fix(pin): module iam-role/aws version ~> 0.3.0

afiune · afiune · commit da01ac61ab1d · 2023-10-04T16:07:15.000-07:00
Signed-off-by: Salim Afiune Maya &lt;afiune@lacework.net&gt;
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,8 @@
+# v1.0.3
+
+## Bug Fixes
+* fix(pin): module iam-role/aws version ~> 0.3.0
+---
 # v1.0.2
 
 ## Bug Fixes
diff --git a/README.md b/README.md
@@ -7,57 +7,113 @@
 
 Terraform module for configuring an integration with Lacework and AWS for CloudTrail analysis.
 
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.31 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 3.0 |
+| <a name="requirement_lacework"></a> [lacework](#requirement\_lacework) | ~> 0.2 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.1 |
+| <a name="requirement_time"></a> [time](#requirement\_time) | ~> 0.6 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 3.0 |
+| <a name="provider_lacework"></a> [lacework](#provider\_lacework) | ~> 0.2 |
+| <a name="provider_random"></a> [random](#provider\_random) | >= 2.1 |
+| <a name="provider_time"></a> [time](#provider\_time) | ~> 0.6 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_lacework_ct_iam_role"></a> [lacework\_ct\_iam\_role](#module\_lacework\_ct\_iam\_role) | lacework/iam-role/aws | ~> 0.3.0 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_cloudtrail.lacework_cloudtrail](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail) | resource |
+| [aws_iam_policy.cross_account_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
+| [aws_iam_role_policy_attachment.lacework_cross_account_iam_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_kms_key.lacework_kms_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
+| [aws_s3_bucket.cloudtrail_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
+| [aws_s3_bucket.cloudtrail_log_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
+| [aws_sns_topic.lacework_cloudtrail_sns_topic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |
+| [aws_sns_topic_policy.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_policy) | resource |
+| [aws_sns_topic_subscription.lacework_sns_topic_sub](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource |
+| [aws_sqs_queue.lacework_cloudtrail_sqs_queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource |
+| [aws_sqs_queue_policy.lacework_sqs_queue_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue_policy) | resource |
+| [lacework_integration_aws_ct.default](https://registry.terraform.io/providers/lacework/lacework/latest/docs/resources/integration_aws_ct) | resource |
+| [random_id.uniq](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
+| [time_sleep.wait_time](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_iam_policy_document.cloudtrail_s3_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.cross_account_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.kms_key_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.sns_topic_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| cloudtrail_name | Name of the CloudTrail | `string` | "lacework-cloudtrail" | no |
-| enable_log_file_validation | Specifies whether CloudTrail log file integrity validation is enabled | `bool` | `true` | no |
-| bucket_force_destroy | Force destroy bucket (Required when bucket not empty) | `bool` | `false` | no |
-| bucket_name | Optional value to specify name for a newly created S3 bucket. Not required when `use_existing_cloudtrail` is true. | `string` | "" | no |
-| bucket_arn | The S3 bucket ARN is required only when setting `use_existing_cloudtrail` to true | `string` | "" | no |
-| bucket_encryption_enabled | (deprecated) Use `bucket_enable_encryption` instead  | `bool` | `false` | no |
-| bucket_enable_encryption | Set this to `true` to enable encryption on a created S3 bucket | `bool` | `true` | no |
