Initial Commit

.gitignore

@@ -0,0 +1,6 @@
+.terraform
+
+*.bak
+.*.swp
+
+tmp*

.pre-commit-config.yaml

@@ -0,0 +1,27 @@
+repos:
+- repo: https://github.com/gruntwork-io/pre-commit
+  rev: v0.1.17 # Get the latest from: https://github.com/gruntwork-io/pre-commit/releases
+  hooks:
+    - id: tflint
+      args:
+        - "--init"
+        - "--config=.tflint.hcl"
+    - id: tflint
+      args:
+        #        - "--module"
+        - "--config=.tflint.hcl"
+    - id: terraform-validate
+    - id: terraform-fmt
+- repo: https://github.com/antonbabenko/pre-commit-terraform
+  rev: v1.76.0 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
+  hooks:
+    - id: terraform_tfsec
+      args:
+        - --args=--config-file .tfsec.yaml
+    - id: terraform_docs
+# checkov is good, but too thorough for our needs
+#    - id: terraform_checkov
+#      args:
+#        - --args=--quiet
+#        - --args=--skip-check CKV_AWS_144 # we don't cross-region replicate our s3
+#- "--skip-check", "CKV_AWS_150", # We do not enable deletion protection for LBs

.tflint.hcl

@@ -0,0 +1,14 @@
+# This should be enabled automatically, but enabling it manually breaks it.
+#plugin "aws" {
+#  enabled = true
+#  deep_check = false # deep checking makes api calls to verify select things
+#}
+
+# Custom rules go here
+# This also breaks
+#rule "aws_resource_missing_tags" {
+#  enabled = true
+#  tags = [
+#    "tf_module"
+#  ]
+#}

.tfsec.yaml

@@ -0,0 +1,3 @@
+---
+exclude:
+  - aws-dynamodb-table-customer-key # We don't care about default keys, encryption is fine

README.md

@@ -0,0 +1,21 @@
+# Terraform Skeleton
+
+A skeleton for fred's terraform projects.
+
+
+
+## Table of Contents
+
+1. [Usage](#usage)
+1. [Requirements](#requirements)
+1. [Providers](#Providers)
+1. [Inputs](#inputs)
+1. [Outputs](#outputs)
+
+## Usage
+
+Fork, edit this readme. Run `git init` then `pre-commit install`
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

backend.tf

@@ -0,0 +1,9 @@
+terraform {
+  backend "s3" {
+    bucket  = "terraform-remote-state-20221017144428493300000001"
+    key     = local.unique_id
+    region  = "us-east-2"
+    encrypt = true
+    profile = "default"
+  }
+}

config.tf

@@ -0,0 +1,15 @@
+locals {
+  # unique id is used for terraform backend state storage. Duplicates _will_ be a problem.
+  unique_id = REPLACE ME
+
+  # Everything here should be self-explanatory
+  profile = "default"
+  region  = "us-east-2"
+  tags = {
+    "tf_module" : basename(path.root)
+  }
+}
+
+# Uncomment if needed
+#data "aws_caller_identity" "current" {}
+#data "aws_partition" "current" {}

output.tf

@@ -0,0 +1,6 @@
+locals {
+}
+
+output "example" {
+  value = "Configure some outputs."
+}

provider.tf

@@ -0,0 +1,13 @@
+# Configure the AWS Provider
+provider "aws" {
+  region  = local.region
+  profile = local.profile
+
+  # I'm hoping this might be useful for adding a 'last_applied_by' tag
+  #ignore_tags {
+  #  # specific tag
+  #  keys = ["ChangedAt"]
+  #  # or by prefix to ignore ChangedBy too
+  #  key_prefixes = ["Changed"]
+  #}
+}

required_providers.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 1.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.0"
+    }
+  }
+}