diff --git a/.githooks/pre-commit b/.githooks/pre-commit
index 470ffc9..17c3e7f 100755
--- a/.githooks/pre-commit
+++ b/.githooks/pre-commit
@@ -58,10 +58,8 @@ if command_exists ./node_modules/.bin/prettier; then
echo "$files" | xargs ./node_modules/.bin/prettier --ignore-unknown --write
fi
-if command_exists tflint; then
- tflint --init
- tflint --config "$(pwd)/.tflint.hcl" --color --recursive
-fi
+# We don't have `tflint` in pre-commit hook because it doesn't ignore files
+# ignored in `.gitignore`. More details: https://github.com/terraform-linters/tflint/issues/2283
# Add the modified/prettified files to staging
echo "$files" | xargs git add
diff --git a/asset-account/terraform/stack-set/examples/self-managed/README.md b/asset-account/terraform/stack-set/examples/self-managed/README.md
index 0d7cb3a..0db6764 100644
--- a/asset-account/terraform/stack-set/examples/self-managed/README.md
+++ b/asset-account/terraform/stack-set/examples/self-managed/README.md
@@ -1,6 +1,6 @@
# Self-Managed StackSet Example
-This is a basic example of using the `elastio-asset-account-stack-set` terraform module with the self-managed AWS Cloudformation StackSet.
+This is a basic example of using the `elastio-asset-account-stack-set` terraform module with the self-managed AWS CloudFormation StackSet.
You can deploy it even within a single account. Just specify the `template_url` input variable at minimum.
diff --git a/asset-account/terraform/stack-set/examples/service-managed/README.md b/asset-account/terraform/stack-set/examples/service-managed/README.md
index 4af9f91..fe04054 100644
--- a/asset-account/terraform/stack-set/examples/service-managed/README.md
+++ b/asset-account/terraform/stack-set/examples/service-managed/README.md
@@ -1,6 +1,6 @@
# Service-Managed StackSet Example
-This is a basic example of using the `elastio-asset-account-stack-set` terraform module with the service-managed AWS Cloudformation StackSet.
+This is a basic example of using the `elastio-asset-account-stack-set` terraform module with the service-managed AWS CloudFormation StackSet.
You'll need to deploy it from the AWS Management account. You'll also need to specify both the input variables: `accounts` and `organizational_unit_ids`.
diff --git a/codegen/src/policies/ElastioAssetAccountDeployer.ts b/codegen/src/policies/ElastioAssetAccountDeployer.ts
index ce3b8d1..4ca6bd8 100644
--- a/codegen/src/policies/ElastioAssetAccountDeployer.ts
+++ b/codegen/src/policies/ElastioAssetAccountDeployer.ts
@@ -79,7 +79,7 @@ export default {
Sid: "ElastioIamDelete",
Action: ["iam:DeleteRole", "iam:DeletePolicy"],
- // A name wildcard is required here because if Cloudformation tries to delete
+ // A name wildcard is required here because if CloudFormation tries to delete
// a non-existing resource with a Condition based on `elastio:resource` tag,
// then it'll get a 403 AccessDenied error which it doesn't handle properly.
// It stops the stack deletion process in a DELETE_FAILED state:
diff --git a/connector/terraform/README.md b/connector/terraform/README.md
index b735ae3..fcc8bc3 100644
--- a/connector/terraform/README.md
+++ b/connector/terraform/README.md
@@ -60,7 +60,7 @@ This module deploys the following three modules internally, that you can deploy
### `elastio-connector-account` module
-Creates an AWS Cloudformation stack named `elastio-account-level-stack`, which is deployed once per AWS account and contains the required IAM resources (roles, policies, etc.) for Elastio Connector to operate in the same account.
+Creates an AWS CloudFormation stack named `elastio-account-level-stack`, which is deployed once per AWS account and contains the required IAM resources (roles, policies, etc.) for Elastio Connector to operate in the same account.
See [`modules/account`](./modules/account) directory for details.
@@ -72,7 +72,7 @@ See [`modules/region`](./modules/region) directory for details.
