Implement TF lint, precommit and update code to common standards

.github/ISSUE_TEMPLATE/bug_report.md

@@ -19,7 +19,7 @@ If applicable, add screenshots to help explain your problem.
 
 **Please complete the following information):**
  - Terraform Version: [e.g. v1.0.0 ]
- - Module Version [e.g. v0.15.0] 
+ - Module Version [e.g. v0.15.0]
 
 Run `terraform version` to find your Terraform version.
 You can find the module version by running `terraform providers` or in your terraform configuration. If developing locally you can check the `VERSION` file in the project root directory.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -17,4 +17,4 @@ Problems related that made you consider this feature request
 A clear and concise description of what you want to happen and alternatives
 
 **Additional Context**
-List any other information that is relevant to your issue. Stack traces, related issues, suggestions on how to add, use case, Stack Overflow links, forum links, screenshots, OS if applicable, etc.
+List any other information that is relevant to your issue. Stack traces, related issues, suggestions on how to add, use case, Stack Overflow links, forum links, screenshots, OS if applicable, etc.

.github/pull-request-template.md

@@ -2,7 +2,7 @@
   Thanks for submitting a pull request!
   We appreciate you spending the time to work on these changes.
   Please provide enough information so that others can review your pull request.
-  
+
   Please read the contribution document: https://github.com/lacework/terraform-aws-config/blob/main/CONTRIBUTING.md
 --->
 

.github/workflows/nightly.yml

@@ -1,6 +1,6 @@
 name: Nightly Build
 
-on: 
+on:
   workflow_dispatch:
   schedule:
     - cron: '0 10 * * *' # Run every day at 10AM UTC

.github/workflows/release.yml

@@ -1,11 +1,11 @@
 name: Release
 
-on: 
+on:
   workflow_dispatch:
   push:
     tags:
       - 'v*'
-      
+
 jobs:
   call-nightly-workflow:
     uses: lacework/oss-actions/.github/workflows/tf-release.yml@main

.github/workflows/terraform_docs.yml

@@ -4,11 +4,11 @@ jobs:
   docs:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v5
       with:
         ref: ${{ github.event.pull_request.head.ref }}
     - name: Install terraform-docs
-      run: curl -L https://github.com/terraform-docs/terraform-docs/releases/download/v0.16.0/terraform-docs-v0.16.0-linux-amd64.tar.gz | (cd /usr/local/bin; tar zxvf -; chmod +x /usr/local/bin/terraform-docs)
+      run: curl -L https://github.com/terraform-docs/terraform-docs/releases/download/v0.20.0/terraform-docs-v0.20.0-linux-amd64.tar.gz | (cd /usr/local/bin; tar zxvf -; chmod +x /usr/local/bin/terraform-docs)
     - name: store hash of orig README.md
       id: old_hash
       run: echo "README_HASH=$(md5sum README.md)" >> $GITHUB_OUTPUT
@@ -23,7 +23,7 @@ jobs:
         echo ${{ steps.new_hash.outputs.README_HASH }}
     - name: test to see of hashs are the same
       if: ${{ steps.old_hash.outputs.README_HASH != steps.new_hash.outputs.README_HASH }}
-      uses: actions/github-script@v6
+      uses: actions/github-script@v8
       with:
         script: |
-          core.setFailed('Please run "make terraform-docs" and try again')
+          core.setFailed('Please run "make terraform-docs" and try again')

.github/workflows/test-compat-pr-comment.yml

@@ -1,16 +1,16 @@
 name: Test Compatibility On Comment
 
-on: 
+on:
   workflow_dispatch:
-  issue_comment:                                     
+  issue_comment:
     types: [created, edited]
 
 jobs:
   check-commenting-user:
     runs-on: ubuntu-latest
     if: ${{  contains(github.event.comment.html_url, '/pull/') &&  contains(github.event.comment.body, 'make it so') }}
     steps:
-      - uses: actions/github-script@v7
+      - uses: actions/github-script@v8
         with:
           script: |
             const creator = context.payload.sender.login
@@ -22,7 +22,7 @@ jobs:
             if (result.state != "active" ) {
               core.setFailed('Commenter is not a member of the growth team.')
             }
-            
+
   call-test-compat:
     needs: check-commenting-user
     uses: lacework/oss-actions/.github/workflows/tf-test-compatibility.yml@main

