elastio · Veetaha · Mar 25, 2025 · Mar 25, 2025 · Mar 25, 2025 · Mar 25, 2025
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -41,7 +41,7 @@ jobs:
 
     strategy:
       matrix:
-        terraform_example: ${{fromJson(needs.meta.outputs.tf-modules)}}
+        terraform_example: ${{fromJson(needs.meta.outputs.tf-examples)}}
 
     steps:
       - uses: actions/checkout@v4

diff --git a/asset-account/terraform/cloudformation-stack/.module.toml b/asset-account/terraform/cloudformation-stack/.module.toml
@@ -0,0 +1,5 @@
+[module]
+name = "aws-elastio-asset-account-cloudformation-stack"
+description = "Terraform module for creating the Elastio Asset Account CloudFormation stack"
+type = "terraform"
+version = "0.33.0"
diff --git a/asset-account/terraform/cloudformation-stack/README.md b/asset-account/terraform/cloudformation-stack/README.md
@@ -0,0 +1,72 @@
+# Elastio Asset Account CloudFormation Stack
+
+See [this README](../..) for more details on what this stack does.
+
+This is a Terraform module, that is a thin wrapper on top of an [`aws_cloudformation_stack`](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack) resource used to deploy the Elastio Asset Account stack.
+
+See the basic [usage example](./examples/basic/main.tf).
+
+## Installation
+
+[Configure](../../../README.md#configuring-the-terraform-modules-registry) the Elastio terraform module registry, and add this to your project:
+
+```tf
+module "elastio_asset_account" {
+  source  = "terraform.cloudsmith.io/public/elastio-asset-account-cloudformation-stack/aws"
+  version = "0.33.0"
+
+  // Provide input parameters
+}
+```
+
+<!-- BEGIN_TF_DOCS -->
+
+## Requirements
+
+| Name                                                                     | Version |
+| ------------------------------------------------------------------------ | ------- |
+| <a name="requirement_terraform"></a> [terraform](#requirement_terraform) | ~> 1.0  |
+| <a name="requirement_aws"></a> [aws](#requirement_aws)                   | ~> 5.0  |
+
+## Providers
+
+| Name                                             | Version |
+| ------------------------------------------------ | ------- |
+| <a name="provider_aws"></a> [aws](#provider_aws) | ~> 5.0  |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name                                                                                                                              | Type     |
+| --------------------------------------------------------------------------------------------------------------------------------- | -------- |
+| [aws_cloudformation_stack.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack) | resource |
+
+## Inputs
+
+| Name                                                                                                         | Description                                                                                                                                                                                                                                            | Type           | Default                 | Required |
+| ------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------- | ----------------------- | :------: |
+| <a name="input_disable_rollback"></a> [disable_rollback](#input_disable_rollback)                            | [See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack#disable_rollback-1)                                                                                                                   | `bool`         | `null`                  |    no    |
+| <a name="input_encrypt_with_cmk"></a> [encrypt_with_cmk](#input_encrypt_with_cmk)                            | Provision an additional customer-managed KMS key to encrypt Lambda environment variables.<br/>This increases the cost of the stack.                                                                                                                    | `bool`         | `false`                 |    no    |
+| <a name="input_iam_resource_names_prefix"></a> [iam_resource_names_prefix](#input_iam_resource_names_prefix) | Add a custom prefix to names of all IAM resources deployed by this stack.                                                                                                                                                                              | `string`       | `""`                    |    no    |
+| <a name="input_iam_resource_names_suffix"></a> [iam_resource_names_suffix](#input_iam_resource_names_suffix) | Add a custom prefix to names of all IAM resources deployed by this stack.                                                                                                                                                                              | `string`       | `""`                    |    no    |
+| <a name="input_iam_role_arn"></a> [iam_role_arn](#input_iam_role_arn)                                        | [See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack#iam_role_arn-1)                                                                                                                       | `string`       | `null`                  |    no    |
+| <a name="input_lambda_tracing"></a> [lambda_tracing](#input_lambda_tracing)                                  | Enable AWS X-Ray tracing for Lambda functions.<br/>This increases the cost of the stack.                                                                                                                                                               | `bool`         | `false`                 |    no    |
