diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 0a3417d..99ac453 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -41,7 +41,7 @@ jobs:
strategy:
matrix:
- terraform_example: ${{fromJson(needs.meta.outputs.tf-modules)}}
+ terraform_example: ${{fromJson(needs.meta.outputs.tf-examples)}}
steps:
- uses: actions/checkout@v4
diff --git a/asset-account/terraform/cloudformation-stack/.module.toml b/asset-account/terraform/cloudformation-stack/.module.toml
new file mode 100644
index 0000000..92387ce
--- /dev/null
+++ b/asset-account/terraform/cloudformation-stack/.module.toml
@@ -0,0 +1,5 @@
+[module]
+name = "aws-elastio-asset-account-cloudformation-stack"
+description = "Terraform module for creating the Elastio Asset Account CloudFormation stack"
+type = "terraform"
+version = "0.33.0"
diff --git a/asset-account/terraform/cloudformation-stack/README.md b/asset-account/terraform/cloudformation-stack/README.md
new file mode 100644
index 0000000..45feab1
--- /dev/null
+++ b/asset-account/terraform/cloudformation-stack/README.md
@@ -0,0 +1,72 @@
+# Elastio Asset Account CloudFormation Stack
+
+See [this README](../..) for more details on what this stack does.
+
+This is a Terraform module, that is a thin wrapper on top of an [`aws_cloudformation_stack`](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack) resource used to deploy the Elastio Asset Account stack.
+
+See the basic [usage example](./examples/basic/main.tf).
+
+## Installation
+
+[Configure](../../../README.md#configuring-the-terraform-modules-registry) the Elastio terraform module registry, and add this to your project:
+
+```tf
+module "elastio_asset_account" {
+ source = "terraform.cloudsmith.io/public/elastio-asset-account-cloudformation-stack/aws"
+ version = "0.33.0"
+
+ // Provide input parameters
+}
+```
+
+
+
+## Requirements
+
+| Name | Version |
+| ------------------------------------------------------------------------ | ------- |
+| [terraform](#requirement_terraform) | ~> 1.0 |
+| [aws](#requirement_aws) | ~> 5.0 |
+
+## Providers
+
+| Name | Version |
+| ------------------------------------------------ | ------- |
+| [aws](#provider_aws) | ~> 5.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+| --------------------------------------------------------------------------------------------------------------------------------- | -------- |
+| [aws_cloudformation_stack.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+| ------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------- | ----------------------- | :------: |
+| [disable_rollback](#input_disable_rollback) | [See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack#disable_rollback-1) | `bool` | `null` | no |
+| [encrypt_with_cmk](#input_encrypt_with_cmk) | Provision an additional customer-managed KMS key to encrypt Lambda environment variables.
This increases the cost of the stack. | `bool` | `false` | no |
+| [iam_resource_names_prefix](#input_iam_resource_names_prefix) | Add a custom prefix to names of all IAM resources deployed by this stack. | `string` | `""` | no |
+| [iam_resource_names_suffix](#input_iam_resource_names_suffix) | Add a custom prefix to names of all IAM resources deployed by this stack. | `string` | `""` | no |
+| [iam_role_arn](#input_iam_role_arn) | [See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack#iam_role_arn-1) | `string` | `null` | no |
+| [lambda_tracing](#input_lambda_tracing) | Enable AWS X-Ray tracing for Lambda functions.
This increases the cost of the stack. | `bool` | `false` | no |
+| [notification_arns](#input_notification_arns) | [See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack#notification_arns-1) | `list(string)` | `null` | no |
+| [on_failure](#input_on_failure) | [See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack#on_failure-1) | `string` | `null` | no |
+| [policy_body](#input_policy_body) | [See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack#policy_body-1) | `string` | `null` | no |
+| [policy_url](#input_policy_url) | [See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack#policy_url-1) | `string` | `null` | no |
+| [stack_name](#input_stack_name) | The name of the CloudFormation StackSet. | `string` | `"ElastioAssetAccount"` | no |
+| [tags](#input_tags) | Additional tags to apply to all resources created by this stack. | `map(string)` | `{}` | no |
+| [template_url](#input_template_url) | The URL of the Elastio Asset Account CloudFormation template obtained from
the Elastio Portal.
