,9 @@ for the custom resource Lambda function "CidCustomDashboardResource"if dashboard
 
 The following requirements are needed by this module:
 
-- <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) (>= 1.0)
+- terraform (>= 1.0)
 
-- <a name="requirement_aws"></a> [aws](#requirement\_aws) (>= 3.0)
+- aws (>= 3.0)
 
 ## Resources
 
@@ -57,13 +57,13 @@ The following resources are used by this module:
 
 The following input variables are required:
 
-### <a name="input_stack_name"></a> [stack\_name](#input\_stack\_name)
+### stack\_name
 
 Description: CloudFormation stack name for CID deployment
 
 Type: `string`
 
-### <a name="input_stack_parameters"></a> [stack\_parameters](#input\_stack\_parameters)
+### stack\_parameters
 
 Description: CloudFormation stack parameters. For the full list of available parameters, refer to  
 https://github.com/aws-samples/aws-cudos-framework-deployment/blob/main/cfn-templates/cid-cfn.yml.  
@@ -83,7 +83,7 @@ For most setups, you will want to set the following parameters:
 
 Type: `map(string)`
 
-### <a name="input_template_bucket"></a> [template\_bucket](#input\_template\_bucket)
+### template\_bucket
 
 Description: S3 bucket where the Cloudformation template will be uploaded. Must already exist and be in the same region as the stack.
 
@@ -93,7 +93,7 @@ Type: `string`
 
 The following input variables are optional (have default values):
 
-### <a name="input_stack_iam_role"></a> [stack\_iam\_role](#input\_stack\_iam\_role)
+### stack\_iam\_role
 
 Description: The ARN of an IAM role that AWS CloudFormation assumes to create the stack (default behavior is to use the previous role if available, or current user permissions otherwise).
 
@@ -101,7 +101,7 @@ Type: `string`
 
 Default: `null`
 
-### <a name="input_stack_notification_arns"></a> [stack\_notification\_arns](#input\_stack\_notification\_arns)
+### stack\_notification\_arns
 
 Description: A list of SNS topic ARNs to publish stack related events.
 
@@ -109,7 +109,7 @@ Type: `list(string)`
 
 Default: `[]`
 
-### <a name="input_stack_policy_body"></a> [stack\_policy\_body](#input\_stack\_policy\_body)
+### stack\_policy\_body
 
 Description: String containing the stack policy body. Conflicts with stack\_policy\_url.
 
@@ -117,7 +117,7 @@ Type: `string`
 
 Default: `null`
 
-### <a name="input_stack_policy_url"></a> [stack\_policy\_url](#input\_stack\_policy\_url)
+### stack\_policy\_url
 
 Description: Location of a file containing the stack policy body. Conflicts with stack\_policy\_body.
 
@@ -125,7 +125,7 @@ Type: `string`
 
 Default: `null`
 
-### <a name="input_stack_tags"></a> [stack\_tags](#input\_stack\_tags)
+### stack\_tags
 
 Description: Tag key-value pairs to apply to the stack
 
@@ -133,7 +133,7 @@ Type: `map(string)`
 
 Default: `null`
 
-### <a name="input_template_key"></a> [template\_key](#input\_template\_key)
+### template\_key
 
 Description: Name of the S3 path/key where the Cloudformation template will be created. Defaults to cid-cfn.yml
 
@@ -145,7 +145,7 @@ Default: `"cid-cfn.yml"`
 
 The following outputs are exported:
 
-### <a name="output_stack_outputs"></a> [stack\_outputs](#output\_stack\_outputs)
+### stack\_outputs
 
 Description: CloudFormation stack outputs (map of strings)
 <!-- END_TF_DOCS -->
\ No newline at end of file

From 7df192152b8a0d52eb529ed3d83c228c39eaa092 Mon Sep 17 00:00:00 2001
From: Sean Nixon <smnixon@amazon.com>
Date: Mon, 20 Feb 2023 13:28:19 -0800
Subject: [PATCH 3/6] Cleanup documentation

