fix: Run pre-commit to fix lint checks

README.md

@@ -120,7 +120,7 @@ module "cis_alarms" {
 
 AWS CloudTrail normally publishes logs into AWS CloudWatch Logs. This module creates log metric filters together with metric alarms according to [CIS AWS Foundations Benchmark v1.4.0 (05-28-2021)](https://www.cisecurity.org/benchmark/amazon_web_services/). Read more about [CIS AWS Foundations Controls](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html).
 
-### Metric Stream 
+### Metric Stream
 
 ```hcl
 module "metric_stream" {
@@ -170,7 +170,7 @@ module "metric_stream" {
 module "query_definition" {
   source  = "terraform-aws-modules/cloudwatch/aws//modules/query-definition"
   version = "~> 4.0"
-  
+
   name = "my-query-definition"
   log_group_names = ["my-log-group-name"]
   query_string = <<EOF

wrappers/cis-alarms/main.tf

@@ -3,16 +3,16 @@ module "wrapper" {
 
   for_each = var.items
 
-  create                    = try(each.value.create, var.defaults.create, true)
-  use_random_name_prefix    = try(each.value.use_random_name_prefix, var.defaults.use_random_name_prefix, false)
-  name_prefix               = try(each.value.name_prefix, var.defaults.name_prefix, "")
+  actions_enabled           = try(each.value.actions_enabled, var.defaults.actions_enabled, true)
+  alarm_actions             = try(each.value.alarm_actions, var.defaults.alarm_actions, [])
   control_overrides         = try(each.value.control_overrides, var.defaults.control_overrides, {})
+  create                    = try(each.value.create, var.defaults.create, true)
   disabled_controls         = try(each.value.disabled_controls, var.defaults.disabled_controls, [])
-  namespace                 = try(each.value.namespace, var.defaults.namespace, "CISBenchmark")
+  insufficient_data_actions = try(each.value.insufficient_data_actions, var.defaults.insufficient_data_actions, [])
   log_group_name            = try(each.value.log_group_name, var.defaults.log_group_name, "")
-  alarm_actions             = try(each.value.alarm_actions, var.defaults.alarm_actions, [])
-  actions_enabled           = try(each.value.actions_enabled, var.defaults.actions_enabled, true)
-  tags                      = try(each.value.tags, var.defaults.tags, {})
+  name_prefix               = try(each.value.name_prefix, var.defaults.name_prefix, "")
+  namespace                 = try(each.value.namespace, var.defaults.namespace, "CISBenchmark")
   ok_actions                = try(each.value.ok_actions, var.defaults.ok_actions, [])
-  insufficient_data_actions = try(each.value.insufficient_data_actions, var.defaults.insufficient_data_actions, [])
+  tags                      = try(each.value.tags, var.defaults.tags, {})
+  use_random_name_prefix    = try(each.value.use_random_name_prefix, var.defaults.use_random_name_prefix, false)
 }

wrappers/cis-alarms/outputs.tf

@@ -1,5 +1,5 @@
 output "wrapper" {
   description = "Map of outputs of a wrapper."
   value       = module.wrapper
-  # sensitive = false  # No sensitive module output found
+  # sensitive = false # No sensitive module output found
 }

wrappers/composite-alarm/main.tf

@@ -3,14 +3,14 @@ module "wrapper" {
 
   for_each = var.items
 
-  create                    = try(each.value.create, var.defaults.create, true)
-  alarm_name                = try(each.value.alarm_name, var.defaults.alarm_name, null)
-  alarm_description         = try(each.value.alarm_description, var.defaults.alarm_description, null)
   actions_enabled           = try(each.value.actions_enabled, var.defaults.actions_enabled, true)
   actions_suppressor        = try(each.value.actions_suppressor, var.defaults.actions_suppressor, {})
   alarm_actions             = try(each.value.alarm_actions, var.defaults.alarm_actions, null)
+  alarm_description         = try(each.value.alarm_description, var.defaults.alarm_description, null)
+  alarm_name                = try(each.value.alarm_name, var.defaults.alarm_name, null)
+  alarm_rule                = try(each.value.alarm_rule, var.defaults.alarm_rule, null)
+  create                    = try(each.value.create, var.defaults.create, true)
   insufficient_data_actions = try(each.value.insufficient_data_actions, var.defaults.insufficient_data_actions, null)
   ok_actions                = try(each.value.ok_actions, var.defaults.ok_actions, null)
-  alarm_rule                = try(each.value.alarm_rule, var.defaults.alarm_rule, null)
   tags                      = try(each.value.tags, var.defaults.tags, {})
 }

wrappers/composite-alarm/outputs.tf

@@ -1,5 +1,5 @@
 output "wrapper" {
   description = "Map of outputs of a wrapper."
