diff --git a/.githooks/pre-commit b/.githooks/pre-commit
index 1d69abe..98253d7 100755
--- a/.githooks/pre-commit
+++ b/.githooks/pre-commit
@@ -34,6 +34,14 @@ if command_exists typos; then
echo "$files" | xargs typos
fi
+if command_exists terraform-docs; then
+ pushd asset-account/terraform/stack-set
+ files="$files asset-account/terraform/stack-set/README.md"
+
+ terraform-docs markdown . --output-file README.md
+ popd
+fi
+
if command_exists ./node_modules/.bin/prettier; then
echo "$files" | xargs ./node_modules/.bin/prettier --ignore-unknown --write
fi
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index c27df31..f1c2f66 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -47,6 +47,44 @@ jobs:
- run: terraform validate
working-directory: ${{ matrix.project }}
+ terraform-docs:
+ runs-on: ubuntu-latest
+
+ strategy:
+ matrix:
+ terraform_module:
+ - asset-account/terraform/stack-set
+
+ steps:
+ - uses: actions/checkout@v4
+ - uses: actions/setup-node@v4
+ with:
+ node-version: "22"
+ cache: "npm"
+ - run: npm ci --ignore-scripts
+
+ - run: |
+ curl https://github.com/terraform-docs/terraform-docs/releases/download/v0.19.0/terraform-docs-v0.19.0-linux-amd64.tar.gz \
+ --location \
+ --silent \
+ --retry 5 \
+ --retry-all-errors \
+ --show-error \
+ | tar -xz terraform-docs > ./terraform-docs
+ working-directory: ${{ matrix.terraform_module }}
+
+ - run: chmod +x ./terraform-docs
+ working-directory: ${{ matrix.terraform_module }}
+
+ - run: ./terraform-docs markdown . --output-file README.md
+ working-directory: ${{ matrix.terraform_module }}
+
+ - run: npx prettier -w .
+
+ - run: >-
+ git diff --exit-code --color=always || ( echo "Terraform docs are
+ out-of-date. See the diff above." && exit 1 )
+
prettier:
runs-on: ubuntu-latest
steps:
diff --git a/.gitignore b/.gitignore
index f4c18be..bdebada 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,4 @@
terraform.tfstate
terraform.tfstate.backup
terraform.tfvars
+/node_modules
diff --git a/asset-account/terraform/stack-set/README.md b/asset-account/terraform/stack-set/README.md
index 0383280..82ddbc0 100644
--- a/asset-account/terraform/stack-set/README.md
+++ b/asset-account/terraform/stack-set/README.md
@@ -21,3 +21,62 @@ module "elastio_asset_account" {
// Provide input parameters
}
```
+
+
+
+## Requirements
+
+| Name | Version |
+| ------------------------------------------------------------------------ | ------- |
+| [terraform](#requirement_terraform) | >= 1.0 |
+| [aws](#requirement_aws) | >= 5.0 |
+
+## Providers
+
+| Name | Version |
+| ------------------------------------------------ | ------- |
+| [aws](#provider_aws) | >= 5.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+| ----------------------------------------------------------------------------------------------------------------------------------------------------- | -------- |
+| [aws_cloudformation_stack_instances.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_instances) | resource |
+| [aws_cloudformation_stack_set.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_set) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+| ------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------: |
+| [accounts](#input_accounts) | The IDs AWS accounts where you want to create stack instances.
Specify `accounts` only if you are using `SELF_MANAGED` permissions model.
If you are using the `SERVICE_MANAGED` permissions model specify `deployment_targets` instead. | `list(string)` | `null` | no |
+| [administration_role_arn](#input_administration_role_arn) | [See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_set#administration_role_arn-1) | `string` | `null` | no |
+| [auto_deployment](#input_auto_deployment) | [See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_set#auto_deployment-1) | object({
enabled = optional(bool)
retain_stacks_on_account_removal = optional(bool)
}) | `null` | no |
+| [call_as](#input_call_as) | [See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_set#call_as-1) | `string` | `null` | no |
+| [deployment_targets](#input_deployment_targets) | The AWS Organizations accounts for which to create stack instances.
Specify `deployment_targets` only if you are using `SERVICE_MANAGED` permissions model.
If you are using the `SELF_MANAGED` permissions model specify `accounts` instead.
[Details](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_instances#deployment_targets) | object({
account_filter_type = optional(string)
accounts = optional(list(string))
accounts_url = optional(string)
organizational_unit_ids = optional(list(string))
}) | `null` | no |
+| [encrypt_with_cmk](#input_encrypt_with_cmk) | Provision an additional customer-managed KMS key to encrypt Lambda environment variables.
