terraform-docs: automated action

github-actions[bot] · github-actions[bot] · commit 31e0459806a5 · 2024-08-02T07:07:05.000Z
diff --git a/modules/acm/README.md b/modules/acm/README.md
@@ -1,6 +1,17 @@
 <!-- BEGIN_TF_DOCS -->
 # acm
 
+This sub-module creates the Amazon-issued certificates for given domains with `validation_option` configuration.
+
+## Presets
+
+- The `validation_method` is set to `DNS` as the recommended method, and can be overridden to use `EMAIL` method if required.
+
+## Notes
+
+- ACM certificates are created before destroying existing ones (to update the configuration), which is the recommended practice.
+- The sub-module outputs the corresponding validation records for every Amazon-issued ACM certificate created. This can be further used to complete the validation by creating the Route53 DNS records.
+
 ## Requirements
 
 | Name | Version |
@@ -27,7 +38,7 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_amazon_issued_certificates"></a> [amazon\_issued\_certificates](#input\_amazon\_issued\_certificates) | List of Amazon-issued certificates to ACM create. | <pre>map(object({<br>    domain_name               = string<br>    subject_alternative_names = optional(list(string), [])<br>    validation_method         = optional(string, null)<br>    key_algorithm             = optional(string, null)<br>    validation_option = optional(object({<br>      domain_name       = string<br>      validation_domain = string<br>    }))<br>    tags = optional(map(string), {})<br>  }))</pre> | `{}` | no |
+| <a name="input_amazon_issued_certificates"></a> [amazon\_issued\_certificates](#input\_amazon\_issued\_certificates) | List of Amazon-issued certificates to ACM create. | <pre>map(object({<br>    domain_name               = string<br>    subject_alternative_names = optional(list(string), [])<br>    validation_method         = optional(string, "DNS")<br>    key_algorithm             = optional(string, null)<br>    validation_option = optional(object({<br>      domain_name       = string<br>      validation_domain = string<br>    }))<br>    tags = optional(map(string), {})<br>  }))</pre> | `{}` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | (Optional) Map of tags to assign to the resource. | `map(string)` | `{}` | no |
 
 ## Outputs
diff --git a/modules/alb/README.md b/modules/alb/README.md
@@ -1,6 +1,57 @@
 <!-- BEGIN_TF_DOCS -->
 # alb
 
+This sub-module creates:
+
+1. Application Load Balancer in the given subnets
+2. Target Groups with Health Check configuration
+3. Listeners with Default Action configuration, and
+4. Listener Rules with Actions with `forward` and `authenticate-oidc` types, and Conditions involving `host_header`, `path_pattern`, and `http_request_method`.
+
+## Presets
+
+### Load Balancer
+
+- The `internal` is set to `false` as the default option (i.e., an Internet-facing ALB), and can be overridden to be internal if required.
+- The `preserve_host_header` is set to `true` as the default option (i.e., the `HOST` header is not overridden by the ALB), and can be overridden to allow the ALB to override the header if required.
+- The `enable_deletion_protection` is set to `false` as the recommended option (i.e., the ALB can be destroyed using the API), and can be overridden to enable the deletion protection if required.
+
+### Listener
+
+- The `protocol` is set to `HTTP` as the default option, and can be overridden to use `HTTPS` if required.
+- The `ssl_policy` is set to `ELBSecurityPolicy-TLS13-1-2-2021-06` as the recommended SSL policy ([read more](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies)), and can be overridden to use a different SSL policy if required.
+
+## Notes
+
+- For configuration that requires ARNs to other Target Groups/Listeners, the name of the Target Group/Listener can be specified as the value of the attribute, so that the sub-module implicitly references the corresponding Target Group/Listener for the ARN.
+
+  ```hcl
+  module "alb" {
+    . . .
+
+    target_groups = {
+      # Define the Target Group with a key
+      nginx = {
+        . . .
+      }
+    }
+
+    listeners = {
+      . . .
+      default_action = [
+        {
+          . . .
+
+          # Reference the target group using the key
+          target_group = "nginx"
+        }
+      ]
+    }
+  }
+  ```
+
+- Listener Rule Actions currently support the `forward` and `authenticate-oidc` types only, and will be expanded to cover other types in future iteratively. Similarly, the Listener Rule Conditions currently support the `host_header`, `path_pattern` and `http_request_method` configurations only.
+
 ## Requirements
 