   value       = module.wrapper
-  # sensitive = false  # No sensitive module output found
+  # sensitive = false # No sensitive module output found
 }

wrappers/log-group/main.tf

@@ -4,11 +4,11 @@ module "wrapper" {
   for_each = var.items
 
   create            = try(each.value.create, var.defaults.create, true)
+  kms_key_id        = try(each.value.kms_key_id, var.defaults.kms_key_id, null)
+  log_group_class   = try(each.value.log_group_class, var.defaults.log_group_class, null)
   name              = try(each.value.name, var.defaults.name, null)
   name_prefix       = try(each.value.name_prefix, var.defaults.name_prefix, null)
   retention_in_days = try(each.value.retention_in_days, var.defaults.retention_in_days, null)
-  kms_key_id        = try(each.value.kms_key_id, var.defaults.kms_key_id, null)
-  log_group_class   = try(each.value.log_group_class, var.defaults.log_group_class, null)
   skip_destroy      = try(each.value.skip_destroy, var.defaults.skip_destroy, null)
   tags              = try(each.value.tags, var.defaults.tags, {})
 }

wrappers/log-group/outputs.tf

@@ -1,5 +1,5 @@
 output "wrapper" {
   description = "Map of outputs of a wrapper."
   value       = module.wrapper
-  # sensitive = false  # No sensitive module output found
+  # sensitive = false # No sensitive module output found
 }

wrappers/log-metric-filter/main.tf

@@ -4,13 +4,13 @@ module "wrapper" {
   for_each = var.items
 
   create_cloudwatch_log_metric_filter = try(each.value.create_cloudwatch_log_metric_filter, var.defaults.create_cloudwatch_log_metric_filter, true)
-  name                                = try(each.value.name, var.defaults.name)
-  pattern                             = try(each.value.pattern, var.defaults.pattern)
   log_group_name                      = try(each.value.log_group_name, var.defaults.log_group_name)
+  metric_transformation_default_value = try(each.value.metric_transformation_default_value, var.defaults.metric_transformation_default_value, null)
+  metric_transformation_dimensions    = try(each.value.metric_transformation_dimensions, var.defaults.metric_transformation_dimensions, {})
   metric_transformation_name          = try(each.value.metric_transformation_name, var.defaults.metric_transformation_name)
   metric_transformation_namespace     = try(each.value.metric_transformation_namespace, var.defaults.metric_transformation_namespace)
-  metric_transformation_value         = try(each.value.metric_transformation_value, var.defaults.metric_transformation_value, "1")
-  metric_transformation_default_value = try(each.value.metric_transformation_default_value, var.defaults.metric_transformation_default_value, null)
   metric_transformation_unit          = try(each.value.metric_transformation_unit, var.defaults.metric_transformation_unit, null)
-  metric_transformation_dimensions    = try(each.value.metric_transformation_dimensions, var.defaults.metric_transformation_dimensions, {})
+  metric_transformation_value         = try(each.value.metric_transformation_value, var.defaults.metric_transformation_value, "1")
+  name                                = try(each.value.name, var.defaults.name)
+  pattern                             = try(each.value.pattern, var.defaults.pattern)
 }

wrappers/log-metric-filter/outputs.tf

@@ -1,5 +1,5 @@
 output "wrapper" {
   description = "Map of outputs of a wrapper."
