Merge pull request #17 from thinkstack-co/dev_adding_readmes

Dev adding readmes

modules/aws/acm_certificate/README.md

@@ -0,0 +1,27 @@
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | n/a |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| domain\_name | (Required) A domain name for which the certificate should be issued | `string` | n/a | yes |
+| subject\_alternative\_names | (Optional) A list of domains that should be SANs in the issued certificate | `list` | `[]` | no |
+| tags | (Optional) A mapping of tags to assign to the resource. | `map` | `{}` | no |
+| validation\_method | (Required) Which method to use for validation. DNS or EMAIL are valid, NONE can be used for certificates that were imported into ACM and then into Terraform. | `string` | `"DNS"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| arn | n/a |
+| id | n/a |

modules/aws/azure_ad_sso/README.md

@@ -0,0 +1,56 @@
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | n/a |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| admin\_policy\_arn | (Required) - The ARN of the policy you want to apply | `string` | `"arn:aws:iam::aws:policy/AdministratorAccess"` | no |
+| pgp\_key | (Optional) Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some\_person\_that\_exists. | `string` | `"keybase:thinkstack"` | no |
+| policy\_description | Description of the policy | `string` | `"This policy will allow to fetch the roles from AWS accounts."` | no |
+| policy\_name | Name of the policy | `string` | `"azure_ad_sso_user_role_policy"` | no |
+| read\_only\_policy\_arn | (Required) - The ARN of the policy you want to apply | `string` | `"arn:aws:iam::aws:policy/ReadOnlyAccess"` | no |
+| role\_admins\_description | (Optional) The description of the role. | `string` | `"ThinkStack Azure AD SSO - Admins role"` | no |
+| role\_admins\_force\_detach\_policies | (Optional) Specifies to force detaching any policies the role has before destroying it. Defaults to false. | `string` | `false` | no |
+| role\_admins\_max\_session\_duration | (Optional) The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours. | `string` | `7200` | no |
+| role\_admins\_name | (Required) The friendly IAM role name to match. | `string` | `"thinkstack_admins"` | no |
+| role\_admins\_permissions\_boundary | (Optional) The ARN of the policy that is used to set the permissions boundary for the role. | `string` | `""` | no |
+| role\_read\_only\_description | (Optional) The description of the role. | `string` | `"ThinkStack Azure AD SSO - Read only role"` | no |
+| role\_read\_only\_force\_detach\_policies | (Optional) Specifies to force detaching any policies the role has before destroying it. Defaults to false. | `string` | `false` | no |
+| role\_read\_only\_max\_session\_duration | (Optional) The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours. | `string` | `7200` | no |
+| role\_read\_only\_name | (Required) The friendly IAM role name to match. | `string` | `"thinkstack_read_only"` | no |
+| role\_read\_only\_permissions\_boundary | (Optional) The ARN of the policy that is used to set the permissions boundary for the role. | `string` | `""` | no |
+| role\_sysadmins\_description | (Optional) The description of the role. | `string` | `"ThinkStack Azure AD SSO - Sysadmins role"` | no |
+| role\_sysadmins\_force\_detach\_policies | (Optional) Specifies to force detaching any policies the role has before destroying it. Defaults to false. | `string` | `false` | no |
+| role\_sysadmins\_max\_session\_duration | (Optional) The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours. | `string` | `7200` | no |
+| role\_sysadmins\_name | (Required) The friendly IAM role name to match. | `string` | `"thinkstack_sysadmins"` | no |
+| role\_sysadmins\_permissions\_boundary | (Optional) The ARN of the policy that is used to set the permissions boundary for the role. | `string` | `""` | no |
+| saml\_metadata\_document | (Required) An XML document generated by an identity provider that supports SAML 2.0. | `string` | n/a | yes |
+| saml\_name | (Required) The name of the provider to create. | `string` | `"thinkstack_azure_ad"` | no |
+| sysadmins\_policy\_arn | (Required) - The ARN of the policy you want to apply | `string` | `"arn:aws:iam::aws:policy/job-function/SystemAdministrator"` | no |
+| user\_force\_destroy | (Optional, default false) When destroying this user, destroy even if it has non-Terraform-managed IAM access keys, login profile or MFA devices. Without force\_destroy a user with non-Terraform-managed access keys and login profile will fail to be destroyed. | `string` | `false` | no |
+| user\_name | (Required) The user's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-\_.. User names are not distinguished by case. For example, you cannot create users named both 'TESTUSER' and 'testuser'. | `string` | `"azure_ad_role_manager"` | no |
+| user\_path | (Optional, default '/') Path in which to create the user. | `string` | `"/"` | no |
+| user\_permissions\_boundary | (Optional) The ARN of the policy that is used to set the permissions boundary for the user. | `string` | `""` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| encrypted\_secret | n/a |
+| identity\_provider\_arn | n/a |
+| policy\_arn | n/a |
+| policy\_id | n/a |
+| policy\_name | n/a |
+| read\_user\_id | n/a |
+| reading\_user\_arn | n/a |
+| reading\_user\_unique\_id | n/a |