.github/workflows/test-compatibility.yml

@@ -1,12 +1,12 @@
 name: Test Compatibility
 
-on: 
+on:
   workflow_dispatch:
   pull_request:
   push:
     branches:
       - main
-  
+
 jobs:
   call-test-compat:
     uses: lacework/oss-actions/.github/workflows/tf-test-compatibility.yml@main

.github/workflows/verify-release.yml

@@ -1,6 +1,6 @@
 name: Verify Release
 
-on: 
+on:
   workflow_dispatch:
   push:
     branches:

.pre-commit-config.yaml

@@ -0,0 +1,32 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v6.0.0
+    hooks:
+      - id: check-merge-conflict
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+      - id: mixed-line-ending
+        args: [--fix=lf]
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.101.0
+    hooks:
+      - id: terraform_fmt
+      - id: terraform_docs
+        args:
+          - '--args=--lockfile=false'
+      - id: terraform_tflint
+        args:
+          - '--args=--only=terraform_comment_syntax'
+          - '--args=--only=terraform_deprecated_index'
+          - '--args=--only=terraform_deprecated_interpolation'
+          - '--args=--only=terraform_documented_outputs'
+          - '--args=--only=terraform_documented_variables'
+          - '--args=--only=terraform_module_pinned_source'
+          - '--args=--only=terraform_naming_convention'
+          - '--args=--only=terraform_required_providers'
+          - '--args=--only=terraform_required_version'
+          - '--args=--only=terraform_standard_module_structure'
+          - '--args=--only=terraform_typed_variables'
+          - '--args=--only=terraform_unused_declarations'
+          - '--args=--only=terraform_workspace_remote'
+      # - id: terraform_validate

.terraform-docs.yml

@@ -1,4 +1,4 @@
 formatter: "markdown"
-version: "0.16.0"
+version: "0.20.0"
 output:
   file: README.md

CONTRIBUTING.md

@@ -25,7 +25,7 @@ Include as much relevant information as possible. See the [bug template](https:/
 
 ## Feature Requests
 
-If you wish to submit a request to add new functionality or an improvement to a terraform module then use the the [feature request](https://github.com/lacework/terraform-aws-config/blob/main/.github/ISSUE_TEMPLATE/feature_request.md) template to 
+If you wish to submit a request to add new functionality or an improvement to a terraform module then use the the [feature request](https://github.com/lacework/terraform-aws-config/blob/main/.github/ISSUE_TEMPLATE/feature_request.md) template to
 open a new [issue](https://github.com/lacework/terraform-aws-config/issues/new)
 
 ## Creating a Pull Request
@@ -36,4 +36,4 @@ The examples folder contains Terraform code that run as part of the CI pipeline.
 
