diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml
new file mode 100644
index 0000000..5dbd054
--- /dev/null
+++ b/.github/workflows/pre-commit.yaml
@@ -0,0 +1,47 @@
+on:
+ pull_request:
+ push:
+ branches: [main]
+
+jobs:
+ pre_commit:
+ name: Run pre-commit and commit any autocorrections
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v3
+ - name: Setup Terraform
+ uses: hashicorp/setup-terraform@v3
+ with:
+ terraform_version: 1.6.6
+ - name: Setup Terragrunt
+ uses: autero1/action-terragrunt@v1.1.0
+ with:
+ terragrunt_version: 0.54.8
+ # To avoid rate-limiting
+ token: ${{ secrets.GITHUB_TOKEN }}
+ - uses: terraform-linters/setup-tflint@v3
+ name: TFLint - Setup
+ with:
+ tflint_version: latest
+
+ - name: TFLint - Init
+ run: tflint --init
+ env:
+ # https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting
+ GITHUB_TOKEN: ${{ github.token }}
+ - name: TFLint - Show version
+ run: tflint --version
+ - uses: actions/setup-python@v4
+ with:
+ python-version: 3.x
+ - name: Terraform Docs - Install
+ run: |
+ curl -sSLo ./terraform-docs.tar.gz https://terraform-docs.io/dl/v0.17.0/terraform-docs-v0.17.0-$(uname)-amd64.tar.gz
+ tar -xzf terraform-docs.tar.gz -- terraform-docs
+ chmod +x terraform-docs
+ echo $PATH
+ mv terraform-docs /usr/local/bin/terraform-docs
+ terraform-docs --version
+ - uses: pre-commit/action@v3.0.0
+ - uses: pre-commit-ci/lite-action@v1.0.1
+ if: always()
diff --git a/.gitignore b/.gitignore
index 8d122cf..5a87db2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -34,4 +34,4 @@ override.tf.json
.terraformrc
terraform.rc
-.*.lock.hcl
\ No newline at end of file
+.*.lock.hcl
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 11d16c9..ab25c67 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -2,7 +2,7 @@
# See https://pre-commit.com/hooks.html for more hooks
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
- rev: v4.4.0
+ rev: v4.5.0
hooks:
- id: trailing-whitespace
- id: end-of-file-fixer
@@ -10,10 +10,22 @@ repos:
args: ["--allow-multiple-documents"]
- id: check-added-large-files
- repo: https://github.com/antonbabenko/pre-commit-terraform
- rev: v1.77.0 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
+ rev: v1.85.0 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
hooks:
- id: terraform_fmt # args: ["--enable require-variable-braces,deprecate-which"]
- id: terraform_tflint
- exclude: .*
+ args:
+ - "--args=--fix"
- id: terragrunt_fmt
- id: terraform_docs
+ci:
+ autofix_commit_msg: |
+ [pre-commit.ci] auto fixes from pre-commit.com hooks
+
+ for more information, see https://pre-commit.ci
+ autofix_prs: true
+ autoupdate_branch: ''
+ autoupdate_commit_msg: '[pre-commit.ci] pre-commit autoupdate'
+ autoupdate_schedule: weekly
+ skip: [terraform_fmt, terraform_tflint, terragrunt_fmt, terraform_docs]
+ submodules: false
diff --git a/LICENSE.md b/LICENSE.md
new file mode 100644
index 0000000..f2a0872
--- /dev/null
+++ b/LICENSE.md
@@ -0,0 +1,34 @@
+# License
+
+As a work of the [United States government](https://www.usa.gov/), this project
+is in the public domain within the United States of America.
+
+Additionally, we waive copyright and related rights in the work worldwide
+through the CC0 1.0 Universal public domain dedication.
+
+## CC0 1.0 Universal Summary
+
+This is a human-readable summary of the [Legal Code (read the full
+text)](https://creativecommons.org/publicdomain/zero/1.0/legalcode).
+
+### No Copyright
+
+The person who associated a work with this deed has dedicated the work to the
+public domain by waiving all of their rights to the work worldwide under
+copyright law, including all related and neighboring rights, to the extent
+allowed by law.
+
+You can copy, modify, distribute, and perform the work, even for commercial
+purposes, all without asking permission.
+
+### Other Information
+
+In no way are the patent or trademark rights of any person affected by CC0, nor
+are the rights that other persons may have in the work or in how the work is
+used, such as publicity or privacy rights.
