From 02238ce95230e2b5242536a9e8f42c128be1bd18 Mon Sep 17 00:00:00 2001
From: tjtharrison <gh@tjth.co>
Date: Sat, 22 Jul 2023 19:36:19 +0100
Subject: [PATCH 1/8] feat: Initial module commit

---
 .github/dependabot.yaml                       |  25 ++++
 .github/workflows/main-release.yaml           |  55 +++++++++
 .github/workflows/pr-actionlint.yaml          |  23 ++++
 .github/workflows/pr-checkov.yaml             |  22 ++++
 .github/workflows/pr-terraform-docs.yaml      |  25 ++++
 .idea/.gitignore                              |   3 +
 .idea/demo-multiple-terraform-modules.iml     |  15 +++
 .../inspectionProfiles/profiles_settings.xml  |   6 +
 .idea/misc.xml                                |   4 +
 .idea/modules.xml                             |   8 ++
 .idea/vcs.xml                                 |   6 +
 modules/ec2/main.tf                           |  39 +++++++
 modules/ec2/outputs.tf                        |   3 +
 modules/ec2/package.json                      |   4 +
 modules/ec2/variables.tf                      |  10 ++
 modules/s3/bucket.tf                          |  10 ++
 modules/s3/bucket_logging.tf                  |  13 +++
 modules/s3/bucket_policy.tf                   |  14 +++
 modules/s3/bucket_security.tf                 |  23 ++++
 modules/s3/package.json                       |   4 +
 modules/s3/variables.tf                       |  53 +++++++++
 scripts/prep_module.py                        | 108 ++++++++++++++++++
 22 files changed, 473 insertions(+)
 create mode 100644 .github/dependabot.yaml
 create mode 100644 .github/workflows/main-release.yaml
 create mode 100644 .github/workflows/pr-actionlint.yaml
 create mode 100644 .github/workflows/pr-checkov.yaml
 create mode 100644 .github/workflows/pr-terraform-docs.yaml
 create mode 100644 .idea/.gitignore
 create mode 100644 .idea/demo-multiple-terraform-modules.iml
 create mode 100644 .idea/inspectionProfiles/profiles_settings.xml
 create mode 100644 .idea/misc.xml
 create mode 100644 .idea/modules.xml
 create mode 100644 .idea/vcs.xml
 create mode 100644 modules/ec2/main.tf
 create mode 100644 modules/ec2/outputs.tf
 create mode 100644 modules/ec2/package.json
 create mode 100644 modules/ec2/variables.tf
 create mode 100644 modules/s3/bucket.tf
 create mode 100644 modules/s3/bucket_logging.tf
 create mode 100644 modules/s3/bucket_policy.tf
 create mode 100644 modules/s3/bucket_security.tf
 create mode 100644 modules/s3/package.json
 create mode 100644 modules/s3/variables.tf
 create mode 100644 scripts/prep_module.py

diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
new file mode 100644
index 0000000..6ea9804
--- /dev/null
+++ b/.github/dependabot.yaml
@@ -0,0 +1,25 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    ignore:
+      - dependency-name: "*"
+        update-types: [
+          "version-update:semver-patch"
+        ]
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 10
+    ignore:
+    - dependency-name: "*"
+      update-types: [
+        "version-update:semver-patch"
+      ]
\ No newline at end of file
diff --git a/.github/workflows/main-release.yaml b/.github/workflows/main-release.yaml
new file mode 100644
index 0000000..8291ee0
--- /dev/null
+++ b/.github/workflows/main-release.yaml
@@ -0,0 +1,55 @@
+name: Module release
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  issues: write
+  contents: write
+  pull-requests: write
+
+jobs:
+  generate-matrix:
+    name: Generate matrix
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.get-matrix.outputs.matrix }}
+    steps:
+      - name: Get matrix
+        id: get-matrix
+        uses: hellofresh/action-changed-files@v3
+        with:
+          pattern: modules/(?P<module>[^/]+)
+  release-module:
+    needs: generate-matrix
+    name: Release
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix: ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
