From e7e9442f00acc2fff7a93b510af584b7f68a5460 Mon Sep 17 00:00:00 2001 From: "docs-sourcer[bot]" <99042413+docs-sourcer[bot]@users.noreply.github.com> Date: Tue, 27 Jun 2023 21:15:54 +0000 Subject: [PATCH] Updated with the [latest changes](https://github.com/gruntwork-io/terraform-aws-security/pull/780) from the `terraform-aws-security@pete/778/bucket-ownership` source branch. --- .../aurora/aurora.md | 22 +-- .../backup-plan/backup-plan.md | 20 +-- .../backup-vault/backup-vault.md | 16 +- .../terraform-aws-data-storage/efs/efs.md | 20 +-- .../lambda-cleanup-snapshots.md | 18 +- .../lambda-copy-shared-snapshot.md | 18 +- .../lambda-create-snapshot.md | 28 +-- .../lambda-share-snapshot.md | 20 +-- .../rds-proxy/rds-proxy.md | 18 +- .../rds-replicas/rds-replicas.md | 160 +++++++++++++++++- .../terraform-aws-data-storage/rds/rds.md | 18 +- .../redshift/redshift.md | 16 +- .../ecs-cluster/ecs-cluster.md | 45 +++-- .../ecs-daemon-service/ecs-daemon-service.md | 18 +- .../ecs-deploy-check-binaries.md | 12 +- .../ecs-deploy/ecs-deploy.md | 14 +- .../ecs-fargate/ecs-fargate.md | 12 +- .../ecs-scripts/ecs-scripts.md | 14 +- .../ecs-service-with-alb.md | 12 +- .../ecs-service-with-discovery.md | 12 +- .../ecs-service/ecs-service.md | 68 ++++---- .../ecs-task-scheduler/ecs-task-scheduler.md | 20 +-- .../auto-update/auto-update.md | 28 +-- .../aws-auth/aws-auth.md | 12 +- .../aws-config-bucket/aws-config-bucket.md | 14 +- .../aws-config-multi-region.md | 26 +-- .../aws-config-rules/aws-config-rules.md | 36 ++-- .../aws-config/aws-config.md | 28 +-- .../aws-organizations/aws-organizations.md | 30 ++-- .../cloudtrail-bucket/cloudtrail-bucket.md | 16 +- .../cloudtrail/cloudtrail.md | 38 ++--- .../cross-account-iam-roles.md | 18 +- .../custom-iam-entity/custom-iam-entity.md | 18 +- .../ebs-encryption-multi-region.md | 22 +-- .../ebs-encryption/ebs-encryption.md | 12 +- .../fail2ban/fail2ban.md | 10 +- .../github-actions-iam-role.md | 10 +- .../guardduty-multi-region.md | 26 +-- .../guardduty/guardduty.md | 36 ++-- .../iam-access-analyzer-multi-region.md | 28 +-- .../iam-groups/iam-groups.md | 16 +- .../iam-policies/iam-policies.md | 14 +- .../iam-user-password-policy.md | 10 +- .../iam-users/iam-users.md | 10 +- .../ip-lockdown/ip-lockdown.md | 12 +- .../kms-cmk-replica/kms-cmk-replica.md | 12 +- .../kms-grant-multi-region.md | 28 +-- .../kms-master-key-multi-region.md | 34 ++-- .../kms-master-key/kms-master-key.md | 10 +- .../modules/terraform-aws-security/ntp/ntp.md | 10 +- .../os-hardening/os-hardening.md | 28 +-- .../private-s3-bucket/private-s3-bucket.md | 10 +- .../saml-iam-roles/saml-iam-roles.md | 12 +- .../secrets-manager-resource-policies.md | 10 +- .../ssh-grunt-selinux-policy.md | 12 +- .../ssh-grunt/ssh-grunt.md | 30 ++-- .../terraform-aws-security/ssh-iam/ssh-iam.md | 14 +- .../ssm-healthchecks-iam-permissions.md | 10 +- .../tls-cert-private/tls-cert-private.md | 12 +- 59 files changed, 732 insertions(+), 571 deletions(-) diff --git a/docs/reference/modules/terraform-aws-data-storage/aurora/aurora.md b/docs/reference/modules/terraform-aws-data-storage/aurora/aurora.md index fe5b1b3dfd..2a8c7a97a4 100644 --- a/docs/reference/modules/terraform-aws-data-storage/aurora/aurora.md +++ b/docs/reference/modules/terraform-aws-data-storage/aurora/aurora.md @@ -9,13 +9,13 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx'; import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx'; import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; - + # Aurora Module -View Source +View Source -Release Notes +Release Notes This module creates an Amazon Aurora, a MySQL and PostgreSQL compatible relational database built for the cloud. @@ -59,7 +59,7 @@ Cluster](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Aurora.Managing.h ## How do you configure this module? This module allows you to configure a number of parameters, such as backup windows, maintenance window, port number, -and encryption. For a list of all available variables and their descriptions, see [variables.tf](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.0/modules/aurora/variables.tf). +and encryption. For a list of all available variables and their descriptions, see [variables.tf](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.1/modules/aurora/variables.tf). ## How do you create a cross-region read replica cluster? @@ -77,7 +77,7 @@ module "replica" { } ``` -See the example [here](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.0/examples/aurora-with-cross-region-replica) for more details. +See the example [here](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.1/examples/aurora-with-cross-region-replica) for more details. ## How do you destroy a cross-region read replica? @@ -137,7 +137,7 @@ see [Limitations of Aurora Serverless](https://docs.aws.amazon.com/AmazonRDS/lat module "aurora" { - source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/aurora?ref=v0.28.0" + source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/aurora?ref=v0.28.1" # ---------------------------------------------------------------------------------------------------- # REQUIRED VARIABLES @@ -477,7 +477,7 @@ module "aurora" { # ------------------------------------------------------------------------------------------------------ terraform { - source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/aurora?ref=v0.28.0" + source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/aurora?ref=v0.28.1" } inputs = { @@ -1475,11 +1475,11 @@ Timeout for DB updating diff --git a/docs/reference/modules/terraform-aws-data-storage/backup-plan/backup-plan.md b/docs/reference/modules/terraform-aws-data-storage/backup-plan/backup-plan.md index bd55f0b38e..48c05555bb 100644 --- a/docs/reference/modules/terraform-aws-data-storage/backup-plan/backup-plan.md +++ b/docs/reference/modules/terraform-aws-data-storage/backup-plan/backup-plan.md @@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx'; import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx'; import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; - + # Backup Plan Module -View Source +View Source Release Notes @@ -22,7 +22,7 @@ This Terraform Module creates the following AWS Backup resources: 1. Backup plans - specifying **how and when** to back things up 2. Resource selections - specifying **which resources** to back up -You associate your plans with a [Backup vault](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.0/modules/backup-vault). +You associate your plans with a [Backup vault](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.1/modules/backup-vault). ## What is a Backup Plan? @@ -91,7 +91,7 @@ module "backup_plan" { ## How do you troubleshoot Backup jobs? -See [Troubleshooting AWS Backup](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.0/core-concepts.md#troubleshooting-aws-backup) in the core-concepts guide. +See [Troubleshooting AWS Backup](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.1/core-concepts.md#troubleshooting-aws-backup) in the core-concepts guide. ## Sample Usage @@ -106,7 +106,7 @@ See [Troubleshooting AWS Backup](https://github.com/gruntwork-io/terraform-aws-d module "backup_plan" { - source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/backup-plan?ref=v0.28.0" + source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/backup-plan?ref=v0.28.1" # ---------------------------------------------------------------------------------------------------- # REQUIRED VARIABLES @@ -137,7 +137,7 @@ module "backup_plan" { # ------------------------------------------------------------------------------------------------------ terraform { - source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/backup-plan?ref=v0.28.0" + source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/backup-plan?ref=v0.28.1" } inputs = { @@ -245,11 +245,11 @@ The ARN of the IAM service role used by Backup plans diff --git a/docs/reference/modules/terraform-aws-data-storage/backup-vault/backup-vault.md b/docs/reference/modules/terraform-aws-data-storage/backup-vault/backup-vault.md index ef48b8cae5..009954a470 100644 --- a/docs/reference/modules/terraform-aws-data-storage/backup-vault/backup-vault.md +++ b/docs/reference/modules/terraform-aws-data-storage/backup-vault/backup-vault.md @@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx'; import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx'; import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; - + # Backup Vault Module -View Source +View Source Release Notes @@ -96,7 +96,7 @@ then you will end up with many potentially large recovery points that you cannot module "backup_vault" { - source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/backup-vault?ref=v0.28.0" + source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/backup-vault?ref=v0.28.1" # ---------------------------------------------------------------------------------------------------- # REQUIRED VARIABLES @@ -136,7 +136,7 @@ module "backup_vault" { # ------------------------------------------------------------------------------------------------------ terraform { - source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/backup-vault?ref=v0.28.0" + source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/backup-vault?ref=v0.28.1" } inputs = { @@ -287,11 +287,11 @@ A map of tags assigned to the vault resources, including those inherited from th diff --git a/docs/reference/modules/terraform-aws-data-storage/efs/efs.md b/docs/reference/modules/terraform-aws-data-storage/efs/efs.md index a71552c5c0..09d214c834 100644 --- a/docs/reference/modules/terraform-aws-data-storage/efs/efs.md +++ b/docs/reference/modules/terraform-aws-data-storage/efs/efs.md @@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx'; import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx'; import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; - + # EFS Module -View Source +View Source Release Notes @@ -45,13 +45,13 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr If you just want to try this repo out for experimenting and learning, check out the following resources: -* [examples folder](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.0/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage). +* [examples folder](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.1/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage). ### Production deployment If you want to deploy this repo in production, check out the following resources: -* [efs module variables](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.0/modules/efs/variables.tf): Configuration variables available for the EFS module. At minimum, you should configure the `allow_connections_from_cidr_blocks` and `allow_connections_from_security_groups` values to only allow access from your private VPC(s). You may also want to enable `storage_encrypted` to encrypt data at-rest. +* [efs module variables](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.1/modules/efs/variables.tf): Configuration variables available for the EFS module. At minimum, you should configure the `allow_connections_from_cidr_blocks` and `allow_connections_from_security_groups` values to only allow access from your private VPC(s). You may also want to enable `storage_encrypted` to encrypt data at-rest. ## Manage @@ -74,7 +74,7 @@ If you want to deploy this repo in production, check out the following resources module "efs" { - source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/efs?ref=v0.28.0" + source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/efs?ref=v0.28.1" # ---------------------------------------------------------------------------------------------------- # REQUIRED VARIABLES @@ -176,7 +176,7 @@ module "efs" { # ------------------------------------------------------------------------------------------------------ terraform { - source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/efs?ref=v0.28.0" + source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/efs?ref=v0.28.1" } inputs = { @@ -547,11 +547,11 @@ The IDs of the security groups created for the file system. diff --git a/docs/reference/modules/terraform-aws-data-storage/lambda-cleanup-snapshots/lambda-cleanup-snapshots.md b/docs/reference/modules/terraform-aws-data-storage/lambda-cleanup-snapshots/lambda-cleanup-snapshots.md index efcae14993..d9e289157f 100644 --- a/docs/reference/modules/terraform-aws-data-storage/lambda-cleanup-snapshots/lambda-cleanup-snapshots.md +++ b/docs/reference/modules/terraform-aws-data-storage/lambda-cleanup-snapshots/lambda-cleanup-snapshots.md @@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx'; import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx'; import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; - + # Delete Snapshots Lambda Module -View Source +View Source Release Notes @@ -29,7 +29,7 @@ Note that to use this module, you must have access to the Gruntwork [Continuous This module allows you to configure a number of parameters, such as which database to backup, how often to run the backups, what account to share the backups with, and more. For a list of all available variables and their -descriptions, see [variables.tf](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.0/modules/lambda-cleanup-snapshots/variables.tf). +descriptions, see [variables.tf](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.1/modules/lambda-cleanup-snapshots/variables.tf). ## Sample Usage @@ -44,7 +44,7 @@ descriptions, see [variables.tf](https://github.com/gruntwork-io/terraform-aws-d module "lambda_cleanup_snapshots" { - source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/lambda-cleanup-snapshots?ref=v0.28.0" + source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/lambda-cleanup-snapshots?ref=v0.28.1" # ---------------------------------------------------------------------------------------------------- # REQUIRED VARIABLES @@ -114,7 +114,7 @@ module "lambda_cleanup_snapshots" { # ------------------------------------------------------------------------------------------------------ terraform { - source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/lambda-cleanup-snapshots?ref=v0.28.0" + source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/lambda-cleanup-snapshots?ref=v0.28.1" } inputs = { @@ -293,11 +293,11 @@ Namespace of snapshots that will be cleaned up by this module. If specified then diff --git a/docs/reference/modules/terraform-aws-data-storage/lambda-copy-shared-snapshot/lambda-copy-shared-snapshot.md b/docs/reference/modules/terraform-aws-data-storage/lambda-copy-shared-snapshot/lambda-copy-shared-snapshot.md index 9645fca01b..1daf45bd7d 100644 --- a/docs/reference/modules/terraform-aws-data-storage/lambda-copy-shared-snapshot/lambda-copy-shared-snapshot.md +++ b/docs/reference/modules/terraform-aws-data-storage/lambda-copy-shared-snapshot/lambda-copy-shared-snapshot.md @@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx'; import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx'; import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; - + # Copy Snapshot Lambda Module -View Source +View Source Release Notes @@ -108,7 +108,7 @@ account 222222222222. To be able to make a copy of that snapshot in account 2222 ## Background info For more info on how to backup RDS snapshots to a separate AWS account, check out the [lambda-create-snapshot module -documentation](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.0/modules/lambda-create-snapshot). +documentation](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.1/modules/lambda-create-snapshot). ## Sample Usage @@ -123,7 +123,7 @@ documentation](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v module "lambda_copy_shared_snapshot" { - source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/lambda-copy-shared-snapshot?ref=v0.28.0" + source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/lambda-copy-shared-snapshot?ref=v0.28.1" # ---------------------------------------------------------------------------------------------------- # REQUIRED VARIABLES @@ -199,7 +199,7 @@ module "lambda_copy_shared_snapshot" { # ------------------------------------------------------------------------------------------------------ terraform { - source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/lambda-copy-shared-snapshot?ref=v0.28.0" + source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/lambda-copy-shared-snapshot?ref=v0.28.1" } inputs = { @@ -394,11 +394,11 @@ Namespace all Lambda scheduling resources created by this module with this name. diff --git a/docs/reference/modules/terraform-aws-data-storage/lambda-create-snapshot/lambda-create-snapshot.md b/docs/reference/modules/terraform-aws-data-storage/lambda-create-snapshot/lambda-create-snapshot.md index 1b3ecd0dc4..1739349460 100644 --- a/docs/reference/modules/terraform-aws-data-storage/lambda-create-snapshot/lambda-create-snapshot.md +++ b/docs/reference/modules/terraform-aws-data-storage/lambda-create-snapshot/lambda-create-snapshot.md @@ -9,15 +9,15 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx'; import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx'; import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; - + # Database backup -View Source +View Source Release Notes -This module, along with the [lambda-share-snapshot](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.0/modules/lambda-share-snapshot) and [lambda-copy-shared-snapshot](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.0/modules/lambda-copy-shared-snapshot) modules, can be used to backup your RDS database to another AWS account (e.g., for disaster recovery) on a configurable schedule. Under the hood, each module runs a Lambda function that instructs your database to take a snapshot (this module), share the snapshot with another account (the `lambda-share-snapshot` module), and make a copy of the snapshot (`lambda-copy-shared-snapshot`). +This module, along with the [lambda-share-snapshot](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.1/modules/lambda-share-snapshot) and [lambda-copy-shared-snapshot](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.1/modules/lambda-copy-shared-snapshot) modules, can be used to backup your RDS database to another AWS account (e.g., for disaster recovery) on a configurable schedule. Under the hood, each module runs a Lambda function that instructs your database to take a snapshot (this module), share the snapshot with another account (the `lambda-share-snapshot` module), and make a copy of the snapshot (`lambda-copy-shared-snapshot`). ![RDS architecture](/img/reference/modules/terraform-aws-data-storage/lambda-create-snapshot/data-backup-architecture.png) @@ -29,7 +29,7 @@ This module, along with the [lambda-share-snapshot](https://github.com/gruntwork * Configurable backup schedule (e.g., using cron expressions) -* Clean up old snapshots automatically using the [lambda-cleanup-snapshots](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.0/modules/lambda-cleanup-snapshots) module. +* Clean up old snapshots automatically using the [lambda-cleanup-snapshots](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.1/modules/lambda-cleanup-snapshots) module. ## Learn @@ -39,9 +39,9 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr ### Core concepts -* [What is Amazon RDS?](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.0/modules/rds/core-concepts.md#what-is-amazon-rds) +* [What is Amazon RDS?](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.1/modules/rds/core-concepts.md#what-is-amazon-rds) -* [How does this differ from RDS automatic snapshots?](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.0/modules/lambda-create-snapshot/core-concepts.md#how-does-this-differ-from-rds-automatic-snapshots) +* [How