Merge pull request #3 from RohitSquareops/main

Updated readme, variables

Author: sunil-kumar-squareops

IAM.md

@@ -4,7 +4,7 @@
 The Policy required is:
 
 ```json
- { 
+ {
     "Version": "2012-10-17",
     "Statement": [
         {
@@ -110,4 +110,4 @@ The Policy required is:
 }
 
 ```
-<!-- END OF PRE-COMMIT-PIKE DOCS HOOK -->
+<!-- END OF PRE-COMMIT-PIKE DOCS HOOK -->

LICENSE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2023 SquareOps Technologies Pvt. Ltd. 
+   Copyright 2023 SquareOps Technologies Pvt. Ltd.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
@@ -198,4 +198,4 @@
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
-   limitations under the License.
+   limitations under the License.

README.md

@@ -12,16 +12,15 @@ Terraform module to create Remote State Storage resources for workload deploymen
 ```hcl
 module "backend" {
   source = "squareops/tfstate/aws"
-
+  logging                                         = true
   environment                                     = "Production"
   bucket_name                                     = "tfstate"
   force_destroy                                   = true
   versioning_enabled                              = true
-  logging                                         = true
 }
 
 ```
-Refer [examples](https://github.com/squareops/terraform-aws-tfstate/tree/main/examples/state-storage-backend) for more details. 
+Refer [examples](https://github.com/squareops/terraform-aws-tfstate/tree/main/examples/state-storage-backend) for more details.
 
 ## IAM Permissions
 The required IAM permissions to create resources from this module can be found [here](https://github.com/squareops/terraform-aws-tfstate/blob/main/IAM.md)
@@ -60,8 +59,8 @@ In this module, we have implemented the following CIS Compliance checks for S3:
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_kms_key"></a> [kms\_key](#module\_kms\_key) | clouddrove/kms/aws | 0.15.0 |
-| <a name="module_log_bucket"></a> [log\_bucket](#module\_log\_bucket) | terraform-aws-modules/s3-bucket/aws | 3.4.0 |
-| <a name="module_s3_bucket"></a> [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | 3.4.0 |
+| <a name="module_log_bucket"></a> [log\_bucket](#module\_log\_bucket) | terraform-aws-modules/s3-bucket/aws | 3.10.0 |
+| <a name="module_s3_bucket"></a> [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | 3.10.0 |
 
 ## Resources
 
@@ -79,26 +78,25 @@ In this module, we have implemented the following CIS Compliance checks for S3:
 | [aws_iam_policy_document.bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.cloudtrail_assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_region.region](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_bucket_name"></a> [bucket\_name](#input\_bucket\_name) | bucket name | `string` | `""` | no |
-| <a name="input_environment"></a> [environment](#input\_environment) | Select enviroment type: dev, demo, prod | `string` | `"demo"` | no |
-| <a name="input_force_destroy"></a> [force\_destroy](#input\_force\_destroy) | Indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error | `bool` | `false` | no |
-| <a name="input_logging"></a> [logging](#input\_logging) | Map containing access bucket logging configuration | `bool` | `false` | no |
-| <a name="input_region"></a> [region](#input\_region) | In which region S3 bucket will create | `string` | `""` | no |
-| <a name="input_versioning_enabled"></a> [versioning\_enabled](#input\_versioning\_enabled) | keeping multiple variants of an object in the same bucket | `bool` | `false` | no |
+| <a name="input_bucket_name"></a> [bucket\_name](#input\_bucket\_name) | Name of the S3 bucket to be created. | `string` | `""` | no |
+| <a name="input_environment"></a> [environment](#input\_environment) | Specify the type of environment(dev, demo, prod) in which the S3 bucket will be created. | `string` | `"demo"` | no |
+| <a name="input_force_destroy"></a> [force\_destroy](#input\_force\_destroy) | Whether or not to delete all objects from the bucket to allow for destruction of the bucket without error. | `bool` | `false` | no |
+| <a name="input_logging"></a> [logging](#input\_logging) | Configuration for S3 bucket access logging. | `bool` | `true` | no |
+| <a name="input_versioning_enabled"></a> [versioning\_enabled](#input\_versioning\_enabled) | Whether or not to enable versioning for the S3 bucket, which allows multiple versions of an object to be stored in the same bucket. | `bool` | `false` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| <a name="output_bucket_region"></a> [bucket\_region](#output\_bucket\_region) | In which region S3 bucket will create |
-| <a name="output_dynamodb_table_name"></a> [dynamodb\_table\_name](#output\_dynamodb\_table\_name) | dynamodb table name |
-| <a name="output_log_bucket_name"></a> [log\_bucket\_name](#output\_log\_bucket\_name) | logging table name |
-| <a name="output_state_bucket_name"></a> [state\_bucket\_name](#output\_state\_bucket\_name) | bucket name with id |
+| <a name="output_dynamodb_table_name"></a> [dynamodb\_table\_name](#output\_dynamodb\_table\_name) | Name of the DynamoDB table that will be used to manage locking and unlocking of the Terraform state file. |
+| <a name="output_log_bucket_name"></a> [log\_bucket\_name](#output\_log\_bucket\_name) | Name of the S3 bucket that will be used to store logs for this module. |
+| <a name="output_state_bucket_name"></a> [state\_bucket\_name](#output\_state\_bucket\_name) | Specify the region in which an S3 bucket will be created by the module. |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 ## Contribution & Issue Reporting
@@ -107,7 +105,7 @@ To report an issue with a project:
 