This parameter is sensitive, because anyone who knows this URL can deploy
Elastio Account stack and linking it to your Elastio tenant. | `string` | n/a | yes |
+| [timeout_in_minutes](#input_timeout_in_minutes) | [See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack#timeout_in_minutes-1) | `number` | `null` | no |
+
+## Outputs
+
+| Name | Description |
+| -------------------------------------------------- | ----------------------------------------------------- |
+| [stack](#output_stack) | The outputs of the aws_cloudformation_stack resource. |
+
+
diff --git a/asset-account/terraform/cloudformation-stack/examples/basic/.terraform.lock.hcl b/asset-account/terraform/cloudformation-stack/examples/basic/.terraform.lock.hcl
new file mode 100644
index 0000000..7573cdb
--- /dev/null
+++ b/asset-account/terraform/cloudformation-stack/examples/basic/.terraform.lock.hcl
@@ -0,0 +1,25 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+ version = "5.92.0"
+ constraints = "~> 5.0"
+ hashes = [
+ "h1:ZnpTxMfg5PThZc5WZCsZELinsR0gPhdTpNmXjVcf7aE=",
+ "zh:1d3a0b40831360e8e988aee74a9ff3d69d95cb541c2eae5cb843c64303a091ba",
+ "zh:3d29cbced6c708be2041a708d25c7c0fc22d09e4d0b174360ed113bfae786137",
+ "zh:4341a203cf5820a0ca18bb514ae10a6c113bc6a728fb432acbf817d232e8eff4",
+ "zh:4a49e2d91e4d92b6b93ccbcbdcfa2d67935ce62e33b939656766bb81b3fd9a2c",
+ "zh:54c7189358b37fd895dedbabf84e509c1980a8c404a1ee5b29b06e40497b8655",
+ "zh:5d8bb1ff089c37cb65c83b4647f1981fded993e87d8132915d92d79f29e2fcd8",
+ "zh:618f2eb87cd65b245aefba03991ad714a51ff3b841016ef68e2da2b85d0b2325",
+ "zh:7bce07bc542d0588ca42bac5098dd4f8af715417cd30166b4fb97cedd44ab109",
+ "zh:81419eab2d8810beb114b1ff5cbb592d21edc21b809dc12bb066e4b88fdd184a",
+ "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+ "zh:9dea39d4748eeeebe2e76ca59bca4ccd161c2687050878c47289a98407a23372",
+ "zh:d692fc33b67ac89e916c8f9233d39eacab8c438fe10172990ee9d94fba5ca372",
+ "zh:d9075c7da48947c029ba47d5985e1e8e3bf92367bfee8ca1ff0e747765e779a1",
+ "zh:e81c62db317f3b640b2e04eba0ada8aa606bcbae0152c09f6242e86b86ef5889",
+ "zh:f68562e073722c378d2f3529eb80ad463f12c44aa5523d558ae3b69f4de5ca1f",
+ ]
+}
diff --git a/asset-account/terraform/cloudformation-stack/examples/basic/main.tf b/asset-account/terraform/cloudformation-stack/examples/basic/main.tf
new file mode 100644
index 0000000..22e19c4
--- /dev/null
+++ b/asset-account/terraform/cloudformation-stack/examples/basic/main.tf
@@ -0,0 +1,5 @@
+module "elastio_asset_account" {
+ source = "../../"
+
+ template_url = var.template_url
+}
diff --git a/asset-account/terraform/cloudformation-stack/examples/basic/variables.tf b/asset-account/terraform/cloudformation-stack/examples/basic/variables.tf
new file mode 100644
index 0000000..9761c40
--- /dev/null
+++ b/asset-account/terraform/cloudformation-stack/examples/basic/variables.tf
@@ -0,0 +1,13 @@
+variable "template_url" {
+ description = <<-DESCR
+ The URL of the Elastio Asset Account CloudFormation template obtained from
+ the Elastio Portal.
