Fix default values, shield typo (#17)

Authored-by: Luis M. Gallardo D <lgallard@gmail.com>
cloudposse · Dec 1, 2021 · 1122c00 · 1122c00
1 parent 833d1e5
commit 1122c00
Show file tree

Hide file tree

Showing 15 changed files with 51 additions and 42 deletions.
diff --git a/README.md b/README.md
@@ -242,14 +242,14 @@ Available targets:
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.38 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.0 |
-| <a name="provider_aws.admin"></a> [aws.admin](#provider\_aws.admin) | >= 3.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.38 |
+| <a name="provider_aws.admin"></a> [aws.admin](#provider\_aws.admin) | >= 3.38 |
 
 ## Modules
 
@@ -262,7 +262,7 @@ Available targets:
 | <a name="module_security_groups_common_label"></a> [security\_groups\_common\_label](#module\_security\_groups\_common\_label) | cloudposse/label/null | 0.25.0 |
 | <a name="module_security_groups_content_audit_label"></a> [security\_groups\_content\_audit\_label](#module\_security\_groups\_content\_audit\_label) | cloudposse/label/null | 0.25.0 |
 | <a name="module_security_groups_usage_audit_label"></a> [security\_groups\_usage\_audit\_label](#module\_security\_groups\_usage\_audit\_label) | cloudposse/label/null | 0.25.0 |
-| <a name="module_shiled_advanced_label"></a> [shiled\_advanced\_label](#module\_shiled\_advanced\_label) | cloudposse/label/null | 0.25.0 |
+| <a name="module_shield_advanced_label"></a> [shield\_advanced\_label](#module\_shield\_advanced\_label) | cloudposse/label/null | 0.25.0 |
 | <a name="module_this"></a> [this](#module\_this) | cloudposse/label/null | 0.25.0 |
 | <a name="module_waf_label"></a> [waf\_label](#module\_waf\_label) | cloudposse/label/null | 0.25.0 |
 | <a name="module_waf_v2_label"></a> [waf\_v2\_label](#module\_waf\_v2\_label) | cloudposse/label/null | 0.25.0 |
@@ -277,7 +277,7 @@ Available targets:
 | [aws_fms_policy.security_groups_common](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/fms_policy) | resource |
 | [aws_fms_policy.security_groups_content_audit](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/fms_policy) | resource |
 | [aws_fms_policy.security_groups_usage_audit](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/fms_policy) | resource |
-| [aws_fms_policy.shiled_advanced](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/fms_policy) | resource |
+| [aws_fms_policy.shield_advanced](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/fms_policy) | resource |
 | [aws_fms_policy.waf](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/fms_policy) | resource |
 | [aws_fms_policy.waf_v2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/fms_policy) | resource |
 | [aws_iam_role.firehose_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
@@ -312,7 +312,7 @@ Available targets:
 | <a name="input_security_groups_common_policies"></a> [security\_groups\_common\_policies](#input\_security\_groups\_common\_policies) | name:<br>  The friendly name of the AWS Firewall Manager Policy.<br>delete\_all\_policy\_resources:<br>  Whether to perform a clean-up process.<br>  Defaults to `true`.<br>exclude\_resource\_tags:<br>  A boolean value, if `true` the tags that are specified in the `resource_tags` are not protected by this policy.<br>  If set to `false` and `resource_tags` are populated, resources that contain tags will be protected by this policy.<br>  Defaults to `false`.<br>remediation\_enabled:<br>  A boolean value, indicates if the policy should automatically applied to resources that already exist in the account.<br>  Defaults to `false`.<br>resource\_type\_list:<br>  A list of resource types to protect. Conflicts with `resource_type`.<br>resource\_type:<br>  A resource type to protect. Conflicts with `resource_type_list`.<br>resource\_tags:<br>  A map of resource tags, that if present will filter protections on resources based on the `exclude_resource_tags`.<br>exclude\_account\_ids:<br>  A list of AWS Organization member Accounts that you want to exclude from this AWS FMS Policy.<br>include\_account\_ids:<br>  A list of AWS Organization member Accounts that you want to include for this AWS FMS Policy.<br>policy\_data:<br>  revert\_manual\_security\_group\_changes:<br>    Whether to revert manual Security Group changes.<br>    Defaults to `false`.<br>  exclusive\_resource\_security\_group\_management:<br>    Wheter to exclusive resource Security Group management.<br>    Defaults to `false`.<br>  apply\_to\_all\_ec2\_instance\_enis:<br>    Whether to apply to all EC2 instance ENIs.<br>    Defaults to `false`.<br>  security\_groups:<br>    A list of Security Group IDs. | `list(any)` | `[]` | no |
 | <a name="input_security_groups_content_audit_policies"></a> [security\_groups\_content\_audit\_policies](#input\_security\_groups\_content\_audit\_policies) | name:<br>  The friendly name of the AWS Firewall Manager Policy.<br>delete\_all\_policy\_resources:<br>  Whether to perform a clean-up process.<br>  Defaults to `true`.<br>exclude\_resource\_tags:<br>  A boolean value, if `true` the tags that are specified in the `resource_tags` are not protected by this policy.<br>  If set to `false` and `resource_tags` are populated, resources that contain tags will be protected by this policy.<br>  Defaults to `false`.<br>remediation\_enabled:<br>  A boolean value, indicates if the policy should automatically applied to resources that already exist in the account.<br>  Defaults to `false`.<br>resource\_type\_list:<br>  A list of resource types to protect. Conflicts with `resource_type`.