readme updated, BC compliance check fixed (#26)

* readme updated, BC compliance check fixed

* BC checks fixed

* Auto Format

* tags added where possible

* tests fixed

Co-authored-by: cloudpossebot <[email protected]>

Author: maximmi

.gitignore

@@ -2,6 +2,8 @@
 *.tfstate
 *.tfstate.backup
 .terraform.tfstate.lock.info
+**/.terraform.lock.hcl
+**/test.log
 
 # Module directory
 .terraform/

README.md

@@ -408,10 +408,7 @@ Available targets:
 |------|---------|
 | terraform | >= 0.12.26 |
 | aws | >= 2.0 |
-| local | >= 1.3 |
-| null | >= 2.0 |
 | random | >= 2.0 |
-| template | >= 2.0 |
 
 ## Providers
 

docs/terraform.md

@@ -5,10 +5,7 @@
 |------|---------|
 | terraform | >= 0.12.26 |
 | aws | >= 2.0 |
-| local | >= 1.3 |
-| null | >= 2.0 |
 | random | >= 2.0 |
-| template | >= 2.0 |
 
 ## Providers
 

examples/complete/main.tf

@@ -25,7 +25,7 @@ module "subnets" {
 
 module "alb" {
   source                                  = "cloudposse/alb/aws"
-  version                                 = "0.24.0"
+  version                                 = "0.27.0"
   vpc_id                                  = module.vpc.vpc_id
   security_group_ids                      = [module.vpc.vpc_default_security_group_id]
   subnet_ids                              = module.subnets.public_subnet_ids
@@ -43,9 +43,14 @@ module "alb" {
 resource "aws_ecs_cluster" "default" {
   name = module.this.id
   tags = module.this.tags
+  setting {
+    name  = "containerInsights"
+    value = "enabled"
+  }
 }
 
 resource "aws_sns_topic" "sns_topic" {
+  #bridgecrew:skip=BC_AWS_GENERAL_15:Skipping `Encrypt SNS Topic Data` in example/test modules
   name         = module.this.id
   display_name = "Test terraform-aws-ecs-atlantis"
   tags         = module.this.tags

examples/with_cognito_authentication/main.tf

@@ -50,6 +50,11 @@ module "alb" {
 # ECS Cluster (needed even if using FARGATE launch type)
 resource "aws_ecs_cluster" "default" {
   name = module.this.id
+  tags = module.this.tags
+  setting {
+    name  = "containerInsights"
+    value = "enabled"
+  }
 }
 
 module "atlantis" {

examples/with_google_oidc_authentication/main.tf

@@ -49,6 +49,11 @@ module "alb" {
 # ECS Cluster (needed even if using FARGATE launch type)
 resource "aws_ecs_cluster" "default" {
   name = module.this.id
+  tags = module.this.tags
+  setting {
+    name  = "containerInsights"
+    value = "enabled"
+  }
 }
 
 module "atlantis" {

examples/without_authentication/main.tf

@@ -49,6 +49,11 @@ module "alb" {
 # ECS Cluster (needed even if using FARGATE launch type)
 resource "aws_ecs_cluster" "default" {
   name = module.this.id
+  tags = module.this.tags
+  setting {
+    name  = "containerInsights"
+    value = "enabled"
+  }
 }
 
 module "atlantis" {

main.tf

@@ -67,7 +67,7 @@ module "github_webhooks" {
 
 module "ecs_web_app" {
   source  = "cloudposse/ecs-web-app/aws"
-  version = "0.46.0"
+  version = "0.48.1"
 
   region      = var.region
   vpc_id      = var.vpc_id
@@ -201,6 +201,7 @@ resource "aws_ssm_parameter" "atlantis_port" {
   overwrite   = var.overwrite_ssm_parameter
   type        = "String"
   value       = var.atlantis_port
+  tags        = module.this.tags
 }
 
 resource "aws_ssm_parameter" "atlantis_atlantis_url" {
@@ -210,6 +211,7 @@ resource "aws_ssm_parameter" "atlantis_atlantis_url" {
   overwrite   = var.overwrite_ssm_parameter
   type        = "String"
   value       = local.atlantis_url
+  tags        = module.this.tags
 }
 
 resource "aws_ssm_parameter" "atlantis_gh_user" {
@@ -219,6 +221,7 @@ resource "aws_ssm_parameter" "atlantis_gh_user" {
   overwrite   = var.overwrite_ssm_parameter
   type        = "String"
   value       = var.atlantis_gh_user
+  tags        = module.this.tags
 }
 
 resource "aws_ssm_parameter" "atlantis_gh_team_whitelist" {
@@ -228,6 +231,7 @@ resource "aws_ssm_parameter" "atlantis_gh_team_whitelist" {
   overwrite   = var.overwrite_ssm_parameter
   type        = "String"
   value       = var.atlantis_gh_team_whitelist
+  tags        = module.this.tags
 }
 