-| bucket_enable_logs | (deprecated) Use `bucket_logs_enabled` instead | `bool` | `false` | no |
-| bucket_logs_enabled | Set this to `true` to enable access logging on a created S3 bucket | `bool` | `true` | no |
-| bucket_enable_mfa_delete | Set this to `true` to require MFA for object deletion (Requires versioning) | `bool` | `false` | no |
-| bucket_enable_versioning | (deprecated) Use `bucket_versioning_enabled` instead | `bool` | `false` | no |
-| bucket_versioning_enabled | Set this to `true` to enable access versioning on a created S3 bucket | `bool` | `true` | no |
-| bucket_sse_algorithm | Name of the server-side encryption algorithm to use ("AES256" or "aws:kms") | `string` | `aws:kms` | no |
-| bucket_sse_key_arn | The ARN of the KMS encryption key to be used for S3 (Required when `bucket_sse_algorithm` is `aws:kms`) | `string` | "" | no |
-| external_id_length | Length of External ID (max 1224) | `number` | 16 | no |
-| iam_role_external_id | External ID for IAM Role | `string` | "" | no |
-| iam_role_name |  The IAM role name | `string` | "lacework_iam_role" | no |
-| lacework_integration_name | The name of the integration in Lacework. | `string` | TF cloudtrail | no |
-| log_bucket_name | Name of the S3 bucket for access logs. Is required when setting `use_existing_access_log_bucket` to true | `string` | "" | no |
-| access_log_prefix | Optional value to specify a key prefix for access log objects in logging S3 bucket | `string` | "log/" | no |
-| prefix | The prefix that will be use at the beginning of every generated resource | `string` | lacework-ct | no |
-| sns_topic_arn | SNS topic ARN. Can be used when using an existing resource. | `string` | "" | no |
-| sns_topic_name | SNS topic name. Can be used when generating a new resource or when using an existing resource. | `string` | "" | no |
-| sns_topic_encryption_enabled | Set this to `false` to disable encryption on a sns topic. Defaults to true | `bool` | `true` | no |
-| sns_topic_encryption_key_arn | The ARN of an existing KMS encryption key to be used for SNS | `string` | "" | no |
-| sqs_encryption_enabled | Set this to `true` to enable server-side encryption on SQS. | `bool` | `true` | no |
-| sqs_encryption_key_arn | The ARN of the KMS encryption key to be used for SQS (Required when `sqs_encryption_enabled` is `true`) | `string` | "" | no |
-| sqs_queue_name | SQS queue name. Can be used when generating a new resource or when using an existing resource. | `string` | "" | no |
-| sqs_queues | List of SQS queues to configure in the Lacework cross-account policy. | `list(string)` | `[]` | no |
-| consolidated_trail | Set this to `true` to configure a consolidated cloudtrail. | `bool` | `false` | no |
-| org_account_mappings | Mapping of AWS accounts to Lacework accounts within a Lacework organization. | `list(object)` | `[]` | no |
-| use_existing_cloudtrail | Set this to `true` to use an existing cloudtrail. | `bool` | `false` | no |
-| use_existing_access_log_bucket | Set this to `true` to use an existing bucket for access logging. When set to `true` you must provide the `log_bucket_name` | `bool` | `false` | no |
-| use_existing_iam_role | Set this to `true` to use an existing IAM role. When set to `true` you must provide both the `iam_role_name` and `iam_role_external_id` | `bool` | `false` | no |
-| use_existing_sns_topic | When using an existing CloudTrail, set this to `true` to use an existing SNS topic. When set to `true` you must provide the `sns_topic_arn` | `bool` | `false` | no |
-| tags | A map/dictionary of Tags to be assigned to created resources. | `map(string)` | `{}` | no |
