Merge pull request #1 from clouddrove/internal101

Added tf module for aws synthetic canaries

.github/workflows/readme.yaml

@@ -0,0 +1,54 @@
+name: 'Create README.md file'
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  readme-create:
+    name: 'readme-create'
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout'
+        uses: actions/checkout@master
+
+      - name: Set up Python 3.7.
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+
+      - name: 'create readme'
+        uses: 'clouddrove/github-actions@v9.0.2'
+        with:
+          actions_subcommand: 'readme'
+          github_token: '${{ secrets.GITHUB}}'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}}
+
+
+      - name: 'pre-commit check errors'
+        uses: pre-commit/action@v2.0.0
+        continue-on-error: true
+
+      - name: 'pre-commit fix erros'
+        uses: pre-commit/action@v2.0.0
+        continue-on-error: true
+
+      - name: 'push readme'
+        uses: 'clouddrove/github-actions@v9.0.2'
+        continue-on-error: true
+        with:
+          actions_subcommand: 'push'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}}
+
+      - name: 'Slack Notification'
+        uses: clouddrove/action-slack@v2
+        with:
+          status: ${{ job.status }}
+          fields: repo,author
+          author_name: 'CloudDrove'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required
+        if: always()

.github/workflows/static-checks.yml → .github/workflows/terraform.yaml

@@ -19,6 +19,7 @@ jobs:
       minVersion: ${{ steps.minMax.outputs.minVersion }}
       maxVersion: ${{ steps.minMax.outputs.maxVersion }}
 
+
   versionEvaluate:
     name: Evaluate Terraform versions
     runs-on: ubuntu-latest
@@ -30,7 +31,7 @@ jobs:
           - ${{ needs.versionExtract.outputs.minVersion }}
           - ${{ needs.versionExtract.outputs.maxVersion }}
         directory:
-          - _example/complete
+          - _example/
 
     steps:
       - name: Checkout
@@ -41,15 +42,24 @@ jobs:
         with:
           terraform_version: ${{ matrix.version }}
 
+      - name: 'Configure AWS Credentials'
+        uses: clouddrove/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }}
+          aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }}
+          aws-region: us-east-2
+
       - name: Init & validate v${{ matrix.version }}
         run: |
           cd ${{ matrix.directory }}
           terraform init
           terraform validate
+         
       - name: tflint
         uses: reviewdog/action-tflint@master
         with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
+          tflint_version: v0.29.0
+          github_token: ${{ secrets.GITHUB }}
           working_directory: ${{ matrix.directory }}
           fail_on_error: 'true'
           filter_mode: 'nofilter'
@@ -70,4 +80,4 @@ jobs:
           terraform_version: ${{ needs.versionExtract.outputs.maxVersion }}
 
       - name: Check Terraform format changes
-        run: terraform fmt --recursive -check=true
+        run: terraform fmt --recursive

.github/workflows/terratest.yaml

@@ -0,0 +1,42 @@
+name: 'Terratest GitHub Actions'
+on:
+  pull_request:
+    branches:
+      - master
+    types: [labeled]
+
+jobs:
+  terraform:
+    name: 'Terraform'
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: 'Checkout'
+        uses: actions/checkout@master
+
+      - name: Configure AWS Credentials
+        uses: clouddrove/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }}
+          aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }}
+          aws-region: us-east-2
+
+      - name: 'Terratest anomaly_example'
+        if: ${{ github.event.label.name == 'terratest' }}
+        uses: 'clouddrove/github-actions@v9.0.2'
+        with:
+          actions_subcommand: 'terratest'
+          tf_actions_working_dir: '_test/complete'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: 'Slack Notification'
+        uses: clouddrove/action-slack@v2
+        with:
+          status: ${{ job.status }}
+          fields: repo,author
+          author_name: 'CloudDrove'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required
+        if: always()

.github/workflows/tfsec.yaml

@@ -0,0 +1,25 @@
+name: tfsec
+on:
+  pull_request:
+
+jobs:
+  tfsec:
+    name: tfsec sarif report
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Clone repo
+        uses: actions/checkout@master
+
+      - name: tfsec
+        uses: aquasecurity/tfsec-sarif-action@v0.1.0
+        with:
+          sarif_file: tfsec.sarif
+          working_directory: _example
+          full_repo_scan: true
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          # Path to SARIF file relative to the root of the repository
+          sarif_file: tfsec.sarif

.gitignore

@@ -0,0 +1,8 @@
+# ignored files
+*.tfstate
+*.tfstate.backup
+.terraform
+.idea
+*.iml
+go.sum
+*.terraform.lock.hcl

.pre-commit-config.yaml

@@ -18,4 +18,4 @@ repos:
       - id: check-merge-conflict
       - id: debug-statements
       - id: check-yaml
-      - id: check-added-large-files
+      - id: check-added-large-files

Makefile

@@ -0,0 +1,3 @@
+export GENIE_PATH ?= $(shell 'pwd')/../../../genie
+
+include $(GENIE_PATH)/Makefile