---
 terraform-modules/cid-dashboards/README.md    |  2 +-
 terraform-modules/cid-dashboards/main.tf      | 13 +------------
 terraform-modules/cid-dashboards/variables.tf |  5 +++--
 3 files changed, 5 insertions(+), 15 deletions(-)

diff --git a/terraform-modules/cid-dashboards/README.md b/terraform-modules/cid-dashboards/README.md
index 9b49a0cd..f492e9d5 100644
--- a/terraform-modules/cid-dashboards/README.md
+++ b/terraform-modules/cid-dashboards/README.md
@@ -16,7 +16,7 @@ resources and a custom Lambda function to create the dashboards using `cid-cmd`.
 module "cid_dashboards" {
     source = "github.com/aws-samples/aws-cudos-framework-deployment//terraform-modules/cid-dashboards"
 
-    stack_name       = "CIDDashboards"
+    stack_name       = "Cloud-Intelligence-Dashboards"
     template_bucket  = "UPDATEME"
     stack_parameters = {
       "PrerequisitesQuickSight"            = "yes"
diff --git a/terraform-modules/cid-dashboards/main.tf b/terraform-modules/cid-dashboards/main.tf
index 198085e6..64e50ae4 100644
--- a/terraform-modules/cid-dashboards/main.tf
+++ b/terraform-modules/cid-dashboards/main.tf
@@ -1,14 +1,3 @@
-data "aws_s3_bucket" "template_bucket" {
-  bucket = var.template_bucket
-}
-
-resource "aws_s3_object" "template" {
-  bucket = data.aws_s3_bucket.template_bucket.bucket
-  key    = var.template_key
-  source = "${path.module}/../../cfn-templates/cid-cfn.yml"
-  etag   = filemd5("${path.module}/../../cfn-templates/cid-cfn.yml")
-}
-
 resource "aws_cloudformation_stack" "cid" {
   name              = var.stack_name
   template_url      = "https://${data.aws_s3_bucket.template_bucket.bucket_regional_domain_name}/${aws_s3_object.template.key}?etag=${aws_s3_object.template.etag}"
@@ -19,4 +8,4 @@ resource "aws_cloudformation_stack" "cid" {
   policy_url        = var.stack_policy_url
   notification_arns = var.stack_notification_arns
   tags              = var.stack_tags
-}
\ No newline at end of file
+}
diff --git a/terraform-modules/cid-dashboards/variables.tf b/terraform-modules/cid-dashboards/variables.tf
index 25f9e8e8..9442c1e8 100644
--- a/terraform-modules/cid-dashboards/variables.tf
+++ b/terraform-modules/cid-dashboards/variables.tf
@@ -1,6 +1,6 @@
 variable "stack_name" {
   type        = string
-  description = "CloudFormation stack name for CID deployment"
+  description = "CloudFormation stack name for Cloud Intelligence Dashboards deployment"
 }
 
 variable "template_bucket" {
@@ -13,6 +13,7 @@ variable "template_key" {
   description = "Name of the S3 path/key where the Cloudformation template will be created. Defaults to cid-cfn.yml"
   default     = "cid-cfn.yml"
 }
+
 variable "stack_parameters" {
   type        = map(string)
   description = <<-EOF
@@ -25,7 +26,7 @@ variable "stack_parameters" {
       - QuickSightDataSetRefreshSchedule: Cron expression to refresh spice datasets daily outside of business hours. Default is 4 AM UTC, which should work for most customers in US and EU time zones
       - CURBucketPath: Leave as default is if CUR was created with CloudFormation (cur-aggregation.yaml). If it was a manually created CUR, the path entered below must be for the directory that contains the years partition (s3://curbucketname/prefix/curname/curname/).
       - OptimizationDataCollectionBucketPath: The S3 path to the bucket created by the Cost Optimization Data Collection Lab. The path will need point to a folder containing /optics-data-collector folder. Required for TAO and Compute Optimizer dashboards.
-      - DataBuketsKmsKeyArns: Comma-delimited list of KMS key ARNs ("*" is also valid)
+      - DataBuketsKmsKeyArns: Comma-delimited list of KMS key ARNs ("*" is also valid). Include any KMS keys used to encrypt your CUR or Cost Optimization Data S3 data
       - DeployCUDOSDashboard: (yes/no, default no)
       - DeployCostIntelligenceDashboard: (yes/no, default no)
       - DeployKPIDashboard: (yes/no, default no)

From e72c63a1a97e2c217560677aa52e317e2c3ec772 Mon Sep 17 00:00:00 2001
From: Sean Nixon <smnixon@amazon.com>
Date: Mon, 20 Feb 2023 13:44:45 -0800
Subject: [PATCH 4/6] Add documentation on Terraform version locking

