Initial commit

.gitattributes

@@ -0,0 +1,3 @@
+# Note, this can be removed later. Currently keeps PR's easier to review
+**/*.md linguist-documentation=true
+**/README.md linguist-generated=true

.github/CODEOWNERS

@@ -0,0 +1,7 @@
+# Use this file to define individuals or teams that are responsible for code in a repository.
+# Read more: <https://help.github.com/articles/about-codeowners/>
+#
+# Order is important: the last matching pattern has the highest precedence
+
+# These owners will be the default owners for everything
+* @cloudposse-terraform-components/engineering @cloudposse-terraform-components/admins

.github/dependabot.yml

@@ -0,0 +1,53 @@
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+- package-ecosystem: gomod
+  directory: /
+  labels:
+    - dependencies
+    - go
+    - no-release
+  schedule:
+    interval: weekly
+    day: sunday
+  ignore:
+    - dependency-name: "*"
+      update-types: ["version-update:semver-major"]
+
+- package-ecosystem: github-actions
+  open-pull-requests-limit: 3
+  directory: /
+  labels:
+    - dependencies
+    - github-actions
+    - no-release
+  groups:
+    cicd:
+      patterns:
+        - "*"
+  schedule:
+    interval: weekly
+    day: sunday
+  ignore:
+    - dependency-name: "*"
+      update-types: ["version-update:semver-major"]
+
+- package-ecosystem: npm
+  open-pull-requests-limit: 3
+  directory: /website
+  labels:
+    - dependencies
+    - javascript
+    - no-release
+  groups:
+    website:
+      patterns:
+        - "*"
+  schedule:
+    interval: weekly
+    day: sunday
+  ignore:
+    - dependency-name: "*"
+      update-types: ["version-update:semver-major"]

.github/labeler.yaml

@@ -0,0 +1,16 @@
+docs:
+  - docs/**
+  - README.*
+
+automation:
+  - .gitattributes
+  - .github/**
+  - .gitignore
+  - .pre-commit-config.yaml
+  - .tflint.hcl
+  - Makefile
+  - _typos.toml
+
+configuration:
+  - src/**
+  - test/**

.github/mergify.yml

@@ -0,0 +1 @@
+extends: .github

.github/renovate.json

@@ -0,0 +1,6 @@
+{
+  "prConcurrentLimit": 5,
+  "extends": [
+    "config:base"
+  ]
+}

.github/settings.yml

@@ -0,0 +1,11 @@
+# Upstream changes from _extends are only recognized when modifications are made to this file in the default branch.
+_extends: .github
+repository:
+  name: template
+  description: Template for Terraform Components
+  homepage: https://cloudposse.com/accelerate
+  topics: terraform, terraform-component
+
+
+
+

.github/workflows/branch.yml

@@ -0,0 +1,25 @@
+---
+name: Branch
+on:
+  pull_request:
+    branches:
+      - main
+      - release/**
+    types: [opened, synchronize, reopened, labeled, unlabeled]
+  push:
+    branches:
+      - main
+      - release/v*
+    paths-ignore:
+      - '.github/**'
+      - 'test/**'
+
+permissions:
+  contents: write
+  id-token: write
+  pull-requests: write
+
+jobs:
+  component:
+    uses: cloudposse-terraform-components/.github/.github/workflows/shared-terraform-component.yml@main
+    secrets: inherit

.github/workflows/chatops.yml

@@ -0,0 +1,17 @@
+---
+name: chatops
+on:
+  issue_comment:
+    types: [created]
+
+permissions:
+  pull-requests: write
+  id-token: write
+  contents: write
+  statuses: write
+
+jobs:
+  test:
+    uses: cloudposse-terraform-components/.github/.github/workflows/shared-terraform-chatops.yml@main
+    if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/terratest') }}
+    secrets: inherit

.github/workflows/release.yml

@@ -0,0 +1,16 @@
+---
+name: release
+on:
+  release:
+    types:
+      - published
+
+permissions:
+  id-token: write
+  contents: write
+  pull-requests: write
+
+jobs:
+  component:
+    uses: cloudposse-terraform-components/.github/.github/workflows/shared-release-branches.yml@main
+    secrets: inherit

.github/workflows/scheduled.yml

@@ -0,0 +1,16 @@
+---
+name: scheduled
+on:
+  workflow_dispatch: { }  # Allows manually trigger this workflow
+  schedule:
+    - cron: "0 3 * * *"
+
+permissions:
+  pull-requests: write
+  id-token: write
+  contents: write
+
+jobs:
+  scheduled:
+    uses: cloudposse-terraform-components/.github/.github/workflows/shared-terraform-scheduled.yml@main
+    secrets: inherit