+
+ This parameter is sensitive, because anyone who knows this URL can deploy
+ Elastio Account stack and linking it to your Elastio tenant.
+ DESCR
+
+ sensitive = true
+ type = string
+ nullable = false
+}
diff --git a/asset-account/terraform/cloudformation-stack/examples/basic/versions.tf b/asset-account/terraform/cloudformation-stack/examples/basic/versions.tf
new file mode 100644
index 0000000..ab789a3
--- /dev/null
+++ b/asset-account/terraform/cloudformation-stack/examples/basic/versions.tf
@@ -0,0 +1,3 @@
+terraform {
+ required_version = "~> 1.0"
+}
diff --git a/asset-account/terraform/cloudformation-stack/main.tf b/asset-account/terraform/cloudformation-stack/main.tf
new file mode 100644
index 0000000..c7575e2
--- /dev/null
+++ b/asset-account/terraform/cloudformation-stack/main.tf
@@ -0,0 +1,25 @@
+resource "aws_cloudformation_stack" "this" {
+ tags = merge(var.tags, { "elastio:resource" = true })
+
+ name = var.stack_name
+ template_url = var.template_url
+ capabilities = ["CAPABILITY_IAM", "CAPABILITY_NAMED_IAM"]
+
+ disable_rollback = var.disable_rollback
+ notification_arns = var.notification_arns
+ on_failure = var.on_failure
+ policy_body = var.policy_body
+ policy_url = var.policy_url
+ iam_role_arn = var.iam_role_arn
+ timeout_in_minutes = var.timeout_in_minutes
+
+ parameters = {
+ for key, value in {
+ iamResourceNamesPrefix = var.iam_resource_names_prefix
+ iamResourceNamesSuffix = var.iam_resource_names_suffix
+ encryptWithCmk = var.encrypt_with_cmk
+ lambdaTracing = var.lambda_tracing
+ } :
+ key => tostring(value)
+ }
+}
diff --git a/asset-account/terraform/cloudformation-stack/outputs.tf b/asset-account/terraform/cloudformation-stack/outputs.tf
new file mode 100644
index 0000000..44169ed
--- /dev/null
+++ b/asset-account/terraform/cloudformation-stack/outputs.tf
@@ -0,0 +1,7 @@
+output "stack" {
+ description = <<-DESCR
+ The outputs of the aws_cloudformation_stack resource.
+ DESCR
+
+ value = aws_cloudformation_stack.this
+}
diff --git a/asset-account/terraform/cloudformation-stack/variables.tf b/asset-account/terraform/cloudformation-stack/variables.tf
new file mode 100644
index 0000000..f26be64
--- /dev/null
+++ b/asset-account/terraform/cloudformation-stack/variables.tf
@@ -0,0 +1,132 @@
+#########################
+## Required parameters ##
+#########################
+
+variable "template_url" {
+ description = <<-DESCR
+ The URL of the Elastio Asset Account CloudFormation template obtained from
+ the Elastio Portal.
+
+ This parameter is sensitive, because anyone who knows this URL can deploy
+ Elastio Account stack and linking it to your Elastio tenant.
+ DESCR
+
+ sensitive = true
+ type = string
+ nullable = false
+}
+
+#########################
+## Optional parameters ##
+#########################
+
+variable "tags" {
+ description = <<-DESCR
+ Additional tags to apply to all resources created by this stack.
+ DESCR
+
+ type = map(string)
+ default = {}
+}
+
+variable "stack_name" {
+ description = "The name of the CloudFormation StackSet."