-| wait_time | Define a custom delay between cloud resource provision and Lacework external integration to avoid errors while things settle down. Use `10s` for 10 seconds, `5m` for 5 minutes. | `string` | `10s` | no |
+| <a name="input_access_log_prefix"></a> [access\_log\_prefix](#input\_access\_log\_prefix) | Optional value to specify a key prefix for access log objects for logging S3 bucket | `string` | `"log/"` | no |
+| <a name="input_bucket_arn"></a> [bucket\_arn](#input\_bucket\_arn) | The S3 bucket ARN is required when setting use\_existing\_cloudtrail to true | `string` | `""` | no |
+| <a name="input_bucket_enable_encryption"></a> [bucket\_enable\_encryption](#input\_bucket\_enable\_encryption) | (deprecated) Use `bucket_encryption_enabled` instead | `bool` | `true` | no |
+| <a name="input_bucket_enable_logs"></a> [bucket\_enable\_logs](#input\_bucket\_enable\_logs) | (deprecated) Use `bucket_logs_enabled` instead | `bool` | `true` | no |
+| <a name="input_bucket_enable_mfa_delete"></a> [bucket\_enable\_mfa\_delete](#input\_bucket\_enable\_mfa\_delete) | Set this to `true` to require MFA for object deletion (Requires versioning) | `bool` | `false` | no |
+| <a name="input_bucket_enable_versioning"></a> [bucket\_enable\_versioning](#input\_bucket\_enable\_versioning) | (deprecated) Use `bucket_versioning_enabled` instead | `bool` | `true` | no |
+| <a name="input_bucket_encryption_enabled"></a> [bucket\_encryption\_enabled](#input\_bucket\_encryption\_enabled) | Set this to `true` to enable encryption on a created S3 bucket | `bool` | `true` | no |
+| <a name="input_bucket_force_destroy"></a> [bucket\_force\_destroy](#input\_bucket\_force\_destroy) | Force destroy bucket (Required when bucket not empty) | `bool` | `false` | no |
+| <a name="input_bucket_logs_enabled"></a> [bucket\_logs\_enabled](#input\_bucket\_logs\_enabled) | Set this to `true` to enable access logging on a created S3 bucket | `bool` | `true` | no |
+| <a name="input_bucket_name"></a> [bucket\_name](#input\_bucket\_name) | Optional value to specify name for a newly created S3 bucket. Not required when `use_existing_cloudtrail` is true. | `string` | `""` | no |
+| <a name="input_bucket_sse_algorithm"></a> [bucket\_sse\_algorithm](#input\_bucket\_sse\_algorithm) | The encryption algorithm to use for S3 bucket server-side encryption | `string` | `"aws:kms"` | no |
+| <a name="input_bucket_sse_key_arn"></a> [bucket\_sse\_key\_arn](#input\_bucket\_sse\_key\_arn) | The ARN of the KMS encryption key to be used for S3 (Required when `bucket_sse_algorithm` is `aws:kms` and using an existing aws\_kms\_key) | `string` | `""` | no |
+| <a name="input_bucket_versioning_enabled"></a> [bucket\_versioning\_enabled](#input\_bucket\_versioning\_enabled) | Set this to `true` to enable access versioning on a created S3 bucket | `bool` | `true` | no |
+| <a name="input_cloudtrail_name"></a> [cloudtrail\_name](#input\_cloudtrail\_name) | The name of the CloudTrail | `string` | `"lacework-cloudtrail"` | no |
+| <a name="input_consolidated_trail"></a> [consolidated\_trail](#input\_consolidated\_trail) | Set this to true to configure a consolidated cloudtrail | `bool` | `false` | no |
+| <a name="input_cross_account_policy_name"></a> [cross\_account\_policy\_name](#input\_cross\_account\_policy\_name) | n/a | `string` | `""` | no |
+| <a name="input_enable_log_file_validation"></a> [enable\_log\_file\_validation](#input\_enable\_log\_file\_validation) | Specifies whether cloudtrail log file integrity validation is enabled | `bool` | `true` | no |
+| <a name="input_external_id_length"></a> [external\_id\_length](#input\_external\_id\_length) | The length of the external ID to generate. Max length is 1224. Ignored when use\_existing\_iam\_role is set to true | `number` | `16` | no |