---
 terraform-modules/cid-dashboards/README.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/terraform-modules/cid-dashboards/README.md b/terraform-modules/cid-dashboards/README.md
index f492e9d5..6d0da72a 100644
--- a/terraform-modules/cid-dashboards/README.md
+++ b/terraform-modules/cid-dashboards/README.md
@@ -29,6 +29,19 @@ module "cid_dashboards" {
 }
 ```
 
+## Version Locking
+
+For production deployments, you should lock the version of this module to a release tag to better
+control when and what updates are made. To specify the release tag to use, append `?ref=VERSION`
+to the module source. For example, the following source reference will use the Terraform module
+and Cloudformation template from version 0.2.13 of this module:
+
+```
+source = "github.com/aws-samples/aws-cudos-framework-deployment//terraform-modules/cid-dashboards?ref=0.2.13"
+```
+
+For a complete list of release tags, visit https://github.com/aws-samples/aws-cudos-framework-deployment/tags.
+
 ## Troubleshooting
 
 Because this module is primarily a wrapper for CloudFormation, Terraform output may not be sufficient

From 9f20767e80829582509df9f833dd3e6297d6d036 Mon Sep 17 00:00:00 2001
From: Sean Nixon <smnixon@amazon.com>
Date: Mon, 27 Feb 2023 16:20:37 -0800
Subject: [PATCH 5/6] Fix unrecognized S3 resources in template_url

---
 terraform-modules/cid-dashboards/README.md |  4 ++--
 terraform-modules/cid-dashboards/main.tf   | 11 +++++++++++
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/terraform-modules/cid-dashboards/README.md b/terraform-modules/cid-dashboards/README.md
index 6d0da72a..2159726d 100644
--- a/terraform-modules/cid-dashboards/README.md
+++ b/terraform-modules/cid-dashboards/README.md
@@ -72,7 +72,7 @@ The following input variables are required:
 
 ### stack\_name
 
-Description: CloudFormation stack name for CID deployment
+Description: CloudFormation stack name for Cloud Intelligence Dashboards deployment
 
 Type: `string`
 
@@ -87,7 +87,7 @@ For most setups, you will want to set the following parameters:
   - QuickSightDataSetRefreshSchedule: Cron expression to refresh spice datasets daily outside of business hours. Default is 4 AM UTC, which should work for most customers in US and EU time zones
   - CURBucketPath: Leave as default is if CUR was created with CloudFormation (cur-aggregation.yaml). If it was a manually created CUR, the path entered below must be for the directory that contains the years partition (s3://curbucketname/prefix/curname/curname/).
   - OptimizationDataCollectionBucketPath: The S3 path to the bucket created by the Cost Optimization Data Collection Lab. The path will need point to a folder containing /optics-data-collector folder. Required for TAO and Compute Optimizer dashboards.
-  - DataBuketsKmsKeyArns: Comma-delimited list of KMS key ARNs ("*" is also valid)
+  - DataBuketsKmsKeyArns: Comma-delimited list of KMS key ARNs ("*" is also valid). Include any KMS keys used to encrypt your CUR or Cost Optimization Data S3 data
   - DeployCUDOSDashboard: (yes/no, default no)
   - DeployCostIntelligenceDashboard: (yes/no, default no)
   - DeployKPIDashboard: (yes/no, default no)
diff --git a/terraform-modules/cid-dashboards/main.tf b/terraform-modules/cid-dashboards/main.tf
index 64e50ae4..0cbceac4 100644
--- a/terraform-modules/cid-dashboards/main.tf
+++ b/terraform-modules/cid-dashboards/main.tf
@@ -1,3 +1,14 @@
+data "aws_s3_bucket" "template_bucket" {
+  bucket = var.template_bucket
+}
+
+resource "aws_s3_object" "template" {
+  bucket = data.aws_s3_bucket.template_bucket.bucket
+  key    = var.template_key
+  source = "${path.module}/../../cfn-templates/cid-cfn.yml"
+  etag   = filemd5("${path.module}/../../cfn-templates/cid-cfn.yml")
+}
+
 resource "aws_cloudformation_stack" "cid" {