   1. Check the repository's [issue tracker](https://github.com/squareops/terraform-aws-tfstate/issues) on GitHub
   2. Search to see if the issue has already been reported
-  3. If you can't find an answer to your question in the documentation or issue tracker, you can ask a question by creating a new issue. Make sure to provide enough context and details . 
+  3. If you can't find an answer to your question in the documentation or issue tracker, you can ask a question by creating a new issue. Make sure to provide enough context and details .
 
 ## License
 
@@ -139,4 +137,3 @@ We believe that the key to success in the digital age is the ability to deliver
 We provide [support](https://squareops.com/contact-us/) on all of our projects, no matter how small or large they may be.
 
 You can find more information about our company on this [squareops.com](https://squareops.com/), follow us on [Linkedin](https://www.linkedin.com/company/squareops-technologies-pvt-ltd/), or fill out a [job application](https://squareops.com/careers/). If you have any questions or would like assistance with your cloud strategy and implementation, please don't hesitate to [contact us](https://squareops.com/contact-us/).
-

examples/state-storage-backend/README.md

@@ -3,8 +3,8 @@
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | 3.50.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.9 |
 
 ## Providers
 
@@ -14,7 +14,7 @@ No providers.
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_backend"></a> [backend](#module\_backend) | ../../ | n/a |
+| <a name="module_backend"></a> [backend](#module\_backend) | squareops/tfstate/aws | n/a |
 
 ## Resources
 
@@ -28,9 +28,10 @@ No inputs.
 
 | Name | Description |
 |------|-------------|
-| <a name="output_bucket_region"></a> [bucket\_region](#output\_bucket\_region) | In which region S3 bucket will create |
-| <a name="output_dynamodb_table_name"></a> [dynamodb\_table\_name](#output\_dynamodb\_table\_name) | dynamodb table name |
-| <a name="output_state_bucket_name"></a> [state\_bucket\_name](#output\_state\_bucket\_name) | bucket name with id |
+| <a name="output_bucket_region"></a> [bucket\_region](#output\_bucket\_region) | Specify the region in which an S3 bucket will be created by the module. |
+| <a name="output_dynamodb_table_name"></a> [dynamodb\_table\_name](#output\_dynamodb\_table\_name) | Name of the DynamoDB table that will be used to manage locking and unlocking of the Terraform state file. |
+| <a name="output_log_bucket_name"></a> [log\_bucket\_name](#output\_log\_bucket\_name) | Name of the S3 bucket that will be used to store logs for this module. |
+| <a name="output_state_bucket_name"></a> [state\_bucket\_name](#output\_state\_bucket\_name) | Name of the S3 bucket that will be used to store the Terraform state file. |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Our Other Projects
 
@@ -81,4 +82,3 @@ We believe that the key to success in the digital age is the ability to deliver
 We provide [support](https://squareops.com/contact-us/) on all of our projects, no matter how small or large they may be.
 
