diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml
new file mode 100644
index 0000000..5dbd054
--- /dev/null
+++ b/.github/workflows/pre-commit.yaml
@@ -0,0 +1,47 @@
+on:
+ pull_request:
+ push:
+ branches: [main]
+
+jobs:
+ pre_commit:
+ name: Run pre-commit and commit any autocorrections
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v3
+ - name: Setup Terraform
+ uses: hashicorp/setup-terraform@v3
+ with:
+ terraform_version: 1.6.6
+ - name: Setup Terragrunt
+ uses: autero1/action-terragrunt@v1.1.0
+ with:
+ terragrunt_version: 0.54.8
+ # To avoid rate-limiting
+ token: ${{ secrets.GITHUB_TOKEN }}
+ - uses: terraform-linters/setup-tflint@v3
+ name: TFLint - Setup
+ with:
+ tflint_version: latest
+
+ - name: TFLint - Init
+ run: tflint --init
+ env:
+ # https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting
+ GITHUB_TOKEN: ${{ github.token }}
+ - name: TFLint - Show version
+ run: tflint --version
+ - uses: actions/setup-python@v4
+ with:
+ python-version: 3.x
+ - name: Terraform Docs - Install
+ run: |
+ curl -sSLo ./terraform-docs.tar.gz https://terraform-docs.io/dl/v0.17.0/terraform-docs-v0.17.0-$(uname)-amd64.tar.gz
+ tar -xzf terraform-docs.tar.gz -- terraform-docs
+ chmod +x terraform-docs
+ echo $PATH
+ mv terraform-docs /usr/local/bin/terraform-docs
+ terraform-docs --version
+ - uses: pre-commit/action@v3.0.0
+ - uses: pre-commit-ci/lite-action@v1.0.1
+ if: always()
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 11d16c9..ab25c67 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -2,7 +2,7 @@
# See https://pre-commit.com/hooks.html for more hooks
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
- rev: v4.4.0
+ rev: v4.5.0
hooks:
- id: trailing-whitespace
- id: end-of-file-fixer
@@ -10,10 +10,22 @@ repos:
args: ["--allow-multiple-documents"]
- id: check-added-large-files
- repo: https://github.com/antonbabenko/pre-commit-terraform
- rev: v1.77.0 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
+ rev: v1.85.0 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
hooks:
- id: terraform_fmt # args: ["--enable require-variable-braces,deprecate-which"]
- id: terraform_tflint
- exclude: .*
+ args:
+ - "--args=--fix"
- id: terragrunt_fmt
- id: terraform_docs
+ci:
+ autofix_commit_msg: |
+ [pre-commit.ci] auto fixes from pre-commit.com hooks
+
+ for more information, see https://pre-commit.ci
+ autofix_prs: true
+ autoupdate_branch: ''
+ autoupdate_commit_msg: '[pre-commit.ci] pre-commit autoupdate'
+ autoupdate_schedule: weekly
+ skip: [terraform_fmt, terraform_tflint, terragrunt_fmt, terraform_docs]
+ submodules: false
diff --git a/LICENSE.md b/LICENSE.md
new file mode 100644
index 0000000..f2a0872
--- /dev/null
+++ b/LICENSE.md
@@ -0,0 +1,34 @@
+# License
+
+As a work of the [United States government](https://www.usa.gov/), this project
+is in the public domain within the United States of America.
+
+Additionally, we waive copyright and related rights in the work worldwide
+through the CC0 1.0 Universal public domain dedication.
+
+## CC0 1.0 Universal Summary
+
+This is a human-readable summary of the [Legal Code (read the full
+text)](https://creativecommons.org/publicdomain/zero/1.0/legalcode).
+
+### No Copyright
+
+The person who associated a work with this deed has dedicated the work to the
+public domain by waiving all of their rights to the work worldwide under
+copyright law, including all related and neighboring rights, to the extent
+allowed by law.
+
+You can copy, modify, distribute, and perform the work, even for commercial
+purposes, all without asking permission.