   name              = var.stack_name
   template_url      = "https://${data.aws_s3_bucket.template_bucket.bucket_regional_domain_name}/${aws_s3_object.template.key}?etag=${aws_s3_object.template.etag}"

From 76dbff3e555accf0078a9f060b85f501b017a16d Mon Sep 17 00:00:00 2001
From: Iakov Gan <iakov@amazon.fr>
Date: Sat, 4 Mar 2023 23:49:01 +0100
Subject: [PATCH 6/6] add terraform bats test

---
 terraform-modules/terraform-test.bats | 102 ++++++++++++++++++++++++++
 1 file changed, 102 insertions(+)
 create mode 100644 terraform-modules/terraform-test.bats

diff --git a/terraform-modules/terraform-test.bats b/terraform-modules/terraform-test.bats
new file mode 100644
index 00000000..61ac24f5
--- /dev/null
+++ b/terraform-modules/terraform-test.bats
@@ -0,0 +1,102 @@
+#!/bin/bats
+
+# This is a Bats test file. See https://bats-core.readthedocs.io
+
+# Run:
+#   bats $thisfile
+
+# Debug:
+#   bats $thisfile --show-output-of-passing-tests
+
+@test "setup environment" {
+
+  #Vars
+  export account_id=$(aws sts get-caller-identity --query Account --output text)
+  export qs_username=$(aws quicksight list-users --aws-account-id $account_id --namespace default --query 'UserList[0].UserName' --output text)
+  export template_bucket=test-cid-tf-template-$account_id
+  export cur_bucket=test-cid-tf-cur-$account_id
+
+  # Create a tmp bucket to store CFN template
+  if aws s3api head-bucket --bucket "$template_bucket" 2>/dev/null; then
+    echo 'Template Bucket exist'
+  else
+    echo 'Creating bucket for template'
+    aws s3api create-bucket --bucket $template_bucket
+  fi
+
+  # Create a tmp bucket to store CFN template
+  if aws s3api head-bucket --bucket "$cur_bucket" 2>/dev/null; then
+    echo 'CUR Bucket exist'
+  else
+    aws s3api create-bucket --bucket $cur_bucket
+  fi
+
+}
+
+
+@test "generate terraform manifest" {
+
+  export git_base_url=$(git config --get remote.origin.url | cut -d '@' -f2 | sed s/.git// | sed s@https://@@ | tr : /)
+  export git_branch=$(git branch --show-current)
+
+  # Create a tf file
+  cat >main.tf <<EOL
+  module "cid_dashboards" {
+      source = "$git_base_url//terraform-modules/cid-dashboards?ref=$git_branch"
+      stack_name       = "CIDDashboards"
+      template_bucket  = "$template_bucket"
+      stack_parameters = {
+        "PrerequisitesQuickSight"            = "yes"
+        "PrerequisitesQuickSightPermissions" = "yes"
+        "QuickSightUser"                     = "$qs_username"
+        "DeployCUDOSDashboard"               = "yes"
+        "DeployCostIntelligenceDashboard"    = "no"
+        "DeployKPIDashboard"                 = "no"
+        "CURBucketPath"                      = "s3://$cur_bucket/cur"
+        "Suffix"                             = "test-tf-"
+      }
+  }
+EOL
+
+}
+
+@test "terraform init" {
+  terraform init
+}
+
+@test "terraform plan" {
+  terraform plan
+}
+
+@test "terraform apply (takes 5 mins)" {
+  terraform apply -auto-approve
+  terraform state list
+}
+
+@test "cloud formation stack is created" {
+  skip 'todo'
+}
+
+@test "terraform destroy " {
+  terraform destroy -auto-approve
+}
+
+@test "cloud formation stack is deleted" {
+  skip 'todo'
+}
+
+teardown_file() {
+  #Additional teardown steps in case of failure
+  export region=$(aws configure get region)
+  aws s3 rm s3://aws-athena-query-results-cid-$account_id-$region --recursive || echo "no bucket"
+  aws s3api delete-bucket --bucket aws-athena-query-results-cid-$account_id-$region || echo "no bucket"
+  aws athena delete-work-group --work-group CID --recursive-delete-option
+
+  # Normal cleanup
+  aws s3 rm s3://$template_bucket/ --recursive
+  aws s3api delete-bucket --bucket $template_bucket
+
+  aws s3 rm s3://$cur_bucket/ --recursive
+  aws s3api delete-bucket --bucket $cur_bucket
+
+}
\ No newline at end of file