does this differ from RDS automatic snapshots?](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.1/modules/lambda-create-snapshot/core-concepts.md#how-does-this-differ-from-rds-automatic-snapshots) * [RDS documentation](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html): Amazon’s docs for RDS that cover core concepts such as the types of databases supported, security, backup & restore, and monitoring. @@ -53,7 +53,7 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr If you just want to try this repo out for experimenting and learning, check out the following resources: -* [examples folder](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.0/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage). +* [examples folder](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.1/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage). ### Production deployment @@ -65,7 +65,7 @@ If you want to deploy this repo in production, check out the following resources ### Day-to-day operations -* [How to backup RDS snapshots to a separate AWS account](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.0/modules/lambda-create-snapshot/core-concepts.md#how-do-you-backup-your-rds-snapshots-to-a-separate-aws-account) +* [How to backup RDS snapshots to a separate AWS account](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.1/modules/lambda-create-snapshot/core-concepts.md#how-do-you-backup-your-rds-snapshots-to-a-separate-aws-account) ### Major changes @@ -84,7 +84,7 @@ If you want to deploy this repo in production, check out the following resources module "lambda_create_snapshot" { - source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/lambda-create-snapshot?ref=v0.28.0" + source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/lambda-create-snapshot?ref=v0.28.1" # ---------------------------------------------------------------------------------------------------- # REQUIRED VARIABLES @@ -181,7 +181,7 @@ module "lambda_create_snapshot" { # ------------------------------------------------------------------------------------------------------ terraform { - source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/lambda-create-snapshot?ref=v0.28.0" + source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/lambda-create-snapshot?ref=v0.28.1" } inputs = { @@ -442,11 +442,11 @@ Namespace all snapshots created by this module's jobs with this suffix. If not s diff --git a/docs/reference/modules/terraform-aws-data-storage/lambda-share-snapshot/lambda-share-snapshot.md b/docs/reference/modules/terraform-aws-data-storage/lambda-share-snapshot/lambda-share-snapshot.md index ec6c6bb0b2..a96a789dcd 100644 --- a/docs/reference/modules/terraform-aws-data-storage/lambda-share-snapshot/lambda-share-snapshot.md +++ b/docs/reference/modules/terraform-aws-data-storage/lambda-share-snapshot/lambda-share-snapshot.md @@ -9,23 +9,23 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx'; import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx'; import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; - + # Share Snapshot Lambda Module -View Source +View Source Release Notes This module creates an [AWS Lambda](https://aws.amazon.com/lambda/) function that can share snapshots of an [Amazon Relational Database (RDS)](https://aws.amazon.com/rds/) database with another AWS account. Typically, the snapshots -are created by the [lambda-create-snapshot module](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.0/modules/lambda-create-snapshot), which can be configured to +are created by the [lambda-create-snapshot module](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.1/modules/lambda-create-snapshot), which can be configured to automatically trigger this lambda function after each run. ## Background info For more info on how to backup RDS snapshots to a separate AWS account, check out the [lambda-create-snapshot module -documentation](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.0/modules/lambda-create-snapshot). +documentation](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.1/modules/lambda-create-snapshot). ## Sample Usage @@ -40,7 +40,7 @@ documentation](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v module "lambda_share_snapshot" { - source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/lambda-share-snapshot?ref=v0.28.0" + source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/lambda-share-snapshot?ref=v0.28.1" # ---------------------------------------------------------------------------------------------------- # REQUIRED VARIABLES @@ -85,7 +85,7 @@ module "lambda_share_snapshot" { # ------------------------------------------------------------------------------------------------------ terraform { - source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/lambda-share-snapshot?ref=v0.28.0" + source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/lambda-share-snapshot?ref=v0.28.1" } inputs = { @@ -198,11 +198,11 @@ The amount of time, in seconds, between retries. diff --git a/docs/reference/modules/terraform-aws-data-storage/rds-proxy/rds-proxy.md b/docs/reference/modules/terraform-aws-data-storage/rds-proxy/rds-proxy.md index 48859e7e6f..ff69785c42 100644 --- a/docs/reference/modules/terraform-aws-data-storage/rds-proxy/rds-proxy.md +++ b/docs/reference/modules/terraform-aws-data-storage/rds-proxy/rds-proxy.md @@ -9,16 +9,16 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx'; import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx'; import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; - + # How to use RDS Proxy Module -View Source +View Source Release Notes In order to setup a RDS proxy, you need to setup database credentials in AWS Secrets Manager and pass it to this module. -Refer to the [examples/rds-proxy](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.0/examples/rds-proxy) or https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-proxy-setup.html#rds-proxy-secrets-arns for more information. +Refer to the [examples/rds-proxy](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.28.1/examples/rds-proxy) or https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-proxy-setup.html#rds-proxy-secrets-arns for more information. Setting up a RDS proxy requires the following steps, which is handled by this module: @@ -39,7 +39,7 @@ Setting up a RDS proxy requires the following steps, which is handled by this mo module "rds_proxy" { - source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/rds-proxy?ref=v0.28.0" + source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/rds-proxy?ref=v0.28.1" # ---------------------------------------------------------------------------------------------------- # REQUIRED VARIABLES @@ -119,7 +119,7 @@ module "rds_proxy" { # ------------------------------------------------------------------------------------------------------ terraform { - source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/rds-proxy?ref=v0.28.0" + source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/rds-proxy?ref=v0.28.1" } inputs = { @@ -328,11 +328,11 @@ The number of seconds that a connection to the proxy can be inactive before the diff --git a/docs/reference/modules/terraform-aws-data-storage/rds-replicas/rds-replicas.md b/docs/reference/modules/terraform-aws-data-storage/rds-replicas/rds-replicas.md index 1e450ad34f..6b9aef16fa 100644 --- a/docs/reference/modules/terraform-aws-data-storage/rds-replicas/rds-replicas.md +++ b/docs/reference/modules/terraform-aws-data-storage/rds-replicas/rds-replicas.md @@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx'; import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx'; import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; - + # RDS Read Replicas Module -View Source +View Source Release Notes @@ -39,7 +39,7 @@ for more information. module "rds_replicas" { - source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/rds-replicas?ref=v0.28.0" + source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/rds-replicas?ref=v0.28.1" # ---------------------------------------------------------------------------------------------------- # REQUIRED VARIABLES @@ -103,10 +103,23 @@ module "rds_replicas" { # for more details. auto_minor_version_upgrade = true + # The description of the aws_db_subnet_group that is created. Defaults to + # 'Subnet group for the var.name DB' if not specified. + aws_db_subnet_group_description = null + + # The name of the aws_db_subnet_group that is created, or an existing one to + # use if create_subnet_group is false. Defaults to var.name if not specified. + aws_db_subnet_group_name = null + # How many days to keep backup snapshots around before cleaning them up. Must # be 1 or greater to support read replicas. 0 means disable automated backups. backup_retention_period = 21 + # The daily time range during which automated backups are created (e.g. + # 04:00-09:00). Time zone is UTC. Performance may be degraded while a backup + # runs. + backup_window = null + # The Certificate Authority (CA) certificates bundle to use on the RDS # instance. ca_cert_identifier = null @@ -114,6 +127,11 @@ module "rds_replicas" { # Copy all the RDS instance tags to snapshots. Default is false. copy_tags_to_snapshot = false + # When working with read replicas, only configure db subnet group if the + # source database specifies an instance in another AWS Region. If true, it + # will create a new subnet group. + create_subnet_group = false + # Timeout for DB creating creating_timeout = "40m" @@ -121,6 +139,10 @@ module "rds_replicas" { # created for it. The key is the tag name and the value is the tag value. custom_tags = {} + # Specifies whether to remove automated backups immediately after the DB + # instance is deleted + delete_automated_backups = null + # Timeout for DB deleting deleting_timeout = "60m" @@ -147,6 +169,11 @@ module "rds_replicas" { # KMS key for the account will be used. kms_key_arn = null + # The weekly day and time range during which system maintenance can occur + # (e.g. wed:04:00-wed:04:30). Time zone is UTC. Performance may be degraded or + # there may even be a downtime during maintenance windows. + maintenance_window = null + # When configured, the upper limit to which Amazon RDS can automatically scale # the storage of the DB instance. Configuring this will automatically ignore # differences to allocated_storage. Must be greater than or equal to @@ -166,6 +193,10 @@ module "rds_replicas" { # allows enhanced monitoring will be created. monitoring_role_arn = null + # Specifies if a standby instance should be deployed in another availability + # zone. If the primary fails, this instance will automatically take over. + multi_az = false + # The number of read replicas to create. RDS will asynchronously replicate all # data from the master to these replicas, which you can use to horizontally # scale reads traffic. @@ -208,6 +239,11 @@ module "rds_replicas" { # SSD), io1' (provisioned IOPS SSD), or 'io2' (2nd gen provisioned IOPS SSD). storage_type = "gp2" + # A list of subnet ids where the database should be deployed. In the standard + # Gruntwork VPC setup, these should be the private persistence subnet ids. + # This is ignored if create_subnet_group=false. + subnet_ids = null + # Timeout for DB updating updating_timeout = "80m" @@ -226,7 +262,7 @@ module "rds_replicas" { # ------------------------------------------------------------------------------------------------------ terraform { - source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/rds-replicas?ref=v0.28.0" + source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/rds-replicas?ref=v0.28.1" } inputs = { @@ -293,10 +329,23 @@ inputs = { # for more details. auto_minor_version_upgrade = true + # The description of the aws_db_subnet_group that is created. Defaults to + # 'Subnet group for the var.name DB' if not specified. + aws_db_subnet_group_description = null + + # The name of the aws_db_subnet_group that is created, or an existing one to + # use if create_subnet_group is false. Defaults to var.name if not specified. + aws_db_subnet_group_name = null + # How many days to keep backup snapshots around before cleaning them up. Must # be 1 or greater to support read replicas. 0 means disable automated backups. backup_retention_period = 21 + # The daily time range during which automated backups are created (e.g. + # 04:00-09:00). Time zone is UTC. Performance may be degraded while a backup + # runs. + backup_window = null + # The Certificate Authority (CA) certificates bundle to use on the RDS # instance. ca_cert_identifier = null @@ -304,6 +353,11 @@ inputs = { # Copy all the RDS instance tags to snapshots. Default is false. copy_tags_to_snapshot = false + # When working with read replicas, only configure db subnet group if the + # source database specifies an instance in another AWS Region. If true, it + # will create a new subnet group. + create_subnet_group = false + # Timeout for DB creating creating_timeout = "40m" @@ -311,6 +365,10 @@ inputs = { # created for it. The key is the tag name and the value is the tag value. custom_tags = {} + # Specifies whether to remove automated backups immediately after the DB + # instance is deleted + delete_automated_backups = null + # Timeout for DB deleting deleting_timeout = "60m" @@ -337,6 +395,11 @@ inputs = { # KMS key for the account will be used. kms_key_arn = null + # The weekly day and time range during which system maintenance can occur + # (e.g. wed:04:00-wed:04:30). Time zone is UTC. Performance may be degraded or + # there may even be a downtime during maintenance windows. + maintenance_window = null + # When configured, the upper limit to which Amazon RDS can automatically scale # the storage of the DB instance. Configuring this will automatically ignore # differences to allocated_storage. Must be greater than or equal to @@ -356,6 +419,10 @@ inputs = { # allows enhanced monitoring will be created. monitoring_role_arn = null + # Specifies if a standby instance should be deployed in another availability + # zone. If the primary fails, this instance will automatically take over. + multi_az = false + # The number of read replicas to create. RDS will asynchronously replicate all # data from the master to these replicas, which you can use to horizontally # scale reads traffic. @@ -398,6 +465,11 @@ inputs = { # SSD), io1' (provisioned IOPS SSD), or 'io2' (2nd gen provisioned IOPS SSD). storage_type = "gp2" + # A list of subnet ids where the database should be deployed. In the standard + # Gruntwork VPC setup, these should be the private persistence subnet ids. + # This is ignored if create_subnet_group=false. + subnet_ids = null + # Timeout for DB updating updating_timeout = "80m" @@ -524,6 +596,24 @@ Indicates that minor engine upgrades will be applied automatically to the DB ins + + + +The description of the aws_db_subnet_group that is created. Defaults to 'Subnet group for the name DB' if not specified. + + + + + + + + +The name of the aws_db_subnet_group that is created, or an existing one to use if create_subnet_group is false. Defaults to name if not specified. + + + + + @@ -533,6 +623,15 @@ How many days to keep backup snapshots around before cleaning them up. Must be 1 + + + +The daily time range during which automated backups are created (e.g. 04:00-09:00). Time zone is UTC. Performance may be degraded while a backup runs. + + + + + @@ -551,6 +650,15 @@ Copy all the RDS instance tags to snapshots. Default is false. + + + +When working with read replicas, only configure db subnet group if the source database specifies an instance in another AWS Region. If true, it will create a new subnet group. + + + + + @@ -569,6 +677,15 @@ A map of custom tags to apply to the RDS Instance and the Security Group created + + + +Specifies whether to remove automated backups immediately after the DB instance is deleted + + + + + @@ -623,6 +740,15 @@ The ARN of a KMS key that should be used to encrypt data on disk. Only used if < + + + +The weekly day and time range during which system maintenance can occur (e.g. wed:04:00-wed:04:30). Time zone is UTC. Performance may be degraded or there may even be a downtime during maintenance windows. + + + + + @@ -650,6 +776,15 @@ The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to + + + +Specifies if a standby instance should be deployed in another availability zone. If the primary fails, this instance will automatically take over. + + + + + @@ -731,6 +866,15 @@ The type of storage to use for the primary instance. Must be one of 'standard' ( + + + +A list of subnet ids where the database should be deployed. In the standard Gruntwork VPC setup, these should be the private persistence subnet ids. This is ignored if create_subnet_group=false. + + + + + @@ -768,11 +912,11 @@ Timeout for DB updating diff --git a/docs/reference/modules/terraform-aws-data-storage/rds/rds.md b/docs/reference/modules/terraform-aws-data-storage/rds/rds.md index 9d1acf3040..2da884e294 100644 --- a/docs/reference/modules/terraform-aws-data-storage/rds/rds.md +++ b/docs/reference/modules/terraform-aws-data-storage/rds/rds.md @@ -9,13 +9,13 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx'; import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx'; import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; - + # RDS Module -View Source +View Source -Release Notes +Release Notes This module creates an Amazon Relational Database Service (RDS) cluster that can run MySQL, Postgres, MariaDB, Oracle, or SQL Server. The cluster is managed by AWS and automatically handles standby failover, read replicas, backups, @@ -95,7 +95,7 @@ Tunneling) before you can connect to the database. module "rds" { - source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/rds?ref=v0.28.0" + source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/rds?ref=v0.28.1" # ---------------------------------------------------------------------------------------------------- # REQUIRED VARIABLES @@ -443,7 +443,7 @@ module "rds" { # ------------------------------------------------------------------------------------------------------ terraform { - source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/rds?ref=v0.28.0" + source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/rds?ref=v0.28.1" } inputs = { @@ -1495,11 +1495,11 @@ Timeout for DB updating diff --git a/docs/reference/modules/terraform-aws-data-storage/redshift/redshift.md b/docs/reference/modules/terraform-aws-data-storage/redshift/redshift.md index 317b5e6214..cb82cbc048 100644 --- a/docs/reference/modules/terraform-aws-data-storage/redshift/redshift.md +++ b/docs/reference/modules/terraform-aws-data-storage/redshift/redshift.md @@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx'; import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx'; import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; - + # Redshift Module -View Source +View Source Release Notes @@ -63,7 +63,7 @@ workaround, you can re-run the destroy command once the workspace gets deleted c module "redshift" { - source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/redshift?ref=v0.28.0" + source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/redshift?ref=v0.28.1" # ---------------------------------------------------------------------------------------------------- # REQUIRED VARIABLES @@ -259,7 +259,7 @@ module "redshift" { # ------------------------------------------------------------------------------------------------------ terraform { - source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/redshift?ref=v0.28.0" + source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/redshift?ref=v0.28.1" } inputs = { @@ -923,11 +923,11 @@ The ID of the Security Group