README.md

@@ -1 +1,164 @@
-# terraform-module-template
+<!-- This file was automatically generated by the `geine`. Make all changes to `README.yaml` and run `make readme` to rebuild this file. -->
+
+<p align="center"> <img src="https://user-images.githubusercontent.com/50652676/62349836-882fef80-b51e-11e9-99e3-7b974309c7e3.png" width="100" height="100"></p>
+
+
+<h1 align="center">
+    Terraform AWS Cloudwatch Alarms
+</h1>
+
+<p align="center" style="font-size: 1.2rem;"> 
+    Terraform module creates Cloudwatch Alarm on AWS for monitoriing AWS services.
+     </p>
+
+<p align="center">
+
+<a href="https://www.terraform.io">
+  <img src="https://img.shields.io/badge/Terraform-v1.1.7-green" alt="Terraform">
+</a>
+<a href="LICENSE.md">
+  <img src="https://img.shields.io/badge/License-APACHE-blue.svg" alt="Licence">
+</a>
+<a href="https://github.com/clouddrove/terraform-aws-cloudwatch-alarms/actions/workflows/tfsec.yml">
+  <img src="https://github.com/clouddrove/terraform-aws-cloudwatch-alarms/actions/workflows/tfsec.yml/badge.svg" alt="tfsec">
+</a>
+<a href="https://github.com/clouddrove/terraform-aws-cloudwatch-alarms/actions/workflows/terraform.yml">
+  <img src="https://github.com/clouddrove/terraform-aws-cloudwatch-alarms/actions/workflows/terraform.yml/badge.svg" alt="static-checks">
+</a>
+
+
+</p>
+<p align="center">
+
+<a href='https://facebook.com/sharer/sharer.php?u=https://github.com/clouddrove/terraform-aws-cloudwatch-alarms'>
+  <img title="Share on Facebook" src="https://user-images.githubusercontent.com/50652676/62817743-4f64cb80-bb59-11e9-90c7-b057252ded50.png" />
+</a>
+<a href='https://www.linkedin.com/shareArticle?mini=true&title=Terraform+AWS+Cloudwatch+Alarms&url=https://github.com/clouddrove/terraform-aws-cloudwatch-alarms'>
+  <img title="Share on LinkedIn" src="https://user-images.githubusercontent.com/50652676/62817742-4e339e80-bb59-11e9-87b9-a1f68cae1049.png" />
+</a>
+<a href='https://twitter.com/intent/tweet/?text=Terraform+AWS+Cloudwatch+Alarms&url=https://github.com/clouddrove/terraform-aws-cloudwatch-alarms'>
+  <img title="Share on Twitter" src="https://user-images.githubusercontent.com/50652676/62817740-4c69db00-bb59-11e9-8a79-3580fbbf6d5c.png" />
+</a>
+
+</p>
+<hr>
+
+
+We eat, drink, sleep and most importantly love **DevOps**. We are working towards strategies for standardizing architecture while ensuring security for the infrastructure. We are strong believer of the philosophy <b>Bigger problems are always solved by breaking them into smaller manageable problems</b>. Resonating with microservices architecture, it is considered best-practice to run database, cluster, storage in smaller <b>connected yet manageable pieces</b> within the infrastructure. 
+
+This module is basically combination of [Terraform open source](https://www.terraform.io/) and includes automatation tests and examples. It also helps to create and improve your infrastructure with minimalistic code instead of maintaining the whole infrastructure code yourself.
+
+We have [*fifty plus terraform modules*][terraform_modules]. A few of them are comepleted and are available for open source usage while a few others are in progress.
+
+
+
+
+## Prerequisites
+
+This module has a few dependencies: 
+
+- [Terraform 1.x.x](https://learn.hashicorp.com/terraform/getting-started/install.html)
+- [Go](https://golang.org/doc/install)
+- [github.com/stretchr/testify/assert](https://github.com/stretchr/testify)
+- [github.com/gruntwork-io/terratest/modules/terraform](https://github.com/gruntwork-io/terratest)
+
+
+
+
+
+
+
+## Examples
+
+
+**IMPORTANT:** Since the `master` branch used in `source` varies based on new modifications, we suggest that you use the release versions [here](https://github.com/clouddrove/terraform-aws-cloudwatch-alarms/releases).
+
+
+Here are some examples of how you can use this module in your inventory structure:
+### Example
+```hcl
+    module "canaries" {
+    name                    = "canary"
+    environment             = "test"   
+    source                  = "../.."
+    schedule_expression     = "rate(5 minutes)"
+    s3_artifact_bucket      = "my-test-artifact-bucket" # must pre-exist
+    alarm_email             = "test.user@clouddrove.com" # you need to confirm this email address
+    endpoints               = { "test-example" = { url = "https://example.com" } }
+    subnet_ids              = module.subnets.private_subnet_id
+    security_group_ids      = [module.ssh.security_group_ids]    
+    }
+```
+
+
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| actions\_enabled | Indicates whether or not actions should be executed during any changes to the alarm's state. | `bool` | `true` | no |
+| alarm\_actions | The list of actions to execute when this alarm transitions into an ALARM state from any other state. | `list(any)` | `[]` | no |