### `elastio-nat-provision` module
-_Optional._ AWS Cloudformation stack named `elastio-nat-provision-lambda` which deploys NAT gateways in the private subnets where Elastio scan job workers run. This is necessary only if you deploy Elastio into private subnets that don't have outbound Internet access already. Alternatively, you can deploy your own NAT gateway if you want to.
+_Optional._ AWS CloudFormation stack named `elastio-nat-provision-lambda` which deploys NAT gateways in the private subnets where Elastio scan job workers run. This is necessary only if you deploy Elastio into private subnets that don't have outbound Internet access already. Alternatively, you can deploy your own NAT gateway if you want to.
See [`modules/nat-provision`](./modules/nat-provision) directory for details.
@@ -111,14 +111,14 @@ No resources.
| [disable_customer_managed_iam_policies](#input_disable_customer_managed_iam_policies) | If this is set to `false` (or omitted), then the stack will create
additional customer-managed IAM policies that you can attach to your
IAM identities to grant them direct access to the Elastio Connector stack.
This way you can use elastio CLI directly to list Elastio scan jobs or
submit new scan jobs. Set this to `true` if you don't need these policies. | `bool` | `null` | no |
| [ecr_public_prefix](#input_ecr_public_prefix) | Repository prefix for the ECR Public registry. Used to configure a pull-through
cache for elastio images that are downloaded from ECR Public. You can configure
your own cache via ECR private, and then specify the repository prefix here.
This field supports 'account_id' and 'region' interpolation.
For example, such value can be provided:
'{{account\_id}}.dkr.ecr.{{region}}.amazonaws.com/ecr-public' | `string` | `null` | no |
| [elastio_cloud_connectors](#input_elastio_cloud_connectors) | List of regions where Cloud Connectors are to be deployed, VPC and subnet(s) to use,
and other regional configurations (mostly for regulatory compliance). | list(object({
region = string
# Should not be set if `network_configuration`
# is set to `Auto` (which is the default)
vpc_id = optional(string)
subnet_ids = optional(list(string))
s3_access_logging = optional(object({
target_bucket = string
target_prefix = optional(string)
# Can be one of the following:
# - SimplePrefix
# - PartitionedPrefix:EventTime
# - PartitionedPrefix:DeliveryTime
target_object_key_format = optional(string)
}))
})) | n/a | yes |
-| [elastio_nat_provision_stack](#input_elastio_nat_provision_stack) | Specifies the version of Elastio NAT provision stack to deploy (e.g. `v5`).
This is a Cloudformation stack that automatically provisions NAT Gateways in
your VPC when Elastio worker instances run to provide them with the outbound
Internet access when Elastio is deployed in private subnets.
If you don't need this stack (e.g. you already have NAT gateways in your VPC
or you deploy into public subnets) you can omit this parameter. The default
value of `null` means there won't be any NAT provision stack deployed.
The source code of this stack can be found here:
https://github.com/elastio/contrib/tree/master/elastio-nat-provision-lambda | `string` | `null` | no |
+| [elastio_nat_provision_stack](#input_elastio_nat_provision_stack) | Specifies the version of Elastio NAT provision stack to deploy (e.g. `v5`).
This is a CloudFormation stack that automatically provisions NAT Gateways in
your VPC when Elastio worker instances run to provide them with the outbound
Internet access when Elastio is deployed in private subnets.
If you don't need this stack (e.g. you already have NAT gateways in your VPC
or you deploy into public subnets) you can omit this parameter. The default
value of `null` means there won't be any NAT provision stack deployed.
The source code of this stack can be found here:
https://github.com/elastio/contrib/tree/master/elastio-nat-provision-lambda | `string` | `null` | no |
| [elastio_pat](#input_elastio_pat) | Personal Access Token generated by the Elastio Portal | `string` | n/a | yes |
| [elastio_tenant](#input_elastio_tenant) | Name of your Elastio tenant. For example `mycompany.app.elastio.com` | `string` | n/a | yes |
| [encrypt_with_cmk](#input_encrypt_with_cmk) | Provision additional customer-managed KMS keys to encrypt
Lambda environment variables, DynamoDB tables, S3. Note that
by default data is encrypted with AWS-managed keys.