<br>resource\_type:<br>  A resource type to protect. Conflicts with `resource_type_list`.<br>resource\_tags:<br>  A map of resource tags, that if present will filter protections on resources based on the `exclude_resource_tags`.<br>exclude\_account\_ids:<br>  A list of AWS Organization member Accounts that you want to exclude from this AWS FMS Policy.<br>include\_account\_ids:<br>  A list of AWS Organization member Accounts that you want to include for this AWS FMS Policy.<br>policy\_data:<br>  security\_group\_action:<br>    For `ALLOW`, all in-scope security group rules must be within the allowed range of the policy's security group rules.<br>    For `DENY`, all in-scope security group rules must not contain a value or a range that matches a rule value or range in the policy security group.<br>    Possible values: `ALLOW`, `DENY`.<br>  security\_groups:<br>    A list of Security Group IDs. | `list(any)` | `[]` | no |
 | <a name="input_security_groups_usage_audit_policies"></a> [security\_groups\_usage\_audit\_policies](#input\_security\_groups\_usage\_audit\_policies) | name:<br>  The friendly name of the AWS Firewall Manager Policy.<br>delete\_all\_policy\_resources:<br>  Whether to perform a clean-up process.<br>  Defaults to `true`.<br>exclude\_resource\_tags:<br>  A boolean value, if `true` the tags that are specified in the `resource_tags` are not protected by this policy.<br>  If set to `false` and `resource_tags` are populated, resources that contain tags will be protected by this policy.<br>  Defaults to `false`.<br>remediation\_enabled:<br>  A boolean value, indicates if the policy should automatically applied to resources that already exist in the account.<br>  Defaults to `false`.<br>resource\_type\_list:<br>  A list of resource types to protect. Conflicts with `resource_type`.<br>resource\_type:<br>  A resource type to protect. Conflicts with `resource_type_list`.<br>resource\_tags:<br>  A map of resource tags, that if present will filter protections on resources based on the `exclude_resource_tags`.<br>exclude\_account\_ids:<br>  A list of AWS Organization member Accounts that you want to exclude from this AWS FMS Policy.<br>include\_account\_ids:<br>  A list of AWS Organization member Accounts that you want to include for this AWS FMS Policy.<br>policy\_data:<br>  delete\_unused\_security\_groups:<br>    Whether to delete unused Security Groups.<br>    Defaults to `false`.<br>  coalesce\_redundant\_security\_groups:<br>    Whether to coalesce redundant Security Groups.<br>    Defaults to `false`. | `list(any)` | n/a | yes |
-| <a name="input_shiled_advanced_policies"></a> [shiled\_advanced\_policies](#input\_shiled\_advanced\_policies) | name:<br>  The friendly name of the AWS Firewall Manager Policy.<br>delete\_all\_policy\_resources:<br>  Whether to perform a clean-up process.<br>  Defaults to `true`.<br>exclude\_resource\_tags:<br>  A boolean value, if `true` the tags that are specified in the `resource_tags` are not protected by this policy.<br>  If set to `false` and `resource_tags` are populated, resources that contain tags will be protected by this policy.<br>  Defaults to `false`.<br>remediation\_enabled:<br>  A boolean value, indicates if the policy should automatically applied to resources that already exist in the account.<br>  Defaults to `false`.<br>resource\_type\_list:<br>  A list of resource types to protect. Conflicts with `resource_type`.<br>resource\_type:<br>  A resource type to protect. Conflicts with `resource_type_list`.<br>resource\_tags:<br>  A map of resource tags, that if present will filter protections on resources based on the `exclude_resource_tags`.<br>exclude\_account\_ids:<br>  A list of AWS Organization member Accounts that you want to exclude from this AWS FMS Policy.<br>include\_account\_ids:<br>  A list of AWS Organization member Accounts that you want to include for this AWS FMS Policy. | `list(any)` | `[]` | no |
+| <a name="input_shield_advanced_policies"></a> [shield\_advanced\_policies](#input\_shield\_advanced\_policies) | name:<br>  The friendly name of the AWS Firewall Manager Policy.<br>delete\_all\_policy\_resources:<br>  Whether to perform a clean-up process.<br>  Defaults to `true`.<br>exclude\_resource\_tags:<br>  A boolean value, if `true` the tags that are specified in the `resource_tags` are not protected by this policy.<br>  If set to `false` and `resource_tags` are populated, resources that contain tags will be protected by this policy.<br>  Defaults to `false`.<br>remediation\_enabled:<br>  A boolean value, indicates if the policy should automatically applied to resources that already exist in the account.<br>  Defaults to `false`.<br>resource\_type\_list:<br>  A list of resource types to protect. Conflicts with `resource_type`.<br>resource\_type:<br>  A resource type to protect. Conflicts with `resource_type_list`.<br>resource\_tags:<br>  A map of resource tags, that if present will filter protections on resources based on the `exclude_resource_tags`.<br>exclude\_account\_ids:<br>  A list of AWS Organization member Accounts that you want to exclude from this AWS FMS Policy.<br>include\_account\_ids:<br>  A list of AWS Organization member Accounts that you want to include for this AWS FMS Policy. | `list(any)` | `[]` | no |
 | <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).<br>Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |
 | <a name="input_tenant"></a> [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no |
@@ -485,8 +485,8 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply
 ### Contributors
 