+| <a name="input_notification_arns"></a> [notification_arns](#input_notification_arns)                         | [See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack#notification_arns-1)                                                                                                                  | `list(string)` | `null`                  |    no    |
+| <a name="input_on_failure"></a> [on_failure](#input_on_failure)                                              | [See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack#on_failure-1)                                                                                                                         | `string`       | `null`                  |    no    |
+| <a name="input_policy_body"></a> [policy_body](#input_policy_body)                                           | [See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack#policy_body-1)                                                                                                                        | `string`       | `null`                  |    no    |
+| <a name="input_policy_url"></a> [policy_url](#input_policy_url)                                              | [See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack#policy_url-1)                                                                                                                         | `string`       | `null`                  |    no    |
+| <a name="input_stack_name"></a> [stack_name](#input_stack_name)                                              | The name of the CloudFormation StackSet.                                                                                                                                                                                                               | `string`       | `"ElastioAssetAccount"` |    no    |
+| <a name="input_tags"></a> [tags](#input_tags)                                                                | Additional tags to apply to all resources created by this stack.                                                                                                                                                                                       | `map(string)`  | `{}`                    |    no    |
+| <a name="input_template_url"></a> [template_url](#input_template_url)                                        | The URL of the Elastio Asset Account CloudFormation template obtained from<br/>the Elastio Portal.<br/><br/>This parameter is sensitive, because anyone who knows this URL can deploy<br/>Elastio Account stack and linking it to your Elastio tenant. | `string`       | n/a                     |   yes    |
+| <a name="input_timeout_in_minutes"></a> [timeout_in_minutes](#input_timeout_in_minutes)                      | [See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack#timeout_in_minutes-1)                                                                                                                 | `number`       | `null`                  |    no    |
+
+## Outputs
+
+| Name                                               | Description                                           |
+| -------------------------------------------------- | ----------------------------------------------------- |
+| <a name="output_stack"></a> [stack](#output_stack) | The outputs of the aws_cloudformation_stack resource. |
+
+<!-- END_TF_DOCS -->
diff --git a/asset-account/terraform/cloudformation-stack/examples/basic/.terraform.lock.hcl b/asset-account/terraform/cloudformation-stack/examples/basic/.terraform.lock.hcl
diff --git a/asset-account/terraform/cloudformation-stack/examples/basic/main.tf b/asset-account/terraform/cloudformation-stack/examples/basic/main.tf
@@ -0,0 +1,5 @@
+module "elastio_asset_account" {
+  source = "../../"
+
+  template_url = var.template_url
+}
diff --git a/asset-account/terraform/cloudformation-stack/examples/basic/variables.tf b/asset-account/terraform/cloudformation-stack/examples/basic/variables.tf
@@ -0,0 +1,13 @@
+variable "template_url" {
+  description = <<-DESCR
+    The URL of the Elastio Asset Account CloudFormation template obtained from
+    the Elastio Portal.
+
+    This parameter is sensitive, because anyone who knows this URL can deploy
+    Elastio Account stack and linking it to your Elastio tenant.
+  DESCR
+
+  sensitive = true
+  type      = string
+  nullable  = false
+}
diff --git a/asset-account/terraform/cloudformation-stack/examples/basic/versions.tf b/asset-account/terraform/cloudformation-stack/examples/basic/versions.tf
@@ -0,0 +1,3 @@
+terraform {
+  required_version = "~> 1.0"
+}
diff --git a/asset-account/terraform/cloudformation-stack/main.tf b/asset-account/terraform/cloudformation-stack/main.tf
@@ -0,0 +1,25 @@
+resource "aws_cloudformation_stack" "this" {
+  tags = merge(var.tags, { "elastio:resource" = true })
+
+  name         = var.stack_name
+  template_url = var.template_url
+  capabilities = ["CAPABILITY_IAM", "CAPABILITY_NAMED_IAM"]
+
+  disable_rollback   = var.disable_rollback
+  notification_arns  = var.notification_arns
+  on_failure         = var.on_failure
+  policy_body        = var.policy_body
+  policy_url         = var.policy_url
+  iam_role_arn       = var.iam_role_arn
+  timeout_in_minutes = var.timeout_in_minutes
+
+  parameters = {
+    for key, value in {
+      iamResourceNamesPrefix = var.iam_resource_names_prefix
