appvia
diff --git a/‎.github/workflows/terraform.yml
+15-5 b/‎.github/workflows/terraform.yml
+15-5
diff --git a/‎.gitignore
+32-2 b/‎.gitignore
+32-2
diff --git a/‎.terraform.lock.hcl
+43 b/‎.terraform.lock.hcl
+43
diff --git a/‎modules/provider/.terraform.lock.hcl
+43 b/‎modules/provider/.terraform.lock.hcl
+43
diff --git a/‎modules/provider/README.md
+43-2 b/‎modules/provider/README.md
+43-2
diff --git a/‎modules/remote_state/.terraform.lock.hcl
+24 b/‎modules/remote_state/.terraform.lock.hcl
+24
diff --git a/‎modules/remote_state/README.md
+46-1 b/‎modules/remote_state/README.md
+46-1
diff --git a/‎modules/remote_state/main.tf
+3-1 b/‎modules/remote_state/main.tf
+3-1
diff --git a/‎modules/role/.terraform.lock.hcl
+24 b/‎modules/role/.terraform.lock.hcl
+24
@@ -9,10 +9,20 @@ on:
       - main
 
 jobs:
-  module-validation:
+  role-validation:
     uses: appvia/appvia-cicd-workflows/.github/workflows/terraform-module-validation.yml@main
-    name: Module Validation
-    secrets:
-      infracost-api-key: ${{ secrets.ORG_INFRACOST_API_KEY }}
+    name: OIDC Role Module
     with:
-      working-directory: .
+      working-directory: modules/role
+
+  remote-state-validation:
+    uses: appvia/appvia-cicd-workflows/.github/workflows/terraform-module-validation.yml@main
+    name: Remote State Module
+    with:
+      working-directory: modules/remote-state
+
+  provider-validation:
+    uses: appvia/appvia-cicd-workflows/.github/workflows/terraform-module-validation.yml@main
+    name: Provider Module
+    with:
+      working-directory: modules/provider
@@ -1,2 +1,32 @@
-.terraform/
-.terraform.lock.hcl
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+# Other
+.DS_Store
+todo.md
+
@@ -2,6 +2,46 @@
 
 ## Requirements
 
+| Name                                                                     | Version |
+| ------------------------------------------------------------------------ | ------- |
+| <a name="requirement_terraform"></a> [terraform](#requirement_terraform) | >= 1.0  |
+
+## Providers
+
+| Name                                             | Version |
+| ------------------------------------------------ | ------- |
+| <a name="provider_aws"></a> [aws](#provider_aws) | n/a     |
+| <a name="provider_tls"></a> [tls](#provider_tls) | n/a     |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name                                                                                                                                            | Type        |
+| ----------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
+| [aws_iam_openid_connect_provider.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_openid_connect_provider) | resource    |
+| [tls_certificate.thumbprint](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/data-sources/certificate)                        | data source |
+
+## Inputs
+
+| Name                                                                              | Description                                                                                   | Type                                                                                                                                                                                                               | Default | Required |
+| --------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------- | :------: |
+| <a name="input_common_providers"></a> [common_providers](#input_common_providers) | List of common well-known providers to enable, such as github, gitlab                         | `list(string)`                                                                                                                                                                                                     | `[]`    |    no    |
+| <a name="input_custom_providers"></a> [custom_providers](#input_custom_providers) | Map of custom provider configurations                                                         | <pre>map(object({<br> name = optional(string, null)<br> url = string<br> client_id_list = list(string)<br> thumbprint_list = optional(list(string), [])<br> lookup_thumbprint = optional(bool, true)<br> }))</pre> | `{}`    |    no    |
+| <a name="input_provider_tags"></a> [provider_tags](#input_provider_tags)          | Nested map of tags to apply to specific providers. Top level keys should match provider names | `map(map(string))`                                                                                                                                                                                                 | `{}`    |    no    |
+| <a name="input_tags"></a> [tags](#input_tags)                                     | Map of tags to apply to all resources                                                         | `map(string)`                                                                                                                                                                                                      | `{}`    |    no    |
+
+## Outputs
+
+| Name                                                           | Description |
+| -------------------------------------------------------------- | ----------- |
+| <a name="output_providers"></a> [providers](#output_providers) | n/a         |
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
@@ -10,8 +50,8 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
-| <a name="provider_tls"></a> [tls](#provider\_tls) | n/a |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.43.0 |
+| <a name="provider_tls"></a> [tls](#provider\_tls) | 4.0.5 |
 
 ## Modules
 
@@ -38,3 +78,4 @@ No modules.
 | Name | Description |
 |------|-------------|
 | <a name="output_providers"></a> [providers](#output\_providers) | n/a |
+<!-- END_TF_DOCS -->
@@ -1,4 +1,47 @@
 # AWS OIDC Remote State Reader
+
+## Requirements
+
+| Name                                                                     | Version |
+| ------------------------------------------------------------------------ | ------- |
+| <a name="requirement_terraform"></a> [terraform](#requirement_terraform) | >= 1.0  |
+
+## Providers
+
+| Name                                                               | Version |
+| ------------------------------------------------------------------ | ------- |
+| <a name="provider_aws"></a> [aws](#provider_aws)                   | 5.41.0  |
+| <a name="provider_terraform"></a> [terraform](#provider_terraform) | n/a     |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name                                                                                                                             | Type        |
+| -------------------------------------------------------------------------------------------------------------------------------- | ----------- |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity)    | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region)                      | data source |
+| [terraform_remote_state.this](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source |
+
+## Inputs
+
+| Name                                                                                                   | Description                                                            | Type     | Default | Required |
+| ------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------- | -------- | ------- | :------: |
+| <a name="input_account_id"></a> [account_id](#input_account_id)                                        | Account ID where the remote state bucket is located                    | `string` | `null`  |    no    |
+| <a name="input_reader_role_arn"></a> [reader_role_arn](#input_reader_role_arn)                         | The ARN of the reader role to assume in order to read the remote state | `string` | n/a     |   yes    |
+| <a name="input_region"></a> [region](#input_region)                                                    | The region name where the destination resources have been created      | `string` | `null`  |    no    |
+| <a name="input_repository"></a> [repository](#input_repository)                                        | The name of the repository to lookup remote state for                  | `string` | n/a     |   yes    |
+| <a name="input_web_identity_token_file"></a> [web_identity_token_file](#input_web_identity_token_file) | Path to the web identity token file                                    | `string` | n/a     |   yes    |
+
+## Outputs
+
+| Name                                                     | Description |
+| -------------------------------------------------------- | ----------- |
+| <a name="output_outputs"></a> [outputs](#output_outputs) | n/a         |
+
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -9,7 +52,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.41.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.43.0 |
 | <a name="provider_terraform"></a> [terraform](#provider\_terraform) | n/a |
 
 ## Modules
@@ -39,3 +82,5 @@ No modules.
 | Name | Description |
 |------|-------------|
 | <a name="output_outputs"></a> [outputs](#output\_outputs) | n/a |
+<!-- END_TF_DOCS -->
+
@@ -4,9 +4,11 @@ locals {
 
   // Use provided region or default to the current region
   region = coalesce(var.region, data.aws_region.current.name)
+}
 
+locals {
   // Terraform state bucket name
-  tf_state_bucket = format("%s-%s", var.account_id, local.region)
+  tf_state_bucket = format("%s-%s", local.account, local.region)
 }
 
 data "terraform_remote_state" "this" {