 | Name | Version |
@@ -34,8 +85,8 @@ No modules.
 | <a name="input_internal"></a> [internal](#input\_internal) | (Optional) If true, the LB will be internal. | `bool` | `false` | no |
 | <a name="input_listener_rules"></a> [listener\_rules](#input\_listener\_rules) | Listener rules to associate with the the ALB Listeners. | <pre>map(object({<br>    listener = string<br>    priority = optional(number)<br>    action = list(object({<br>      type = string<br>      authenticate_oidc = optional(object({<br>        authorization_endpoint     = string<br>        client_id                  = string<br>        client_secret              = string<br>        issuer                     = string<br>        on_unauthenticated_request = optional(string)<br>        scope                      = optional(string)<br>        session_cookie_name        = optional(string)<br>        token_endpoint             = string<br>        user_info_endpoint         = string<br>      }))<br>      target_group = optional(string)<br>    }))<br>    condition = set(object({<br>      host_header = optional(object({<br>        values = set(string)<br>      }))<br>      path_pattern = optional(object({<br>        values = set(string)<br>      }))<br>      http_request_method = optional(object({<br>        values = set(string)<br>      }))<br>    }))<br>    tags = optional(map(string), {})<br>  }))</pre> | `{}` | no |
 | <a name="input_listeners"></a> [listeners](#input\_listeners) | Listeners to forward ALB ingress to desired Target Groups. | <pre>map(object({<br>    default_action = list(object({<br>      type           = string<br>      target_group   = string<br>      fixed_response = optional(any, null)<br>      forward        = optional(any, null)<br>      order          = optional(number)<br>      redirect       = optional(any, null)<br>    }))<br>    certificate_arn = optional(string)<br>    port            = optional(number)<br>    protocol        = optional(string, "HTTP")<br>    ssl_policy      = optional(string, "ELBSecurityPolicy-TLS13-1-2-2021-06")<br>    tags            = optional(map(string), {})<br>  }))</pre> | n/a | yes |
-| <a name="input_name"></a> [name](#input\_name) | (Optional) Name of the LB. | `string` | `""` | no |
-| <a name="input_preserve_host_header"></a> [preserve\_host\_header](#input\_preserve\_host\_header) | (Optional) Whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change. | `bool` | `false` | no |
+| <a name="input_name"></a> [name](#input\_name) | (Optional) Name of the LB. | `string` | `null` | no |
+| <a name="input_preserve_host_header"></a> [preserve\_host\_header](#input\_preserve\_host\_header) | (Optional) Whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change. | `bool` | `true` | no |
 | <a name="input_security_groups_ids"></a> [security\_groups\_ids](#input\_security\_groups\_ids) | (Optional) List of security group IDs to assign to the LB. | `list(string)` | `[]` | no |
 | <a name="input_subnets_ids"></a> [subnets\_ids](#input\_subnets\_ids) | (Optional) List of subnet IDs to attach to the LB. | `list(string)` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | (Optional) Map of tags to assign to the resource. | `map(string)` | `{}` | no |
diff --git a/modules/capacity-provider/README.md b/modules/capacity-provider/README.md
@@ -1,6 +1,27 @@
 <!-- BEGIN_TF_DOCS -->
 # capacity-provider
 
+This sub-module creates:
+
+1. ECS Capacity Providers with `auto_scaling_group_provider` configuration (optionally with `managed_scaling`), and
+2. ECS Cluster Capacity Providers using the created ECS Capacity Providers, and with `default_capacity_provider_strategy` configuration.
+
+## Presets
+
+### ECS Capacity Provider
+
+- The `managed_termination_protection` is enabled by default as recommended (which enables termination protection to container instances), and can be disabled if required.
+
+### ECS Cluster Capacity Providers
+
+- The `default_auto_scaling_group_arn` is a required attribute, and is used as the default Autoscaling group ARN under `auto_scaling_group_provider` configuration under each ECS Capacity Provider. The `auto_scaling_group_arn` can be overridden for individual ECS Capacity Provider if required.
+- The `weight` under `default_capacity_provider_strategy` configuration is set to `1` as the default option (i.e., equal distribution of tasks in each ECS Capacity Provider), and can be overridden.
+- The `base` under `default_capacity_provider_strategy` configuration is set to `0` as the default option (i.e., min. number of tasks running in each ECS Capacity Provider), and can be overridden.
+
+## Notes
+
+- ECS Cluster Capacity Providers utilizes all the ECS Capacity Providers that were created through the sub-module as the desired behaviour, and cannot be overridden.
+
 ## Requirements
 
 | Name | Version |
@@ -30,7 +51,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_capacity_providers"></a> [capacity\_providers](#input\_capacity\_providers) | Capacity Providers to associate with the ECS Cluster. | <pre>map(object({<br>    name                   = string<br>    auto_scaling_group_arn = optional(string)<br>    managed_scaling = optional(<br>      object({<br>        instance_warmup_period    = optional(number)<br>        status                    = optional(string)<br>        target_capacity           = optional(number)<br>        minimum_scaling_step_size = optional(number)<br>        maximum_scaling_step_size = optional(number)<br>      })<br>    )<br>    managed_termination_protection = optional(string, "ENABLED")<br>    tags                           = optional(map(string), {})<br>  }))</pre> | `{}` | no |
 | <a name="input_default_auto_scaling_group_arn"></a> [default\_auto\_scaling\_group\_arn](#input\_default\_auto\_scaling\_group\_arn) | ARN for this Auto Scaling Group. | `string` | n/a | yes |
-| <a name="input_default_capacity_provider_strategies"></a> [default\_capacity\_provider\_strategies](#input\_default\_capacity\_provider\_strategies) | (Optional) Set of capacity provider strategies to use by default for the cluster. | <pre>list(object({<br>    capacity_provider = string<br>    weight            = optional(number, 0)<br>    base              = optional(number, 0)<br>  }))</pre> | `[]` | no |
+| <a name="input_default_capacity_provider_strategies"></a> [default\_capacity\_provider\_strategies](#input\_default\_capacity\_provider\_strategies) | (Optional) Set of capacity provider strategies to use by default for the cluster. | <pre>list(object({<br>    capacity_provider = string<br>    weight            = optional(number, 1)<br>    base              = optional(number, 0)<br>  }))</pre> | `[]` | no |
 | <a name="input_ecs_cluster_name"></a> [ecs\_cluster\_name](#input\_ecs\_cluster\_name) | (Required) Name of the cluster. | `string` | n/a | yes |
 
 ## Outputs