Enable this option only if your compliance requirements mandate the usage of CMKs.
If this option is disabled Elastio creates only 1 CMK per region where
the Elastio Connector stack is deployed. If this option is enabled then
Elastio creates 1 KMS key per AWS account and 2 KMS keys per every AWS
region where Elastio is deployed in your AWS account.
If you have `elastio_nat_provision_stack` enabled as well, then 1 more KMS key
will be created as part of that stack as well (for a total of 3 KMS keys per region). | `bool` | `null` | no |
| [global_managed_policies](#input_global_managed_policies) | List of IAM managed policies ARNs to attach to all Elastio IAM roles | `set(string)` | `null` | no |
| [global_permission_boundary](#input_global_permission_boundary) | The ARN of the IAM managed policy to use as a permission boundary for all Elastio IAM roles | `string` | `null` | no |
| [iam_resource_names_prefix](#input_iam_resource_names_prefix) | Add a custom prefix to names of all IAM resources deployed by this stack.
The sum of the length of the prefix and suffix must not exceed 14 characters. | `string` | `null` | no |
-| [iam_resource_names_static](#input_iam_resource_names_static) | If enabled, the stack will use static resource names without random characters in them.
This parameter is set to `true` by default, and it shouldn't be changed. The older
versions of Elastio stack used random names generated by Cloudformation for IAM
resources, which is inconvenient to work with. New deployments that use the terraform
automation should have this set to `true` for easier management of IAM resources. | `bool` | `true` | no |
+| [iam_resource_names_static](#input_iam_resource_names_static) | If enabled, the stack will use static resource names without random characters in them.
This parameter is set to `true` by default, and it shouldn't be changed. The older
versions of Elastio stack used random names generated by CloudFormation for IAM
resources, which is inconvenient to work with. New deployments that use the terraform
automation should have this set to `true` for easier management of IAM resources. | `bool` | `true` | no |
| [iam_resource_names_suffix](#input_iam_resource_names_suffix) | Add a custom prefix to names of all IAM resources deployed by this stack.
The sum of the length of the prefix and suffix must not exceed 14 characters. | `string` | `null` | no |
| [lambda_tracing](#input_lambda_tracing) | Enable AWS X-Ray tracing for Lambda functions. This increases the cost of
the stack. Enable only if needed | `bool` | `null` | no |
| [network_configuration](#input_network_configuration) | Can be set to either `Auto` or `Manual`. If set to `Auto`, Elastio will
automatically create a VPC and subnets in the specified regions for the
scan clusters to run in.
If set to `Manual`, you must provide the VPC ID and subnet IDs in the
`elastio_cloud_connectors` with the network config for each region. | `string` | `"Auto"` | no |
diff --git a/connector/terraform/modules/account/README.md b/connector/terraform/modules/account/README.md
index 869bf1c..9c76c77 100644
--- a/connector/terraform/modules/account/README.md
+++ b/connector/terraform/modules/account/README.md
@@ -1,6 +1,6 @@
# `elastio-connector-account` module
-Deploys an AWS Cloudformation stack named `elastio-account-level-stack`, which is deployed once per AWS account and contains the required IAM resources (roles, policies, etc.) for Elastio Connector to operate in the same account.
+Deploys an AWS CloudFormation stack named `elastio-account-level-stack`, which is deployed once per AWS account and contains the required IAM resources (roles, policies, etc.) for Elastio Connector to operate in the same account.
See the [`elastio-connector` module implementation](../../main.tf) for an example of how this module should be used.
@@ -59,7 +59,7 @@ No modules.
| [global_managed_policies](#input_global_managed_policies) | List of IAM managed policies ARNs to attach to all Elastio IAM roles | `set(string)` | `null` | no |
| [global_permission_boundary](#input_global_permission_boundary) | The ARN of the IAM managed policy to use as a permission boundary for all Elastio IAM roles | `string` | `null` | no |
| [iam_resource_names_prefix](#input_iam_resource_names_prefix) | Add a custom prefix to names of all IAM resources deployed by this stack.