.gitignore

@@ -0,0 +1,76 @@
+# Below here should also be in .dockerignore
+.build-harness
+build-harness/
+aws-assumed-role/
+.idea/
+.vscode/
+*.iml
+.direnv
+.envrc
+
+# Compiled and auto-generated files
+# Note that the leading "**/" appears necessary for Docker even if not for Git
+
+# backend.tfvars.json may be autogenerated or not.
+# If not autogenerated, then it should not be here
+**/backend.tf.json
+**/*.backup
+**/nohup.out
+**/*.tfstate
+**/*.tfstate.*
+**/planfile
+**/*.planfile
+**/*.kubeconfig
+**/.terraform.lock.hcl
+**/terraform.tfvars.json
+**/terraform.auto.tfvars.json
+**/*.terraform.tfvars.json
+**/*.terraform.auto.tfvars.json
+**/*.helmfile.vars.yaml
+**/crash.log
+**/secrets/
+
+# Module directory
+# Note that the leading "**/" appears necessary for Docker even if not for Git
+**/.terraform*/
+**/.module/
+**/.helmfile/
+
+
+# Draft or auto-saved version
+# Note that the leading "**/" appears necessary for Docker even if not for Git
+**/*.draft.*
+**/*.draft
+**/*.orig
+**/*.bak
+**/*~
+
+# Editor-specific files
+*.sw*
+*~
+
+# macOS special files and folders
+**/.DS_Store
+**/.CFUserTextEncoding
+**/.Trash/
+**/$RECYCLE.BIN/
+
+# deps
+Brewfile.lock.json
+
+# docs targets
+docs/terraform.md
+docs/targets.md
+
+# Github actions temporary files
+docker.env
+error.txt
+github/
+
+# custom direnv and .env
+.env*
+
+# Secrets
+*.ovpn
+
+*.zip

.pre-commit-config.yaml

@@ -0,0 +1,34 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.4.0
+    hooks:
+      # Git style
+      - id: check-added-large-files # prevents giant files from being committed.
+      - id: forbid-new-submodules # prevents addition of new git submodules.
+      - id: no-commit-to-branch # don't commit to branch
+
+      # Common errors
+      - id: trailing-whitespace # trims trailing whitespace.
+        args: [--markdown-linebreak-ext=md]
+      - id: end-of-file-fixer # ensures that a file is either empty, or ends with one newline.
+      - id: check-merge-conflict # checks for files that contain merge conflict strings.
+      - id: check-executables-have-shebangs # ensures that (non-binary) executables have a shebang.
+
+      # Cross platform
+      - id: check-case-conflict # checks for files that would conflict in case-insensitive filesystems.
+      - id: mixed-line-ending # replaces or checks mixed line ending.
+        args: [--fix=lf]
+
+      # YAML
+      - id: check-yaml  # checks yaml files for parseable syntax.
+
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.81.0
+    hooks:
+      - id: terraform_fmt
+      - id: terraform_docs
+        args: ["--args=--lockfile=false"]
+      - id: terraform_tflint
+        args:
+          - --args=--config=__GIT_WORKING_DIR__/.tflint.hcl
+        exclude: "context.tf$"

.tflint.hcl

@@ -0,0 +1,86 @@
+# Required `tflint --init`
+plugin "aws" {
+    enabled    = true
+    version    = "0.23.1"
+    source     = "github.com/terraform-linters/tflint-ruleset-aws"
+    # Used only in Spacelift: .spacelift/config.yml
+    deep_check = false
+    assume_role { role_arn = "" }
+
+}
+
+#
+# https://github.com/terraform-linters/tflint/tree/master/docs/rules
+#
+
+rule "terraform_comment_syntax" {
+    # Disallow `//` comments in favor of `#`
+    enabled = true
+}
+rule "terraform_deprecated_index" {
+    # Disallow legacy dot index syntax
+    enabled = true
+}
+rule "terraform_deprecated_interpolation" {
+    # Disallow deprecated (0.11-style) interpolation
+    # Enabled by default
+    enabled = true
+}
+rule "terraform_documented_outputs" {
+    # Disallow output declarations without description
+    enabled = true
+}
+rule "terraform_documented_variables" {
+    # Disallow variable declarations without description
+    enabled = true
+}
+rule "terraform_module_pinned_source" {
+    # Disallow specifying a git or mercurial repository as a module source without pinning to a version
+    # Enabled by default
+    enabled = true
+}
+rule "terraform_module_version" {
+    # Checks that Terraform modules sourced from a registry specify a version
+    # Enabled by default
+    enabled = true
+}
+rule "terraform_naming_convention" {
+    # Enforces naming conventions for resources, data sources, etc
+    enabled = true
+}
+rule "terraform_required_providers" {
+    # Require that all providers have version constraints through required_providers
+    enabled = true
+}
+rule "terraform_required_version" {
+    # Disallow terraform declarations without require_version
+    enabled = true
+}
+rule "terraform_standard_module_structure" {
+    # Ensure that a module complies with the Terraform Standard Module Structure
+    enabled = false # TODO p4: enable and fix
+}
+rule "terraform_typed_variables" {
+    # Disallow variable declarations without type
+    enabled = true
+}
+rule "terraform_unused_declarations" {
+    # Disallow variables, data sources, and locals that are declared but never used
+    enabled = true
+}
+rule "terraform_unused_required_providers" {
+    # Check that all required_providers are used in the module
+    enabled = true
+}
+rule "terraform_workspace_remote" {
+    # terraform.workspace should not be used with a "remote" backend with remote execution.
+    # Enabled by default
+    enabled = true
+}
+rule "aws_db_instance_invalid_parameter_group" {
+    # TODO: Figure out requirements to turn this back on; not sure it's providing value even as is due to AWS multi-account arch.
+    enabled = false
+}
+config {
+    variables = ["namespace=fake-namespace", "stage=fake-stage", "name=fake-name"]
+}

Makefile

@@ -0,0 +1,8 @@
+-include $(shell curl -sSL -o .build-harness "https://cloudposse.tools/build-harness"; echo .build-harness)
+
+all: init readme
+
+test::
+	@echo "🚀 Starting tests..."
+	./test/run.sh
+	@echo "✅ All tests passed."