+| alarm\_description | The description for the alarm. | `string` | `""` | no |
+| alarm\_name | The descriptive name for the alarm. | `string` | n/a | yes |
+| comparison\_operator | The arithmetic operation to use when comparing the specified Statistic and Threshold. | `string` | n/a | yes |
+| dimensions | Dimensions for metrics. | `map` | `{}` | no |
+| enabled | Enable alarm. | `bool` | `true` | no |
+| environment | Environment (e.g. `prod`, `dev`, `staging`). | `string` | `""` | no |
+| evaluation\_periods | The number of periods over which data is compared to the specified threshold. | `number` | n/a | yes |
+| expression\_enabled | Enable alarm with expression. | `bool` | `false` | no |
+| instance\_id | The instance ID. | `string` | `""` | no |
+| insufficient\_data\_actions | The list of actions to execute when this alarm transitions into an INSUFFICIENT\_DATA state from any other state. | `list(any)` | `[]` | no |
+| label\_order | Label order, e.g. `name`,`application`. | `list(any)` | `[]` | no |
+| managedby | ManagedBy, eg 'CloudDrove'. | `string` | `"hello@clouddrove.com"` | no |
+| metric\_name | The name for the alarm's associated metric. | `string` | `"CPUUtilization"` | no |
+| name | Name  (e.g. `app` or `cluster`). | `string` | `""` | no |
+| namespace | The namespace for the alarm's associated metric. | `string` | `"AWS/EC2"` | no |
+| ok\_actions | The list of actions to execute when this alarm transitions into an OK state from any other state. | `list(any)` | `[]` | no |
+| period | The period in seconds over which the specified statistic is applied. | `number` | `120` | no |
+| query\_expressions | values for metric query expression. | `list` | <pre>[<br>  {<br>    "expression": "ANOMALY_DETECTION_BAND(m1)",<br>    "id": "e1",<br>    "label": "CPUUtilization (Expected)",<br>    "return_data": "true"<br>  }<br>]</pre> | no |
+| query\_metrics | values for metric query metrics. | `list` | <pre>[<br>  {<br>    "dimensions": {<br>      "InstanceId": "i-abc123"<br>    },<br>    "id": "m1",<br>    "metric_name": "CPUUtilization",<br>    "namespace": "AWS/EC2",<br>    "period": "120",<br>    "return_data": "true",<br>    "stat": "Average",<br>    "unit": "Count"<br>  }<br>]</pre> | no |
+| repository | Terraform current module repo | `string` | `"https://github.com/clouddrove/terraform-aws-cloudwatch-alarms"` | no |
+| statistic | The statistic to apply to the alarm's associated metric. | `string` | `"Average"` | no |
+| threshold | The value against which the specified statistic is compared. | `number` | `40` | no |
+| threshold\_metric\_id | If this is an alarm based on an anomaly detection model, make this value match the ID of the ANOMALY\_DETECTION\_BAND function. | `string` | `""` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| arn | The ARN of the cloudwatch metric alarm. |
+| id | The ID of the health check. |
+| tags | A mapping of tags to assign to the resource. |
+
+
+
+
+## Testing
+In this module testing is performed with [terratest](https://github.com/gruntwork-io/terratest) and it creates a small piece of infrastructure, matches the output like ARN, ID and Tags name etc and destroy infrastructure in your AWS account. This testing is written in GO, so you need a [GO environment](https://golang.org/doc/install) in your system. 
+
+You need to run the following command in the testing folder:
+```hcl
+  go test -run Test
+```
+
+
+
+## Feedback 
+If you come accross a bug or have any feedback, please log it in our [issue tracker](https://github.com/clouddrove/terraform-aws-cloudwatch-alarms/issues), or feel free to drop us an email at [hello@clouddrove.com](mailto:hello@clouddrove.com).
+
+If you have found it worth your time, go ahead and give us a ★ on [our GitHub](https://github.com/clouddrove/terraform-aws-cloudwatch-alarms)!
+
+## About us
+
+At [CloudDrove][website], we offer expert guidance, implementation support and services to help organisations accelerate their journey to the cloud. Our services include docker and container orchestration, cloud migration and adoption, infrastructure automation, application modernisation and remediation, and performance engineering.
+
+<p align="center">We are <b> The Cloud Experts!</b></p>
+<hr />
+<p align="center">We ❤️  <a href="https://github.com/clouddrove">Open Source</a> and you can check out <a href="https://github.com/clouddrove">our other modules</a> to get help with your new Cloud ideas.</p>
+
+  [website]: https://clouddrove.com
+  [github]: https://github.com/clouddrove
+  [linkedin]: https://cpco.io/linkedin
+  [twitter]: https://twitter.com/clouddrove/
+  [email]: https://clouddrove.com/contact-us.html
+  [terraform_modules]: https://github.com/clouddrove?utf8=%E2%9C%93&q=terraform-&type=&language=