that controls access to the cluster diff --git a/docs/reference/modules/terraform-aws-ecs/ecs-cluster/ecs-cluster.md b/docs/reference/modules/terraform-aws-ecs/ecs-cluster/ecs-cluster.md index 9e9216581a..415cd109af 100644 --- a/docs/reference/modules/terraform-aws-ecs/ecs-cluster/ecs-cluster.md +++ b/docs/reference/modules/terraform-aws-ecs/ecs-cluster/ecs-cluster.md @@ -9,17 +9,17 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx'; import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx'; import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; - + # ECS Cluster Module -View Source +View Source Release Notes This Terraform Module launches an [EC2 Container Service Cluster](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_clusters.html) that you can use to run -Docker containers and services (see the [ecs-service module](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/modules/ecs-service/README.adoc)). +Docker containers and services (see the [ecs-service module](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/modules/ecs-service/README.adoc)). **WARNING: Launch Configurations:** [Launch configurations](https://docs.aws.amazon.com/autoscaling/ec2/userguide/launch-configurations.html) are being phased out in favor of [Launch Templates](https://docs.aws.amazon.com/autoscaling/ec2/userguide/launch-templates.html). Before upgrading to the latest release please be sure to test and plan any changes to infrastructure that may be impacted. Launch templates are being introduced in [PR #371](https://github.com/gruntwork-io/terraform-aws-ecs/pull/371) @@ -32,7 +32,7 @@ ECS and register itself as part of the right cluster. ## How do you run Docker containers on the cluster? -See the [service module](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/modules/ecs-service/README.adoc). +See the [service module](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/modules/ecs-service/README.adoc). ## How do you add additional security group rules? @@ -97,7 +97,7 @@ currently no way in ECS to manage IAM policies on a per-Docker-container basis. ## How do you make changes to the EC2 Instances in the cluster? -To deploy an update to an ECS Service, see the [ecs-service module](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/modules/ecs-service). To deploy an update to the +To deploy an update to an ECS Service, see the [ecs-service module](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/modules/ecs-service). To deploy an update to the EC2 Instances in your ECS cluster, such as a new AMI, read on. Terraform and AWS do not provide a way to automatically roll out a change to the Instances in an ECS Cluster. Due to @@ -122,8 +122,8 @@ To deploy a change such as rolling out a new AMI to all ECS Instances: python3 roll-out-ecs-cluster-update.py --asg-name ASG_NAME --cluster-name CLUSTER_NAME --aws-region AWS_REGION ``` - If you have your output variables configured as shown in [outputs.tf](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/examples/docker-service-with-elb/outputs.tf) - of the [docker-service-with-elb example](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/examples/docker-service-with-elb), you can use the `terraform output` + If you have your output variables configured as shown in [outputs.tf](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/examples/docker-service-with-elb/outputs.tf) + of the [docker-service-with-elb example](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/examples/docker-service-with-elb), you can use the `terraform output` command to fill in most of the arguments automatically: ``` @@ -207,7 +207,7 @@ enable Capacity Providers on an existing ECS cluster that did not have Capacity instances to ensure all the instances get associated with the new Capacity Provider. To rotate the instances, you can run the -[roll-out-ecs-cluster-update.py](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/modules/ecs-cluster/roll-out-ecs-cluster-update.py) +[roll-out-ecs-cluster-update.py](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/modules/ecs-cluster/roll-out-ecs-cluster-update.py) script in the `terraform-aws-ecs` module. Refer to the [documentation](#how-do-you-make-changes-to-the-ec2-instances-in-the-cluster) for more information on the script. @@ -225,7 +225,7 @@ for more information on the script. module "ecs_cluster" { - source = "git::git@github.com:gruntwork-io/terraform-aws-ecs.git//modules/ecs-cluster?ref=v0.35.7" + source = "git::git@github.com:gruntwork-io/terraform-aws-ecs.git//modules/ecs-cluster?ref=v0.35.8" # ---------------------------------------------------------------------------------------------------- # REQUIRED VARIABLES @@ -421,6 +421,10 @@ module "ecs_cluster" { # The key is the tag name and the value is the tag value. custom_tags_security_group = {} + # Enables additional block device mapping. Change to false if you wish to + # disable additional EBS volume attachment to EC2 instances. Defaults to true. + enable_block_device_mappings = true + # Whether or not to enable Container Insights on the ECS cluster. Refer to # https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cloudwatch-container-insights.html # for more information on ECS Container Insights. @@ -485,7 +489,7 @@ module "ecs_cluster" { # ------------------------------------------------------------------------------------------------------ terraform { - source = "git::git@github.com:gruntwork-io/terraform-aws-ecs.git//modules/ecs-cluster?ref=v0.35.7" + source = "git::git@github.com:gruntwork-io/terraform-aws-ecs.git//modules/ecs-cluster?ref=v0.35.8" } inputs = { @@ -684,6 +688,10 @@ inputs = { # The key is the tag name and the value is the tag value. custom_tags_security_group = {} + # Enables additional block device mapping. Change to false if you wish to + # disable additional EBS volume attachment to EC2 instances. Defaults to true. + enable_block_device_mappings = true + # Whether or not to enable Container Insights on the ECS cluster. Refer to # https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cloudwatch-container-insights.html # for more information on ECS Container Insights. @@ -1177,6 +1185,15 @@ A map of custom tags to apply to the Security Group for this ECS Cluster. The ke + + + +Enables additional block device mapping. Change to false if you wish to disable additional EBS volume attachment to EC2 instances. Defaults to true. + + + + + @@ -1324,11 +1341,11 @@ Set this variable to true to enable the use of Instance Metadata Service Version diff --git a/docs/reference/modules/terraform-aws-ecs/ecs-daemon-service/ecs-daemon-service.md b/docs/reference/modules/terraform-aws-ecs/ecs-daemon-service/ecs-daemon-service.md index 28cbd7550e..0e7bb79917 100644 --- a/docs/reference/modules/terraform-aws-ecs/ecs-daemon-service/ecs-daemon-service.md +++ b/docs/reference/modules/terraform-aws-ecs/ecs-daemon-service/ecs-daemon-service.md @@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx'; import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx'; import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; - + # ECS Daemon Service Module -View Source +View Source Release Notes @@ -33,7 +33,7 @@ environment variables to set, and so on. To actually run an ECS Task, you define ## How do you create an ECS cluster? -To use ECS, you first deploy one or more EC2 Instances into a "cluster". See the [ecs-cluster module](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/modules/ecs-cluster) +To use ECS, you first deploy one or more EC2 Instances into a "cluster". See the [ecs-cluster module](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/modules/ecs-cluster) for how to create a cluster. ## How do you add additional IAM policies? @@ -82,7 +82,7 @@ EOF module "ecs_daemon_service" { - source = "git::git@github.com:gruntwork-io/terraform-aws-ecs.git//modules/ecs-daemon-service?ref=v0.35.7" + source = "git::git@github.com:gruntwork-io/terraform-aws-ecs.git//modules/ecs-daemon-service?ref=v0.35.8" # ---------------------------------------------------------------------------------------------------- # REQUIRED VARIABLES @@ -207,7 +207,7 @@ module "ecs_daemon_service" { # ------------------------------------------------------------------------------------------------------ terraform { - source = "git::git@github.com:gruntwork-io/terraform-aws-ecs.git//modules/ecs-daemon-service?ref=v0.35.7" + source = "git::git@github.com:gruntwork-io/terraform-aws-ecs.git//modules/ecs-daemon-service?ref=v0.35.8" } inputs = { @@ -603,11 +603,11 @@ If true, Terraform will wait for the service to reach a steady state—as in, th diff --git a/docs/reference/modules/terraform-aws-ecs/ecs-deploy-check-binaries/ecs-deploy-check-binaries.md b/docs/reference/modules/terraform-aws-ecs/ecs-deploy-check-binaries/ecs-deploy-check-binaries.md index 83e77cdc42..a809e99707 100644 --- a/docs/reference/modules/terraform-aws-ecs/ecs-deploy-check-binaries/ecs-deploy-check-binaries.md +++ b/docs/reference/modules/terraform-aws-ecs/ecs-deploy-check-binaries/ecs-deploy-check-binaries.md @@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx'; import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx'; import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; - + # ECS Deploy Check Scripts -View Source +View Source Release Notes @@ -108,11 +108,11 @@ pyenv shell 3.8.0 3.9.0 3.10.0 3.11.0 diff --git a/docs/reference/modules/terraform-aws-ecs/ecs-deploy/ecs-deploy.md b/docs/reference/modules/terraform-aws-ecs/ecs-deploy/ecs-deploy.md index 067a14708b..55f8c6e170 100644 --- a/docs/reference/modules/terraform-aws-ecs/ecs-deploy/ecs-deploy.md +++ b/docs/reference/modules/terraform-aws-ecs/ecs-deploy/ecs-deploy.md @@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx'; import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx'; import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; - + # ECS Deployment Scripts -View Source +View Source Release Notes @@ -48,7 +48,7 @@ The `run-ecs-task` script assumes you already have the following: resource](https://www.terraform.io/docs/providers/aws/r/ecs_task_definition.html). You'll need to know the family name and revision of the ECS Task Definition you want to run. -Check out the [deploy-ecs-task example](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/examples/deploy-ecs-task) for working sample code of both of the above. +Check out the [deploy-ecs-task example](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/examples/deploy-ecs-task) for working sample code of both of the above. To run the ECS Task Definition `db-backup` at revision `3` in an ECS Cluster named `ecs-stage` in `us-west-2`, use the following command: @@ -96,11 +96,11 @@ container instead of the command configured in the Task Definition. diff --git a/docs/reference/modules/terraform-aws-ecs/ecs-fargate/ecs-fargate.md b/docs/reference/modules/terraform-aws-ecs/ecs-fargate/ecs-fargate.md index 1eacc9c819..1b3d008984 100644 --- a/docs/reference/modules/terraform-aws-ecs/ecs-fargate/ecs-fargate.md +++ b/docs/reference/modules/terraform-aws-ecs/ecs-fargate/ecs-fargate.md @@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx'; import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx'; import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; - + # Fargate Module -View Source +View Source Release Notes @@ -24,11 +24,11 @@ guide in [the release notes](https://github.com/gruntwork-io/terraform-aws-ecs/r diff --git a/docs/reference/modules/terraform-aws-ecs/ecs-scripts/ecs-scripts.md b/docs/reference/modules/terraform-aws-ecs/ecs-scripts/ecs-scripts.md index 2053911260..5afd8c4b25 100644 --- a/docs/reference/modules/terraform-aws-ecs/ecs-scripts/ecs-scripts.md +++ b/docs/reference/modules/terraform-aws-ecs/ecs-scripts/ecs-scripts.md @@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx'; import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx'; import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; - + # ECS Scripts -View Source +View Source Release Notes @@ -31,7 +31,7 @@ You can install the helpers using the [Gruntwork Installer](https://github.com/g gruntwork-install --module-name "ecs-scripts" --repo "https://github.com/gruntwork-io/terraform-aws-ecs" --tag "0.0.1" ``` -For an example, see the [Packer](https://www.packer.io/) template under [/examples/example-ecs-instance-ami/build.json](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/examples/example-ecs-instance-ami/build.json). +For an example, see the [Packer](https://www.packer.io/) template under [/examples/example-ecs-instance-ami/build.json](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/examples/example-ecs-instance-ami/build.json). ## Using the configure-ecs-instance helper @@ -80,11 +80,11 @@ Run `configure-ecs-instance --help` to see all available options. diff --git a/docs/reference/modules/terraform-aws-ecs/ecs-service-with-alb/ecs-service-with-alb.md b/docs/reference/modules/terraform-aws-ecs/ecs-service-with-alb/ecs-service-with-alb.md index 291a2be390..b01a2acd39 100644 --- a/docs/reference/modules/terraform-aws-ecs/ecs-service-with-alb/ecs-service-with-alb.md +++ b/docs/reference/modules/terraform-aws-ecs/ecs-service-with-alb/ecs-service-with-alb.md @@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx'; import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx'; import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; - + # ECS Service with ALB -View Source +View Source Release Notes @@ -24,11 +24,11 @@ guide in [the release notes](https://github.com/gruntwork-io/terraform-aws-ecs/r diff --git a/docs/reference/modules/terraform-aws-ecs/ecs-service-with-discovery/ecs-service-with-discovery.md b/docs/reference/modules/terraform-aws-ecs/ecs-service-with-discovery/ecs-service-with-discovery.md index 3f48b3422c..0e5c742b7d 100644 --- a/docs/reference/modules/terraform-aws-ecs/ecs-service-with-discovery/ecs-service-with-discovery.md +++ b/docs/reference/modules/terraform-aws-ecs/ecs-service-with-discovery/ecs-service-with-discovery.md @@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx'; import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx'; import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; - + # ECS Service with Discovery -View Source +View Source Release Notes @@ -24,11 +24,11 @@ guide in [the release notes](https://github.com/gruntwork-io/terraform-aws-ecs/r diff --git a/docs/reference/modules/terraform-aws-ecs/ecs-service/ecs-service.md b/docs/reference/modules/terraform-aws-ecs/ecs-service/ecs-service.md index 9421397710..582c8ba32e 100644 --- a/docs/reference/modules/terraform-aws-ecs/ecs-service/ecs-service.md +++ b/docs/reference/modules/terraform-aws-ecs/ecs-service/ecs-service.md @@ -9,15 +9,15 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx'; import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx'; import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; - + # ECS Service -View Source +View Source Release Notes -This module creates an [Elastic Container Service (ECS) Service](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html) that you can use to run one or more related, long-running Docker containers, such as a web service. An ECS service can automatically deploy multiple instances of your Docker containers across an ECS cluster (see the [ecs-cluster module](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/modules/ecs-cluster)), restart any failed Docker containers, route traffic across your containers using an optional Elastic Load Balancer (ELB), and optionally register the services to AWS Service Discovery Service. +This module creates an [Elastic Container Service (ECS) Service](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html) that you can use to run one or more related, long-running Docker containers, such as a web service. An ECS service can automatically deploy multiple instances of your Docker containers across an ECS cluster (see the [ecs-cluster module](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/modules/ecs-cluster)), restart any failed Docker containers, route traffic across your containers using an optional Elastic Load Balancer (ELB), and optionally register the services to AWS Service Discovery Service. ![ECS Service architecture](/img/reference/modules/terraform-aws-ecs/ecs-service/ecs-service-architecture.png) @@ -37,7 +37,7 @@ This module creates an [Elastic Container Service (ECS) Service](http://docs.aws * VPC support -* Verified deployments using the [ECS deployment checker binary](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/modules/ecs-deploy-check-binaries) +* Verified deployments using the [ECS deployment checker binary](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/modules/ecs-deploy-check-binaries) ## Learn @@ -47,15 +47,15 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr ### Core concepts -* [What is Amazon ECS?](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/core-concepts.md#what-is-elastic-container-service) +* [What is Amazon ECS?](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/core-concepts.md#what-is-elastic-container-service) -* [Helpful vocabulary for ECS](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/core-concepts.md#helpful-vocabulary) +* [Helpful vocabulary for ECS](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/core-concepts.md#helpful-vocabulary) -* [What is Fargate?](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/core-concepts.md#what-is-fargate) +* [What is Fargate?](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/core-concepts.md#what-is-fargate) -* [What is an ECS Service?](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/modules/ecs-service/core-concepts.md#what-is-an-ecs-service) +* [What is an ECS Service?](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/modules/ecs-service/core-concepts.md#what-is-an-ecs-service) -* [What is ECS Service Discovery?](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/modules/ecs-service/core-concepts.md#what-is-ecs-service-discovery) +* [What is ECS Service Discovery?](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/modules/ecs-service/core-concepts.md#what-is-ecs-service-discovery) * [ECS Documentation](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/Welcome.html): Amazon’s docs for ECS that cover core concepts such as the different cluster hosting options, scheduling properties, Docker, security, and monitoring. @@ -63,27 +63,27 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr ### Repo organization -* [modules](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules. +* [modules](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules. - * [modules/ecs-cluster](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/modules/ecs-cluster): use this module to provision an ECS cluster with ECS container instances. + * [modules/ecs-cluster](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/modules/ecs-cluster): use this module to provision an ECS cluster with ECS container instances. - * [modules/ecs-scripts](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/modules/ecs-scripts): use the scripts in this module to configure private docker registries and register ECS container instances to ECS clusters. + * [modules/ecs-scripts](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/modules/ecs-scripts): use the scripts in this module to configure private docker registries and register ECS container instances to ECS clusters. - * [modules/ecs-service](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/modules/ecs-service): use this module to deploy one or more docker containers as a ECS service, with options to use ELBs (CLB, ALB, or NLB), Service Discovery, or