+
+Unless expressly stated otherwise, the person who associated a work with this
+deed makes no warranties about the work, and disclaims liability for all uses
+of the work, to the fullest extent permitted by applicable law. When using or
+citing the work, you should not imply endorsement by the author or the
+affirmer.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..7abcf47
--- /dev/null
+++ b/README.md
@@ -0,0 +1,43 @@
+# batcave-tf-route53
+
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [terraform](#requirement\_terraform) | >= 1.2 |
+| [aws](#requirement\_aws) | >= 4.61.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [aws](#provider\_aws) | >= 4.61.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| [records](#module\_records) | ./records | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_route53_zone.cms_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [endpoint\_subdomain\_map](#input\_endpoint\_subdomain\_map) | Map of type: {public:{endpoint: , subdomains: ["subdomain1", "subdomain2"]}} | `map(any)` | n/a | yes |
+| [hosted\_zone\_dns](#input\_hosted\_zone\_dns) | base domain associated with the private hosted zone for this account | `string` | `""` | no |
+| [ttl](#input\_ttl) | n/a | `string` | `"60"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [records](#output\_records) | n/a |
+| [zone\_data](#output\_zone\_data) | n/a |
+
diff --git a/Readme.md b/Readme.md
deleted file mode 100644
index bf04824..0000000
--- a/Readme.md
+++ /dev/null
@@ -1,4 +0,0 @@
-
-dev : Read the LB Name, Create route53 record with ${env}-app.batcave-dev.internal.cms.gov.
-test: read the LB name, update route53 record with ${app}.batcave-test.internal.cms.gov
-prod: read the LB name and update route53 record with ${app}.batcave.internal.cms.gov
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..90e23aa
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,17 @@
+# Security and Responsible Disclosure Policy
+
+*Submit a vulnerability:* Unfortunately, we cannot accept secure submissions via
+email or via GitHub Issues. Please use our website to submit vulnerabilities at
+[https://hhs.responsibledisclosure.com](https://hhs.responsibledisclosure.com).
+HHS maintains an acknowledgements page to recognize your efforts on behalf of
+the American public, but you are also welcome to submit anonymously.
+
+Review the HHS Disclosure Policy and websites in scope:
+[https://www.hhs.gov/vulnerability-disclosure-policy/index.html](https://www.hhs.gov/vulnerability-disclosure-policy/index.html).
+
+This policy describes *what systems and types of research* are covered under this
+policy, *how to send* us vulnerability reports, and *how long* we ask security
+researchers to wait before publicly disclosing vulnerabilities.
+
+If you have other cybersecurity related questions, please contact us at
+[csirc@hhs.gov.](mailto:csirc@hhs.gov).
diff --git a/main.tf b/main.tf
index bd48523..43bce4f 100644
--- a/main.tf
+++ b/main.tf
@@ -1,3 +1,13 @@
+terraform {
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = ">= 4.61.0"
+ }
+ }
+ required_version = ">= 1.2"
+}
+
# Extract existing data from AWS
data "aws_route53_zone" "cms_zone" {
name = var.hosted_zone_dns
diff --git a/records/.tflint.hcl b/records/.tflint.hcl
new file mode 100644
index 0000000..528bf92
--- /dev/null
+++ b/records/.tflint.hcl
@@ -0,0 +1,14 @@
+plugin "aws" {
+ enabled = true
+
+ version = "0.27.0"
+ source = "github.com/terraform-linters/tflint-ruleset-aws"
+}
+
+rule "terraform_required_providers" {
+ enabled = true
+
+ # defaults
+ source = false
+ version = true
+}
diff --git a/records/main.tf b/records/main.tf
index 33efbf6..685d594 100644
--- a/records/main.tf
+++ b/records/main.tf
@@ -1,3 +1,13 @@
+terraform {
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = ">= 4.61.0"
+ }
+ }
+ required_version = ">= 1.2"
+}
+
# Route53 record for services
resource "aws_route53_record" "routes" {
for_each = toset(var.subdomains)
diff --git a/records/variables.tf b/records/variables.tf
index 82ef57b..b7d1f24 100644
--- a/records/variables.tf
+++ b/records/variables.tf
@@ -1,5 +1,23 @@
-variable "hosted_zone_id" {}
-variable "hosted_zone_dns" {}
-variable "subdomains" {}
-variable "ttl" {}
-variable "endpoint" {}
+variable "hosted_zone_id" {
+ description = "The ID of the hosted zone to create records in."
+ type = string
+}
+
+
+variable "hosted_zone_dns" {
+ description = "The DNS name of the hosted zone to create records in."
+ type = string
+}
+
+variable "subdomains" {
+ description = "A list of subdomains to create records for."
+ type = list(string)
+}
+variable "ttl" {
+ description = "The TTL of the records to create."
+ type = number
+}
+variable "endpoint" {
+ description = "The endpoint to create records for."
+ type = string
+}
diff --git a/variables.tf b/variables.tf
index b30fd5b..ac1ffd1 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1,6 +1,7 @@
variable "hosted_zone_dns" {
description = "base domain associated with the private hosted zone for this account"
default = ""
+ type = string
}
variable "endpoint_subdomain_map" {
@@ -10,4 +11,5 @@ variable "endpoint_subdomain_map" {
variable "ttl" {
default = "60"
+ type = string
}