Applies the new template to the repo.

.config/.terraform-docs.yml

@@ -0,0 +1,47 @@
+version: ""
+
+formatter: markdown table
+
+name: terraform-aws-acm-certificate-creation
+
+content: |-
+  # terraform-aws-acm-certificate-creation
+
+  GitHub: [StratusGrid/terraform-aws-terraform-aws-acm-certificate-creation](https://github.com/StratusGrid/terraform-aws-acm-certificate-creation)
+
+  This module is used to create a certificate using Route53 DNS validation. It requires a hosted zone to which the IAM
+  principal creating the resource has access.
+
+  ## Examples
+
+  ```hcl
+  {{ include "examples/example1.tfnot" }}
+  ```
+  ---
+
+  {{ .Requirements }}
+
+  {{ .Resources }}
+
+  {{ .Inputs }}
+
+  {{ .Outputs }}
+
+  ---
+
+  Note, manual changes to the README will be overwritten when the documentation is updated. To update the documentation, run `terraform-docs -c .config/.terraform-docs.yml`
+
+sections:
+  show:
+    - requirements
+    - resources
+    - inputs
+    - outputs
+
+sort:
+  enabled: true
+  by: name
+
+output:
+  file: README.md
+  mode: replace

.config/terrascan.yaml

@@ -0,0 +1,10 @@
+#See docs here: https://runterrascan.io/docs/_print/#command-to-specify-config-file, most of the links are broken sadly :(
+severity:
+  level: high
+rules:
+  skip-rules: # To bypass submodules you need to skip rules here, otherwise it will fail the build
+  # - AC_AWS_021
+  # - AC_AWS_0214
+  # - AC_AWS_0215
+  # - AC_AWS_0207
+  # - AC_AWS_0483

.github/sync-repo-settings.yaml

@@ -3,8 +3,8 @@ squashMergeAllowed: true
 mergeCommitAllowed: false
 deleteBranchOnMerge: true
 branchProtectionRules:
-- pattern: main
-  dismissesStaleReviews: true
-  requiredApprovingReviewCount: 1
-  requiresCodeOwnerReviews: true
-  requiresStrictStatusChecks: true
+  - pattern: main
+    dismissesStaleReviews: true
+    requiredApprovingReviewCount: 1
+    requiresCodeOwnerReviews: true
+    requiresStrictStatusChecks: true

.github/workflows/pre-commit.yml

@@ -0,0 +1,54 @@
+name: Pre-Commit
+
+on:
+  pull_request:
+
+jobs:
+  getBaseVersion:
+    name: Module max TF version
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Terraform min/max versions
+        id: minMax
+        uses: clowdhaus/[email protected]
+    outputs:
+      minVersion: ${{ steps.minMax.outputs.minVersion }}
+      maxVersion: ${{ steps.minMax.outputs.maxVersion }}
+
+  preCommitMinVersion:
+    name: Min TF pre-commit
+    runs-on: ubuntu-latest
+    needs: getBaseVersion
+    strategy:
+      fail-fast: false
+      matrix:
+        version:
+          - ${{ needs.getBaseVersion.outputs.minVersion }}
+    steps:
+      - uses: actions/setup-go@v2
+        with:
+          go-version: "^1.16.6"
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Install Python
+        uses: actions/setup-python@v2
+      - name: Install Terraform v${{ matrix.version }}
+        uses: hashicorp/setup-terraform@v1
+        with:
+          terraform_version: ${{ matrix.version }}
+      - name: Install pre-commit dependencies
+        run: |
+          pip install pre-commit
+          brew install tflint
+          brew install terrascan
+          brew install tfsec
+          brew install terraform-docs
+      - name: Inits
+        run: |
+          tflint --init
+      - name: Execute pre-commit
+        # Run all pre-commit checks on min version supported
+        if: ${{ matrix.version ==  needs.getBaseVersion.outputs.minVersion }}
+        run: pre-commit run --color=always --show-diff-on-failure --all-files

.gitignore

@@ -5,14 +5,41 @@
 *.tfstate
 *.tfstate.*
 
-# .tfvars files
- *.tfvars
+# Lock File
+.terraform.lock.**
 
-# TF Plans
-**/plans
+#TF Hash Lock File - Module Specific
+.terraform.lock.hcl
 
-# Certs
-*.pem
+# Mac Stuff
+.DS_Store
 
-.idea
-.DS_Store
+# InfraCost
+**/.infracost/*
+
+# Crash log files
+crash.log
+
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+#
+# example.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# IntelliJ
+.idea/workspace.xml
+.idea

.pre-commit-config.yaml

@@ -0,0 +1,54 @@
+repos:
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.68.1 # v.1.63.0 and above require bash 5 from brew
+    hooks:
+      - id: terraform_fmt
+      - id: terraform_validate
+      - id: terraform_docs # Update our output, if updates it will force a failure which is good
+        args:
+          - "--args=-c .config/.terraform-docs.yml"
+      - id: terraform_docs # Verify out output is up to date, sometimes the update fails
+        always_run: true
+        args:
+          - "--args=--output-check=true"
+      - id: terrascan
+        args:
+          - "--args=-c .config/terrascan.yaml"
+          - "--args=--non-recursive"
+          - "--args=-i terraform" #If we don't specify this it came back with Docker failures and produces a non zero exit code
+      - id: terraform_tflint
+        args:
+          - "--args=--only=terraform_deprecated_interpolation"
+          - "--args=--only=terraform_deprecated_index"
+          - "--args=--only=terraform_unused_declarations"
+          - "--args=--only=terraform_comment_syntax"
+          - "--args=--only=terraform_documented_outputs"
+          - "--args=--only=terraform_documented_variables"
+          - "--args=--only=terraform_typed_variables"
+          - "--args=--only=terraform_module_pinned_source"
+          - "--args=--only=terraform_naming_convention"
+          #- '--args=--only=terraform_required_version' # This is bugged with the new Terraform provider syntax
+          - "--args=--only=terraform_required_providers"
+          - "--args=--only=terraform_workspace_remote"
+      - id: terraform_tfsec
+        args:
+          - "--args=--exclude-downloaded-modules"
+          - "--args=--concise-output"
+  # Native Git PreCommit Hooks
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.1.0
+    hooks:
+      - id: check-merge-conflict
+      - id: check-yaml
+      - id: no-commit-to-branch
+        args: [--branch, main, --branch, master]
+  #GitLeaks
+  - repo: https://github.com/zricethezav/gitleaks
+    rev: v8.2.0
+    hooks:
+      - id: gitleaks
+  #Prettier
+  - repo: https://github.com/pre-commit/mirrors-prettier
+    rev: v2.6.2
+    hooks:
+      - id: prettier

.prettierignore

@@ -0,0 +1,3 @@
+README.md
+.terraform
+/.config

.tflint.hcl

@@ -0,0 +1,5 @@
+plugin "aws" {
+    enabled = true
+    version = "0.13.2"
+    source  = "github.com/terraform-linters/tflint-ruleset-aws"
+}

examples/example1.tfnot

@@ -0,0 +1,11 @@
+module "new_record_and_certificate" {
+  source = "github.com/StratusGrid/terraform-aws-acm-certificate-creation"
+
+  for_each        = toset(var.acm_certificate_name)
+  acm_domain_name = "${each.key}.${var.hosted_zone_name}"
+  zone_id         = data.aws_route53_zone.hosted_zone_id.zone_id
+
+  input_tags      = {
+    "Name" = "${each.key}.${var.hosted_zone_name}"
+    }
+}