REAME and variables Cleanup

thathaneydude · web-flow · commit 4d13d60f8529 · 2025-05-12T16:40:29.000-05:00
diff --git a/README.md b/README.md
@@ -1,11 +1,11 @@
-# terraform-aws-single-sensor (Early Access)
+# terraform-aws-single-sensor
 Deploy a single AWS Corelight EC2 instance Cloud Sensor. 
 
 ## Getting Started
 
 ### Initialize Terraform state
 ```shell 
-    terraform init
+terraform init
 ```
 
 ### Deployment Permissions
@@ -80,16 +80,16 @@ ebs_volume_size = "<your preferred EBS volume size in GB (number)" // default: 5
 
 ### Copy an example tfvars file and populate it with your details
 ```shell
-  cp minimal-example.tfvars foo.tfvars 
+cp minimal-example.tfvars foo.tfvars 
 ```
 
 ### Plan the deployment
 ```shell
-    terraform plan --var-file foo.tfvars -out=tfplan
+terraform plan --var-file foo.tfvars -out=tfplan
 ```
 
 ### Deploy the Plan
 If the plan looks good go ahead and deploy it
 ```shell
-    terraform apply tfplan
+terraform apply tfplan
 ```
diff --git a/variables.tf b/variables.tf
@@ -9,7 +9,7 @@ variable "aws_key_pair_name" {
 }
 
 variable "fleet_community_string" {
-  description = "the Fleet Manager community string (api string)"
+  description = "the fleet manager community string (api string)"
   type        = string
   sensitive   = true
 }
@@ -51,7 +51,7 @@ variable "monitoring_interface_name" {
 }
 
 variable "monitoring_interface_subnet_id" {
-  description = ""
+  description = "Subnet where the monitoring ENI should reside"
   type        = string
   default     = ""
 }
@@ -63,19 +63,19 @@ variable "monitoring_security_group_id" {
 }
 
 variable "monitoring_security_group_name" {
-  description = ""
+  description = "Name of the security group the module will provision for the monitoring ENI"
   type        = string
   default     = "corelight-sensor-mon-sg"
 }
 
 variable "monitoring_security_group_description" {
-  description = ""
+  description = "Description of the monitoring ENI security group"
   type        = string
   default     = "Corelight Sensor Monitoring SG"
 }
 
 variable "monitoring_security_group_vpc_id" {
-  description = ""
+  description = "Security group VPC ID module will use to provision the monitoring ENI security group"
   type        = string
   default     = ""
 }
@@ -87,32 +87,32 @@ variable "management_security_group_id" {
 }
 
 variable "management_security_group_name" {
-  description = ""
+  description = "Name of the security group the module will provision for the management ENI"
   type        = string
   default     = "corelight-sensor-mgmt-sg"
 }
 
 variable "management_security_group_description" {
-  description = ""
+  description = "Description of the management ENI security group"
   type        = string
   default     = "Corelight Sensor Managment SG"
 }
 
 variable "management_security_group_vpc_id" {
-  description = ""
+  description = "Security group VPC ID module will use to provision the management ENI security group"
   type        = string
   default     = ""
 }
 
 variable "custom_sensor_user_data" {
-  description = "custom user data for a sensor if the default doesn't apply"
+  description = "Custom user data for a sensor if the default doesn't apply"
   type        = string
   default     = ""
 }
 
 variable "instance_name" {
+  description = "The name for the sensor EC2 instance"
   type        = string
-  description = "The instance name for the instance"
   default     = "corelight-sensor"
 }
 
@@ -123,7 +123,7 @@ variable "instance_type" {
 }
 
 variable "ebs_volume_size" {
-  description = "The size, in GB of the EBS volume to be attached to the instance"
+  description = "The size, in GB, of the EBS volume to be attached to the instance. Not recommended to set lower than 500GB"
   type        = number
   default     = 500
 }
@@ -143,63 +143,62 @@ variable "iam_instance_profile_name" {
 
 
 variable "fleet_token" {
+  description = "(optional) the pairing token from the Fleet UI. Must be set if 'fleet_url' is provided"
   type        = string
   default     = ""
   sensitive   = true
-  description = "(optional) the pairing token from the Fleet UI. Must be set if 'fleet_url' is provided"
 }
 
 variable "fleet_url" {
+  description = "(optional) the URL of the fleet instance from the Fleet UI. Must be set if 'fleet_token' is provided"
   type        = string
   default     = ""
-  description = "(optional) the URL of the fleet instance from the Fleet UI. Must be set if 'fleet_token' is provided"
 }
 
 variable "fleet_server_sslname" {
+  description = "(optional) the SSL hostname for the fleet server"
   type        = string
   default     = "1.broala.fleet.product.corelight.io"
-  description = "(optional) the SSL hostname for the fleet server"
-
 }
 
