update docs and tf fmt

terraform/implementation/ecs/README.md

@@ -29,6 +29,8 @@
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_availability_zones"></a> [availability\_zones](#input\_availability\_zones) | The availability zones to use | `list(string)` | <pre>[<br>  "us-east-1a",<br>  "us-east-1b",<br>  "us-east-1c"<br>]</pre> | no |
+| <a name="input_ecr_viewer_database_schema"></a> [ecr\_viewer\_database\_schema](#input\_ecr\_viewer\_database\_schema) | The database schema used for the eCR data tables | `string` | `"core"` | no |
+| <a name="input_ecr_viewer_database_type"></a> [ecr\_viewer\_database\_type](#input\_ecr\_viewer\_database\_type) | The SQL variant used for the eCR data tables | `string` | `"postgres"` | no |
 | <a name="input_ecs_alb_sg"></a> [ecs\_alb\_sg](#input\_ecs\_alb\_sg) | The security group for the Application Load Balancer | `string` | `"ecs-albsg"` | no |
 | <a name="input_enable_nat_gateway"></a> [enable\_nat\_gateway](#input\_enable\_nat\_gateway) | Enable NAT Gateway | `bool` | `true` | no |
 | <a name="input_owner"></a> [owner](#input\_owner) | The owner of the infrastructure | `string` | `"skylight"` | no |

terraform/implementation/ecs/_local.tf

@@ -1,8 +1,8 @@
 locals {
   vpc_name = "${var.project}-${var.owner}-${terraform.workspace}"
   tags = {
-    project  = var.project
-    owner    = var.owner
+    project   = var.project
+    owner     = var.owner
     workspace = terraform.workspace
   }
 }

terraform/implementation/ecs/main.tf

@@ -8,7 +8,7 @@ module "vpc" {
   public_subnets     = var.public_subnets
   enable_nat_gateway = var.enable_nat_gateway
   single_nat_gateway = var.single_nat_gateway
-  tags = local.tags
+  tags               = local.tags
 }
 
 module "ecs" {
@@ -21,5 +21,5 @@ module "ecs" {
 
   owner   = var.owner
   project = var.project
-  tags = local.tags
+  tags    = local.tags
 }

terraform/implementation/setup/README.md

@@ -13,34 +13,22 @@ No requirements.
 
 ## Modules
 
-No modules.
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_oidc"></a> [oidc](#module\_oidc) | ../../modules/oidc | n/a |
 
 ## Resources
 
 | Name | Type |
 |------|------|
 | [aws_dynamodb_table.tfstate_lock](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dynamodb_table) | resource |
-| [aws_iam_policy.github](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [aws_iam_role.github](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
 | [aws_s3_bucket.tfstate](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
 | [aws_s3_bucket_public_access_block.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource |
 | [aws_s3_bucket_server_side_encryption_configuration.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource |
 | [aws_s3_bucket_versioning.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning) | resource |
 | [local_file.ecs_env](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
 | [local_file.setup_env](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
 | [random_string.setup](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
-| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
-| [aws_iam_policy.amazon_dynamodb_full_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
-| [aws_iam_policy.amazon_ec2_full_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
-| [aws_iam_policy.amazon_route53_full_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
-| [aws_iam_policy.amazon_vpc_full_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
-| [aws_iam_policy.aws_appmesh_full_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
-| [aws_iam_policy.aws_iam_full_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
-| [aws_iam_policy.aws_logs_full_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
-| [aws_iam_policy.aws_s3_full_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
-| [aws_iam_policy.elastic_load_balancing_full_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
-| [aws_iam_policy_document.github](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.github_assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 
 ## Inputs
 

terraform/implementation/setup/main.tf

@@ -17,14 +17,14 @@ module "oidc" {
 
   # The github repo that will be used for OIDC
   oidc_github_repo = var.oidc_github_repo
-  
+
   # These variables must match the values that you'll be using for your ECS module call in the /ecs module
-  region           = var.region
-  owner            = var.owner
-  project          = var.project
+  region  = var.region
+  owner   = var.owner
+  project = var.project
 