Fargate. + * [modules/ecs-service](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/modules/ecs-service): use this module to deploy one or more docker containers as a ECS service, with options to use ELBs (CLB, ALB, or NLB), Service Discovery, or Fargate. - * [modules/ecs-daemon-service](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/modules/ecs-daemon-service): use this module to deploy one or more docker containers that run on a regular schedule. + * [modules/ecs-daemon-service](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/modules/ecs-daemon-service): use this module to deploy one or more docker containers that run on a regular schedule. - * [modules/ecs-deploy](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/modules/ecs-deploy): use the scripts in this module to run one or more docker containers as a one time task on an ECS cluster. + * [modules/ecs-deploy](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/modules/ecs-deploy): use the scripts in this module to run one or more docker containers as a one time task on an ECS cluster. - * [modules/ecs-deploy-check-binaries](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/modules/ecs-deploy-check-binaries): use the python binary packages in this module to check ECS service deployments to ensure that they are active and healthy. + * [modules/ecs-deploy-check-binaries](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/modules/ecs-deploy-check-binaries): use the python binary packages in this module to check ECS service deployments to ensure that they are active and healthy. -* [examples](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/examples): This folder contains working examples of how to use the submodules. +* [examples](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/examples): This folder contains working examples of how to use the submodules. -* [test](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/test): Automated tests for the modules and examples. +* [test](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/test): Automated tests for the modules and examples. ### Gruntwork analysis -* [EC2 vs Fargate launch types](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/core-concepts.md#ec2-vs-fargate-launch-types): A detailed comparison between the two available launch types for ECS, showing you the trade-offs between ECS container instances and Fargate. +* [EC2 vs Fargate launch types](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/core-concepts.md#ec2-vs-fargate-launch-types): A detailed comparison between the two available launch types for ECS, showing you the trade-offs between ECS container instances and Fargate. ## Deploy @@ -91,7 +91,7 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr If you just want to try this repo out for experimenting and learning, check out the following resources: -* [examples folder](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage). +* [examples folder](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage). ### Production deployment @@ -115,23 +115,23 @@ Production-ready sample code from the Reference Architecture: ### Day-to-day operations -* [How do I use Fargate?](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/modules/ecs-service/core-concepts.md#how-do-i-use-fargate) +* [How do I use Fargate?](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/modules/ecs-service/core-concepts.md#how-do-i-use-fargate) -* [How do I associate the ECS Service with an ALB or NLB?](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/modules/ecs-service/core-concepts.md#how-do-i-associate-the-ecs-service-with-an-alb-or-nlb) +* [How do I associate the ECS Service with an ALB or NLB?](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/modules/ecs-service/core-concepts.md#how-do-i-associate-the-ecs-service-with-an-alb-or-nlb) -* [How do I setup Service Discovery?](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/modules/ecs-service/core-concepts.md#how-do-i-setup-service-discovery) +* [How do I setup Service Discovery?](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/modules/ecs-service/core-concepts.md#how-do-i-setup-service-discovery) -* [How do I add IAM policies to the ECS service?](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/modules/ecs-service/core-concepts.md#how-do-you-add-additional-iam-policies-to-the-ecs-service) +* [How do I add IAM policies to the ECS service?](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/modules/ecs-service/core-concepts.md#how-do-you-add-additional-iam-policies-to-the-ecs-service) -* [How do I scale an ECS service?](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/modules/ecs-service/core-concepts.md#how-do-you-scale-an-ecs-service) +* [How do I scale an ECS service?](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/modules/ecs-service/core-concepts.md#how-do-you-scale-an-ecs-service) ### Major changes -* [How do you make changes to the EC2 instances in the cluster?](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/module/ecs-cluster/README.md#how-do-you-make-changes-to-the-ec-2-instances-in-the-cluster) +* [How do you make changes to the EC2 instances in the cluster?](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/module/ecs-cluster/README.md#how-do-you-make-changes-to-the-ec-2-instances-in-the-cluster) -* [How do ECS Services deploy new versions of containers?](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/modules/ecs-service/core-concepts.md#how-do-ecs-services-deploy-new-versions-of-containers) +* [How do ECS Services deploy new versions of containers?](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/modules/ecs-service/core-concepts.md#how-do-ecs-services-deploy-new-versions-of-containers) -* [How do I do a canary deployment?](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/modules/ecs-service/core-concepts.md#how-do-i-do-a-canary-deployment) +* [How do I do a canary deployment?](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/modules/ecs-service/core-concepts.md#how-do-i-do-a-canary-deployment) ## Sample Usage @@ -146,7 +146,7 @@ Production-ready sample code from the Reference Architecture: module "ecs_service" { - source = "git::git@github.com:gruntwork-io/terraform-aws-ecs.git//modules/ecs-service?ref=v0.35.7" + source = "git::git@github.com:gruntwork-io/terraform-aws-ecs.git//modules/ecs-service?ref=v0.35.8" # ---------------------------------------------------------------------------------------------------- # REQUIRED VARIABLES @@ -538,7 +538,7 @@ module "ecs_service" { # ------------------------------------------------------------------------------------------------------ terraform { - source = "git::git@github.com:gruntwork-io/terraform-aws-ecs.git//modules/ecs-service?ref=v0.35.7" + source = "git::git@github.com:gruntwork-io/terraform-aws-ecs.git//modules/ecs-service?ref=v0.35.8" } inputs = { @@ -1862,11 +1862,11 @@ If true, Terraform will wait for the service to reach a steady state—as in, th diff --git a/docs/reference/modules/terraform-aws-ecs/ecs-task-scheduler/ecs-task-scheduler.md b/docs/reference/modules/terraform-aws-ecs/ecs-task-scheduler/ecs-task-scheduler.md index d770452289..a0984f5949 100644 --- a/docs/reference/modules/terraform-aws-ecs/ecs-task-scheduler/ecs-task-scheduler.md +++ b/docs/reference/modules/terraform-aws-ecs/ecs-task-scheduler/ecs-task-scheduler.md @@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx'; import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx'; import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; - + # ECS Task Scheduler Module -View Source +View Source Release Notes @@ -26,7 +26,7 @@ This module provides two options for defining when ECS tasks will be run: * [Event Patterns](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-event-patterns.html) * [Schedule Expressions](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-create-rule-schedule.html#eb-rate-expressions) -In [variables.tf](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/modules/ecs-task-scheduler/variables.tf) there are two variables (`task_event_pattern` and `task_schedule_expression`) that can be provided in the module definition. At least one, but not both of these fields, must be provided. This is what is passed to the EventBridge rule to determine when to invoke your ECS task. +In [variables.tf](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/modules/ecs-task-scheduler/variables.tf) there are two variables (`task_event_pattern` and `task_schedule_expression`) that can be provided in the module definition. At least one, but not both of these fields, must be provided. This is what is passed to the EventBridge rule to determine when to invoke your ECS task. Note that this approach has AWS limitations with monitoring the event trigger and ECS task. AWS EventBridge fires the event but does not monitor whether the task ran successfully so if there is a failure, EventBridge does not attempt any retries or report failures. @@ -180,7 +180,7 @@ This module provides support for passing the following additional inputs and ove } ``` -See [variables.tf](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.7/modules/ecs-task-scheduler/variables.tf) for specific variable definitions. +See [variables.tf](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35.8/modules/ecs-task-scheduler/variables.tf) for specific variable definitions. ## Sample Usage @@ -195,7 +195,7 @@ See [variables.tf](https://github.com/gruntwork-io/terraform-aws-ecs/tree/v0.35. module "ecs_task_scheduler" { - source = "git::git@github.com:gruntwork-io/terraform-aws-ecs.git//modules/ecs-task-scheduler?ref=v0.35.7" + source = "git::git@github.com:gruntwork-io/terraform-aws-ecs.git//modules/ecs-task-scheduler?ref=v0.35.8" # ---------------------------------------------------------------------------------------------------- # REQUIRED VARIABLES @@ -277,7 +277,7 @@ module "ecs_task_scheduler" { # ------------------------------------------------------------------------------------------------------ terraform { - source = "git::git@github.com:gruntwork-io/terraform-aws-ecs.git//modules/ecs-task-scheduler?ref=v0.35.7" + source = "git::git@github.com:gruntwork-io/terraform-aws-ecs.git//modules/ecs-task-scheduler?ref=v0.35.8" } inputs = { @@ -547,11 +547,11 @@ The scheduling expression to use (rate or cron - see README for usage examples). diff --git a/docs/reference/modules/terraform-aws-security/auto-update/auto-update.md b/docs/reference/modules/terraform-aws-security/auto-update/auto-update.md index 8e5514b493..0aef5aa086 100644 --- a/docs/reference/modules/terraform-aws-security/auto-update/auto-update.md +++ b/docs/reference/modules/terraform-aws-security/auto-update/auto-update.md @@ -13,7 +13,7 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # Security Modules -View Source +View Source Release Notes @@ -37,23 +37,23 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr ### Core concepts -* [How to install Auto Update](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/auto-update/core-concepts.md#installation) +* [How to install Auto Update](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/auto-update/core-concepts.md#installation) -* [How Auto Update works on Ubuntu](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/auto-update/core-concepts.md#ubuntu-support) +* [How Auto Update works on Ubuntu](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/auto-update/core-concepts.md#ubuntu-support) -* [How Auto Update works on Amazon Linux and CentOS](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/auto-update/core-concepts.md#amazon-linux-and-centos-support) +* [How Auto Update works on Amazon Linux and CentOS](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/auto-update/core-concepts.md#amazon-linux-and-centos-support) -* [Auto Update Limitations](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/auto-update/core-concepts.md#limitations) +* [Auto Update Limitations](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/auto-update/core-concepts.md#limitations) -* [Core Security Concepts](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/README.adoc#core-concepts) +* [Core Security Concepts](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/README.adoc#core-concepts) ### Repo organization -* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules. +* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules. -* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/examples): This folder contains working examples of how to use the submodules. +* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/examples): This folder contains working examples of how to use the submodules. -* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/test): Automated tests for the modules and examples. +* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/test): Automated tests for the modules and examples. ## Deploy @@ -61,7 +61,7 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr If you just want to try this repo out for experimenting and learning, check out the following resources: -* [auto-update example](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/examples/auto-update): The `examples/auto-update` folder contains sample code optimized for learning, experimenting, and testing (but not production usage). +* [auto-update example](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/examples/auto-update): The `examples/auto-update` folder contains sample code optimized for learning, experimenting, and testing (but not production usage). ### Production deployment @@ -73,11 +73,11 @@ If you want to deploy this repo in production, check out the following resources diff --git a/docs/reference/modules/terraform-aws-security/aws-auth/aws-auth.md b/docs/reference/modules/terraform-aws-security/aws-auth/aws-auth.md index 058fc5a788..c566e6b95e 100644 --- a/docs/reference/modules/terraform-aws-security/aws-auth/aws-auth.md +++ b/docs/reference/modules/terraform-aws-security/aws-auth/aws-auth.md @@ -13,7 +13,7 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # AWS Auth Helper -View Source +View Source Release Notes @@ -175,7 +175,7 @@ eval $(aws-auth --serial-number arn:aws:iam::123456789011:mfa/jondoe --token-cod If you store your secrets in a CLI-friendly password manager, such as [pass](https://www.passwordstore.org/), [lpass](https://github.com/lastpass/lastpass-cli) or -[1Password CLI](https://support.1password.com/command-line-getting-started/), then you can reduce this even further! Instructions on how to set this up for Lastpass / `lpass` can be found [here](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/aws-auth/AWS-AUTH-LASTPASS.md) and 1Password / `op` [here](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/aws-auth/AWS-AUTH-1PASSWORD.md). +[1Password CLI](https://support.1password.com/command-line-getting-started/), then you can reduce this even further! Instructions on how to set this up for Lastpass / `lpass` can be found [here](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/aws-auth/AWS-AUTH-LASTPASS.md) and 1Password / `op` [here](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/aws-auth/AWS-AUTH-1PASSWORD.md). First, store your permanent AWS credentials in `pass`: @@ -250,11 +250,11 @@ If you you need to run `aws-auth` with a cronjob, you may want to set the `$USER diff --git a/docs/reference/modules/terraform-aws-security/aws-config-bucket/aws-config-bucket.md b/docs/reference/modules/terraform-aws-security/aws-config-bucket/aws-config-bucket.md index f5f6c5fbef..9e72b8ac42 100644 --- a/docs/reference/modules/terraform-aws-security/aws-config-bucket/aws-config-bucket.md +++ b/docs/reference/modules/terraform-aws-security/aws-config-bucket/aws-config-bucket.md @@ -13,15 +13,15 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # AWS Config Bucket -View Source +View Source Release Notes This module creates an S3 bucket for storing AWS Config data, including all the appropriate lifecycle, encryption, and permission settings for AWS Config. -This module is not meant to be used directly. Instead, it's used under the hood in the [aws-config](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/aws-config) -and [account-baseline-root](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/account-baseline-root) modules. Please see those modules for more information. +This module is not meant to be used directly. Instead, it's used under the hood in the [aws-config](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/aws-config) +and [account-baseline-root](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/account-baseline-root) modules. Please see those modules for more information. ## Sample Usage @@ -497,11 +497,11 @@ The name of the S3 bucket used by AWS Config to store configuration items. diff --git a/docs/reference/modules/terraform-aws-security/aws-config-multi-region/aws-config-multi-region.md b/docs/reference/modules/terraform-aws-security/aws-config-multi-region/aws-config-multi-region.md index a805fe20a2..df8f1de3c3 100644 --- a/docs/reference/modules/terraform-aws-security/aws-config-multi-region/aws-config-multi-region.md +++ b/docs/reference/modules/terraform-aws-security/aws-config-multi-region/aws-config-multi-region.md @@ -13,11 +13,11 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # AWS Config Multi Region Module -View Source +View Source Release Notes -This module wraps the [aws-config core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/aws-config/README.md) to configure [AWS Config](https://aws.amazon.com/config/) in all enabled regions for the AWS Account, and optionally can aggregate AWS Config across multiple accounts. +This module wraps the [aws-config core module](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/aws-config/README.md) to configure [AWS Config](https://aws.amazon.com/config/) in all enabled regions for the AWS Account, and optionally can aggregate AWS Config across multiple accounts. ![multi account multi region aws config](/img/reference/modules/terraform-aws-security/aws-config-multi-region/multi-account-multi-region-aws-config.png) @@ -45,25 +45,25 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr ### Core concepts -* Learn more about AWS Config in the [aws-config core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/aws-config/README.adoc). +* Learn more about AWS Config in the [aws-config core module](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/aws-config/README.adoc). -* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/codegen/core-concepts.md#how-to-use-a-multi-region-module) +* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/codegen/core-concepts.md#how-to-use-a-multi-region-module) ### Repo organization -* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules. +* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules. -* [codegen](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/codegen): Code generation utilities that help generate modules in this repo. +* [codegen](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/codegen): Code generation utilities that help generate modules in this repo. -* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/examples): This folder contains working examples of how to use the submodules. +* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/examples): This folder contains working examples of how to use the submodules. -* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/test): Automated tests for the modules and examples. +* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/test): Automated tests for the modules and examples. ## Deploy * [How to configure a production-grade AWS account structure](https://gruntwork.io/guides/foundations/how-to-configure-production-grade-aws-account-structure/) -* [How does Config work with multiple AWS accounts and multiple regions?