+ type = string
+ nullable = false
+ default = "ElastioAssetAccount"
+}
+
+variable "disable_rollback" {
+ description = "[See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack#disable_rollback-1)"
+
+ type = bool
+ default = null
+}
+
+variable "notification_arns" {
+ description = "[See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack#notification_arns-1)"
+
+ type = list(string)
+ default = null
+}
+
+variable "on_failure" {
+ description = "[See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack#on_failure-1)"
+
+ type = string
+ default = null
+}
+
+variable "policy_body" {
+ description = "[See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack#policy_body-1)"
+
+ type = string
+ default = null
+}
+
+variable "policy_url" {
+ description = "[See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack#policy_url-1)"
+
+ type = string
+ default = null
+}
+
+variable "iam_role_arn" {
+ description = "[See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack#iam_role_arn-1)"
+
+ type = string
+ default = null
+}
+
+variable "timeout_in_minutes" {
+ description = "[See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack#timeout_in_minutes-1)"
+
+ type = number
+ default = null
+}
+
+#####################################################
+## Optional parameters of the CloudFormation stack ##
+#####################################################
+
+variable "iam_resource_names_prefix" {
+ description = <<-DESCR
+ Add a custom prefix to names of all IAM resources deployed by this stack.
+ DESCR
+
+ type = string
+ nullable = false
+ default = ""
+}
+
+variable "iam_resource_names_suffix" {
+ description = <<-DESCR
+ Add a custom prefix to names of all IAM resources deployed by this stack.
+ DESCR
+
+ type = string
+ nullable = false
+ default = ""
+}
+
+variable "encrypt_with_cmk" {
+ description = <<-DESCR
+ Provision an additional customer-managed KMS key to encrypt Lambda environment variables.
+ This increases the cost of the stack.
+ DESCR
+
+ type = bool
+ nullable = false
+ default = false
+}
+
+variable "lambda_tracing" {
+ description = <<-DESCR
+ Enable AWS X-Ray tracing for Lambda functions.
+ This increases the cost of the stack.
+ DESCR
+
+ type = bool
+ nullable = false
+ default = false
+}
diff --git a/asset-account/terraform/cloudformation-stack/versions.tf b/asset-account/terraform/cloudformation-stack/versions.tf
new file mode 100644
index 0000000..d50a6bd
--- /dev/null
+++ b/asset-account/terraform/cloudformation-stack/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+ required_version = "~> 1.0"
+
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = "~> 5.0"
+ }
+ }
+}
diff --git a/asset-account/terraform/stack-set/.module.toml b/asset-account/terraform/stack-set/.module.toml
index 11242ed..e285659 100644
--- a/asset-account/terraform/stack-set/.module.toml
+++ b/asset-account/terraform/stack-set/.module.toml
@@ -1,5 +1,5 @@
[module]
name = "aws-elastio-asset-account-stack-set"
-description = "Terraform module for creating the Elastio Asset Account stack"
+description = "Terraform module for creating the Elastio Asset Account CloudFormation StackSet"
type = "terraform"
version = "0.33.0"
diff --git a/asset-account/terraform/stack-set/variables.tf b/asset-account/terraform/stack-set/variables.tf
index 24bb656..956d51c 100644
--- a/asset-account/terraform/stack-set/variables.tf
+++ b/asset-account/terraform/stack-set/variables.tf
@@ -166,7 +166,7 @@ variable "retain_stacks" {
}
######################################################
-## Optional parameters of the Cloudformation stacks ##
+## Optional parameters of the CloudFormation stacks ##
######################################################
variable "iam_resource_names_prefix" {
diff --git a/iam-policies/terraform/README.md b/iam-policies/terraform/README.md
index 75e4781..0942133 100644
--- a/iam-policies/terraform/README.md
+++ b/iam-policies/terraform/README.md
@@ -21,7 +21,7 @@ Specify the set of names of policies from the list of [available policies](#avai
The policies are generated using TypeScript. Their final JSON output is stored as `policies/{PolicyName}.json` documents in this module's directory. You can see the original policy source code with comments about the reasoning for some IAM permissions if you click on the policy names in the table below.
-See also the basic [usage example](./examples/basic/).
+See the basic [usage example](./examples/basic/main.tf).
## Available Policies