   # This variable must match the name of the terraform workspace that you'll be using for your ECS module call in the /ecs module
-  workspace        = "prod"
+  workspace = "prod"
 
   state_bucket_arn   = aws_s3_bucket.tfstate.arn
   dynamodb_table_arn = aws_dynamodb_table.tfstate_lock.arn

terraform/modules/ecs/README.md

@@ -91,6 +91,7 @@ No modules.
 | <a name="input_s3_viewer_bucket_name"></a> [s3\_viewer\_bucket\_name](#input\_s3\_viewer\_bucket\_name) | Name of the S3 bucket for the viewer | `string` | `""` | no |
 | <a name="input_s3_viewer_bucket_role_name"></a> [s3\_viewer\_bucket\_role\_name](#input\_s3\_viewer\_bucket\_role\_name) | Name of the IAM role for the ecr-viewer bucket | `string` | `""` | no |
 | <a name="input_service_data"></a> [service\_data](#input\_service\_data) | Data for the DIBBS services | <pre>map(object({<br>    short_name     = string<br>    fargate_cpu    = number<br>    fargate_memory = number<br>    app_count      = number<br>    app_image      = string<br>    app_version    = string<br>    container_port = number<br>    host_port      = number<br>    public         = bool<br>    registry_url   = string<br>    env_vars = list(object({<br>      name  = string<br>      value = string<br>    }))<br>  }))</pre> | `{}` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | Tags to apply to resources | `map(string)` | `{}` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | ID of the VPC | `string` | n/a | yes |
 
 ## Outputs
@@ -109,9 +110,6 @@ No modules.
 | <a name="output_ecs_task_role_arn"></a> [ecs\_task\_role\_arn](#output\_ecs\_task\_role\_arn) | n/a |
 | <a name="output_s3_bucket_arn"></a> [s3\_bucket\_arn](#output\_s3\_bucket\_arn) | The ARN of the S3 bucket |
 | <a name="output_s3_bucket_ecr_viewer_policy_arn"></a> [s3\_bucket\_ecr\_viewer\_policy\_arn](#output\_s3\_bucket\_ecr\_viewer\_policy\_arn) | n/a |
-| <a name="output_s3_bucket_public_access_block_arn"></a> [s3\_bucket\_public\_access\_block\_arn](#output\_s3\_bucket\_public\_access\_block\_arn) | S3 Bucket Public Access Block does not have an ARN |
-| <a name="output_s3_bucket_server_side_encryption_configuration_arn"></a> [s3\_bucket\_server\_side\_encryption\_configuration\_arn](#output\_s3\_bucket\_server\_side\_encryption\_configuration\_arn) | S3 Bucket Server-Side Encryption Configuration does not have an ARN |
-| <a name="output_s3_bucket_versioning_arn"></a> [s3\_bucket\_versioning\_arn](#output\_s3\_bucket\_versioning\_arn) | S3 Bucket Versioning does not have an ARN |
 | <a name="output_s3_role_for_ecr_viewer_arn"></a> [s3\_role\_for\_ecr\_viewer\_arn](#output\_s3\_role\_for\_ecr\_viewer\_arn) | n/a |
 | <a name="output_service_data"></a> [service\_data](#output\_service\_data) | n/a |
 <!-- END_TF_DOCS -->

terraform/modules/ecs/_local.tf

@@ -162,5 +162,5 @@ locals {
   ecs_cluster_name             = var.ecs_cluster_name == "" ? local.local_name : var.ecs_cluster_name
   s3_viewer_bucket_name        = var.s3_viewer_bucket_name == "" ? "${local.local_name}-${random_string.s3_viewer.result}" : var.s3_viewer_bucket_name
   s3_viewer_bucket_role_name   = var.s3_viewer_bucket_role_name == "" ? local.local_name : var.s3_viewer_bucket_role_name
-  tags = var.tags
+  tags                         = var.tags
 }

terraform/modules/ecs/ecs.tf

@@ -35,7 +35,7 @@ resource "aws_ecs_task_definition" "this" {
     }
   ])
   task_role_arn = each.key == "ecr-viewer" ? aws_iam_role.s3_role_for_ecr_viewer.arn : aws_iam_role.ecs_task.arn
-  tags = local.tags
+  tags          = local.tags
 }
 
 resource "aws_ecs_service" "this" {

terraform/modules/ecs/enable_ecr.tf

@@ -50,5 +50,5 @@ resource "aws_ecr_repository" "this" {
   for_each     = var.enable_ecr == true ? local.service_data : {}
   name         = each.value.app_image
   force_delete = true
-  tags = local.tags
+  tags         = local.tags
 }

terraform/modules/ecs/iam.tf

@@ -5,7 +5,7 @@ resource "aws_iam_role" "ecs_task_execution" {
     data.aws_iam_policy.ecs_task_execution.arn
   ]
   assume_role_policy = data.aws_iam_policy_document.assume_role.json
-  tags = local.tags
+  tags               = local.tags
 }
 