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/aws-config-multi-region/core-concepts.md#how-does-config-work-with-multiple-aws-accounts-and-multiple-regions) +* [How does Config work with multiple AWS accounts and multiple regions?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/aws-config-multi-region/core-concepts.md#how-does-config-work-with-multiple-aws-accounts-and-multiple-regions) ## Sample Usage @@ -1311,11 +1311,11 @@ The ARNs of the SNS Topic used by the config notifications. diff --git a/docs/reference/modules/terraform-aws-security/aws-config-rules/aws-config-rules.md b/docs/reference/modules/terraform-aws-security/aws-config-rules/aws-config-rules.md index 3acb34d7ce..259429bed1 100644 --- a/docs/reference/modules/terraform-aws-security/aws-config-rules/aws-config-rules.md +++ b/docs/reference/modules/terraform-aws-security/aws-config-rules/aws-config-rules.md @@ -13,7 +13,7 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # AWS Organizations Config Rules -View Source +View Source Release Notes @@ -41,27 +41,27 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr ### Core concepts -* [What is AWS Organizations?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/aws-organizations/core-concepts.md#what-is-aws-organizations) +* [What is AWS Organizations?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/aws-organizations/core-concepts.md#what-is-aws-organizations) -* [What is AWS Config?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/aws-config/core-concepts.md#what-is-aws-config) +* [What is AWS Config?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/aws-config/core-concepts.md#what-is-aws-config) -* [What are Config Rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/aws-config/core-concepts.md#what-are-config-rules) +* [What are Config Rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/aws-config/core-concepts.md#what-are-config-rules) -* [What are Managed Config Rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/aws-config-rules/core-concepts.md#what-are-managed-config-rules) +* [What are Managed Config Rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/aws-config-rules/core-concepts.md#what-are-managed-config-rules) -* [How do Organization-Level Config Rules Compare to Account-Level Config Rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/aws-config-rules/core-concepts.md#how-do-organization-level-config-rules-compare-to-account-level-config-rules) +* [How do Organization-Level Config Rules Compare to Account-Level Config Rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/aws-config-rules/core-concepts.md#how-do-organization-level-config-rules-compare-to-account-level-config-rules) -* [What resources does this module create?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/aws-config-rules/core-concepts.md#what-resources-does-this-module-create) +* [What resources does this module create?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/aws-config-rules/core-concepts.md#what-resources-does-this-module-create) * [How to configure a production-grade AWS account structure](https://gruntwork.io/guides/foundations/how-to-configure-production-grade-aws-account-structure/) ### Repo organization -* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules. +* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules. -* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/examples): This folder contains working examples of how to use the submodules. +* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/examples): This folder contains working examples of how to use the submodules. -* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/test): Automated tests for the modules and examples. +* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/test): Automated tests for the modules and examples. ## Deploy @@ -69,7 +69,7 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr If you just want to try this repo out for experimenting and learning, check out the following resources: -* [examples/aws-config-rules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/examples/aws-config-rules): The `examples/aws-organizations-config-rules` folder contains sample code optimized for learning, experimenting, and testing (but not production usage). +* [examples/aws-config-rules](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/examples/aws-config-rules): The `examples/aws-organizations-config-rules` folder contains sample code optimized for learning, experimenting, and testing (but not production usage). ### Production deployment @@ -83,11 +83,11 @@ If you want to deploy this repo in production, check out the following resources ### Day-to-day operations -* [How do I configure the rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/aws-config-rules/core-concepts.md#how-do-i-configure-the-rules) +* [How do I configure the rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/aws-config-rules/core-concepts.md#how-do-i-configure-the-rules) -* [How do I add additional rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/aws-config-rules/core-concepts.md#how-do-i-add-additional-rules) +* [How do I add additional rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/aws-config-rules/core-concepts.md#how-do-i-add-additional-rules) -* [How do I exclude specific accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/aws-config-rules/core-concepts.md#how-do-i-exclude-specific-accounts) +* [How do I exclude specific accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/aws-config-rules/core-concepts.md#how-do-i-exclude-specific-accounts) ## Sample Usage @@ -678,11 +678,11 @@ Map of config rule ARNs. Key is rule ID, value is rule ARN diff --git a/docs/reference/modules/terraform-aws-security/aws-config/aws-config.md b/docs/reference/modules/terraform-aws-security/aws-config/aws-config.md index c0b1c67c46..780e485c14 100644 --- a/docs/reference/modules/terraform-aws-security/aws-config/aws-config.md +++ b/docs/reference/modules/terraform-aws-security/aws-config/aws-config.md @@ -13,7 +13,7 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # AWS Config -View Source +View Source Release Notes @@ -39,19 +39,19 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr ### Core concepts -* [What is AWS Config?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/aws-config/core-concepts.md#what-is-aws-config) +* [What is AWS Config?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/aws-config/core-concepts.md#what-is-aws-config) -* [What are Config Rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/aws-config/core-concepts.md#what-are-config-rules) +* [What are Config Rules?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/aws-config/core-concepts.md#what-are-config-rules) -* [What resources does this module create?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/aws-config/core-concepts.md#what-resources-does-this-module-create) +* [What resources does this module create?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/aws-config/core-concepts.md#what-resources-does-this-module-create) ### Repo organization -* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules. +* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules. -* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/examples): This folder contains working examples of how to use the submodules. +* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/examples): This folder contains working examples of how to use the submodules. -* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/test): Automated tests for the modules and examples. +* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/test): Automated tests for the modules and examples. ## Deploy @@ -59,7 +59,7 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr If you just want to try this repo out for experimenting and learning, check out the following resources: -* [examples/aws-config](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/examples/aws-config): The `examples/aws-config` folder contains sample code optimized for learning, experimenting, and testing (but not production usage). +* [examples/aws-config](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/examples/aws-config): The `examples/aws-config` folder contains sample code optimized for learning, experimenting, and testing (but not production usage). ### Production deployment @@ -71,9 +71,9 @@ If you want to deploy this repo in production, check out the following resources ### Day-to-day operations -* [What does a configuration item look like, and how do I view it?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/aws-config/core-concepts.md#what-does-a-configuration-item-look-like-and-how-do-i-view-it) +* [What does a configuration item look like, and how do I view it?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/aws-config/core-concepts.md#what-does-a-configuration-item-look-like-and-how-do-i-view-it) -* [How does Config work with multiple AWS accounts and multiple regions?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/aws-config-multi-region/core-concepts.md#how-does-config-work-with-multiple-aws-accounts-and-multiple-regions) +* [How does Config work with multiple AWS accounts and multiple regions?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/aws-config-multi-region/core-concepts.md#how-does-config-work-with-multiple-aws-accounts-and-multiple-regions) ## Sample Usage @@ -966,11 +966,11 @@ The ARN of the SNS topic to which Config delivers notifications. diff --git a/docs/reference/modules/terraform-aws-security/aws-organizations/aws-organizations.md b/docs/reference/modules/terraform-aws-security/aws-organizations/aws-organizations.md index 2579e5ebe8..8c85fe4a7e 100644 --- a/docs/reference/modules/terraform-aws-security/aws-organizations/aws-organizations.md +++ b/docs/reference/modules/terraform-aws-security/aws-organizations/aws-organizations.md @@ -13,7 +13,7 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # AWS Organizations -View Source +View Source Release Notes @@ -39,23 +39,23 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr ### Core concepts -* [What is AWS Organizations?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/aws-organizations/core-concepts.md#what-is-aws-organizations) +* [What is AWS Organizations?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/aws-organizations/core-concepts.md#what-is-aws-organizations) -* [What is a Root account?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/aws-organizations/core-concepts.md#what-is-a-root-account) +* [What is a Root account?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/aws-organizations/core-concepts.md#what-is-a-root-account) -* [What are Organization Accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/aws-organizations/core-concepts.md#what-are-organization-accounts) +* [What are Organization Accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/aws-organizations/core-concepts.md#what-are-organization-accounts) -* [What resources does this module create?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/aws-organizations/core-concepts.md#what-resources-does-this-module-create) +* [What resources does this module create?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/aws-organizations/core-concepts.md#what-resources-does-this-module-create) * [How to configure a production-grade AWS account structure](https://gruntwork.io/guides/foundations/how-to-configure-production-grade-aws-account-structure/) ### Repo organization -* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules. +* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules. -* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/examples): This folder contains working examples of how to use the submodules. +* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/examples): This folder contains working examples of how to use the submodules. -* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/test): Automated tests for the modules and examples. +* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/test): Automated tests for the modules and examples. ## Deploy @@ -63,7 +63,7 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr If you just want to try this repo out for experimenting and learning, check out the following resources: -* [examples/aws-organizations](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/examples/aws-organizations): The `examples/aws-organizations` folder contains sample code optimized for learning, experimenting, and testing (but not production usage). +* [examples/aws-organizations](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/examples/aws-organizations): The `examples/aws-organizations` folder contains sample code optimized for learning, experimenting, and testing (but not production usage). ### Production deployment @@ -77,9 +77,9 @@ If you want to deploy this repo in production, check out the following resources ### Day-to-day operations -* [How do I provision new accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/aws-organizations/core-concepts.md#how-do-i-provision-new-accounts) +* [How do I provision new accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/aws-organizations/core-concepts.md#how-do-i-provision-new-accounts) -* [How do I remove accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/aws-organizations/core-concepts.md#how-do-i-remove-accounts) +* [How do I remove accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/aws-organizations/core-concepts.md#how-do-i-remove-accounts) ## Sample Usage @@ -424,11 +424,11 @@ Identifier of the root of this organization. diff --git a/docs/reference/modules/terraform-aws-security/cloudtrail-bucket/cloudtrail-bucket.md b/docs/reference/modules/terraform-aws-security/cloudtrail-bucket/cloudtrail-bucket.md index f44d27741b..ad1f35a128 100644 --- a/docs/reference/modules/terraform-aws-security/cloudtrail-bucket/cloudtrail-bucket.md +++ b/docs/reference/modules/terraform-aws-security/cloudtrail-bucket/cloudtrail-bucket.md @@ -13,17 +13,17 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # CloudTrail Bucket -View Source +View Source Release Notes This module creates an S3 bucket for storing CloudTrail data and a KMS Customer Master Key (CMK) for encrypting that data, including all the appropriate lifecycle, encryption, and permission settings for CloudTrail. -This module is used under the hood in the [cloudtrail](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/cloudtrail) -and [account-baseline-root](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/account-baseline-root) modules. +This module is used under the hood in the [cloudtrail](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/cloudtrail) +and [account-baseline-root](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/account-baseline-root) modules. -It can also be used directly when configuring cross account access, for example when it is desirable to [have the central Cloudtrail S3 bucket exist outside of the management account.](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/cloudtrail/core-concepts.md#multi-account-cloudtrail-setup-storing-the-cloudtrail-bucket-in-an-account-other-than-the-management-account) +It can also be used directly when configuring cross account access, for example when it is desirable to [have the central Cloudtrail S3 bucket exist outside of the management account.](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/cloudtrail/core-concepts.md#multi-account-cloudtrail-setup-storing-the-cloudtrail-bucket-in-an-account-other-than-the-management-account) ## Sample Usage @@ -907,11 +907,11 @@ The name of the S3 bucket where cloudtrail logs are delivered. diff --git a/docs/reference/modules/terraform-aws-security/cloudtrail/cloudtrail.md b/docs/reference/modules/terraform-aws-security/cloudtrail/cloudtrail.md index 793f6e3cdc..187d5037ea 100644 --- a/docs/reference/modules/terraform-aws-security/cloudtrail/cloudtrail.md +++ b/docs/reference/modules/terraform-aws-security/cloudtrail/cloudtrail.md @@ -13,7 +13,7 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # AWS CloudTrail -View Source +View Source Release Notes @@ -39,25 +39,25 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr ### Core concepts -* [What is CloudTrail?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/cloudtrail/core-concepts.md#what-is-cloudtrail) +* [What is CloudTrail?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/cloudtrail/core-concepts.md#what-is-cloudtrail) -* [Why use CloudTrail?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/cloudtrail/core-concepts.md#why-use-cloudtrail) +* [Why use CloudTrail?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/cloudtrail/core-concepts.md#why-use-cloudtrail) -* [What is a CloudTrail Trail?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/cloudtrail/core-concepts.md#what-is-a-cloudtrail-trail) +* [What is a CloudTrail Trail?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/cloudtrail/core-concepts.md#what-is-a-cloudtrail-trail) -* [What’s the difference between CloudTrail and AWS Config?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/cloudtrail/core-concepts.md#whats-the-difference-between-cloudtrail-and-aws-config) +* [What’s the difference between CloudTrail and AWS Config?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/cloudtrail/core-concepts.md#whats-the-difference-between-cloudtrail-and-aws-config) -* [CloudTrail Threat Model](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/cloudtrail/core-concepts.md#cloudtrail-threat-model) +* [CloudTrail Threat Model](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/cloudtrail/core-concepts.md#cloudtrail-threat-model) -* [What resources does this module create?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/cloudtrail/core-concepts.md#resources-created) +* [What resources does this module create?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/cloudtrail/core-concepts.md#resources-created) ### Repo organization -* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules. +* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules. -* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/examples): This folder contains working examples of how to use the submodules. +* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/examples): This folder contains working examples of how to use the submodules. -* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/test): Automated tests for the modules and examples. +* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/test): Automated tests for the modules and examples. ## Deploy @@ -65,7 +65,7 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr If you just want to try this repo out for experimenting and learning, check out the following resources: -* [examples/cloudtrail](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/examples/cloudtrail): The `examples/cloudtrail` folder contains sample code optimized for learning, experimenting, and testing (but not production usage). +* [examples/cloudtrail](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/examples/cloudtrail): The `examples/cloudtrail` folder contains sample code optimized for learning, experimenting, and testing (but not production usage). ### Production deployment @@ -81,15 +81,15 @@ If you want to deploy this repo in production, check out the following resources ### Day-to-day operations -* [Where are CloudTrail logs stored?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/cloudtrail/core-concepts.md#where-are-cloudtrail-logs-stored) +* [Where are CloudTrail logs stored?