 You can find more information about our company on this [squareops.com](https://squareops.com/), follow us on [linkdin](https://www.linkedin.com/company/squareops-technologies-pvt-ltd/), or fill out a [job application](https://squareops.com/careers/). If you have any questions or would like assistance with your cloud strategy and implementation, please don't hesitate to [contact us](https://squareops.com/contact-us/).
-

examples/state-storage-backend/main.tf

@@ -1,14 +1,18 @@
 locals {
   region      = "us-east-2"
-  environment = "dev"
+  environment = "prod"
+  additional_tags = {
+    Owner      = "organization_name"
+    Expires    = "Never"
+    Department = "Engineering"
+  }
 }
 
 module "backend" {
-  source = "../../"
+  source             = "squareops/tfstate/aws"
+  logging            = true
   environment        = local.environment
   bucket_name        = "production-tfstate-bucket" #unique global s3 bucket name
   force_destroy      = true
   versioning_enabled = true
-  logging            = true
-
 }

examples/state-storage-backend/outputs.tf

@@ -1,14 +1,19 @@
 output "bucket_region" {
-  description = "In which region S3 bucket will create"
+  description = "Specify the region in which an S3 bucket will be created by the module."
   value       = local.region
 }
 
 output "state_bucket_name" {
-  description = "bucket name with id"
+  description = "Name of the S3 bucket that will be used to store the Terraform state file."
   value       = module.backend.state_bucket_name
 }
 
 output "dynamodb_table_name" {
-  description = "dynamodb table name"
+  description = "Name of the DynamoDB table that will be used to manage locking and unlocking of the Terraform state file."
   value       = module.backend.dynamodb_table_name
 }
+
+output "log_bucket_name" {
+  description = "Name of the S3 bucket that will be used to store logs for this module."
+  value       = module.backend.log_bucket_name
+}

examples/state-storage-backend/provider.tf

@@ -1,3 +1,6 @@
 provider "aws" {
   region = local.region
-}
+  default_tags {
+    tags = local.additional_tags
+  }
+}

examples/state-storage-backend/versions.tf

@@ -7,4 +7,4 @@ terraform {
 
     }
   }
-}
+}

logging.tf

@@ -110,9 +110,8 @@ resource "aws_iam_role_policy_attachment" "s3_cloudtrail_policy_attachment" {
 module "log_bucket" {
   count                                 = var.logging ? 1 : 0
   source                                = "terraform-aws-modules/s3-bucket/aws"
-  version                               = "3.4.0"
+  version                               = "3.10.0"
   bucket                                = format("%s-%s-log-bucket", var.bucket_name, data.aws_caller_identity.current.account_id)
-  acl                                   = "log-delivery-write"
   force_destroy                         = true
   attach_elb_log_delivery_policy        = true
   attach_lb_log_delivery_policy         = true

main.tf

@@ -55,18 +55,13 @@ data "aws_iam_policy_document" "bucket_policy" {
 }
 
 module "s3_bucket" {
-  source  = "terraform-aws-modules/s3-bucket/aws"
-  version = "3.4.0"
-
-  bucket        = format("%s-%s", var.bucket_name, data.aws_caller_identity.current.account_id)
-  acl           = "private"
-  force_destroy = var.force_destroy
-
-  attach_policy = true
-  policy        = data.aws_iam_policy_document.bucket_policy.json
-
+  source                                = "terraform-aws-modules/s3-bucket/aws"
+  version                               = "3.10.0"
+  bucket                                = format("%s-%s", var.bucket_name, data.aws_caller_identity.current.account_id)
+  force_destroy                         = var.force_destroy
+  attach_policy                         = true
+  policy                                = data.aws_iam_policy_document.bucket_policy.json
   attach_deny_insecure_transport_policy = true
-
   versioning = {
     enabled = var.versioning_enabled
   }
@@ -92,8 +87,8 @@ module "s3_bucket" {
   restrict_public_buckets = true
 
   # S3 Bucket Ownership Controls
-  control_object_ownership = false
-  object_ownership         = "bucket-owner-full-control"
+  control_object_ownership = true
+  object_ownership         = "BucketOwnerPreferred"
 }
 
 resource "aws_dynamodb_table" "dynamodb_table" {