Update documentation and add examples (#16)

HorizonNet · web-flow · commit 0e0e61e02f6d · 2023-07-24T18:45:35.000+02:00
diff --git a/.editorconfig b/.editorconfig
@@ -20,7 +20,7 @@ indent_style = space
 max_line_length = off
 
 [*.md]
-max_line_length = 0
+max_line_length = off
 trim_trailing_whitespace = false
 
 [*.yml]
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -28,3 +28,4 @@ jobs:
           format: 'table'
           exit-code: '1'
           hide-progress: false
+          skip-dirs: 'examples'
diff --git a/README.md b/README.md
@@ -1,3 +1,42 @@
 # AWS Secure S3 Terraform module
 
 Terraform module which creates a S3 bucket on AWS with secure defaults.
+
+## Usage
+
+The simplest usage of this module is shown below. It only requires to pass in the `bucket_name`.
+
+```hcl
+module "terraform_state_s3_bucket" {
+  source  = "ultratendency/secure-s3-bucket/aws"
+  version = "1.0.0"
+
+  bucket_name = "secure-bucket"
+}
+```
+
+A complete example looks like the following, where all inputs are configured.
+
+```hcl
+module "terraform_state_s3_bucket" {
+  source  = "ultratendency/secure-s3-bucket/aws"
+  version = "1.0.0"
+
+  bucket_name = "secure-bucket"
+
+  bucket_lifecycle_configuration_rule_noncurrent_version_expiration_noncurrent_days           = 45
+  bucket_lifecycle_configuration_rule_noncurrent_version_first_transition_noncurrent_days     = 15
+  bucket_lifecycle_configuration_rule_noncurrent_version_first_transition_storage_class       = "ONEZONE_IA"
+  bucket_lifecycle_configuration_rule_noncurrent_version_second_transition_noncurrent_days    = 30
+  bucket_lifecycle_configuration_rule_noncurrent_version_second_transition_storage_class      = "GLACIER_IR"
+  bucket_lifecycle_configuration_rule_abort_incomplete_multipart_upload_days_after_initiation = 14
+
+  aws_kms_key_enable_key_rotation = false
+  aws_kms_key_multi_region        = true
+
+  aws_s3_bucket_public_access_block_block_public_acls       = false
+  aws_s3_bucket_public_access_block_block_public_policy     = false
+  aws_s3_bucket_public_access_block_ignore_public_acls      = false
+  aws_s3_bucket_public_access_block_restrict_public_buckets = false
+}
+```
diff --git a/checkov-config.yml b/checkov-config.yml
@@ -6,3 +6,5 @@ skip-check:
   - CKV_AWS_18
   - CKV_AWS_144
   - CKV2_AWS_62
+  # As we're using the Terraform Registry
+  - CKV_TF_1
diff --git a/examples/complete/README.md b/examples/complete/README.md
@@ -0,0 +1,17 @@
+# Complete bucket
+
+The configuration in this directory creates a S3 bucket with all input set to different values
+than the defaults.
+
+## Usage
+
+To run this example you need to execute:
+
+```bash
+terraform init
+terraform plan
+terraform apply
+```
+
+Note that this example may create resources which can cost money (AWS Elastic IP, for example).
+Run `terraform destroy`` when you don't need these resources.
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -0,0 +1,25 @@
+provider "aws" {
+  region = "eu-central-1"
+}
+
+module "terraform_state_s3_bucket" {
+  source  = "ultratendency/secure-s3-bucket/aws"
+  version = "1.0.0"
+
+  bucket_name = "secure-bucket"
+
+  bucket_lifecycle_configuration_rule_noncurrent_version_expiration_noncurrent_days           = 45
+  bucket_lifecycle_configuration_rule_noncurrent_version_first_transition_noncurrent_days     = 15
+  bucket_lifecycle_configuration_rule_noncurrent_version_first_transition_storage_class       = "ONEZONE_IA"
+  bucket_lifecycle_configuration_rule_noncurrent_version_second_transition_noncurrent_days    = 30
+  bucket_lifecycle_configuration_rule_noncurrent_version_second_transition_storage_class      = "GLACIER_IR"
+  bucket_lifecycle_configuration_rule_abort_incomplete_multipart_upload_days_after_initiation = 14
+
+  aws_kms_key_enable_key_rotation = false
+  aws_kms_key_multi_region        = true
+
+  aws_s3_bucket_public_access_block_block_public_acls       = false
+  aws_s3_bucket_public_access_block_block_public_policy     = false
+  aws_s3_bucket_public_access_block_ignore_public_acls      = false
+  aws_s3_bucket_public_access_block_restrict_public_buckets = false
+}
diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.0"
+    }
+  }
+}
diff --git a/examples/simple/README.md b/examples/simple/README.md
@@ -0,0 +1,16 @@
+# Simple bucket
+
+The configuration in this directory creates a S3 bucket with all default values.
+
+## Usage
+
+To run this example you need to execute:
+
+```bash
+terraform init
+terraform plan
+terraform apply
+```
+
+Note that this example may create resources which can cost money (AWS Elastic IP, for example).
+Run `terraform destroy`` when you don't need these resources.
diff --git a/examples/simple/main.tf b/examples/simple/main.tf
@@ -0,0 +1,10 @@
+provider "aws" {
+  region = "eu-central-1"
+}
+
+module "terraform_state_s3_bucket" {
+  source  = "ultratendency/secure-s3-bucket/aws"
+  version = "1.0.0"
+
+  bucket_name = "secure-bucket"
+}
diff --git a/examples/simple/versions.tf b/examples/simple/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.0"
+    }
+  }
+}