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/cloudtrail/core-concepts.md#where-are-cloudtrail-logs-stored) -* [What kind of data do CloudTrail log entries contain?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/cloudtrail/core-concepts.md#what-kind-of-data-do-cloudtrail-log-entries-contain) +* [What kind of data do CloudTrail log entries contain?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/cloudtrail/core-concepts.md#what-kind-of-data-do-cloudtrail-log-entries-contain) -* [What’s the best way to view CloudTrail Log Data?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/cloudtrail/core-concepts.md#whats-the-best-way-to-view-cloudtrail-log-data) +* [What’s the best way to view CloudTrail Log Data?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/cloudtrail/core-concepts.md#whats-the-best-way-to-view-cloudtrail-log-data) ### Major changes -* [Can you get alerted when certain API events occur?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/cloudtrail/core-concepts.md#can-you-get-alerted-when-certain-api-events-occur) +* [Can you get alerted when certain API events occur?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/cloudtrail/core-concepts.md#can-you-get-alerted-when-certain-api-events-occur) ## Sample Usage @@ -1405,11 +1405,11 @@ The name of the cloudtrail trail. diff --git a/docs/reference/modules/terraform-aws-security/cross-account-iam-roles/cross-account-iam-roles.md b/docs/reference/modules/terraform-aws-security/cross-account-iam-roles/cross-account-iam-roles.md index 266cf6ea18..2d2accb4d9 100644 --- a/docs/reference/modules/terraform-aws-security/cross-account-iam-roles/cross-account-iam-roles.md +++ b/docs/reference/modules/terraform-aws-security/cross-account-iam-roles/cross-account-iam-roles.md @@ -13,7 +13,7 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # A best-practices set of IAM roles for cross-account access -View Source +View Source Release Notes @@ -34,7 +34,7 @@ This module creates the following IAM roles (all optional): These IAM Roles are intended to be assumed by human users (i.e., IAM Users in another AWS account). The default maximum session expiration for these roles is 12 hours (configurable via the `var.max_session_duration_human_users`). Note that these are the *maximum* session expirations; the actual value for session expiration is specified when -making API calls to assume the IAM role (see [aws-auth](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/aws-auth)). +making API calls to assume the IAM role (see [aws-auth](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/aws-auth)). * **allow-read-only-access-from-other-accounts**: Users from the accounts in `var.allow_read_only_access_from_other_account_arns` will get read-only access to all services in this account. @@ -65,11 +65,11 @@ making API calls to assume the IAM role (see [aws-auth](https://github.com/grunt These IAM Roles are intended to be assumed by machine users (i.e., an EC2 Instance in another AWS account). The default maximum session expiration for these roles is 1 hour (configurable via the `var.max_session_duration_machine_users`). Note that these are the *maximum* session expirations; the actual value for session expiration is specified when -making API calls to assume the IAM role (see [aws-auth](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/aws-auth)). +making API calls to assume the IAM role (see [aws-auth](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/aws-auth)). * **allow-ssh-grunt-access-from-other-accounts**: Users (or more likely, EC2 Instances) from the accounts in `var.allow_ssh_grunt_access_from_other_account_arns` will get read access to IAM Groups and public SSH keys. This is - useful to allow [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/ssh-grunt) running on EC2 Instances in other AWS accounts to validate SSH + useful to allow [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/ssh-grunt) running on EC2 Instances in other AWS accounts to validate SSH connections against IAM users defined in this AWS account. * **allow-auto-deploy-access-from-other-accounts**: Users from the accounts in `var.allow_auto_deploy_from_other_account_arns` @@ -96,7 +96,7 @@ roles with the AWS CLI takes quite a few steps, so use the [aws-auth script](htt ## Background Information For background information on IAM, IAM users, IAM policies, and more, check out the [background information docs in -the iam-policies module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/iam-policies#background-information). +the iam-policies module](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/iam-policies#background-information). ## Sample Usage @@ -1087,11 +1087,11 @@ When true, all IAM policies will be managed as dedicated policies rather than in diff --git a/docs/reference/modules/terraform-aws-security/custom-iam-entity/custom-iam-entity.md b/docs/reference/modules/terraform-aws-security/custom-iam-entity/custom-iam-entity.md index 3f9d12e0fd..e0ee7dfb05 100644 --- a/docs/reference/modules/terraform-aws-security/custom-iam-entity/custom-iam-entity.md +++ b/docs/reference/modules/terraform-aws-security/custom-iam-entity/custom-iam-entity.md @@ -13,11 +13,11 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # Custom IAM Entity -View Source +View Source Release Notes -This Gruntwork Terraform Module creates an IAM group and/or role and attaches a provided set of IAM managed policies to the group. This can be used in conjunction with the [iam-groups](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/iam-groups), [cross-account-iam-roles](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/cross-account-iam-roles), and [saml-iam-roles](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/saml-iam-roles) modules which create a set of groups and roles with smart defaults. Use this module to easily create IAM groups and roles with a defined set of permissions. +This Gruntwork Terraform Module creates an IAM group and/or role and attaches a provided set of IAM managed policies to the group. This can be used in conjunction with the [iam-groups](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/iam-groups), [cross-account-iam-roles](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/cross-account-iam-roles), and [saml-iam-roles](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/saml-iam-roles) modules which create a set of groups and roles with smart defaults. Use this module to easily create IAM groups and roles with a defined set of permissions. ### Requirements @@ -25,7 +25,7 @@ This Gruntwork Terraform Module creates an IAM group and/or role and attaches a ### Instructions -Check out the [custom-iam-entity example](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/examples/custom-iam-entity) for a working example. +Check out the [custom-iam-entity example](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/examples/custom-iam-entity) for a working example. #### Resources Created @@ -36,7 +36,7 @@ If neither role nor group are provided, this module does nothing. #### Resources NOT Created -* **IAM users** - This module does not create any IAM Users, nor assign any existing IAM Users to IAM Groups. You can use the [iam-users module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/iam-users) to create users. +* **IAM users** - This module does not create any IAM Users, nor assign any existing IAM Users to IAM Groups. You can use the [iam-users module](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/iam-users) to create users. * **IAM policies** - This module only attaches policies by ARN or by name. It does not create any new policies. #### MFA support @@ -51,7 +51,7 @@ The reason for this difference is difficult to explain, but boils down to limita ## Background Information For background information on IAM, IAM users, IAM policies, and more, check out the [background information docs in -the iam-policies module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/iam-policies#background-information). +the iam-policies module](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/iam-policies#background-information). ## Sample Usage @@ -486,11 +486,11 @@ The name of the IAM role. diff --git a/docs/reference/modules/terraform-aws-security/ebs-encryption-multi-region/ebs-encryption-multi-region.md b/docs/reference/modules/terraform-aws-security/ebs-encryption-multi-region/ebs-encryption-multi-region.md index 0b2309ec7d..8f976e53d2 100644 --- a/docs/reference/modules/terraform-aws-security/ebs-encryption-multi-region/ebs-encryption-multi-region.md +++ b/docs/reference/modules/terraform-aws-security/ebs-encryption-multi-region/ebs-encryption-multi-region.md @@ -13,11 +13,11 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # EBS Encryption Multi Region Module -View Source +View Source Release Notes -This module wraps the [ebs-encryption core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/ebs-encryption/README.md) to configure [AWS EBS encryption](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in all enabled regions for the AWS Account. +This module wraps the [ebs-encryption core module](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/ebs-encryption/README.md) to configure [AWS EBS encryption](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) in all enabled regions for the AWS Account. ## Features @@ -37,17 +37,17 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr * [AWS blog: Opt-in to Default Encryption for New EBS Volumes](https://aws.amazon.com/blogs/aws/new-opt-in-to-default-encryption-for-new-ebs-volumes/) -* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/codegen/core-concepts.md#how-to-use-a-multi-region-module) +* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/codegen/core-concepts.md#how-to-use-a-multi-region-module) ### Repo organization -* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules. +* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules. -* [codegen](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/codegen): Code generation utilities that help generate modules in this repo. +* [codegen](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/codegen): Code generation utilities that help generate modules in this repo. -* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/examples): This folder contains working examples of how to use the submodules. +* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/examples): This folder contains working examples of how to use the submodules. -* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/test): Automated tests for the modules and examples. +* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/test): Automated tests for the modules and examples. ## Deploy @@ -219,11 +219,11 @@ A map from region to the ARN of the KMS key used for default EBS encryption for diff --git a/docs/reference/modules/terraform-aws-security/ebs-encryption/ebs-encryption.md b/docs/reference/modules/terraform-aws-security/ebs-encryption/ebs-encryption.md index b941ae5279..2d3a7db948 100644 --- a/docs/reference/modules/terraform-aws-security/ebs-encryption/ebs-encryption.md +++ b/docs/reference/modules/terraform-aws-security/ebs-encryption/ebs-encryption.md @@ -13,14 +13,14 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # Elastic Block Storage Encryption -View Source +View Source Release Notes This module configures EC2 Elastic Block Storage encryption defaults, allowing encryption to be enabled for all new EBS volumes and selection of a KMS Customer Managed Key to use by default. -This module is not meant to be used directly. Instead, it's used under the hood in the [account-baseline-\*](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules) +This module is not meant to be used directly. Instead, it's used under the hood in the [account-baseline-\*](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules) modules. Please see those modules for more information. ## Background Information @@ -188,11 +188,11 @@ The default KMS key used for EBS encryption. diff --git a/docs/reference/modules/terraform-aws-security/fail2ban/fail2ban.md b/docs/reference/modules/terraform-aws-security/fail2ban/fail2ban.md index 3494636db7..a6f083c1bc 100644 --- a/docs/reference/modules/terraform-aws-security/fail2ban/fail2ban.md +++ b/docs/reference/modules/terraform-aws-security/fail2ban/fail2ban.md @@ -13,7 +13,7 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # Fail2Ban Module -View Source +View Source Release Notes @@ -28,11 +28,11 @@ Instance. diff --git a/docs/reference/modules/terraform-aws-security/github-actions-iam-role/github-actions-iam-role.md b/docs/reference/modules/terraform-aws-security/github-actions-iam-role/github-actions-iam-role.md index f6477a3d1e..f97733003d 100644 --- a/docs/reference/modules/terraform-aws-security/github-actions-iam-role/github-actions-iam-role.md +++ b/docs/reference/modules/terraform-aws-security/github-actions-iam-role/github-actions-iam-role.md @@ -13,7 +13,7 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # IAM Role for GitHub Actions -View Source +View Source Release Notes @@ -537,11 +537,11 @@ The name of the IAM role. diff --git a/docs/reference/modules/terraform-aws-security/guardduty-multi-region/guardduty-multi-region.md b/docs/reference/modules/terraform-aws-security/guardduty-multi-region/guardduty-multi-region.md index 2c7157ebfa..bc9978cc51 100644 --- a/docs/reference/modules/terraform-aws-security/guardduty-multi-region/guardduty-multi-region.md +++ b/docs/reference/modules/terraform-aws-security/guardduty-multi-region/guardduty-multi-region.md @@ -13,15 +13,15 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # AWS GuardDuty Multi Region Module -View Source +View Source Release Notes -This module wraps the [guardduty core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/guardduty/README.adoc) to configure [AWS GuardDuty](https://aws.amazon.com/guardduty/) in all enabled regions for the AWS Account. +This module wraps the [guardduty core module](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/guardduty/README.adoc) to configure [AWS GuardDuty](https://aws.amazon.com/guardduty/) in all enabled regions for the AWS Account. ## Features -* Uses the [guardduty module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/guardduty) to enable AWS GuardDuty across all regions (recommended best practice) on your AWS account +* Uses the [guardduty module](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/guardduty) to enable AWS GuardDuty across all regions (recommended best practice) on your AWS account * Continuously monitor your AWS account for malicious activity and unauthorized behavior @@ -37,19 +37,19 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr ### Core concepts -* Learn more about GuardDuty in the [guardduty core module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/guardduty/README.adoc). +* Learn more about GuardDuty in the [guardduty core module](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/guardduty/README.adoc). -* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/codegen/core-concepts.md#how-to-use-a-multi-region-module) +* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/codegen/core-concepts.md#how-to-use-a-multi-region-module) ### Repo organization -* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules. +* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules. -* [codegen](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/codegen): Code generation utilities that help generate modules in this repo. +* [codegen](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/codegen): Code generation utilities that help generate modules in this repo. -* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/examples): This folder contains working examples of how to use the submodules. +* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/examples): This folder contains working examples of how to use the submodules. -* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/test): Automated tests for the modules and examples. +* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/test): Automated tests for the modules and examples. ## Deploy @@ -356,11 +356,11 @@ The IDs of the GuardDuty detectors. diff --git a/docs/reference/modules/terraform-aws-security/guardduty/guardduty.md b/docs/reference/modules/terraform-aws-security/guardduty/guardduty.md index c179711642..bc935930e3 100644 --- a/docs/reference/modules/terraform-aws-security/guardduty/guardduty.md +++ b/docs/reference/modules/terraform-aws-security/guardduty/guardduty.md @@ -13,7 +13,7 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # AWS GuardDuty -View Source +View Source Release Notes @@ -37,29 +37,29 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr ### Core concepts -* [What Is GuardDuty?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/guardduty/core-concepts.md#what-is-guardduty) +* [What Is GuardDuty?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/guardduty/core-concepts.md#what-is-guardduty) -* [Why Use GuardDuty?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/guardduty/core-concepts.md#why-use-guardduty) +* [Why Use GuardDuty?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/guardduty/core-concepts.md#why-use-guardduty) -* [What Is A Finding?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/guardduty/core-concepts.md#what-is-a-finding) +* [What Is A Finding?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/guardduty/core-concepts.md#what-is-a-finding) -* [Where Should I Enable GuardDuty?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/guardduty/core-concepts.md#where-should-i-enable-guardduty) +* [Where Should I Enable GuardDuty?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/guardduty/core-concepts.md#where-should-i-enable-guardduty) -* [Resources Created](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/guardduty/core-concepts.md#resources-created) +* [Resources Created](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/guardduty/core-concepts.md#resources-created) -* [Gotchas](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/guardduty/core-concepts.md#gotchas) +* [Gotchas](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/guardduty/core-concepts.md#gotchas) -* [Known Issues](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/guardduty/core-concepts.md#known-issues) +* [Known Issues](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/guardduty/core-concepts.md#known-issues) ### Repo organization -* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules. +* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules. -* [codegen](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/codegen): Code generation utilities that help generate modules in this repo. +* [codegen](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/codegen): Code generation utilities that help generate modules in this repo. -* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/examples): This folder contains working examples of how to use the submodules. +* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/examples): This folder contains working examples of how to use the submodules. -* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/test): Automated tests for the modules and examples. +* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/test): Automated tests for the modules and examples. ## Deploy @@ -67,7 +67,7 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr If you just want to try this module out, check out the following resources: -* [guardduty example](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/examples/guardduty). +* [guardduty example](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/examples/guardduty). ### Production deployment @@ -75,7 +75,7 @@ If you want to deploy this module in production, check out the following resourc * ***Coming soon***. We have not yet added this module to the [Acme example Reference Architecture](https://github.com/gruntwork-io/infrastructure-modules-multi-account-acme). -* [Terraform Module to enable GuardDuty in all enabled regions of an AWS Account](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/guardduty-multi-region). +* [Terraform Module to enable GuardDuty in all enabled regions of an AWS Account](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/guardduty-multi-region). * [How to configure a production-grade AWS account structure](https://gruntwork.io/guides/foundations/how-to-configure-production-grade-aws-account-structure/) @@ -369,11 +369,11 @@ The ID of the GuardDuty detector. diff --git a/docs/reference/modules/terraform-aws-security/iam-access-analyzer-multi-region/iam-access-analyzer-multi-region.md b/docs/reference/modules/terraform-aws-security/iam-access-analyzer-multi-region/iam-access-analyzer-multi-region.md index 4b62f8a2ba..d70f216d84 100644 --- a/docs/reference/modules/terraform-aws-security/iam-access-analyzer-multi-region/iam-access-analyzer-multi-region.md +++ b/docs/reference/modules/terraform-aws-security/iam-access-analyzer-multi-region/iam-access-analyzer-multi-region.md @@ -13,7 +13,7 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # AWS IAM Access Analyzer -View Source +View Source Release Notes @@ -35,21 +35,21 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr ### Core concepts -* [What is the AWS IAM Access Analyzer?