Template of a minimal Terraform module for AWS. It is itself based on my Terraform Module Template.
This module follows the standard structure described in the Terraform documentation.
The following non-standard but commonly used files and folders have also been added:
local.tfdata.tfproviders.tftemplatesversions.tf
A pre-commit configuration file is present to automatically format and validate the code and update the readme file upon Git commits.
| Name | Version |
|---|---|
| terraform | >= 0.13.0 |
| aws | ~> 3.0 |
| Name | Version |
|---|---|
| aws | ~> 3.0 |
No modules.
| Name | Type |
|---|---|
| aws_caller_identity.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| aws_access_key | AWS access key. It must be provided, but it can also be sourced from the AWS_ACCESS_KEY_ID environment variable, or via a shared credentials file if aws_profile is specified. |
string |
null |
no |
| aws_allowed_account_ids | List of allowed AWS account IDs to prevent you from mistakenly using an incorrect one (and potentially end up destroying a live environment). Conflicts with aws_forbidden_account_ids. |
set(string) |
null |
no |
| aws_assume_role | Configuration of the AWS assume role block. | object({ |
{ |
no |
| aws_forbidden_account_ids | List of forbidden AWS account IDs to prevent you from mistakenly using the wrong one (and potentially end up destroying a live environment). Conflicts with aws_allowed_account_ids. |
set(string) |
null |
no |
| aws_ignore_tags | Configuration of the AWS ignore tags block. | object({ |
{ |
no |
| aws_max_retries | Maximum number of times an AWS API call is retried, in the case where requests are being throttled or experiencing transient failures. The delay between the subsequent API calls increases exponentially. If omitted, the default value is 25. | number |
null |
no |
| aws_profile | AWS profile name as set in the shared credentials file. | string |
null |
no |
| aws_region | AWS region. It must be provided, but it can also be sourced from the AWS_DEFAULT_REGION environment variables, or via a shared credentials file if aws_profile is specified. |
string |
null |
no |
| aws_s3_force_path_style | Set this to true to force the request to use path-style addressing, i.e., http://s3.amazonaws.com/BUCKET/KEY. By default, the S3 client will use virtual hosted bucket addressing, http://BUCKET.s3.amazonaws.com/KEY, when possible. Specific to the Amazon S3 service. |
bool |
null |
no |
| aws_secret_key | AWS secret key. It must be provided, but it can also be sourced from the AWS_SECRET_ACCESS_KEY environment variable, or via a shared credentials file if aws_profile is specified. |
string |
null |
no |
| aws_shared_credentials_file | Path to the shared credentials file. If this is not set and a profile is specified, ~/.aws/credentials will be used. |
string |
null |
no |
| aws_skip_get_ec2_platforms | Skip getting the supported EC2 platforms. Used by users that don't have ec2:DescribeAccountAttributes permissions. |
bool |
null |
no |
| aws_token | AWS session token for validating temporary credentials. Typically provided after successful identity federation or Multi-Factor Authentication (MFA) login. With MFA login, this is the session token provided afterward, not the 6 digit MFA code used to get temporary credentials. It can also be sourced from the AWS_SESSION_TOKEN environment variable. |
string |
null |
no |
| enabled | Whether or not this module should create any resources. | bool |
true |
no |
| tags | Tags that will be applied to all resources. | map(string) |
{} |
no |
| Name | Description |
|---|---|
| aws_account_id | The AWS Account ID number of the account that owns or contains the calling entity. |
| aws_caller_arn | The AWS ARN associated with the calling entity. |
| aws_caller_user_id | The AWS unique identifier of the calling entity. |