+
+### Other Information
+
+In no way are the patent or trademark rights of any person affected by CC0, nor
+are the rights that other persons may have in the work or in how the work is
+used, such as publicity or privacy rights.
+
+Unless expressly stated otherwise, the person who associated a work with this
+deed makes no warranties about the work, and disclaims liability for all uses
+of the work, to the fullest extent permitted by applicable law. When using or
+citing the work, you should not imply endorsement by the author or the
+affirmer.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..2c7c6fb
--- /dev/null
+++ b/README.md
@@ -0,0 +1,46 @@
+# batcave-tf-kms
+
+
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [aws](#provider\_aws) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_kms_alias.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource |
+| [aws_kms_key.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [alias](#input\_alias) | n/a | `string` | `"alias/batcave-landing-sops"` | no |
+| [customer\_master\_key\_spec](#input\_customer\_master\_key\_spec) | n/a | `string` | `"SYMMETRIC_DEFAULT"` | no |
+| [deletion\_window\_in\_days](#input\_deletion\_window\_in\_days) | n/a | `string` | `"10"` | no |
+| [description](#input\_description) | n/a | `string` | `"KMS key"` | no |
+| [enable\_key\_rotation](#input\_enable\_key\_rotation) | n/a | `string` | `"true"` | no |
+| [is\_enabled](#input\_is\_enabled) | n/a | `string` | `"true"` | no |
+| [key\_usage](#input\_key\_usage) | n/a | `string` | `"ENCRYPT_DECRYPT"` | no |
+| [multi\_region](#input\_multi\_region) | n/a | `string` | `"false"` | no |
+| [name](#input\_name) | n/a | `string` | `"cms"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [alias](#output\_alias) | n/a |
+| [arn](#output\_arn) | ############################################################################### AWS KMS Key ############################################################################### |
+| [key\_id](#output\_key\_id) | n/a |
+
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..90e23aa
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,17 @@
+# Security and Responsible Disclosure Policy
+
+*Submit a vulnerability:* Unfortunately, we cannot accept secure submissions via
+email or via GitHub Issues. Please use our website to submit vulnerabilities at
+[https://hhs.responsibledisclosure.com](https://hhs.responsibledisclosure.com).
+HHS maintains an acknowledgements page to recognize your efforts on behalf of
+the American public, but you are also welcome to submit anonymously.
+
+Review the HHS Disclosure Policy and websites in scope:
+[https://www.hhs.gov/vulnerability-disclosure-policy/index.html](https://www.hhs.gov/vulnerability-disclosure-policy/index.html).
+
+This policy describes *what systems and types of research* are covered under this
+policy, *how to send* us vulnerability reports, and *how long* we ask security
+researchers to wait before publicly disclosing vulnerabilities.
+
+If you have other cybersecurity related questions, please contact us at
+[csirc@hhs.gov.](mailto:csirc@hhs.gov).
diff --git a/main.tf b/main.tf
index ac49144..5c0e9f5 100644
--- a/main.tf
+++ b/main.tf
@@ -9,7 +9,7 @@ resource "aws_kms_key" "this" {
is_enabled = var.is_enabled
enable_key_rotation = var.enable_key_rotation
multi_region = var.multi_region
- tags = {
+ tags = {
Name = var.name
}
}
diff --git a/variables.tf b/variables.tf
index c0c81ff..3ed985b 100644
--- a/variables.tf
+++ b/variables.tf
@@ -4,7 +4,7 @@ variable "name" {
variable "description" {
default = "KMS key"
}
-
+
variable "deletion_window_in_days" {
default = "10"
}
@@ -12,7 +12,7 @@ variable "deletion_window_in_days" {
variable "key_usage" {
default = "ENCRYPT_DECRYPT"
}
-
+
variable "customer_master_key_spec" {
default = "SYMMETRIC_DEFAULT"
}
@@ -20,7 +20,7 @@ variable "customer_master_key_spec" {
variable "is_enabled" {
default = "true"
}
-
+
variable "enable_key_rotation" {
default = "true"
}