+| <a name="input_iam_role_arn"></a> [iam\_role\_arn](#input\_iam\_role\_arn) | The IAM role ARN is required when setting use\_existing\_iam\_role to true | `string` | `""` | no |
+| <a name="input_iam_role_external_id"></a> [iam\_role\_external\_id](#input\_iam\_role\_external\_id) | The external ID configured inside the IAM role is required when setting use\_existing\_iam\_role to true | `string` | `""` | no |
+| <a name="input_iam_role_name"></a> [iam\_role\_name](#input\_iam\_role\_name) | The IAM role name. Required to match with iam\_role\_arn if use\_existing\_iam\_role is set to true | `string` | `""` | no |
+| <a name="input_kms_key_deletion_days"></a> [kms\_key\_deletion\_days](#input\_kms\_key\_deletion\_days) | The waiting period, specified in number of days | `number` | `30` | no |
+| <a name="input_kms_key_multi_region"></a> [kms\_key\_multi\_region](#input\_kms\_key\_multi\_region) | Whether the KMS key is a multi-region or regional key | `bool` | `true` | no |
+| <a name="input_lacework_aws_account_id"></a> [lacework\_aws\_account\_id](#input\_lacework\_aws\_account\_id) | The Lacework AWS account that the IAM role will grant access | `string` | `"434813966438"` | no |
+| <a name="input_lacework_integration_name"></a> [lacework\_integration\_name](#input\_lacework\_integration\_name) | The name of the integration in Lacework. | `string` | `"TF cloudtrail"` | no |
+| <a name="input_log_bucket_name"></a> [log\_bucket\_name](#input\_log\_bucket\_name) | Name of the S3 bucket for access logs. Is required when setting `use_existing_access_log_bucket` to true | `string` | `""` | no |
+| <a name="input_org_account_mappings"></a> [org\_account\_mappings](#input\_org\_account\_mappings) | Mapping of AWS accounts to Lacework accounts within a Lacework organization | <pre>list(object({<br>    default_lacework_account = string<br>    mapping = list(object({<br>      lacework_account = string<br>      aws_accounts     = list(string)<br>    }))<br>  }))</pre> | `[]` | no |
+| <a name="input_prefix"></a> [prefix](#input\_prefix) | The prefix that will be use at the beginning of every generated resource | `string` | `"lacework-ct"` | no |
+| <a name="input_sns_topic_arn"></a> [sns\_topic\_arn](#input\_sns\_topic\_arn) | The SNS topic ARN | `string` | `""` | no |
+| <a name="input_sns_topic_encryption_enabled"></a> [sns\_topic\_encryption\_enabled](#input\_sns\_topic\_encryption\_enabled) | Set this to `false` to disable encryption on a sns topic. Defaults to true | `bool` | `true` | no |
+| <a name="input_sns_topic_encryption_key_arn"></a> [sns\_topic\_encryption\_key\_arn](#input\_sns\_topic\_encryption\_key\_arn) | The ARN of an existing KMS encryption key to be used for SNS | `string` | `""` | no |
+| <a name="input_sns_topic_name"></a> [sns\_topic\_name](#input\_sns\_topic\_name) | The SNS topic name | `string` | `""` | no |
+| <a name="input_sqs_encryption_enabled"></a> [sqs\_encryption\_enabled](#input\_sqs\_encryption\_enabled) | Set this to `true` to enable server-side encryption on SQS. | `bool` | `true` | no |
+| <a name="input_sqs_encryption_key_arn"></a> [sqs\_encryption\_key\_arn](#input\_sqs\_encryption\_key\_arn) | The ARN of the KMS encryption key to be used for SQS (Required when `sqs_encryption_enabled` is `true`) | `string` | `""` | no |
+| <a name="input_sqs_queue_name"></a> [sqs\_queue\_name](#input\_sqs\_queue\_name) | The SQS queue name | `string` | `""` | no |
+| <a name="input_sqs_queues"></a> [sqs\_queues](#input\_sqs\_queues) | List of SQS queues to configure in the Lacework cross-account policy | `list(string)` | `[]` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | A map/dictionary of Tags to be assigned to created resources | `map(string)` | `{}` | no |