 resource "aws_ssm_parameter" "atlantis_gh_webhook_secret" {
@@ -238,6 +242,7 @@ resource "aws_ssm_parameter" "atlantis_gh_webhook_secret" {
   overwrite   = var.overwrite_ssm_parameter
   type        = "SecureString"
   value       = local.atlantis_gh_webhook_secret
+  tags        = module.this.tags
 }
 
 resource "aws_ssm_parameter" "atlantis_iam_role_arn" {
@@ -247,6 +252,7 @@ resource "aws_ssm_parameter" "atlantis_iam_role_arn" {
   overwrite   = var.overwrite_ssm_parameter
   type        = "String"
   value       = module.ecs_web_app.ecs_task_role_arn
+  tags        = module.this.tags
 }
 
 resource "aws_ssm_parameter" "atlantis_log_level" {
@@ -256,6 +262,7 @@ resource "aws_ssm_parameter" "atlantis_log_level" {
   overwrite   = var.overwrite_ssm_parameter
   type        = "String"
   value       = var.atlantis_log_level
+  tags        = module.this.tags
 }
 
 resource "aws_ssm_parameter" "atlantis_repo_config" {
@@ -265,6 +272,7 @@ resource "aws_ssm_parameter" "atlantis_repo_config" {
   overwrite   = var.overwrite_ssm_parameter
   type        = "String"
   value       = var.atlantis_repo_config
+  tags        = module.this.tags
 }
 
 resource "aws_ssm_parameter" "atlantis_repo_whitelist" {
@@ -274,6 +282,7 @@ resource "aws_ssm_parameter" "atlantis_repo_whitelist" {
   overwrite   = var.overwrite_ssm_parameter
   type        = "String"
   value       = join(",", var.atlantis_repo_whitelist)
+  tags        = module.this.tags
 }
 
 resource "aws_ssm_parameter" "atlantis_wake_word" {
@@ -283,6 +292,7 @@ resource "aws_ssm_parameter" "atlantis_wake_word" {
   overwrite   = var.overwrite_ssm_parameter
   type        = "String"
   value       = var.atlantis_wake_word
+  tags        = module.this.tags
 }
 
 resource "aws_ssm_parameter" "atlantis_gh_token" {
@@ -293,6 +303,7 @@ resource "aws_ssm_parameter" "atlantis_gh_token" {
   overwrite   = var.overwrite_ssm_parameter
   type        = "SecureString"
   value       = local.github_oauth_token
+  tags        = module.this.tags
 }
 
 resource "aws_ssm_parameter" "github_webhooks_token" {
@@ -303,6 +314,7 @@ resource "aws_ssm_parameter" "github_webhooks_token" {
   overwrite   = var.overwrite_ssm_parameter
   type        = "SecureString"
   value       = local.github_webhooks_token
+  tags        = module.this.tags
 }
 
 resource "aws_security_group_rule" "egress_http" {
@@ -430,6 +442,7 @@ resource "aws_ssm_parameter" "atlantis_cognito_user_pool_arn" {
   key_id      = local.kms_key_id
   name        = local.authentication_cognito_user_pool_arn_ssm_name
   value       = local.authentication_cognito_user_pool_arn
+  tags        = module.this.tags
 }
 
 resource "aws_ssm_parameter" "atlantis_cognito_user_pool_client_id" {
@@ -440,6 +453,7 @@ resource "aws_ssm_parameter" "atlantis_cognito_user_pool_client_id" {
   key_id      = local.kms_key_id
   name        = local.authentication_cognito_user_pool_client_id_ssm_name
   value       = local.authentication_cognito_user_pool_client_id
+  tags        = module.this.tags
 }
 
 resource "aws_ssm_parameter" "atlantis_cognito_user_pool_domain" {
@@ -450,6 +464,7 @@ resource "aws_ssm_parameter" "atlantis_cognito_user_pool_domain" {
   key_id      = local.kms_key_id
   name        = local.authentication_cognito_user_pool_domain_ssm_name
   value       = local.authentication_cognito_user_pool_domain
+  tags        = module.this.tags
 }
 
 resource "aws_ssm_parameter" "atlantis_oidc_client_id" {
@@ -460,6 +475,7 @@ resource "aws_ssm_parameter" "atlantis_oidc_client_id" {
   key_id      = local.kms_key_id
   name        = local.authentication_oidc_client_id_ssm_name
   value       = local.authentication_oidc_client_id
+  tags        = module.this.tags
 }
 