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/iam-access-analyzer-multi-region/core-concepts.md#what-is-the-aws-iam-access-analyzer?) +* [What is the AWS IAM Access Analyzer?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/iam-access-analyzer-multi-region/core-concepts.md#what-is-the-aws-iam-access-analyzer?) -* [What resources does IAM Access Analyzer analyze?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/iam-access-analyzer-multi-region/core-concepts.md#what-resources-does-iam-access-analyzer-analyze?) +* [What resources does IAM Access Analyzer analyze?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/iam-access-analyzer-multi-region/core-concepts.md#what-resources-does-iam-access-analyzer-analyze?) * [IAM Access Analyzer documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html) -* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/codegen/core-concepts.md#how-to-use-a-multi-region-module) +* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/codegen/core-concepts.md#how-to-use-a-multi-region-module) ### Repo organization -* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules. +* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules. -* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/examples): This folder contains working examples of how to use the submodules. +* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/examples): This folder contains working examples of how to use the submodules. -* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/test): Automated tests for the modules and examples. +* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/test): Automated tests for the modules and examples. ## Deploy @@ -57,13 +57,13 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr If you just want to try this out for experimenting and learning, check out the following resources: -* [examples folder](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage). +* [examples folder](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage). ## Manage -* [Who can manage the analyzer?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/iam-access-analyzer-multi-region/core-concepts.md#who-can-manage-the-analyzer?) +* [Who can manage the analyzer?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/iam-access-analyzer-multi-region/core-concepts.md#who-can-manage-the-analyzer?) -* [What to do with the access analyzer findings?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/iam-access-analyzer-multi-region/core-concepts.md#what-to-do-with-the-access-analyzer-findings?) +* [What to do with the access analyzer findings?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/iam-access-analyzer-multi-region/core-concepts.md#what-to-do-with-the-access-analyzer-findings?) ## Sample Usage @@ -158,11 +158,11 @@ inputs = { diff --git a/docs/reference/modules/terraform-aws-security/iam-groups/iam-groups.md b/docs/reference/modules/terraform-aws-security/iam-groups/iam-groups.md index ee13113d21..0cd8bb714c 100644 --- a/docs/reference/modules/terraform-aws-security/iam-groups/iam-groups.md +++ b/docs/reference/modules/terraform-aws-security/iam-groups/iam-groups.md @@ -13,7 +13,7 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # A Best-Practices Set of IAM Groups -View Source +View Source Release Notes @@ -52,7 +52,7 @@ This module optionally creates the following IAM Groups: since users can grant arbitrary permissions! * **use-existing-iam-roles:** IAM Users in this group can pass *existing* IAM Roles to AWS resources to which they have been granted access. These IAM Users cannot create *new* IAM Roles, only use existing ones. See - [the three levels of IAM permissions](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/iam-policies#the-three-levels-of-iam-permissions) for more information. + [the three levels of IAM permissions](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/iam-policies#the-three-levels-of-iam-permissions) for more information. * **ssh-grunt-sudo-users:** IAM Users in this group have SSH access with `sudo` privileges to any EC2 Instance configured to use this group to manage SSH logins. * **ssh-grunt-users:** IAM Users in this group have SSH access without `sudo` privileges to any EC2 Instance configured @@ -83,7 +83,7 @@ own account unless this IAM Policy is attached to his account. ### IAM Users -This module does not create any IAM Users, nor assign any existing IAM Users to IAM Groups. You can use the [iam-users module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/iam-users) to create users. +This module does not create any IAM Users, nor assign any existing IAM Users to IAM Groups. You can use the [iam-users module](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/iam-users) to create users. ### IAM Roles @@ -108,7 +108,7 @@ otherwise enable IAM Users to access the billing console: ## Background Information For background information on IAM, IAM users, IAM policies, and more, check out the [background information docs in -the iam-policies module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/iam-policies#background-information). +the iam-policies module](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/iam-policies#background-information). ## Sample Usage @@ -954,11 +954,11 @@ Should we create the IAM Group for user self-management? Allows users to manage diff --git a/docs/reference/modules/terraform-aws-security/iam-policies/iam-policies.md b/docs/reference/modules/terraform-aws-security/iam-policies/iam-policies.md index 2615bd0491..bb8969b0f5 100644 --- a/docs/reference/modules/terraform-aws-security/iam-policies/iam-policies.md +++ b/docs/reference/modules/terraform-aws-security/iam-policies/iam-policies.md @@ -13,7 +13,7 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # A Best-Practices Set of IAM Policy Documents -View Source +View Source Release Notes @@ -25,7 +25,7 @@ Note that these documents are Terraform [data sources](https://www.terraform.io/ so they don't create anything themselves and are not intended to be used on their own. The way to use them is to take the outputs from this module (which are all JSON IAM documents) and plug them into other Terraform resources, such as `aws_iam_policy`, `aws_iam_user_policy`, `aws_iam_group_policy`, and `aws_iam_role_policy`. See the -[iam-groups](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/iam-groups) and [cross-account-iam-roles](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/cross-account-iam-roles) modules for examples. +[iam-groups](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/iam-groups) and [cross-account-iam-roles](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/cross-account-iam-roles) modules for examples. If you're not familiar with IAM concepts, start with the [Background Information](#background-information) section as a way to familiarize yourself with the terminology. @@ -82,7 +82,7 @@ This module creates the following IAM Policy documents: certain IAM roles in other AWS accounts (e.g. stage, prod). The documents that are created and which IAM roles they have access to is controlled by the variable `var.allow_access_from_other_account_arns`. -* **ssh_grunt_permissions**: provides the permissions [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/ssh-grunt) needs to validate SSH keys with +* **ssh_grunt_permissions**: provides the permissions [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/ssh-grunt) needs to validate SSH keys with IAM. * **auto_deploy_permissions**: provides the permissions in `var.auto_deploy_permissions` to do automated deployment. @@ -681,11 +681,11 @@ If set to true, all the Policies created by this module that are used as Trust P diff --git a/docs/reference/modules/terraform-aws-security/iam-user-password-policy/iam-user-password-policy.md b/docs/reference/modules/terraform-aws-security/iam-user-password-policy/iam-user-password-policy.md index 84c75c8216..8027746fd7 100644 --- a/docs/reference/modules/terraform-aws-security/iam-user-password-policy/iam-user-password-policy.md +++ b/docs/reference/modules/terraform-aws-security/iam-user-password-policy/iam-user-password-policy.md @@ -13,7 +13,7 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # Set a Password Policy for IAM Users -View Source +View Source Release Notes @@ -336,11 +336,11 @@ Whether to require uppercase characters for user passwords. diff --git a/docs/reference/modules/terraform-aws-security/iam-users/iam-users.md b/docs/reference/modules/terraform-aws-security/iam-users/iam-users.md index f077334eaf..447b22e3ba 100644 --- a/docs/reference/modules/terraform-aws-security/iam-users/iam-users.md +++ b/docs/reference/modules/terraform-aws-security/iam-users/iam-users.md @@ -13,7 +13,7 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # IAM Users -View Source +View Source Release Notes @@ -508,11 +508,11 @@ A map of usernames to that user's AWS SSH Security Credential ID diff --git a/docs/reference/modules/terraform-aws-security/ip-lockdown/ip-lockdown.md b/docs/reference/modules/terraform-aws-security/ip-lockdown/ip-lockdown.md index 2677bcd5fb..ae29eebd9e 100644 --- a/docs/reference/modules/terraform-aws-security/ip-lockdown/ip-lockdown.md +++ b/docs/reference/modules/terraform-aws-security/ip-lockdown/ip-lockdown.md @@ -13,7 +13,7 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # ip-lockdown Module -View Source +View Source Release Notes @@ -33,7 +33,7 @@ In the example below we restrict access to [ec2-instance-metadata endpoint](http Normally users make a `curl` call to get metadata like the AWS region or credentials associated with this EC2 Instance's IAM Role. Following the invocation of ip-lockdown, only users foo, bar, and root can query that data. -The complete example of using terraform to deploy a generated AMI into your AWS account and automatically invoke `ip-lockdown` from the `User Data` is also available in the [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/examples/ip-lockdown/aws-example) folder. +The complete example of using terraform to deploy a generated AMI into your AWS account and automatically invoke `ip-lockdown` from the `User Data` is also available in the [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/examples/ip-lockdown/aws-example) folder. #### Installation @@ -62,11 +62,11 @@ gruntwork-install --module-name ip-lockdown --tag --re diff --git a/docs/reference/modules/terraform-aws-security/kms-cmk-replica/kms-cmk-replica.md b/docs/reference/modules/terraform-aws-security/kms-cmk-replica/kms-cmk-replica.md index aca1d9ec27..cd84422b2e 100644 --- a/docs/reference/modules/terraform-aws-security/kms-cmk-replica/kms-cmk-replica.md +++ b/docs/reference/modules/terraform-aws-security/kms-cmk-replica/kms-cmk-replica.md @@ -13,7 +13,7 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # KMS Customer Managed Key Multi-Region Replication module -View Source +View Source Release Notes @@ -22,7 +22,7 @@ Key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#custome [the multi-region replication feature of KMS](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html). -This module is intended to be used in conjunction with the [kms-master-key module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/kms-master-key) to replicate a KMS +This module is intended to be used in conjunction with the [kms-master-key module](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/kms-master-key) to replicate a KMS key managed with that module to other regions. Note that the KMS key must be marked as multi-region in order to support multi-region replication. @@ -373,11 +373,11 @@ A map of CMK name to CMK ID. diff --git a/docs/reference/modules/terraform-aws-security/kms-grant-multi-region/kms-grant-multi-region.md b/docs/reference/modules/terraform-aws-security/kms-grant-multi-region/kms-grant-multi-region.md index 87e14acffa..82544e83bf 100644 --- a/docs/reference/modules/terraform-aws-security/kms-grant-multi-region/kms-grant-multi-region.md +++ b/docs/reference/modules/terraform-aws-security/kms-grant-multi-region/kms-grant-multi-region.md @@ -13,7 +13,7 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # AWS KMS Grants -View Source +View Source Release Notes @@ -31,21 +31,21 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr ### Core concepts -* [What is KMS?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/kms-master-key/README.md#what-is-kms) +* [What is KMS?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/kms-master-key/README.md#what-is-kms) -* [What is a Customer Master Key?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/kms-master-key/README.md#what-is-a-customer-master-key) +* [What is a Customer Master Key?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/kms-master-key/README.md#what-is-a-customer-master-key) * [KMS documentation](https://docs.aws.amazon.com/kms/latest/developerguide/overview.html): Amazon’s docs for KMS that cover core concepts such as various key types, how to encrypt and decrypt, deletion of keys, and automatic key rotation. -* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/codegen/core-concepts.md#how-to-use-a-multi-region-module) +* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/codegen/core-concepts.md#how-to-use-a-multi-region-module) ### Repo organization -* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules. +* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules. -* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/examples): This folder contains working examples of how to use the submodules. +* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/examples): This folder contains working examples of how to use the submodules. -* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/test): Automated tests for the modules and examples. +* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/test): Automated tests for the modules and examples. ## Deploy @@ -53,13 +53,13 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr If you just want to try this out for experimenting and learning, check out the following resources: -* [examples folder](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage). +* [examples folder](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage). ## Manage -* [What is the difference between KMS Grants and Key Policies?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/kms-grant-multi-region/core-concepts.md#what-is-the-difference-between-kms-grants-and-key-policies) +* [What is the difference between KMS Grants and Key Policies?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/kms-grant-multi-region/core-concepts.md#what-is-the-difference-between-kms-grants-and-key-policies) -* [How do I use KMS Grants to share encrypted AMIs across accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/kms-grant-multi-region/core-concepts.md#how-do-i-use-kms-grants-to-share-encrypted-amis-across-accounts) +* [How do I use KMS Grants to share encrypted AMIs across accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/kms-grant-multi-region/core-concepts.md#how-do-i-use-kms-grants-to-share-encrypted-amis-across-accounts) ## Sample Usage @@ -180,11 +180,11 @@ inputs = { diff --git a/docs/reference/modules/terraform-aws-security/kms-master-key-multi-region/kms-master-key-multi-region.md b/docs/reference/modules/terraform-aws-security/kms-master-key-multi-region/kms-master-key-multi-region.md index d7d59c1f17..9b432373b1 100644 --- a/docs/reference/modules/terraform-aws-security/kms-master-key-multi-region/kms-master-key-multi-region.md +++ b/docs/reference/modules/terraform-aws-security/kms-master-key-multi-region/kms-master-key-multi-region.md @@ -13,7 +13,7 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # AWS KMS Customer Master Keys (CMK) -View Source +View Source Release Notes @@ -37,23 +37,23 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr ### Core concepts -* [What is KMS?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/kms-master-key/README.md#what-is-kms) +* [What is KMS?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/kms-master-key/README.md#what-is-kms) -* [What is the difference between creating one key in all regions and creating a single all-region key?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/kms-master-key-multi-region/core-concepts.md#what-is-the-difference-between-creating-one-key-in-all-regions-and-creating-a-single-all-region-key) +* [What is the difference between creating one key in all regions and creating a single all-region key?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/kms-master-key-multi-region/core-concepts.md#what-is-the-difference-between-creating-one-key-in-all-regions-and-creating-a-single-all-region-key) -* [What is a Customer Master Key?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/kms-master-key/README.md#what-is-a-customer-master-key) +* [What is a Customer Master Key?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/kms-master-key/README.md#what-is-a-customer-master-key) * [KMS documentation](https://docs.aws.amazon.com/kms/latest/developerguide/overview.html): Amazon’s docs for KMS that cover core concepts such as various key types, how to encrypt and decrypt, deletion of keys, and automatic key rotation. -* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/codegen/core-concepts.md#how-to-use-a-multi-region-module) +* [How to use a multi-region module](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/codegen/core-concepts.md#how-to-use-a-multi-region-module) ### Repo organization -* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules. +* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules. -* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/examples): This folder contains working examples of how to use the submodules. +* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/examples): This folder contains working examples of how to use the submodules. -* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/test): Automated tests for the modules and examples. +* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/test): Automated tests for the modules and examples. ## Deploy @@ -61,17 +61,17 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr If you just want to try this out for experimenting and learning, check out the following resources: -* [examples folder](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage). +* [examples folder](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage). ## Manage -* [Differences between CMK Administrators vs. CMK Users](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/kms-master-key/README.md#cmk-administrators-vs-cmk-users) +* [Differences between CMK Administrators vs. CMK Users](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/kms-master-key/README.md#cmk-administrators-vs-cmk-users) -* [Differences between managing access control with KMS key policies vs. IAM policies](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/kms-master-key/README.md#managing-a-keys-permissions-with-the-key-policy-vs-iam-policies) +* [Differences between managing access control with KMS key policies vs. IAM policies](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/kms-master-key/README.md#managing-a-keys-permissions-with-the-key-policy-vs-iam-policies) -* [What is the difference between KMS Grants and Key Policies?