 
 Thanks,
-Project Maintainers
+Project Maintainers

DEVELOPER_GUIDELINES.md

@@ -40,7 +40,7 @@ resource "azuread_application" "default" {
   ...
 }
 ```
- 
+
 
 ***Input Variables***
 
@@ -66,22 +66,22 @@ Additionally, any required variables like api keys, or required tagging should n
 
 ***Recommended Project File Organization***
 
-A few best practices for organizing Terraform projects: 
+A few best practices for organizing Terraform projects:
 
 * `main.tf` - Store the main structure of your terraform code in this file
 * `variables.tf` - All variables for your project
 * `output.tf` - All outputs in this file
-* `tfvars.example` - An example terraform.tfvars file for easy cp for users (note: *.tfvars are typically 
+* `tfvars.example` - An example terraform.tfvars file for easy cp for users (note: *.tfvars are typically
 ignored by .gitignore
 * `.gitignore` - Critical to ensure that any sensitive information used in tfvars are not checked in to git
 
 
 ***Version Support / Documentation***
 
-Hashicorp release frequent patch and minor updates as needed, as well as new major releases of Terraform each year. Although Hashicorp provide solid documentation on how to upgrade between major releases of Terraform, Lacework must contend with the fact that Lacework customers do not all upgrade in a timely manor. For this reason Tech Alliances Team must continue to update documentation with supported versions of Terraform, as well as update CI pipelines to test changes across each supported version. 
+Hashicorp release frequent patch and minor updates as needed, as well as new major releases of Terraform each year. Although Hashicorp provide solid documentation on how to upgrade between major releases of Terraform, Lacework must contend with the fact that Lacework customers do not all upgrade in a timely manor. For this reason Tech Alliances Team must continue to update documentation with supported versions of Terraform, as well as update CI pipelines to test changes across each supported version.
 
 ***Standard Versioning for Code Snippets***
-All customer facing code snippets should adhere to the standard of using pessimistic version constraint to minor releases. 
+All customer facing code snippets should adhere to the standard of using pessimistic version constraint to minor releases.
 
 ```hcl
 module "aws_config" {
@@ -104,7 +104,7 @@ module "aws_cloudtrail" {
 
 The example above will work for version 0.1.9 as well as 0.4.0, but will not pull in any major releases such as 1.0.0.
 
-For more information visit [Semantic Versioning 2.0.0](https://semver.org/) 
+For more information visit [Semantic Versioning 2.0.0](https://semver.org/)
 
 ## Commit message standard
 
@@ -135,7 +135,7 @@ When writing a commit message try and limit each line of the commit to a max of
 | metric: | A change that provides better insights about the adoption of features and code statistics |
 
 ### Scope
-The optional scope refers to the section that this commit belongs to, for example, changing a specific component or service, a directive, pipes, etc. 
+The optional scope refers to the section that this commit belongs to, for example, changing a specific component or service, a directive, pipes, etc.
 Think about it as an indicator that will let the developers know at first glance what section of your code you are changing.
 
 A few good examples are:
@@ -146,17 +146,17 @@ chore(tests):
 ci(directive):
 
 ### Subject
-The subject should contain a short description of the change, and written in present-tense, for example, use “add” and not “added”,  or “change” and not “changed”. 
+The subject should contain a short description of the change, and written in present-tense, for example, use “add” and not “added”,  or “change” and not “changed”.
 I like to fill this sentence below to understand what should I put as my description of my change:
 
 If applied, this commit will ________________________________________.
 
 ### Body
-The body should contain a longer description of the change, try not to repeat the subject and keep it in the present tense as above. 
+The body should contain a longer description of the change, try not to repeat the subject and keep it in the present tense as above.
 Put as much context as you think it is needed, don’t be shy and explain your thought process, limitations, ideas for new features or fixes, etc.
 
 ### Footer
 The footer is used to reference issues, pull requests or breaking changes, for example, “Fixes ticket #123”.
 
 ## Signing commits
-Signed commits are required for any contribution to this project. Please see Github's documentation on configuring signed commits, [tell git about your signing key](https://docs.github.com/en/github/authenticating-to-github/managing-commit-signature-verification/telling-git-about-your-signing-key) and [signing commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) 
+Signed commits are required for any contribution to this project. Please see Github's documentation on configuring signed commits, [tell git about your signing key](https://docs.github.com/en/github/authenticating-to-github/managing-commit-signature-verification/telling-git-about-your-signing-key) and [signing commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits)

GNUmakefile

@@ -22,4 +22,3 @@ release: ci ## *CI ONLY* Prepares a release of the Terraform module
 .PHONY: terraform-docs
 terraform-docs:
 	scripts/terraform-docs.sh
-

README.md

@@ -16,7 +16,7 @@ Terraform module for configuring an integration with Lacework and AWS for cloud
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.35.0 |
 | <a name="requirement_lacework"></a> [lacework](#requirement\_lacework) | ~> 2.0 |
 | <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.1 |
-| <a name="requirement_time"></a> [time](#requirement\_time) | ~> 0.7 |
+| <a name="requirement_time"></a> [time](#requirement\_time) | >= 0.7 |
 