+      iamResourceNamesSuffix = var.iam_resource_names_suffix
+      encryptWithCmk         = var.encrypt_with_cmk
+      lambdaTracing          = var.lambda_tracing
+    } :
+    key => tostring(value)
+  }
+}
diff --git a/asset-account/terraform/cloudformation-stack/outputs.tf b/asset-account/terraform/cloudformation-stack/outputs.tf
@@ -0,0 +1,7 @@
+output "stack" {
+  description = <<-DESCR
+    The outputs of the aws_cloudformation_stack resource.
+  DESCR
+
+  value = aws_cloudformation_stack.this
+}
diff --git a/asset-account/terraform/cloudformation-stack/variables.tf b/asset-account/terraform/cloudformation-stack/variables.tf
@@ -0,0 +1,132 @@
+#########################
+## Required parameters ##
+#########################
+
+variable "template_url" {
+  description = <<-DESCR
+    The URL of the Elastio Asset Account CloudFormation template obtained from
+    the Elastio Portal.
+
+    This parameter is sensitive, because anyone who knows this URL can deploy
+    Elastio Account stack and linking it to your Elastio tenant.
+  DESCR
+
+  sensitive = true
+  type      = string
+  nullable  = false
+}
+
+#########################
+## Optional parameters ##
+#########################
+
+variable "tags" {
+  description = <<-DESCR
+    Additional tags to apply to all resources created by this stack.
+  DESCR
+
+  type    = map(string)
+  default = {}
+}
+
+variable "stack_name" {
+  description = "The name of the CloudFormation StackSet."
+  type     = string
+  nullable = false
+  default  = "ElastioAssetAccount"
+}
+
+variable "disable_rollback" {
+  description = "[See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack#disable_rollback-1)"
+
+  type    = bool
+  default = null
+}
+
+variable "notification_arns" {
+  description = "[See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack#notification_arns-1)"
+
+  type    = list(string)
+  default = null
+}
+
+variable "on_failure" {
+  description = "[See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack#on_failure-1)"
+
+  type    = string
+  default = null
+}
+
+variable "policy_body" {
+  description = "[See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack#policy_body-1)"
+
+  type    = string
+  default = null
+}
+
+variable "policy_url" {
+  description = "[See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack#policy_url-1)"
+
+  type    = string
+  default = null
+}
+
+variable "iam_role_arn" {
+  description = "[See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack#iam_role_arn-1)"
+
+  type    = string
+  default = null
+}
+
+variable "timeout_in_minutes" {
+  description = "[See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack#timeout_in_minutes-1)"
+
+  type    = number
+  default = null
+}
+
+#####################################################
+## Optional parameters of the CloudFormation stack ##
+#####################################################
+
+variable "iam_resource_names_prefix" {
+  description = <<-DESCR
+    Add a custom prefix to names of all IAM resources deployed by this stack.
+  DESCR
+
+  type     = string
+  nullable = false
+  default  = ""
+}
+
+variable "iam_resource_names_suffix" {
+  description = <<-DESCR
+    Add a custom prefix to names of all IAM resources deployed by this stack.
+  DESCR
+
+  type     = string
+  nullable = false
+  default  = ""
+}
+
+variable "encrypt_with_cmk" {
+  description = <<-DESCR
+    Provision an additional customer-managed KMS key to encrypt Lambda environment variables.
+    This increases the cost of the stack.
+  DESCR
+
+  type     = bool
+  nullable = false
+  default  = false
+}
+
+variable "lambda_tracing" {
+  description = <<-DESCR
+    Enable AWS X-Ray tracing for Lambda functions.
+    This increases the cost of the stack.
+  DESCR
+
+  type     = bool
+  nullable = false
+  default  = false
+}
diff --git a/asset-account/terraform/cloudformation-stack/versions.tf b/asset-account/terraform/cloudformation-stack/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_version = "~> 1.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+  }
+}
diff --git a/asset-account/terraform/stack-set/.module.toml b/asset-account/terraform/stack-set/.module.toml
@@ -1,5 +1,5 @@
 [module]
 name = "aws-elastio-asset-account-stack-set"
-description = "Terraform module for creating the Elastio Asset Account stack"
+description = "Terraform module for creating the Elastio Asset Account CloudFormation StackSet"
 type = "terraform"
 version = "0.33.0"
diff --git a/asset-account/terraform/stack-set/variables.tf b/asset-account/terraform/stack-set/variables.tf
@@ -166,7 +166,7 @@ variable "retain_stacks" {
 }
 
 ######################################################
-## Optional parameters of the Cloudformation stacks ##
+## Optional parameters of the CloudFormation stacks ##
 ######################################################
 
 variable "iam_resource_names_prefix" {

diff --git a/iam-policies/terraform/README.md b/iam-policies/terraform/README.md
@@ -21,7 +21,7 @@ Specify the set of names of policies from the list of [available policies](#avai
 
 The policies are generated using TypeScript. Their final JSON output is stored as `policies/{PolicyName}.json` documents in this module's directory. You can see the original policy source code with comments about the reasoning for some IAM permissions if you click on the policy names in the table below.
 
-See also the basic [usage example](./examples/basic/).
+See the basic [usage example](./examples/basic/main.tf).
 
 ## Available Policies