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/kms-grant-multi-region/core-concepts.md#what-is-the-difference-between-kms-grants-and-key-policies) +* [What is the difference between KMS Grants and Key Policies?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/kms-grant-multi-region/core-concepts.md#what-is-the-difference-between-kms-grants-and-key-policies) -* [How do I use KMS Grants to share encrypted AMIs across accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/kms-grant-multi-region/core-concepts.md#how-do-i-use-kms-grants-to-share-encrypted-amis-across-accounts) +* [How do I use KMS Grants to share encrypted AMIs across accounts?](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/kms-grant-multi-region/core-concepts.md#how-do-i-use-kms-grants-to-share-encrypted-amis-across-accounts) ## Sample Usage @@ -522,11 +522,11 @@ A map from region to IDs of the replica KMS CMKs that were created. The value wi diff --git a/docs/reference/modules/terraform-aws-security/kms-master-key/kms-master-key.md b/docs/reference/modules/terraform-aws-security/kms-master-key/kms-master-key.md index 8e7f8d7354..11973d27d2 100644 --- a/docs/reference/modules/terraform-aws-security/kms-master-key/kms-master-key.md +++ b/docs/reference/modules/terraform-aws-security/kms-master-key/kms-master-key.md @@ -13,7 +13,7 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # KMS Master Key Module -View Source +View Source Release Notes @@ -448,11 +448,11 @@ A map of CMK name to CMK ID. diff --git a/docs/reference/modules/terraform-aws-security/ntp/ntp.md b/docs/reference/modules/terraform-aws-security/ntp/ntp.md index b4e2088276..36a5591823 100644 --- a/docs/reference/modules/terraform-aws-security/ntp/ntp.md +++ b/docs/reference/modules/terraform-aws-security/ntp/ntp.md @@ -13,7 +13,7 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # NTP Module -View Source +View Source Release Notes @@ -35,11 +35,11 @@ Originally, Amazon recommended installing `ntpd` to prevent clock drift. Today, diff --git a/docs/reference/modules/terraform-aws-security/os-hardening/os-hardening.md b/docs/reference/modules/terraform-aws-security/os-hardening/os-hardening.md index 6640beca43..58c089f971 100644 --- a/docs/reference/modules/terraform-aws-security/os-hardening/os-hardening.md +++ b/docs/reference/modules/terraform-aws-security/os-hardening/os-hardening.md @@ -13,7 +13,7 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # OS Hardening -View Source +View Source Release Notes @@ -31,8 +31,8 @@ is mounting multiple partitions. We hope to implement more CIS recommendations o There are two major components to this module: -* [ami-builder](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/os-hardening/ami-builder): This is a Terraform template that launches an EC2 Instance with Packer pre-installed. -* [partition-scripts](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/os-hardening/partition-scripts): This is a set of bash scripts that create multiple disk partitions, format them +* [ami-builder](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/os-hardening/ami-builder): This is a Terraform template that launches an EC2 Instance with Packer pre-installed. +* [partition-scripts](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/os-hardening/partition-scripts): This is a set of bash scripts that create multiple disk partitions, format them as ext4, and mount them to various paths with various mount options such as `noexec` or `nosuid`. These scripts are meant to be run in a Packer template that uses the Packer [amazon-chroot](https://www.packer.io/docs/builders/amazon-chroot.html) builder. @@ -45,7 +45,7 @@ Fundamentally, to generate an AMI you must: 4. SSH into the ami-builder EC2 Instance and run `packer build amazon-linux.json` to build the AMI. 5. Terminate the ami-builder EC2 Instance. -We recognize that is a lot of manual steps to build a single AMI, so check out the [os-hardening example](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/examples/os-hardening) +We recognize that is a lot of manual steps to build a single AMI, so check out the [os-hardening example](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/examples/os-hardening) for a pre-built Packer template plus a script (`packer-build.sh`) that will automate all the above steps. ### Why do I need to launch a separate EC2 Instance to run Packer? @@ -55,7 +55,7 @@ See below for additional details on what this is and how to use it. ## How to Use this Module -**The best way to use this module is to substantially copy the [os-hardening example code](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/examples/os-hardening). +**The best way to use this module is to substantially copy the [os-hardening example code](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/examples/os-hardening). Unlike most Gruntwork examples, the example for this module contains a full Packer build file plus a wrapper script to create the AMI with a single command and may be viewed as a "canonical" way to instantiate the os-hardening modules.** @@ -71,11 +71,11 @@ hardened OS will use. Follow these steps: and sizes: * `partition-volume`: For each desired partition, add an argument like `--partition '/home:4G'`. For additional - details see [partition-volume](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/os-hardening/partition-scripts/bin/partition-volume). Note that for the last `--partition` entry only, + details see [partition-volume](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/os-hardening/partition-scripts/bin/partition-volume). Note that for the last `--partition` entry only, you may specify `*` for the size to tell the script to create the largest possible partition based on remaining disk space. Also, make sure your partition sizes don't exceed the space available on your EBS Volume! * `cleanup-volume`: For each desired partition, add an argument like `--mount-point '/home'`. For additional details see - [cleanup-volume](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/os-hardening/partition-scripts/bin/cleanup-volume) + [cleanup-volume](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/os-hardening/partition-scripts/bin/cleanup-volume) Note that you will redundantly pass the same list of partition paths to each of the above scripts, but only `partition-volume` needs both the mount point *and* the desired partition size. @@ -86,10 +86,10 @@ That's it! The Packer template will take care of the rest. ### How to Build the AMI with Packer -Now we're ready to build the actual AMI. Note: The [os-hardening example](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/examples/os-hardening) contains a script +Now we're ready to build the actual AMI. Note: The [os-hardening example](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/examples/os-hardening) contains a script that automates all these steps, but, for the sake of understanding, we'll describe them individually below: -1. Launch the [ami-builder](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/os-hardening/ami-builder) EC2 Instance. We will execute Packer from this EC2 Instance. +1. Launch the [ami-builder](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/os-hardening/ami-builder) EC2 Instance. We will execute Packer from this EC2 Instance. 2. On your local machine run `rsync` so that your local directory is continually synced to the ami-builder: @@ -127,7 +127,7 @@ additional volumes mounted as encrypted volumes. ### Using Your Hardened OS as a "Base AMI" -A best practice we encourage is to first build your hardened OS Image using these modules and the [os-hardening example](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/examples/os-hardening). +A best practice we encourage is to first build your hardened OS Image using these modules and the [os-hardening example](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/examples/os-hardening). You can now view this AMI as your "base AMI", and all other Packer builds can be built on top of this AMI. For example, you might have: @@ -270,11 +270,11 @@ needed additional space to build a new AMI was not unreasonable. diff --git a/docs/reference/modules/terraform-aws-security/private-s3-bucket/private-s3-bucket.md b/docs/reference/modules/terraform-aws-security/private-s3-bucket/private-s3-bucket.md index a5499d35e4..1977b92f20 100644 --- a/docs/reference/modules/terraform-aws-security/private-s3-bucket/private-s3-bucket.md +++ b/docs/reference/modules/terraform-aws-security/private-s3-bucket/private-s3-bucket.md @@ -13,7 +13,7 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # Private S3 Bucket -View Source +View Source Release Notes @@ -1037,11 +1037,11 @@ The name of an IAM role that can be used to configure replication from various s diff --git a/docs/reference/modules/terraform-aws-security/saml-iam-roles/saml-iam-roles.md b/docs/reference/modules/terraform-aws-security/saml-iam-roles/saml-iam-roles.md index 951a2d8c0c..18622fa208 100644 --- a/docs/reference/modules/terraform-aws-security/saml-iam-roles/saml-iam-roles.md +++ b/docs/reference/modules/terraform-aws-security/saml-iam-roles/saml-iam-roles.md @@ -13,7 +13,7 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # A best-practices set of IAM roles for SAML access -View Source +View Source Release Notes @@ -47,7 +47,7 @@ This module creates the following IAM roles (all optional): * **allow-ssh-grunt-access-from-saml**: Users authenticated by the SAML providers in `var.allow_ssh_grunt_access_from_saml_provider_arns` will get read access to IAM Groups and public SSH keys. This is - useful to allow [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/ssh-grunt) running on EC2 Instances in other AWS accounts to validate SSH + useful to allow [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/ssh-grunt) running on EC2 Instances in other AWS accounts to validate SSH connections against IAM users defined in this AWS account. * **allow-dev-access-from-saml**:Users authenticated by the SAML providers in @@ -896,11 +896,11 @@ A map of tags to apply to the IAM roles. diff --git a/docs/reference/modules/terraform-aws-security/secrets-manager-resource-policies/secrets-manager-resource-policies.md b/docs/reference/modules/terraform-aws-security/secrets-manager-resource-policies/secrets-manager-resource-policies.md index b325181703..4f2a968e5a 100644 --- a/docs/reference/modules/terraform-aws-security/secrets-manager-resource-policies/secrets-manager-resource-policies.md +++ b/docs/reference/modules/terraform-aws-security/secrets-manager-resource-policies/secrets-manager-resource-policies.md @@ -13,7 +13,7 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # Resource-based policies for Secrets Manager secrets -View Source +View Source Release Notes @@ -100,11 +100,11 @@ inputs = { diff --git a/docs/reference/modules/terraform-aws-security/ssh-grunt-selinux-policy/ssh-grunt-selinux-policy.md b/docs/reference/modules/terraform-aws-security/ssh-grunt-selinux-policy/ssh-grunt-selinux-policy.md index f707735475..6604707052 100644 --- a/docs/reference/modules/terraform-aws-security/ssh-grunt-selinux-policy/ssh-grunt-selinux-policy.md +++ b/docs/reference/modules/terraform-aws-security/ssh-grunt-selinux-policy/ssh-grunt-selinux-policy.md @@ -13,11 +13,11 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # SSH Grunt SELinux Policy -View Source +View Source Release Notes -This module installs a SELinux Local Policy Module that is necessary to make [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/ssh-grunt) work on +This module installs a SELinux Local Policy Module that is necessary to make [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/ssh-grunt) work on systems with SELinux, such as CentOS. The reason we need a policy is that `ssh-grunt` uses is executed on each attempted SSH login by the @@ -84,11 +84,11 @@ $ sudo semodule -i ssh-grunt.pp diff --git a/docs/reference/modules/terraform-aws-security/ssh-grunt/ssh-grunt.md b/docs/reference/modules/terraform-aws-security/ssh-grunt/ssh-grunt.md index b5b380e533..69842161e6 100644 --- a/docs/reference/modules/terraform-aws-security/ssh-grunt/ssh-grunt.md +++ b/docs/reference/modules/terraform-aws-security/ssh-grunt/ssh-grunt.md @@ -13,7 +13,7 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # SSH Grunt -View Source +View Source Release Notes @@ -47,19 +47,19 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr ### Core concepts -* [How to install ssh-grunt on your servers](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/ssh-grunt/core-concepts.md#install-ssh-grunt-on-your-servers) +* [How to install ssh-grunt on your servers](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/ssh-grunt/core-concepts.md#install-ssh-grunt-on-your-servers) -* [How SSH Grunt works](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/ssh-grunt/core-concepts.md#how-it-works) +* [How SSH Grunt works](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/ssh-grunt/core-concepts.md#how-it-works) -* [Core Security Concepts](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/README.adoc#core-concepts) +* [Core Security Concepts](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/README.adoc#core-concepts) ### Repo organization -* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules. +* [modules](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules. -* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/examples): This folder contains working examples of how to use the submodules. +* [examples](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/examples): This folder contains working examples of how to use the submodules. -* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/test): Automated tests for the modules and examples. +* [test](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/test): Automated tests for the modules and examples. ## Deploy @@ -67,9 +67,9 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr If you just want to try this repo out for experimenting and learning, check out the following resources: -* [ssh-grunt examples](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/examples/ssh-grunt): The `examples/ssh-grunt` folder contains sample code optimized for learning, experimenting, and testing (but not production usage). +* [ssh-grunt examples](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/examples/ssh-grunt): The `examples/ssh-grunt` folder contains sample code optimized for learning, experimenting, and testing (but not production usage). -* [Packer template](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/examples/ssh-grunt/packer/ssh-grunt-iam.json) +* [Packer template](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/examples/ssh-grunt/packer/ssh-grunt-iam.json) ### Production deployment @@ -85,19 +85,19 @@ If you want to deploy this module in production, check out the following resourc ### Day-to-day operations -* [How to manage SSH keys](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/ssh-grunt/core-concepts.md#upload-public-ssh-keys) +* [How to manage SSH keys](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/ssh-grunt/core-concepts.md#upload-public-ssh-keys) -* [IAM permissions required for ssh-grunt to work](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/ssh-grunt/core-concepts.md#set-up-iam-permissions) +* [IAM permissions required for ssh-grunt to work](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/ssh-grunt/core-concepts.md#set-up-iam-permissions) diff --git a/docs/reference/modules/terraform-aws-security/ssh-iam/ssh-iam.md b/docs/reference/modules/terraform-aws-security/ssh-iam/ssh-iam.md index 9a5ba0463b..5f295819e9 100644 --- a/docs/reference/modules/terraform-aws-security/ssh-iam/ssh-iam.md +++ b/docs/reference/modules/terraform-aws-security/ssh-iam/ssh-iam.md @@ -13,22 +13,22 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # ssh-iam has been renamed! -View Source +View Source Release Notes -`ssh-iam` has been renamed to [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/ssh-grunt). Please update all links to point to -[ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/ssh-grunt)! +`ssh-iam` has been renamed to [ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/ssh-grunt). Please update all links to point to +[ssh-grunt](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/ssh-grunt)! diff --git a/docs/reference/modules/terraform-aws-security/ssm-healthchecks-iam-permissions/ssm-healthchecks-iam-permissions.md b/docs/reference/modules/terraform-aws-security/ssm-healthchecks-iam-permissions/ssm-healthchecks-iam-permissions.md index c9c432f343..ce387e7330 100644 --- a/docs/reference/modules/terraform-aws-security/ssm-healthchecks-iam-permissions/ssm-healthchecks-iam-permissions.md +++ b/docs/reference/modules/terraform-aws-security/ssm-healthchecks-iam-permissions/ssm-healthchecks-iam-permissions.md @@ -13,7 +13,7 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # SSM Healthchecks IAM Permissions -View Source +View Source Release Notes @@ -94,11 +94,11 @@ inputs = { diff --git a/docs/reference/modules/terraform-aws-security/tls-cert-private/tls-cert-private.md b/docs/reference/modules/terraform-aws-security/tls-cert-private/tls-cert-private.md index 9804da5f34..503f675c1f 100644 --- a/docs/reference/modules/terraform-aws-security/tls-cert-private/tls-cert-private.md +++ b/docs/reference/modules/terraform-aws-security/tls-cert-private/tls-cert-private.md @@ -13,7 +13,7 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage"; # Generate a TLS/SSL Certificate for a Private Service -View Source +View Source Release Notes @@ -35,7 +35,7 @@ using a commercial CA or public, free CA like [Let's Encrypt](https://letsencryp 1. Edit the `docker-compose.yml` file and fill in your desired argument values. 2. Now run `docker-compose up` and your TLS certs will output to a local `output` directory! -To see documentation on the arguments in `docker-compose.yml`, see the [main.sh](https://github.com/gruntwork-io/terraform-aws-security/tree/v0.68.4/modules/tls-cert-private/scripts/main.sh) file. +To see documentation on the arguments in `docker-compose.yml`, see the [main.sh](https://github.com/gruntwork-io/terraform-aws-security/tree/pete%2F778%2Fbucket-ownership/modules/tls-cert-private/scripts/main.sh) file. Note that the Docker Compose file mounts the local machine folder `./output` in the Docker container. Mac and Windows users sohuld take note that, in some cases, volume mounting may be extremely slow, or even one-way-only if you use an @@ -177,11 +177,11 @@ TLS certificates for any public services.