diff --git a/.github/workflows/update_assets.yml b/.github/workflows/update_assets.yml index b4543dc..c2fa616 100644 --- a/.github/workflows/update_assets.yml +++ b/.github/workflows/update_assets.yml @@ -28,6 +28,9 @@ jobs: config-file: ${{ github.workspace }}/.terraform-docs.yml output-method: inject + - name: Reset .git owner + run: "sudo chown -R $USER: .git" + - name: Update dependabot.yml run: | cp .github/dependabot-base.yml .github/dependabot.yml diff --git a/modules/aws/route53/README.md b/modules/aws/route53/README.md index 30a676c..59e1298 100644 --- a/modules/aws/route53/README.md +++ b/modules/aws/route53/README.md @@ -41,16 +41,16 @@ The module also simplifies a few boilerplate records at the apex for security pu | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [alias\_mx](#input\_alias\_mx) | List of alias domains that should have the same MX records as the canonical domain. | `list(string)` | `[]` | no | -| [alias\_records](#input\_alias\_records) | List of DNS records for alias domains. The top-level keys should match entries in the `aliases`
list. The second-level map should match the same structure as `records`. | 
map(map(object({
    name    = optional(string)
    ttl     = optional(string)
    type    = string
    records = list(string)
  })))
| `{}` | no | +| [alias\_records](#input\_alias\_records) | List of DNS records for alias domains. The top-level keys should match entries in the `aliases`
list. The second-level map should match the same structure as `records`. | 
map(map(object({
    name    = optional(string)
    ttl     = optional(string)
    type    = string
    records = list(string)
  })))
| `{}` | no | | [alias\_redirect\_protocol](#input\_alias\_redirect\_protocol) | Protocol to use when redirecting to the canonical domain. Valid values: `http`, `https`. | `string` | `"https"` | no | | [aliases](#input\_aliases) | List of alias domains that should redirect to the canonical domain. | `list(string)` | `[]` | no | | [apex\_txt](#input\_apex\_txt) | List of TXT records to be added at the apex. | `list(string)` | `[]` | no | -| [caa\_issuers](#input\_caa\_issuers) | List of CAs that can issue certificates. | `list(string)` | 
[
  "amazon.com"
]
| no | +| [caa\_issuers](#input\_caa\_issuers) | List of CAs that can issue certificates. | `list(string)` | 
[
  "amazon.com"
]
| no | | [canonical\_mx\_record](#input\_canonical\_mx\_record) | The name of the MX record on the canonical domain. | `string` | `"apex_mx"` | no | | [comment](#input\_comment) | A comment for the hosted zone. Defaults to 'Managed by Terraform'. | `string` | `null` | no | | [default\_ttl](#input\_default\_ttl) | Default TTL for DNS records. | `number` | `86400` | no | | [domain](#input\_domain) | The top-level domain name to hold the records. | `string` | n/a | yes | -| [records](#input\_records) | List of DNS records for the domain.

• `name` - (Optional) The name of the record. Defaults to the domain (i.e. an apex record).
• `ttl` - (Optional) The TTL of the record. Defaults to `default_ttl`.
• `type` - (Required) The record type.
• `records` - (Required) A string list of records. | 
map(object({
    name    = optional(string)
    ttl     = optional(string)
    type    = string
    records = list(string)
  }))
| n/a | yes | +| [records](#input\_records) | List of DNS records for the domain.

• `name` - (Optional) The name of the record. Defaults to the domain (i.e. an apex record).
• `ttl` - (Optional) The TTL of the record. Defaults to `default_ttl`.
• `type` - (Required) The record type.
• `records` - (Required) A string list of records. | 
map(object({
    name    = optional(string)
    ttl     = optional(string)
    type    = string
    records = list(string)
  }))
| n/a | yes | | [security\_contact](#input\_security\_contact) | Security contact for the domain. Defaults to 'security@DOMAIN', where `DOMAIN` is the top-level domain name. | `string` | `null` | no | | [spf](#input\_spf) | List of SPF directives for the domain. | `list(string)` | `[]` | no | | [tags](#input\_tags) | Tags for the hosted zone. | `map(any)` | `{}` | no | diff --git a/modules/aws/sso_account_assignment/README.md b/modules/aws/sso_account_assignment/README.md index 655737c..5711cdb 100644 --- a/modules/aws/sso_account_assignment/README.md +++ b/modules/aws/sso_account_assignment/README.md @@ -33,9 +33,9 @@ to be used with AWS IAM Identity Center. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [assignments](#input\_assignments) | List of assignments between group, account and Permission Set. The key of each object is the group
name that will be assigned the permissions. Ideally the organisation will use an external identity
provider and this group should be created via SCIM. To also create the groups, enable `create_groups`.

• `account_ids` - (Required) The AWS account IDs to apply the assignment.
• `permission_sets` - (Required) The Permission Sets to be assigned to the group. These should
be a subset of the Permission Sets created above. | 
map(list(object({
    account_ids     = list(string)
    permission_sets = list(string)
  })))
| n/a | yes | +| [assignments](#input\_assignments) | List of assignments between group, account and Permission Set. The key of each object is the group
name that will be assigned the permissions. Ideally the organisation will use an external identity
provider and this group should be created via SCIM. To also create the groups, enable `create_groups`.

• `account_ids` - (Required) The AWS account IDs to apply the assignment.
• `permission_sets` - (Required) The Permission Sets to be assigned to the group. These should
be a subset of the Permission Sets created above. | 
map(list(object({
    account_ids     = list(string)
    permission_sets = list(string)
  })))
| n/a | yes | | [create\_groups](#input\_create\_groups) | Whether the module should also create the groups. | `bool` | `false` | no | -| [permission\_sets](#input\_permission\_sets) | List of Permission Sets for the organization. Each Permission Set must include AWS managed
policies and/or an IAM inline policy.

• `name` - (Optional) The name of the Permission Set. The key will be used by default.
• `description` - (Optional) The description of the Permission Set.
• `managed_policies` - (Optional) A list of AWS-managed policy names. The prefix `arn:aws:iam::aws:policy/`
will be prepended to create the full ARN.
• `inline_policy` - (Optional) An IAM inline policy to attach to the Permission Set. | 
map(object({
    name             = optional(string)
    description      = optional(string)
    managed_policies = optional(list(string), [])
    inline_policy    = optional(string, "")
  }))
| n/a | yes | +| [permission\_sets](#input\_permission\_sets) | List of Permission Sets for the organization. Each Permission Set must include AWS managed
policies and/or an IAM inline policy.

• `name` - (Optional) The name of the Permission Set. The key will be used by default.
• `description` - (Optional) The description of the Permission Set.
• `managed_policies` - (Optional) A list of AWS-managed policy names. The prefix `arn:aws:iam::aws:policy/`
will be prepended to create the full ARN.
• `inline_policy` - (Optional) An IAM inline policy to attach to the Permission Set. | 
map(object({
    name             = optional(string)
    description      = optional(string)
    managed_policies = optional(list(string), [])
    inline_policy    = optional(string, "")
  }))
| n/a | yes | # Example Usage