This increases the cost of the stack. | `bool` | `false` | no |
+| [execution_role_name](#input_execution_role_name) | [See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_set#execution_role_name-1) | `string` | `null` | no |
+| [iam_resource_names_prefix](#input_iam_resource_names_prefix) | Add a custom prefix to names of all IAM resources deployed by this stack. | `string` | `""` | no |
+| [iam_resource_names_suffix](#input_iam_resource_names_suffix) | Add a custom prefix to names of all IAM resources deployed by this stack. | `string` | `""` | no |
+| [lambda_tracing](#input_lambda_tracing) | Enable AWS X-Ray tracing for Lambda functions.
This increases the cost of the stack. | `bool` | `false` | no |
+| [managed_execution](#input_managed_execution) | [See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_set#managed_execution-1) | object({
active = optional(bool)
}) | `null` | no |
+| [operation_preferences](#input_operation_preferences) | [See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_instances#operation_preferences) | object({
concurrency_mode = optional(string)
failure_tolerance_count = optional(number)
failure_tolerance_percentage = optional(number)
max_concurrent_count = optional(number)
max_concurrent_percentage = optional(number)
# Region settings are not supported, because
# there must be at most one stack per account
# in a single region.
}) | `null` | no |
+| [permission_model](#input_permission_model) | [See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_set#permission_model-1) | `string` | `null` | no |
+| [region](#input_region) | The AWS region where the Elastio Asset Account stack instances will be deployed.
It is just a single region because this stack is deployed only once per AWS account. | `string` | `"us-east-1"` | no |
+| [retain_stacks](#input_retain_stacks) | [See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_instances#retain_stacks-1) | `bool` | `null` | no |
+| [stack_set_description](#input_stack_set_description) | n/a | `string` | `"Elastio Asset Account StackSet creates IAM roles to link the AWS accounts with\nthe Elastio Connector. This allows the Elastio Connector to scan the assets\navailable in the account where the Elastio Asset Account stack instances are\ndeployed.\n"` | no |
+| [stack_set_name](#input_stack_set_name) | n/a | `string` | `"ElastioAssetAccount"` | no |
+| [tags](#input_tags) | Additional tags to apply to all resources created by this stack. | `map(string)` | `{}` | no |
+| [template_url](#input_template_url) | The URL of the Elastio Asset Account CloudFormation template obtained from
the Elastio Portal.
This parameter is sensitive, because anyone who knows this URL can deploy
Elastio Account stack and linking it to your Elastio tenant. | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+| -------------------------------------------------------------------------------- | --------------------------------------------------------------- |
+| [stack_instances](#output_stack_instances) | The outputs of the aws_cloudformation_stack_instances resource. |
+| [stack_set](#output_stack_set) | The outputs of the aws_cloudformation_stack_set resource. |
+
+
diff --git a/asset-account/terraform/stack-set/variables.tf b/asset-account/terraform/stack-set/variables.tf
index 6699cae..4c6ba4d 100644
--- a/asset-account/terraform/stack-set/variables.tf
+++ b/asset-account/terraform/stack-set/variables.tf
@@ -35,7 +35,7 @@ variable "deployment_targets" {
Specify `deployment_targets` only if you are using `SERVICE_MANAGED` permissions model.
If you are using the `SELF_MANAGED` permissions model specify `accounts` instead.
- Details: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_instances#deployment_targets
+ [Details](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_instances#deployment_targets)
DESCR
type = object({
@@ -71,6 +71,8 @@ variable "tags" {
}
variable "auto_deployment" {
+ description = "[See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_set#auto_deployment-1)"
+
type = object({
enabled = optional(bool)
retain_stacks_on_account_removal = optional(bool)
@@ -101,7 +103,7 @@ variable "stack_set_description" {
##################################
variable "operation_preferences" {
- description = "See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_instances#operation_preferences"
+ description = "[See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_instances#operation_preferences)"
type = object({
concurrency_mode = optional(string)
@@ -110,13 +112,15 @@ variable "operation_preferences" {
max_concurrent_count = optional(number)
max_concurrent_percentage = optional(number)
- # Region settings are not supported, because there must be at most one stack per account in a single region.
+ # Region settings are not supported, because
+ # there must be at most one stack per account
+ # in a single region.
})
default = null
}
variable "managed_execution" {
- description = "See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_set#managed_execution-1"
+ description = "[See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_set#managed_execution-1)"
type = object({
active = optional(bool)
@@ -125,35 +129,35 @@ variable "managed_execution" {
}
variable "administration_role_arn" {
- description = "See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_set#administration_role_arn-1"
+ description = "[See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_set#administration_role_arn-1)"
type = string
default = null
}
variable "execution_role_name" {
- description = "See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_set#execution_role_name-1"
+ description = "[See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_set#execution_role_name-1)"
type = string
default = null
}
variable "permission_model" {
- description = "See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_set#permission_model-1"
+ description = "[See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_set#permission_model-1)"
type = string
default = null
}
variable "call_as" {
- description = "See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_set#call_as-1"
+ description = "[See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_set#call_as-1)"
type = string
default = null
}
variable "retain_stacks" {
- description = "See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_instances#retain_stacks-1"
+ description = "[See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_instances#retain_stacks-1)"
type = bool
default = null