Merge pull request #3 from appvia/create-role

updated readme and example

Author: m13t

README.md

@@ -1,21 +1,33 @@
 ![Github Actions](../../actions/workflows/terraform.yml/badge.svg)
 
-# Terraform <NAME>
+# Terraform AWS Appvia Audit Role
 
 ## Description
 
-Add a description of the module here
+This module creates a federated AWS IAM role in one or more accounts for the purpose of providing remote audit access
+for Appvia. The module should be deployed from the organization management account or a delegated administrator account.
+
+The role is designed as such that it can only be consumed from a coresponding audit role within Appvia's infrastructure
+and when an agreed external ID is in place. Once the audit is complete, this role should be removed, however it will automatically
+block further access after 7 days.
 
 ## Usage
 
 Add example usage here
 
 ```hcl
 module "example" {
-  source  = "appvia/<NAME>/aws"
-  version = "0.0.1"
+  source  = "appvia/appvia-audit-role/aws"
+  version = "1.0.0"
+
+  external_id = "<random secure id>"
+
+  deployment_account_ids = [
+    "012345678910",
+    "102938475632",
+  ]
 
-  # insert variables here
+  expiry_days = 7
 }
 ```
 
@@ -33,14 +45,14 @@ The `terraform-docs` utility is used to generate this README. Follow the below s
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.7 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.58.0 |
 | <a name="requirement_time"></a> [time](#requirement\_time) | >= 0.12.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.58.0 |
 | <a name="provider_time"></a> [time](#provider\_time) | >= 0.12.0 |
 
 ## Modules

examples/basic/.terraform.lock.hcl

@@ -4,15 +4,17 @@
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.58.0 |
 
 ## Providers
 
 No providers.
 
 ## Modules
 
-No modules.
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_example"></a> [example](#module\_example) | ../../ | n/a |
 
 ## Resources
 

examples/basic/README.md

@@ -1,5 +1,16 @@
-#####################################################################################
-# Terraform module examples are meant to show an _example_ on how to use a module
-# per use-case. The code below should not be copied directly but referenced in order
-# to build your own root module that invokes this module
-#####################################################################################
+module "example" {
+  source = "../../"
+
+  # A secure random string to be used as the role's external ID.
+  # This should only be shared between the client and Appvia.
+  external_id = "b03e124b514528288a38cb791de17bde"
+
+  # List of account IDs that the role should be deployed to
+  deployment_account_ids = [
+    "012345678910",
+    "102938475632",
+  ]
+
+  # The number of days after which an account should expire
+  expiry_days = 7
+}

examples/basic/main.tf

@@ -1,2 +1 @@
-
 provider "aws" {}

examples/basic/providers.tf

@@ -1,11 +1,10 @@
-
 terraform {
   required_version = ">= 1.0.0"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.0.0"
+      version = ">= 5.58.0"
     }
   }
 }

examples/basic/terraform.tf

@@ -5,7 +5,7 @@ terraform {
     # tflint-ignore: terraform_unused_required_providers
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.0.0"
+      version = ">= 5.58.0"
     }
 
     time = {