+| <a name="input_use_existing_access_log_bucket"></a> [use\_existing\_access\_log\_bucket](#input\_use\_existing\_access\_log\_bucket) | Set this to `true` to use an existing bucket for access logging. Default behavior creates a new access log bucket if logging is enabled | `bool` | `false` | no |
+| <a name="input_use_existing_cloudtrail"></a> [use\_existing\_cloudtrail](#input\_use\_existing\_cloudtrail) | Set this to true to use an existing cloudtrail. Default behavior enables new cloudtrail | `bool` | `false` | no |
+| <a name="input_use_existing_iam_role"></a> [use\_existing\_iam\_role](#input\_use\_existing\_iam\_role) | Set this to true to use an existing IAM role | `bool` | `false` | no |
+| <a name="input_use_existing_sns_topic"></a> [use\_existing\_sns\_topic](#input\_use\_existing\_sns\_topic) | Set this to true to use an existing SNS topic. Default behavior creates a new SNS topic | `bool` | `false` | no |
+| <a name="input_wait_time"></a> [wait\_time](#input\_wait\_time) | Amount of time to wait before the next resource is provisioned. | `string` | `"10s"` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| external_id | Dynamically generated External ID configured into the IAM role |
-| iam_role_name | IAM Role name generated |
-| iam_role_arn | IAM Role ARN |
-| bucket_name | S3 Bucket name |
-| bucket_arn | S3 Bucket ARN |
-| sqs_name | SQS Queue name |
-| sqs_arn | SQS Queue ARN |
-| sns_arn | SNS Topic ARN |
+| <a name="output_bucket_arn"></a> [bucket\_arn](#output\_bucket\_arn) | S3 Bucket ARN |
+| <a name="output_bucket_name"></a> [bucket\_name](#output\_bucket\_name) | S3 Bucket name |
+| <a name="output_external_id"></a> [external\_id](#output\_external\_id) | The External ID configured into the IAM role |
+| <a name="output_iam_role_arn"></a> [iam\_role\_arn](#output\_iam\_role\_arn) | The IAM Role ARN |
+| <a name="output_iam_role_name"></a> [iam\_role\_name](#output\_iam\_role\_name) | The IAM Role name |
+| <a name="output_sns_arn"></a> [sns\_arn](#output\_sns\_arn) | SNS Topic ARN |
+| <a name="output_sns_name"></a> [sns\_name](#output\_sns\_name) | SNS Topic name |
+| <a name="output_sqs_arn"></a> [sqs\_arn](#output\_sqs\_arn) | SQS Queue ARN |
+| <a name="output_sqs_name"></a> [sqs\_name](#output\_sqs\_name) | SQS Queue name |
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
@@ -1,10 +1,5 @@
 # Release Notes
-Another day, another release. These are the release notes for the version `v1.0.2`.
+Another day, another release. These are the release notes for the version `v1.0.3`.
 
 ## Bug Fixes
-* fix: bucket_encryption_enabled checks SSE Key ARN length (#71) (Salim Afiune)([40578eb](https://github.com/lacework/terraform-aws-cloudtrail/commit/40578eb2f0ff0584d476ccf100c97d84b0564a0d))
-## Documentation Updates
-* docs: update README to match bucket_sse_algorithm default (#68) (Albert Dixon)([392c3a8](https://github.com/lacework/terraform-aws-cloudtrail/commit/392c3a814ecaf7cd2e7528fd7ac18d49f67f88bd))
-## Other Changes
-* chore: update PR template (#70) (Darren)([1ecf01b](https://github.com/lacework/terraform-aws-cloudtrail/commit/1ecf01bb7ce7ee6b78c0cc15389e8523956dd539))
-* ci: version bump to v1.0.2-dev (Lacework)([dc26bd1](https://github.com/lacework/terraform-aws-cloudtrail/commit/dc26bd1a04c2ac7751cc5bc69455858f600e921d))
+* fix(pin): module iam-role/aws version ~> 0.3.0
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1.0.2
+1.0.3
diff --git a/main.tf b/main.tf
@@ -418,7 +418,7 @@ resource "aws_iam_policy" "cross_account_policy" {
 
 module "lacework_ct_iam_role" {
   source                  = "lacework/iam-role/aws"
-  version                 = "~> 0.1"
+  version                 = "~> 0.3.0"
   create                  = var.use_existing_iam_role ? false : true
   iam_role_name           = local.iam_role_name
   lacework_aws_account_id = var.lacework_aws_account_id