 ## Providers
 
@@ -25,7 +25,7 @@ Terraform module for configuring an integration with Lacework and AWS for cloud
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.35.0 |
 | <a name="provider_lacework"></a> [lacework](#provider\_lacework) | ~> 2.0 |
 | <a name="provider_random"></a> [random](#provider\_random) | >= 2.1 |
-| <a name="provider_time"></a> [time](#provider\_time) | ~> 0.7 |
+| <a name="provider_time"></a> [time](#provider\_time) | >= 0.7 |
 
 ## Modules
 
@@ -66,7 +66,6 @@ Terraform module for configuring an integration with Lacework and AWS for cloud
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_external_id_length"></a> [external\_id\_length](#input\_external\_id\_length) | **Deprecated** - Will be removed on our next major release v1.0.0 | `number` | `16` | no |
 | <a name="input_iam_role_arn"></a> [iam\_role\_arn](#input\_iam\_role\_arn) | The IAM role ARN is required when setting use\_existing\_iam\_role to `true` | `string` | `""` | no |
 | <a name="input_iam_role_external_id"></a> [iam\_role\_external\_id](#input\_iam\_role\_external\_id) | The external ID configured inside the IAM role is required when setting use\_existing\_iam\_role to `true` | `string` | `""` | no |
 | <a name="input_iam_role_name"></a> [iam\_role\_name](#input\_iam\_role\_name) | The IAM role name. Required to match with iam\_role\_arn if use\_existing\_iam\_role is set to `true` | `string` | `""` | no |

VERSION

@@ -1 +1 @@
-0.23.1-dev
+0.23.1-dev

examples/custom-config/versions.tf

@@ -1,8 +1,21 @@
-# required for Terraform 13
 terraform {
   required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 3.35.0"
+    }
     lacework = {
-      source = "lacework/lacework"
+      source  = "lacework/lacework"
+      version = "~> 2.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 2.1"
+    }
+    time = {
+      source  = "hashicorp/time"
+      version = ">= 0.7"
     }
   }
+  required_version = ">= 0.14"
 }

examples/default-config/versions.tf

@@ -1,8 +1,21 @@
-# required for Terraform 13
 terraform {
   required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 3.35.0"
+    }
     lacework = {
-      source = "lacework/lacework"
+      source  = "lacework/lacework"
+      version = "~> 2.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 2.1"
+    }
+    time = {
+      source  = "hashicorp/time"
+      version = ">= 0.7"
     }
   }
+  required_version = ">= 0.14"
 }

examples/existing-iam-role-config/versions.tf

@@ -1,8 +1,21 @@
-# required for Terraform 13
 terraform {
   required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 3.35.0"
+    }
     lacework = {
-      source = "lacework/lacework"
+      source  = "lacework/lacework"
+      version = "~> 2.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 2.1"
+    }
+    time = {
+      source  = "hashicorp/time"
+      version = ">= 0.7"
     }
   }
+  required_version = ">= 0.14"
 }

examples/multiple-accounts/main.tf

@@ -1,6 +1,6 @@
 # Configures a compliance integration of the AWS account-1 to
 # the Lacework sub-account account-1
-module "aws_config_account-1" {
+module "aws_config_account_1" {
   source = "../../"
 
   providers = {
@@ -13,7 +13,7 @@ module "aws_config_account-1" {
 
 # Configures a compliance integration of the AWS account-2 to
 # the Lacework sub-account account-2
-module "aws_config_account-2" {
+module "aws_config_account_2" {
   source = "../../"
 
   providers = {
@@ -26,7 +26,7 @@ module "aws_config_account-2" {
 
 # Configures a compliance integration of the AWS account-3 to
 # the Lacework sub-account account-3
-module "aws_config_account-3" {
+module "aws_config_account_3" {
   source = "../../"
 
   providers = {