modules/aws/dynamodb_table/README.md

@@ -0,0 +1,38 @@
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | n/a |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| attribute | (Required) List of nested attribute definitions. Only required for hash\_key and range\_key attributes. Each attribute has two properties: name - (Required) The name of the attribute. type - (Required) Attribute type, which must be a scalar type: S, N, or B for (S)tring, (N)umber or (B)inary data | `list` | n/a | yes |
+| global\_secondary\_index | (Optional) Describe a GSO for the table; subject to the normal limits on the number of GSIs, projected attributes, etc. | `map` | `{}` | no |
+| hash\_key | (Required, Forces new resource) The attribute to use as the hash (partition) key. Must also be defined as an attribute, see below. | `string` | n/a | yes |
+| local\_secondary\_index | (Optional, Forces new resource) Describe an LSI on the table; these can only be allocated at creation so you cannot change this definition after you have created the resource. | `maps` | `{}` | no |
+| name | (Required) The name of the table, this needs to be unique within a region. | `string` | n/a | yes |
+| point\_in\_time\_recovery | (Optional) Point-in-time recovery options. | `map` | <pre>{<br>  "enabled": false<br>}</pre> | no |
+| range\_key | (Optional, Forces new resource) The attribute to use as the range (sort) key. Must also be defined as an attribute, see below. | `string` | n/a | yes |
+| read\_capacity | (Required) The number of read units for this table | `string` | n/a | yes |
+| server\_side\_encryption | (Optional) Encrypt at rest options. | `map` | <pre>{<br>  "enabled": true<br>}</pre> | no |
+| stream\_enabled | (Optional) Indicates whether Streams are to be enabled (true) or disabled (false). | `string` | n/a | yes |
+| tags | (Optional) A map of tags to populate on the created table. | `map` | `{}` | no |
+| ttl | (Optional) Defines ttl, has two properties, and can only be specified once: enabled - (Required) Indicates whether ttl is enabled (true) or disabled (false). attribute\_name - (Required) The name of the table attribute to store the TTL timestamp in. | `map` | `{}` | no |
+| write\_capacity | (Required) The number of write units for this table | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| arn | n/a |
+| id | n/a |
+| stream\_arn | n/a |
+| stream\_label | n/a |

modules/aws/ebs_volume/README.md

@@ -0,0 +1,31 @@
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | n/a |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| availability\_zone | The AZ where the EBS volume will exist | `any` | n/a | yes |
+| device\_name | The device name to expose to the instance (for example, /dev/sdh or xvdf) | `string` | `"xvdf"` | no |
+| encrypted | Whether or not the ebs volume will be encrypted | `bool` | `true` | no |
+| instance\_id | ID of the instance to attach to | `string` | n/a | yes |
+| iops | iops to provision | `string` | `""` | no |
+| size | size of the ebs volume | `string` | n/a | yes |
+| snapshot\_id | snapshot id to base the volume from | `string` | `""` | no |
+| tags | tags to assign to the ebs volume | `map` | `{}` | no |
+| type | ebs volume type (example gp2, io1, standard, sc1, st1) | `string` | `"gp2"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| id | n/a |