   value       = module.wrapper
-  # sensitive = false  # No sensitive module output found
+  # sensitive = false # No sensitive module output found
 }

wrappers/log-stream/main.tf

@@ -4,6 +4,6 @@ module "wrapper" {
   for_each = var.items
 
   create         = try(each.value.create, var.defaults.create, true)
-  name           = try(each.value.name, var.defaults.name, null)
   log_group_name = try(each.value.log_group_name, var.defaults.log_group_name, null)
+  name           = try(each.value.name, var.defaults.name, null)
 }

wrappers/log-stream/outputs.tf

@@ -1,5 +1,5 @@
 output "wrapper" {
   description = "Map of outputs of a wrapper."
   value       = module.wrapper
-  # sensitive = false  # No sensitive module output found
+  # sensitive = false # No sensitive module output found
 }

wrappers/metric-alarm/main.tf

@@ -3,27 +3,27 @@ module "wrapper" {
 
   for_each = var.items
 
-  create_metric_alarm                   = try(each.value.create_metric_alarm, var.defaults.create_metric_alarm, true)
-  alarm_name                            = try(each.value.alarm_name, var.defaults.alarm_name)
+  actions_enabled                       = try(each.value.actions_enabled, var.defaults.actions_enabled, true)
+  alarm_actions                         = try(each.value.alarm_actions, var.defaults.alarm_actions, null)
   alarm_description                     = try(each.value.alarm_description, var.defaults.alarm_description, null)
+  alarm_name                            = try(each.value.alarm_name, var.defaults.alarm_name)
   comparison_operator                   = try(each.value.comparison_operator, var.defaults.comparison_operator)
+  create_metric_alarm                   = try(each.value.create_metric_alarm, var.defaults.create_metric_alarm, true)
+  datapoints_to_alarm                   = try(each.value.datapoints_to_alarm, var.defaults.datapoints_to_alarm, null)
+  dimensions                            = try(each.value.dimensions, var.defaults.dimensions, null)
+  evaluate_low_sample_count_percentiles = try(each.value.evaluate_low_sample_count_percentiles, var.defaults.evaluate_low_sample_count_percentiles, null)
   evaluation_periods                    = try(each.value.evaluation_periods, var.defaults.evaluation_periods)
-  threshold                             = try(each.value.threshold, var.defaults.threshold, null)
-  threshold_metric_id                   = try(each.value.threshold_metric_id, var.defaults.threshold_metric_id, null)
-  unit                                  = try(each.value.unit, var.defaults.unit, null)
+  extended_statistic                    = try(each.value.extended_statistic, var.defaults.extended_statistic, null)
+  insufficient_data_actions             = try(each.value.insufficient_data_actions, var.defaults.insufficient_data_actions, null)
   metric_name                           = try(each.value.metric_name, var.defaults.metric_name, null)
+  metric_query                          = try(each.value.metric_query, var.defaults.metric_query, [])
   namespace                             = try(each.value.namespace, var.defaults.namespace, null)
+  ok_actions                            = try(each.value.ok_actions, var.defaults.ok_actions, null)
   period                                = try(each.value.period, var.defaults.period, null)
   statistic                             = try(each.value.statistic, var.defaults.statistic, null)
-  actions_enabled                       = try(each.value.actions_enabled, var.defaults.actions_enabled, true)
-  datapoints_to_alarm                   = try(each.value.datapoints_to_alarm, var.defaults.datapoints_to_alarm, null)
-  dimensions                            = try(each.value.dimensions, var.defaults.dimensions, null)
-  alarm_actions                         = try(each.value.alarm_actions, var.defaults.alarm_actions, null)
-  insufficient_data_actions             = try(each.value.insufficient_data_actions, var.defaults.insufficient_data_actions, null)
-  ok_actions                            = try(each.value.ok_actions, var.defaults.ok_actions, null)
