fix: fmt run and workflow fix

clouddrove · Aug 7, 2023 · 22bbb20 · 22bbb20
1 parent 6606161
commit 22bbb20
Show file tree

Hide file tree

Showing 10 changed files with 42 additions and 29 deletions.
diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
@@ -31,7 +31,12 @@ jobs:
           - ${{ needs.versionExtract.outputs.minVersion }}
           - ${{ needs.versionExtract.outputs.maxVersion }}
         directory:
-          - _example/
+          - examples/cloudtrail/complete
+          - examples/cloudtrail/organisation_account
+          - examples/guardduty/complete
+          - examples/guardduty/organisation_account
+          - examples/security-group/complete
+          - examples/security-group/organisation_account
 
     steps:
       - name: Checkout

diff --git a/examples/cloudtrail/complete/main.tf b/examples/cloudtrail/complete/main.tf
@@ -15,14 +15,20 @@ module "cloudtrail" {
 
   create_bucket     = true
   bucket_versioning = true
-  enable_logging    = true
+  logging           = true
   force_destroy     = true
 
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+
   enabled_cloudtrail    = true
   enable_cloudwatch     = true
   bucket_policy         = true
   is_multi_region_trail = true
   kms_enabled           = true
+  enable_logging        = true
 
   event_ignore_list = jsonencode([
     "^Describe*",

diff --git a/examples/cloudtrail/complete/outputs.tf b/examples/cloudtrail/complete/outputs.tf
@@ -1,9 +1,9 @@
 output "cloudtrail_arn" {
-    value       = module.cloudtrail.*.cloudtrail_arn
-    description = "The Amazon Resource Name of the trail."
+  value       = module.cloudtrail.*.cloudtrail_arn
+  description = "The Amazon Resource Name of the trail."
 }
 
 output "cloudtrail_s3_id" {
-    value       = try(module.cloudtrail.s3_id, "")
-    description = "The Name of S3 bucket for logging of Cloudtrail."
+  value       = try(module.cloudtrail.s3_id, "")
+  description = "The Name of S3 bucket for logging of Cloudtrail."
 }
diff --git a/examples/cloudtrail/organisation_account/main.tf b/examples/cloudtrail/organisation_account/main.tf
@@ -13,6 +13,8 @@ module "cloudtrail" {
   bucket_policy         = true
   is_multi_region_trail = true
   kms_enabled           = true
+  bucket_versioning     = true
+  logging               = true
 
   is_organization_trail = true
 

diff --git a/examples/cloudtrail/organisation_account/outputs.tf b/examples/cloudtrail/organisation_account/outputs.tf
@@ -1,9 +1,9 @@
 output "cloudtrail_arn" {
-    value       = module.cloudtrail.*.cloudtrail_arn
-    description = "The Amazon Resource Name of the trail."
+  value       = module.cloudtrail.*.cloudtrail_arn
+  description = "The Amazon Resource Name of the trail."
 }
 
 output "cloudtrail_s3_id" {
-    value       = try(module.cloudtrail.s3_id, "")
-    description = "The Name of S3 bucket for logging of Cloudtrail."
+  value       = try(module.cloudtrail.s3_id, "")
+  description = "The Name of S3 bucket for logging of Cloudtrail."
 }
diff --git a/examples/guardduty/complete/main.tf b/examples/guardduty/complete/main.tf
@@ -5,10 +5,10 @@ provider "aws" {
 module "guardduty" {
   source = "../../../modules/guardduty"
 
-  name          = "test-guardduty"
-  label_order   = ["name"]
-  enabled       = true
-  ipset_iplist  = ["10.10.0.0/16"]
+  name         = "test-guardduty"
+  label_order  = ["name"]
+  enabled      = true
+  ipset_iplist = ["10.10.0.0/16"]
 
   finding_publishing_frequency = "ONE_HOUR"
 
@@ -21,5 +21,5 @@ module "guardduty" {
   organization_auto_enable = false
 
   # Slack Alerts
-  slack_enabled = false  # Pass true to enable lambda
+  slack_enabled = false # Pass true to enable lambda
 }
diff --git a/examples/guardduty/organisation_account/main.tf b/examples/guardduty/organisation_account/main.tf
@@ -5,10 +5,10 @@ provider "aws" {
 module "guardduty" {
   source = "../../../modules/guardduty"
 
-  name          = "test-guardduty"
-  label_order   = ["name"]
-  enabled       = true
-  ipset_iplist  = ["10.10.0.0/16"]
+  name         = "test-guardduty"
+  label_order  = ["name"]
+  enabled      = true
+  ipset_iplist = ["10.10.0.0/16"]
 
   finding_publishing_frequency = "ONE_HOUR"
 
@@ -26,7 +26,7 @@ module "guardduty" {
   member_list = [
     {
       account_id = "333333333333", # Member account id of the organization member account
-      invite     = true,           
+      invite     = true,
       email      = "email@example.com"
     },
     {
@@ -37,5 +37,5 @@ module "guardduty" {
   ]
 
   # Slack Alerts
-  slack_enabled = false  # Pass true to enable lambda
+  slack_enabled = false # Pass true to enable lambda
 }
diff --git a/examples/security-group/complete/main.tf b/examples/security-group/complete/main.tf
@@ -3,7 +3,7 @@ provider "aws" {
 }
 
 module "security-hub" {
-  source               = "../modules/security_hub"
+  source = "../modules/security_hub"
 
   name                 = "test"
   security_hub_enabled = true

diff --git a/examples/security-group/organisation_account/main.tf b/examples/security-group/organisation_account/main.tf
@@ -3,7 +3,7 @@ provider "aws" {
 }
 
 module "security-hub" {
-  source               = "../modules/security_hub"
+  source = "../modules/security_hub"
 
   name                 = "test"
   security_hub_enabled = true
@@ -23,9 +23,9 @@ module "security-hub" {
   # member account details
   member_details = [
     {
-      account_id = "111222333444"         # Account id of the organisation member
-      email_id   = "test@example.com"     # The email of the member AWS Account
-      invite     = true                   # Whether to invite the account to Security Hub as a member
+      account_id = "111222333444"     # Account id of the organisation member
+      email_id   = "test@example.com" # The email of the member AWS Account
+      invite     = true               # Whether to invite the account to Security Hub as a member
     },
     {
       account_id = "555666777888"

diff --git a/modules/cloudtrail/variables.tf b/modules/cloudtrail/variables.tf
@@ -204,7 +204,7 @@ variable "bucket_policy" {
 
 variable "logging" {
   type        = bool
-  default     = false
+  default     = true
   description = "Logging Object to enable and disable logging"
 }
 
@@ -228,7 +228,7 @@ variable "force_destroy" {
 
 variable "block_public_acls" {
   type        = bool
-  default     = false
+  default     = true
   description = <<EOF
     Whether Amazon S3 should block public ACLs for this bucket. Defaults to false. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior:
     - PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access.
@@ -238,7 +238,7 @@ variable "block_public_acls" {
 
 variable "block_public_policy" {
   type        = bool
-  default     = false
+  default     = true
   description = <<EOF
     Whether Amazon S3 should block public bucket policies for this bucket. Defaults to false. Enabling this setting does not affect the existing bucket policy. When set to true causes Amazon S3 to:
     - Reject calls to PUT Bucket policy if the specified bucket policy allows public access.