modules/aws/ec2_domain_controller/README.md

@@ -0,0 +1,55 @@
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | n/a |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| ami | The AMI to use | `any` | n/a | yes |
+| availability\_zone | The AZ to start the instance in | `string` | `""` | no |
+| disable\_api\_termination | If true, enables EC2 Instance Termination Protection | `bool` | `false` | no |
+| domain\_name | Domain name suffix to add to DHCP DNS | `any` | n/a | yes |
+| ebs\_optimized | If true, the launched EC2 instance will be EBS-optimized | `bool` | `false` | no |
+| encrypted | (Optional) Enable volume encryption. (Default: false). Must be configured to perform drift detection. | `bool` | `true` | no |
+| iam\_instance\_profile | The IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile. | `string` | `""` | no |
+| instance\_initiated\_shutdown\_behavior | Shutdown behavior for the instance | `string` | `""` | no |
+| instance\_type | Select the instance type. Set in main.tf | `string` | `"t2.medium"` | no |
+| key\_name | keypair name to use for ec2 instance deployment. Keypairs are used to obtain the username/password | `string` | `""` | no |
+| monitoring | If true, the launched EC2 instance will have detailed monitoring enabled | `bool` | `false` | no |
+| name | Name of the instance | `any` | n/a | yes |
+| number | number of instances to make | `number` | `2` | no |
+| placement\_group | The Placement Group to start the instance in | `string` | `""` | no |
+| private\_ip | Private IP address to associate with the instance in a VPC | `list` | `[]` | no |
+| region | (Required) VPC Region the resources exist in | `string` | n/a | yes |
+| root\_delete\_on\_termination | (Optional) Whether the volume should be destroyed on instance termination (Default: true) | `string` | `true` | no |
+| root\_iops | (Optional) The amount of provisioned IOPS. This is only valid for volume\_type of io1, and must be specified if using that type | `string` | `""` | no |
+| root\_volume\_size | (Optional) The size of the volume in gigabytes. | `string` | `"100"` | no |
+| root\_volume\_type | (Optional) The type of volume. Can be standard, gp2, or io1. (Default: standard) | `string` | `"gp2"` | no |
+| source\_dest\_check | Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. | `bool` | `true` | no |
+| subnet\_id | The VPC subnet the instance(s) will be assigned. Set in main.tf | `list` | `[]` | no |
+| tags | A mapping of tags to assign to the resource | `map` | `{}` | no |
+| tenancy | The tenancy of the instance (if the instance is running in a VPC). Available values: default, dedicated, host. | `string` | `"default"` | no |
+| user\_data | The user data to provide when launching the instance | `string` | `""` | no |
+| vpc\_id | The VPC id to add the security group | `any` | n/a | yes |
+| vpc\_security\_group\_ids | A list of security group IDs to associate with | `list` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| dhcp\_options\_id | n/a |
+| ec2\_instance\_id | n/a |
+| ec2\_instance\_priv\_ip | n/a |
+| ec2\_instance\_pub\_ip | n/a |
+| ec2\_instance\_security\_groups | n/a |
+| ec2\_instance\_subnet\_id | n/a |
+