-  extended_statistic                    = try(each.value.extended_statistic, var.defaults.extended_statistic, null)
-  treat_missing_data                    = try(each.value.treat_missing_data, var.defaults.treat_missing_data, "missing")
-  evaluate_low_sample_count_percentiles = try(each.value.evaluate_low_sample_count_percentiles, var.defaults.evaluate_low_sample_count_percentiles, null)
-  metric_query                          = try(each.value.metric_query, var.defaults.metric_query, [])
   tags                                  = try(each.value.tags, var.defaults.tags, {})
+  threshold                             = try(each.value.threshold, var.defaults.threshold, null)
+  threshold_metric_id                   = try(each.value.threshold_metric_id, var.defaults.threshold_metric_id, null)
+  treat_missing_data                    = try(each.value.treat_missing_data, var.defaults.treat_missing_data, "missing")
+  unit                                  = try(each.value.unit, var.defaults.unit, null)
 }

wrappers/metric-alarm/outputs.tf

@@ -1,5 +1,5 @@
 output "wrapper" {
   description = "Map of outputs of a wrapper."
   value       = module.wrapper
-  # sensitive = false  # No sensitive module output found
+  # sensitive = false # No sensitive module output found
 }

wrappers/metric-alarms-by-multiple-dimensions/main.tf

@@ -3,27 +3,27 @@ module "wrapper" {
 
   for_each = var.items
 
-  create_metric_alarm                   = try(each.value.create_metric_alarm, var.defaults.create_metric_alarm, true)
+  actions_enabled                       = try(each.value.actions_enabled, var.defaults.actions_enabled, true)
+  alarm_actions                         = try(each.value.alarm_actions, var.defaults.alarm_actions, null)
+  alarm_description                     = try(each.value.alarm_description, var.defaults.alarm_description, null)
   alarm_name                            = try(each.value.alarm_name, var.defaults.alarm_name)
   alarm_name_delimiter                  = try(each.value.alarm_name_delimiter, var.defaults.alarm_name_delimiter, "")
-  alarm_description                     = try(each.value.alarm_description, var.defaults.alarm_description, null)
   comparison_operator                   = try(each.value.comparison_operator, var.defaults.comparison_operator)
+  create_metric_alarm                   = try(each.value.create_metric_alarm, var.defaults.create_metric_alarm, true)
+  datapoints_to_alarm                   = try(each.value.datapoints_to_alarm, var.defaults.datapoints_to_alarm, null)
+  dimensions                            = try(each.value.dimensions, var.defaults.dimensions, {})
+  evaluate_low_sample_count_percentiles = try(each.value.evaluate_low_sample_count_percentiles, var.defaults.evaluate_low_sample_count_percentiles, null)
   evaluation_periods                    = try(each.value.evaluation_periods, var.defaults.evaluation_periods)
-  threshold                             = try(each.value.threshold, var.defaults.threshold)
-  unit                                  = try(each.value.unit, var.defaults.unit, null)
+  extended_statistic                    = try(each.value.extended_statistic, var.defaults.extended_statistic, null)
+  insufficient_data_actions             = try(each.value.insufficient_data_actions, var.defaults.insufficient_data_actions, null)
   metric_name                           = try(each.value.metric_name, var.defaults.metric_name, null)
+  metric_query                          = try(each.value.metric_query, var.defaults.metric_query, [])
   namespace                             = try(each.value.namespace, var.defaults.namespace, null)
+  ok_actions                            = try(each.value.ok_actions, var.defaults.ok_actions, null)
   period                                = try(each.value.period, var.defaults.period, null)
   statistic                             = try(each.value.statistic, var.defaults.statistic, null)
-  actions_enabled                       = try(each.value.actions_enabled, var.defaults.actions_enabled, true)