 <!-- markdownlint-disable -->
-|  [![Vladimir Syromyatnikov][SweetOps_avatar]][SweetOps_homepage]<br/>[Vladimir Syromyatnikov][SweetOps_homepage] | [![Benjamin Smith][Benbentwo_avatar]][Benbentwo_homepage]<br/>[Benjamin Smith][Benbentwo_homepage] | [![RB][nitrocode_avatar]][nitrocode_homepage]<br/>[RB][nitrocode_homepage] |
-|---|---|---|
+|  [![Vladimir Syromyatnikov][SweetOps_avatar]][SweetOps_homepage]<br/>[Vladimir Syromyatnikov][SweetOps_homepage] | [![Benjamin Smith][Benbentwo_avatar]][Benbentwo_homepage]<br/>[Benjamin Smith][Benbentwo_homepage] | [![RB][nitrocode_avatar]][nitrocode_homepage]<br/>[RB][nitrocode_homepage] | [![Luis M. Gallardo D.][lgallard_avatar]][lgallard_homepage]<br/>[Luis M. Gallardo D.][lgallard_homepage] |
+|---|---|---|---|
 <!-- markdownlint-restore -->
 
   [SweetOps_homepage]: https://github.com/SweetOps
@@ -495,6 +495,8 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply
   [Benbentwo_avatar]: https://img.cloudposse.com/150x150/https://github.com/Benbentwo.png
   [nitrocode_homepage]: https://github.com/nitrocode
   [nitrocode_avatar]: https://img.cloudposse.com/150x150/https://github.com/nitrocode.png
+  [lgallard_homepage]: https://github.com/lgallard
+  [lgallard_avatar]: https://img.cloudposse.com/150x150/https://github.com/lgallard.png
 
 [![README Footer][readme_footer_img]][readme_footer_link]
 [![Beacon][beacon]][website]

diff --git a/README.yaml b/README.yaml
@@ -217,3 +217,5 @@ contributors:
     github: Benbentwo
   - name: RB
     github: nitrocode
+  - name: Luis M. Gallardo D.
+    github: lgallard
diff --git a/dns_firewall.tf b/dns_firewall.tf
@@ -20,15 +20,15 @@ resource "aws_fms_policy" "dns_firewall" {
   resource_tags               = lookup(each.value, "resource_tags", null)
 
   dynamic "include_map" {
-    for_each = lookup(each.value, "include_account_ids", null) != null ? [1] : []
+    for_each = lookup(each.value, "include_account_ids", [])
 
     content {
       account = include_map.value
     }
   }
 
   dynamic "exclude_map" {
-    for_each = lookup(each.value, "exclude_account_ids", null) != null ? [1] : []
+    for_each = lookup(each.value, "exclude_account_ids", [])
 
     content {
       account = exclude_map.value