modules/aws/ec2_instance_with_eni/README.md

@@ -0,0 +1,66 @@
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | n/a |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| ami | ID of AMI to use for the instance | `any` | n/a | yes |
+| associate\_public\_ip\_address | If true, the EC2 instance will have associated public IP address | `bool` | `false` | no |
+| attachment | Attachment block for assigning the eni to an instance | `list` | `[]` | no |
+| availability\_zone | The AZ to start the instance in | `string` | `""` | no |
+| delete\_on\_termination | whether or not to delete the eni on instance termination | `bool` | `false` | no |
+| description | (Optional) A description for the network interface | `string` | n/a | yes |
+| device\_index | eni index to attach the eni to on the instance | `any` | n/a | yes |
+| disable\_api\_termination | If true, enables EC2 Instance Termination Protection | `bool` | `false` | no |
+| ebs\_block\_device | Additional EBS block devices to attach to the instance | `list` | `[]` | no |
+| ebs\_optimized | If true, the launched EC2 instance will be EBS-optimized | `bool` | `false` | no |
+| eni\_number | Number of instances to launch | `number` | `1` | no |
+| ephemeral\_block\_device | Customize Ephemeral (also known as Instance Store) volumes on the instance | `list` | `[]` | no |
+| iam\_instance\_profile | The IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile. | `string` | `""` | no |
+| instance\_initiated\_shutdown\_behavior | Shutdown behavior for the instance | `string` | `""` | no |
+| instance\_type | The type of instance to start | `any` | n/a | yes |
+| ipv6\_address\_count | A number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet. | `number` | `0` | no |
+| ipv6\_addresses | Specify one or more IPv6 addresses from the range of the subnet to associate with the primary network interface | `list` | `[]` | no |
+| key\_name | The key name to use for the instance | `string` | `""` | no |
+| monitoring | If true, the launched EC2 instance will have detailed monitoring enabled | `bool` | `false` | no |
+| name | Name to be used on all resources as prefix | `any` | n/a | yes |
+| network\_interface | Customize network interfaces to be attached at instance boot time | `list` | `[]` | no |
+| number | Number of instances to launch | `number` | `1` | no |
+| placement\_group | The Placement Group to start the instance in | `string` | `""` | no |
+| private\_ips | (Optional) List of private IPs to assign to the ENI. | `list` | n/a | yes |
+| private\_ips\_count | Number of private IPs to assign to the eni | `number` | `0` | no |
+| region | (Required) VPC Region the resources exist in | `string` | n/a | yes |
+| root\_block\_device | Customize details about the root block device of the instance. See Block Devices below for details | `list` | `[]` | no |
+| source\_dest\_check | Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. | `bool` | `true` | no |
+| subnet\_id | (Required) Subnet ID to create the ENI and EC2 instance in. | `string` | `""` | no |
+| tags | A mapping of tags to assign to the resource | `map` | `{}` | no |
+| tenancy | The tenancy of the instance (if the instance is running in a VPC). Available values: default, dedicated, host. | `string` | `"default"` | no |
+| user\_data | The user data to provide when launching the instance | `string` | `""` | no |
+| vpc\_security\_group\_ids | A list of security group IDs to associate with | `list` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| availability\_zone | List of availability zones of instances |
+| id | List of IDs of instances |
+| key\_name | List of key names of instances |
+| network\_interface\_id | List of IDs of the network interface of instances |
+| primary\_network\_interface\_id | List of IDs of the primary network interface of instances |
+| private\_dns | List of private DNS names assigned to the instances. Can only be used inside the Amazon EC2, and only available if you've enabled DNS hostnames for your VPC |
+| private\_ip | List of private IP addresses assigned to the instances |
+| public\_dns | List of public DNS names assigned to the instances. For EC2-VPC, ec2 is only available if you've enabled DNS hostnames for your VPC |
+| public\_ip | List of public IP addresses assigned to the instances, if applicable |
+| security\_groups | List of associated security groups of instances |
+| subnet\_id | List of IDs of VPC subnets of instances |
+| vpc\_security\_group\_ids | List of associated security groups of instances, if running in non-default VPC |

modules/aws/ec2_windows_migrated_instance/README.md

@@ -0,0 +1,39 @@
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | n/a |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| ami | ID of AMI to use for the instance | `any` | n/a | yes |
+| count | Number of instances to launch | `number` | `1` | no |
+| ebs\_optimized | If true, the launched EC2 instance will be EBS-optimized | `bool` | `false` | no |
+| instance\_name\_prefix | Used to populate the Name tag. Set in main.tf | `any` | n/a | yes |
+| instance\_type | Select the instance type. Set in main.tf | `string` | `"t2.medium"` | no |
+| key\_name | keypair name to use for ec2 instance deployment. Keypairs are used to obtain the username/password | `any` | n/a | yes |
+| private\_ip | Private IP address to associate with the instance in a VPC | `string` | `""` | no |
+| region | (Required) VPC Region the resources exist in | `string` | n/a | yes |
+| security\_group\_ids | Lits of security group ids to attach to the instance | `list` | n/a | yes |
+| subnet\_id | The VPC subnet the instance(s) will be assigned. Set in main.tf | `any` | n/a | yes |
+| tags | n/a | `map` | <pre>{<br>  "created_by": "terraform",<br>  "terraform": "true"<br>}</pre> | no |
+| user\_data | The path to a file with user\_data for the instances | `string` | `""` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| ec2\_instance\_id | n/a |
+| ec2\_instance\_network\_id | n/a |
+| ec2\_instance\_priv\_ip | n/a |
+| ec2\_instance\_pub\_ip | n/a |
+| ec2\_instance\_security\_groups | n/a |
+| ec2\_instance\_subnet\_id | n/a |