-  datapoints_to_alarm                   = try(each.value.datapoints_to_alarm, var.defaults.datapoints_to_alarm, null)
-  dimensions                            = try(each.value.dimensions, var.defaults.dimensions, {})
-  alarm_actions                         = try(each.value.alarm_actions, var.defaults.alarm_actions, null)
-  insufficient_data_actions             = try(each.value.insufficient_data_actions, var.defaults.insufficient_data_actions, null)
-  ok_actions                            = try(each.value.ok_actions, var.defaults.ok_actions, null)
-  extended_statistic                    = try(each.value.extended_statistic, var.defaults.extended_statistic, null)
-  treat_missing_data                    = try(each.value.treat_missing_data, var.defaults.treat_missing_data, "missing")
-  evaluate_low_sample_count_percentiles = try(each.value.evaluate_low_sample_count_percentiles, var.defaults.evaluate_low_sample_count_percentiles, null)
-  metric_query                          = try(each.value.metric_query, var.defaults.metric_query, [])
   tags                                  = try(each.value.tags, var.defaults.tags, {})
+  threshold                             = try(each.value.threshold, var.defaults.threshold)
+  treat_missing_data                    = try(each.value.treat_missing_data, var.defaults.treat_missing_data, "missing")
+  unit                                  = try(each.value.unit, var.defaults.unit, null)
 }

wrappers/metric-alarms-by-multiple-dimensions/outputs.tf

@@ -1,5 +1,5 @@
 output "wrapper" {
   description = "Map of outputs of a wrapper."
   value       = module.wrapper
-  # sensitive = false  # No sensitive module output found
+  # sensitive = false # No sensitive module output found
 }

wrappers/metric-stream/main.tf

@@ -4,13 +4,13 @@ module "wrapper" {
   for_each = var.items
 
   create                   = try(each.value.create, var.defaults.create, true)
+  exclude_filter           = try(each.value.exclude_filter, var.defaults.exclude_filter, {})
+  firehose_arn             = try(each.value.firehose_arn, var.defaults.firehose_arn)
+  include_filter           = try(each.value.include_filter, var.defaults.include_filter, {})
   name                     = try(each.value.name, var.defaults.name, null)
   name_prefix              = try(each.value.name_prefix, var.defaults.name_prefix, null)
-  firehose_arn             = try(each.value.firehose_arn, var.defaults.firehose_arn)
-  role_arn                 = try(each.value.role_arn, var.defaults.role_arn)
   output_format            = try(each.value.output_format, var.defaults.output_format)
-  exclude_filter           = try(each.value.exclude_filter, var.defaults.exclude_filter, {})
-  include_filter           = try(each.value.include_filter, var.defaults.include_filter, {})
+  role_arn                 = try(each.value.role_arn, var.defaults.role_arn)
   statistics_configuration = try(each.value.statistics_configuration, var.defaults.statistics_configuration, [])
   tags                     = try(each.value.tags, var.defaults.tags, {})
 }

wrappers/metric-stream/outputs.tf

@@ -1,5 +1,5 @@
 output "wrapper" {
   description = "Map of outputs of a wrapper."
   value       = module.wrapper
-  # sensitive = false  # No sensitive module output found
+  # sensitive = false # No sensitive module output found
 }

wrappers/query-definition/main.tf

@@ -4,7 +4,7 @@ module "wrapper" {
   for_each = var.items
 
   create          = try(each.value.create, var.defaults.create, true)
+  log_group_names = try(each.value.log_group_names, var.defaults.log_group_names, null)
   name            = try(each.value.name, var.defaults.name)
   query_string    = try(each.value.query_string, var.defaults.query_string)
-  log_group_names = try(each.value.log_group_names, var.defaults.log_group_names, null)
 }

wrappers/query-definition/outputs.tf

@@ -1,5 +1,5 @@
 output "wrapper" {
   description = "Map of outputs of a wrapper."
   value       = module.wrapper
-  # sensitive = false  # No sensitive module output found
+  # sensitive = false # No sensitive module output found
 }