The sum of the length of the prefix and suffix must not exceed 14 characters. | `string` | `null` | no |
-| [iam_resource_names_static](#input_iam_resource_names_static) | If enabled, the stack will use static resource names without random characters in them.
This parameter is set to `true` by default, and it shouldn't be changed. The older
versions of Elastio stack used random names generated by Cloudformation for IAM
resources, which is inconvenient to work with. New deployments that use the terraform
automation should have this set to `true` for easier management of IAM resources. | `bool` | `true` | no |
+| [iam_resource_names_static](#input_iam_resource_names_static) | If enabled, the stack will use static resource names without random characters in them.
This parameter is set to `true` by default, and it shouldn't be changed. The older
versions of Elastio stack used random names generated by CloudFormation for IAM
resources, which is inconvenient to work with. New deployments that use the terraform
automation should have this set to `true` for easier management of IAM resources. | `bool` | `true` | no |
| [iam_resource_names_suffix](#input_iam_resource_names_suffix) | Add a custom prefix to names of all IAM resources deployed by this stack.
The sum of the length of the prefix and suffix must not exceed 14 characters. | `string` | `null` | no |
| [lambda_tracing](#input_lambda_tracing) | Enable AWS X-Ray tracing for Lambda functions. This increases the cost of
the stack. Enable only if needed | `bool` | `null` | no |
| [network_configuration](#input_network_configuration) | Can be set to either `Auto` or `Manual`. If set to `Auto`, Elastio will
automatically create a VPC and subnets in the specified regions for the
scan clusters to run in.
If set to `Manual`, you must provide the `vpc_id` and `subnet_ids` in the
`region` module with the network config for each region. | `string` | `"Auto"` | no |
diff --git a/connector/terraform/modules/account/variables.tf b/connector/terraform/modules/account/variables.tf
index ca846c4..93976d3 100644
--- a/connector/terraform/modules/account/variables.tf
+++ b/connector/terraform/modules/account/variables.tf
@@ -147,7 +147,7 @@ variable "iam_resource_names_static" {
If enabled, the stack will use static resource names without random characters in them.
This parameter is set to `true` by default, and it shouldn't be changed. The older
- versions of Elastio stack used random names generated by Cloudformation for IAM
+ versions of Elastio stack used random names generated by CloudFormation for IAM
resources, which is inconvenient to work with. New deployments that use the terraform
automation should have this set to `true` for easier management of IAM resources.
DESCR
diff --git a/connector/terraform/modules/nat-provision/README.md b/connector/terraform/modules/nat-provision/README.md
index c749375..20ea6d9 100644
--- a/connector/terraform/modules/nat-provision/README.md
+++ b/connector/terraform/modules/nat-provision/README.md
@@ -1,6 +1,6 @@
# `elastio-nat-provision` module
-Creates an AWS Cloudformation stack named `elastio-nat-provision-lambda` which deploys NAT gateways in the private subnets where Elastio scan job workers run. This is necessary only if you deploy Elastio into private subnets that don't have outbound Internet access already. Alternatively, you can deploy your own NAT gateway if you want to.
+Creates an AWS CloudFormation stack named `elastio-nat-provision-lambda` which deploys NAT gateways in the private subnets where Elastio scan job workers run. This is necessary only if you deploy Elastio into private subnets that don't have outbound Internet access already. Alternatively, you can deploy your own NAT gateway if you want to.
See the [`elastio-connector` module implementation](../../main.tf) for an example of how this module should be used.
diff --git a/connector/terraform/variables.tf b/connector/terraform/variables.tf
index b020ab1..9a9bc46 100644
--- a/connector/terraform/variables.tf
+++ b/connector/terraform/variables.tf
@@ -72,7 +72,7 @@ variable "elastio_nat_provision_stack" {
description = <