 # task role
@@ -15,7 +15,7 @@ resource "aws_iam_role" "ecs_task" {
     data.aws_iam_policy.amazon_ec2_container_service_for_ec2_role.arn
   ]
   assume_role_policy = data.aws_iam_policy_document.assume_role.json
-  tags = local.tags
+  tags               = local.tags
 }
 
 # s3
@@ -26,12 +26,12 @@ resource "aws_iam_role" "s3_role_for_ecr_viewer" {
     aws_iam_policy.s3_bucket_ecr_viewer.arn
   ]
   assume_role_policy = data.aws_iam_policy_document.assume_role.json
-  tags = local.tags
+  tags               = local.tags
 }
 # s3
 resource "aws_iam_policy" "s3_bucket_ecr_viewer" {
   name        = "${local.s3_viewer_bucket_role_name}-policy"
   description = "Policy for ECR-Viewer and S3 for DIBBS-AWS"
   policy      = data.aws_iam_policy_document.ecr_viewer_s3.json
-  tags = local.tags
+  tags        = local.tags
 }

terraform/modules/ecs/logs.tf

@@ -1,7 +1,7 @@
 resource "aws_cloudwatch_log_group" "ecs_cloudwatch_logs" {
   name              = local.ecs_cloudwatch_group
   retention_in_days = var.cw_retention_in_days
-  tags = local.tags
+  tags              = local.tags
 }
 
 resource "aws_flow_log" "ecs_flow_log" {
@@ -10,5 +10,5 @@ resource "aws_flow_log" "ecs_flow_log" {
   traffic_type         = "ALL"
   log_destination      = aws_cloudwatch_log_group.ecs_cloudwatch_logs.arn
   log_destination_type = "cloud-watch-logs"
-  tags = local.tags
+  tags                 = local.tags
 }

terraform/modules/ecs/s3.tf

@@ -1,7 +1,7 @@
 resource "aws_s3_bucket" "ecr_viewer" {
   bucket        = var.s3_viewer_bucket_name
   force_destroy = true
-  tags = local.tags
+  tags          = local.tags
 }
 
 resource "aws_s3_bucket_public_access_block" "ecr_viewer" {

terraform/modules/oidc/_data.tf

@@ -211,7 +211,7 @@ data "aws_iam_policy_document" "request_tags_create_actions" {
     condition {
       test     = "StringEquals"
       variable = "aws:RequestTag/workspace"
-      values   = [
+      values = [
         var.project,
         var.owner,
         var.workspace
@@ -280,7 +280,7 @@ data "aws_iam_policy_document" "resource_tags_update_actions" {
     condition {
       test     = "StringEquals"
       variable = "aws:ResourceTag/workspace"
-      values   = [
+      values = [
         var.project,
         var.owner,
         var.workspace
@@ -348,7 +348,7 @@ data "aws_iam_policy_document" "resource_tags_delete_actions" {
     condition {
       test     = "StringEquals"
       variable = "aws:ResourceTag/workspace"
-      values   = [
+      values = [
         var.project,
         var.owner,
         var.workspace

terraform/modules/oidc/_local.tf

@@ -1,7 +1,7 @@
 locals {
-  github_role_name = "${var.project}-github-role-${var.owner}-${random_string.oidc.result}"
+  github_role_name        = "${var.project}-github-role-${var.owner}-${random_string.oidc.result}"
   project_owner_workspace = "${var.project}-${var.owner}-${var.workspace}"
-  workspace = "${var.workspace}"
-  wildcard = "*"
-  vpc_id = var.vpc_id == "" ? local.wildcard : var.vpc_id
+  workspace               = var.workspace
+  wildcard                = "*"
+  vpc_id                  = var.vpc_id == "" ? local.wildcard : var.vpc_id
 }

terraform/modules/oidc/_variable.tf

@@ -1,7 +1,7 @@
-variable "oidc_github_repo"  {
+variable "oidc_github_repo" {
   description = "The GitHub repository for OIDC"
   type        = string
-  default     = ""  
+  default     = ""
 }
 
 variable "owner" {
@@ -23,8 +23,8 @@ variable "region" {
 }
 
 variable "workspace" {
-  default = ""
-  type = string
+  default     = ""
+  type        = string
   description = "terraform workspace that OIDC will have permissions to"
 }