 variable "fleet_http_proxy" {
+  description = "(optional) the proxy URL for HTTP traffic from the fleet"
   type        = string
   default     = ""
-  description = "(optional) the proxy URL for HTTP traffic from the fleet"
 }
 
 variable "fleet_https_proxy" {
+  description = "(optional) the proxy URL for HTTPS traffic from the fleet"
   type        = string
   default     = ""
-  description = "(optional) the proxy URL for HTTPS traffic from the fleet"
 }
 
 variable "fleet_no_proxy" {
+  description = "(optional) hosts or domains to bypass the proxy for fleet traffic"
   type        = string
   default     = ""
-  description = "(optional) hosts or domains to bypass the proxy for fleet traffic"
 }
 
 variable "egress_allow_cidrs" {
-  description = ""
+  description = "The IP range allowed outbound for both network interfaces. Typically can be left as default"
   type        = list(string)
   default     = ["0.0.0.0/0"]
 }
 
 variable "ssh_allow_cidrs" {
-  description = ""
+  description = "List of IPs (/32) to grant access to port 22"
   type        = list(string)
   default     = []
 }
 
 variable "mirror_ingress_allow_cidrs" {
-  description = ""
+  description = "IP range to allow EC2 mirroring. Typically the CIDR of the VPC being monitored"
   type        = list(string)
   default     = ["0.0.0.0/0"]
 }
 
 variable "health_check_allow_cidrs" {
-  description = ""
+  description = "IP range to allow health checks. Typically the CIDR of the VPC being monitored"
   type        = list(string)
   default     = ["0.0.0.0/0"]
 }

Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@ variable "aws_key_pair_name" {`
`9`	`9`	`}`
`10`	`10`
`11`	`11`	`variable "fleet_community_string" {`
`12`		`- description = "the Fleet Manager community string (api string)"`
	`12`	`+ description = "the fleet manager community string (api string)"`
`13`	`13`	`type = string`
`14`	`14`	`sensitive = true`
`15`	`15`	`}`
`@@ -51,7 +51,7 @@ variable "monitoring_interface_name" {`
`51`	`51`	`}`
`52`	`52`
`53`	`53`	`variable "monitoring_interface_subnet_id" {`
`54`		`- description = ""`
	`54`	`+ description = "Subnet where the monitoring ENI should reside"`
`55`	`55`	`type = string`
`56`	`56`	`default = ""`
`57`	`57`	`}`
`@@ -63,19 +63,19 @@ variable "monitoring_security_group_id" {`
`63`	`63`	`}`
`64`	`64`
`65`	`65`	`variable "monitoring_security_group_name" {`
`66`		`- description = ""`
	`66`	`+ description = "Name of the security group the module will provision for the monitoring ENI"`
`67`	`67`	`type = string`
`68`	`68`	`default = "corelight-sensor-mon-sg"`
`69`	`69`	`}`
`70`	`70`
`71`	`71`	`variable "monitoring_security_group_description" {`
`72`		`- description = ""`
	`72`	`+ description = "Description of the monitoring ENI security group"`
`73`	`73`	`type = string`
`74`	`74`	`default = "Corelight Sensor Monitoring SG"`
`75`	`75`	`}`
`76`	`76`
`77`	`77`	`variable "monitoring_security_group_vpc_id" {`
`78`		`- description = ""`
	`78`	`+ description = "Security group VPC ID module will use to provision the monitoring ENI security group"`
`79`	`79`	`type = string`
`80`	`80`	`default = ""`
`81`	`81`	`}`
`@@ -87,32 +87,32 @@ variable "management_security_group_id" {`
`87`	`87`	`}`
`88`	`88`
`89`	`89`	`variable "management_security_group_name" {`
`90`		`- description = ""`
	`90`	`+ description = "Name of the security group the module will provision for the management ENI"`
`91`	`91`	`type = string`
`92`	`92`	`default = "corelight-sensor-mgmt-sg"`
`93`	`93`	`}`
`94`	`94`
`95`	`95`	`variable "management_security_group_description" {`
`96`		`- description = ""`
	`96`	`+ description = "Description of the management ENI security group"`
`97`	`97`	`type = string`
`98`	`98`	`default = "Corelight Sensor Managment SG"`
`99`	`99`	`}`
`100`	`100`
`101`	`101`	`variable "management_security_group_vpc_id" {`
`102`		`- description = ""`
	`102`	`+ description = "Security group VPC ID module will use to provision the management ENI security group"`
`103`	`103`	`type = string`
`104`	`104`	`default = ""`
`105`	`105`	`}`
`106`	`106`
`107`	`107`	`variable "custom_sensor_user_data" {`
`108`		`- description = "custom user data for a sensor if the default doesn't apply"`
	`108`	`+ description = "Custom user data for a sensor if the default doesn't apply"`
`109`	`109`	`type = string`
`110`	`110`	`default = ""`
`111`	`111`	`}`
`112`	`112`
`113`	`113`	`variable "instance_name" {`
	`114`	`+ description = "The name for the sensor EC2 instance"`
`114`	`115`	`type = string`
`115`		`- description = "The instance name for the instance"`
`116`	`116`	`default = "corelight-sensor"`
`117`	`117`	`}`
`118`	`118`
`@@ -123,7 +123,7 @@ variable "instance_type" {`
`123`	`123`	`}`
`124`	`124`
`125`	`125`	`variable "ebs_volume_size" {`
`126`		`- description = "The size, in GB of the EBS volume to be attached to the instance"`
	`126`	`+ description = "The size, in GB, of the EBS volume to be attached to the instance. Not recommended to set lower than 500GB"`
`127`	`127`	`type = number`
`128`	`128`	`default = 500`
`129`	`129`	`}`
`@@ -143,63 +143,62 @@ variable "iam_instance_profile_name" {`
`143`	`143`
`144`	`144`
`145`	`145`	`variable "fleet_token" {`
	`146`	`+ description = "(optional) the pairing token from the Fleet UI. Must be set if 'fleet_url' is provided"`
`146`	`147`	`type = string`
`147`	`148`	`default = ""`
`148`	`149`	`sensitive = true`
`149`		`- description = "(optional) the pairing token from the Fleet UI. Must be set if 'fleet_url' is provided"`
`150`	`150`	`}`
`151`	`151`
`152`	`152`	`variable "fleet_url" {`
	`153`	`+ description = "(optional) the URL of the fleet instance from the Fleet UI. Must be set if 'fleet_token' is provided"`
`153`	`154`	`type = string`
`154`	`155`	`default = ""`
`155`		`- description = "(optional) the URL of the fleet instance from the Fleet UI. Must be set if 'fleet_token' is provided"`
`156`	`156`	`}`
`157`	`157`
`158`	`158`	`variable "fleet_server_sslname" {`
	`159`	`+ description = "(optional) the SSL hostname for the fleet server"`
`159`	`160`	`type = string`
`160`	`161`	`default = "1.broala.fleet.product.corelight.io"`
`161`		`- description = "(optional) the SSL hostname for the fleet server"`
`162`		`-`
`163`	`162`	`}`
`164`	`163`
`165`	`164`	`variable "fleet_http_proxy" {`
	`165`	`+ description = "(optional) the proxy URL for HTTP traffic from the fleet"`
`166`	`166`	`type = string`
`167`	`167`	`default = ""`
`168`		`- description = "(optional) the proxy URL for HTTP traffic from the fleet"`
`169`	`168`	`}`
`170`	`169`
`171`	`170`	`variable "fleet_https_proxy" {`
	`171`	`+ description = "(optional) the proxy URL for HTTPS traffic from the fleet"`
`172`	`172`	`type = string`
`173`	`173`	`default = ""`
`174`		`- description = "(optional) the proxy URL for HTTPS traffic from the fleet"`
`175`	`174`	`}`
`176`	`175`
`177`	`176`	`variable "fleet_no_proxy" {`
	`177`	`+ description = "(optional) hosts or domains to bypass the proxy for fleet traffic"`
`178`	`178`	`type = string`
`179`	`179`	`default = ""`
`180`		`- description = "(optional) hosts or domains to bypass the proxy for fleet traffic"`
`181`	`180`	`}`
`182`	`181`
`183`	`182`	`variable "egress_allow_cidrs" {`
`184`		`- description = ""`
	`183`	`+ description = "The IP range allowed outbound for both network interfaces. Typically can be left as default"`
`185`	`184`	`type = list(string)`
`186`	`185`	`default = ["0.0.0.0/0"]`
`187`	`186`	`}`
`188`	`187`
`189`	`188`	`variable "ssh_allow_cidrs" {`
`190`		`- description = ""`
	`189`	`+ description = "List of IPs (/32) to grant access to port 22"`
`191`	`190`	`type = list(string)`
`192`	`191`	`default = []`
`193`	`192`	`}`
`194`	`193`
`195`	`194`	`variable "mirror_ingress_allow_cidrs" {`
`196`		`- description = ""`
	`195`	`+ description = "IP range to allow EC2 mirroring. Typically the CIDR of the VPC being monitored"`
`197`	`196`	`type = list(string)`
`198`	`197`	`default = ["0.0.0.0/0"]`
`199`	`198`	`}`
`200`	`199`
`201`	`200`	`variable "health_check_allow_cidrs" {`
`202`		`- description = ""`
	`201`	`+ description = "IP range to allow health checks. Typically the CIDR of the VPC being monitored"`
`203`	`202`	`type = list(string)`
`204`	`203`	`default = ["0.0.0.0/0"]`
`205`	`204`	`}`