 resource "aws_ssm_parameter" "atlantis_oidc_client_secret" {
@@ -470,4 +486,5 @@ resource "aws_ssm_parameter" "atlantis_oidc_client_secret" {
   key_id      = local.kms_key_id
   name        = local.authentication_oidc_client_secret_ssm_name
   value       = local.authentication_oidc_client_secret
+  tags        = module.this.tags
 }

test/src/examples_complete_test.go

@@ -113,25 +113,25 @@ func TestExamplesComplete(t *testing.T) {
 	// Run `terraform output` to get the value of an output variable
 	codebuildCacheBucketName := terraform.Output(t, terraformOptions, "codebuild_cache_bucket_name")
 	// Verify we're getting back the outputs we expect
-	expectedCodebuildCacheBucketName := "eg-test-ecs-atlantis-" + attributes[0] + "-build"
+	expectedCodebuildCacheBucketName := "eg-test-ecs-atlantis-build-" + attributes[0]
 	assert.Contains(t, codebuildCacheBucketName, expectedCodebuildCacheBucketName)
 
 	// Run `terraform output` to get the value of an output variable
 	codebuildProjectName := terraform.Output(t, terraformOptions, "codebuild_project_name")
 	// Verify we're getting back the outputs we expect
-	expectedCodebuildProjectName := "eg-test-ecs-atlantis-" + attributes[0] + "-build"
+	expectedCodebuildProjectName := "eg-test-ecs-atlantis-build-" + attributes[0]
 	assert.Equal(t, expectedCodebuildProjectName, codebuildProjectName)
 
 	// Run `terraform output` to get the value of an output variable
 	codebuildRoleId := terraform.Output(t, terraformOptions, "codebuild_role_id")
 	// Verify we're getting back the outputs we expect
-	expectedCodebuildRoleId := "eg-test-ecs-atlantis-" + attributes[0] + "-build"
+	expectedCodebuildRoleId := "eg-test-ecs-atlantis-build-" + attributes[0]
 	assert.Equal(t, expectedCodebuildRoleId, codebuildRoleId)
 
 	// Run `terraform output` to get the value of an output variable
 	codepipelineId := terraform.Output(t, terraformOptions, "codepipeline_id")
 	// Verify we're getting back the outputs we expect
-	expectedCodepipelineId := "eg-test-ecs-atlantis-codepipeline-" + attributes[0]
+	expectedCodepipelineId := "eg-test-ecs-atlantis-" + attributes[0] + "-codepipeline"
 	assert.Equal(t, expectedCodepipelineId, codepipelineId)
 
 	// Run `terraform output` to get the value of an output variable
@@ -143,13 +143,13 @@ func TestExamplesComplete(t *testing.T) {
 	// Run `terraform output` to get the value of an output variable
 	ecsTaskRoleName := terraform.Output(t, terraformOptions, "ecs_task_role_name")
 	// Verify we're getting back the outputs we expect
-	expectedEcsTaskRoleName := "eg-test-ecs-atlantis-task-" + attributes[0]
+	expectedEcsTaskRoleName := "eg-test-ecs-atlantis-" + attributes[0] + "-task"
 	assert.Equal(t, expectedEcsTaskRoleName, ecsTaskRoleName)
 
 	// Run `terraform output` to get the value of an output variable
 	ecsTaskExecRoleName := terraform.Output(t, terraformOptions, "ecs_task_exec_role_name")
 	// Verify we're getting back the outputs we expect
-	expectedEcsTaskExecRoleName := "eg-test-ecs-atlantis-exec-" + attributes[0]
+	expectedEcsTaskExecRoleName := "eg-test-ecs-atlantis-" + attributes[0] + "-exec"
 	assert.Equal(t, expectedEcsTaskExecRoleName, ecsTaskExecRoleName)
 
 	// Run `terraform output` to get the value of an output variable
@@ -161,7 +161,7 @@ func TestExamplesComplete(t *testing.T) {
 	// Run `terraform output` to get the value of an output variable
 	ecsExecRolePolicyName := terraform.Output(t, terraformOptions, "ecs_exec_role_policy_name")
 	// Verify we're getting back the outputs we expect
-	expectedEcsExecRolePolicyName := "eg-test-ecs-atlantis-exec-" + attributes[0]
+	expectedEcsExecRolePolicyName := "eg-test-ecs-atlantis-" + attributes[0] + "-exec"
 	assert.Equal(t, expectedEcsExecRolePolicyName, ecsExecRolePolicyName)
 
 	// Run `terraform output` to get the value of an output variable

test/src/go.mod

@@ -3,6 +3,6 @@ module github.com/cloudposse/terraform-aws-ecs-atlantis
 go 1.14
 
 require (
-	github.com/gruntwork-io/terratest v0.30.23
+	github.com/gruntwork-io/terratest v0.31.4
 	github.com/stretchr/testify v1.6.1
 )