+    if: ${{ fromJson(needs.generate-matrix.outputs.matrix).include[0] }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Setup Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: 'lts/*'
+      - name: Setup Python
+        uses: actions/setup-python@v2
+        with:
+        python-version: '3.10'
+      - name: Install dependencies
+        run: |
+          cd modules/${{ matrix.module }}
+          python3 ${GITHUB_WORKSPACE}/scripts/prep_module.py
+          npm install
+      - name: Release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          cd modules/${{ matrix.module }}
+          npx semantic-release -t ${{ matrix.module }}/'${version}'
diff --git a/.github/workflows/pr-actionlint.yaml b/.github/workflows/pr-actionlint.yaml
new file mode 100644
index 0000000..4c3a568
--- /dev/null
+++ b/.github/workflows/pr-actionlint.yaml
@@ -0,0 +1,23 @@
+name: Action Linting
+on:
+  pull_request:
+    branches:
+      - "main"
+    paths:
+      - ".github/workflows/**"
+
+permissions: read-all
+
+jobs:
+  actionlint:
+    name: Action Linting
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Download actionlint
+        id: get_actionlint
+        run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
+        shell: bash
+      - name: Check workflow files
+        run: ${{ steps.get_actionlint.outputs.executable }} -color
+        shell: bash
\ No newline at end of file
diff --git a/.github/workflows/pr-checkov.yaml b/.github/workflows/pr-checkov.yaml
new file mode 100644
index 0000000..dd9684f
--- /dev/null
+++ b/.github/workflows/pr-checkov.yaml
@@ -0,0 +1,22 @@
+name: Checkov
+on:
+  pull_request:
+    branches:
+      - "main"
+
+permissions: read-all
+
+jobs:
+  checkov-job:
+    runs-on: ubuntu-latest
+    name: checkov-action
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@master
+
+      - name: Run Checkov action
+        id: checkov
+        uses: bridgecrewio/checkov-action@v12.2431.0
+        with:
+          directory: .
+          skip_check: CKV_OPENAPI_5,CKV_OPENAPI_4 # Demo swagger file
\ No newline at end of file
diff --git a/.github/workflows/pr-terraform-docs.yaml b/.github/workflows/pr-terraform-docs.yaml
new file mode 100644
index 0000000..32bbb39
--- /dev/null
+++ b/.github/workflows/pr-terraform-docs.yaml
@@ -0,0 +1,25 @@
+name: Tf Docs
+on:
+  pull_request:
+    branches:
+      - "main"
+
+permissions:
+  contents: write
+
+jobs:
+  write-docs:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+
+      - name: Render terraform docs inside the README.md and push changes back to PR branch
+        uses: terraform-docs/gh-actions@v1.0.0
+        with:
+          working-dir: .
+          output-file: README.md
+          output-method: inject
+          git-push: "true"
+          git-commit-message: "docs: update README.md with terraform-docs"
\ No newline at end of file
diff --git a/.idea/.gitignore b/.idea/.gitignore
new file mode 100644
index 0000000..26d3352
--- /dev/null
+++ b/.idea/.gitignore
@@ -0,0 +1,3 @@
+# Default ignored files
+/shelf/
+/workspace.xml
diff --git a/.idea/demo-multiple-terraform-modules.iml b/.idea/demo-multiple-terraform-modules.iml
new file mode 100644
index 0000000..06b0085
--- /dev/null
+++ b/.idea/demo-multiple-terraform-modules.iml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="PYTHON_MODULE" version="4">
+  <component name="NewModuleRootManager">
+    <content url="file://$MODULE_DIR$" />
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+  <component name="PackageRequirementsSettings">
+    <option name="requirementsPath" value="" />
+  </component>
+  <component name="PyDocumentationSettings">
+    <option name="format" value="GOOGLE" />
+    <option name="myDocStringFormat" value="Google" />
+  </component>
+</module>
\ No newline at end of file
diff --git a/.idea/inspectionProfiles/profiles_settings.xml b/.idea/inspectionProfiles/profiles_settings.xml
new file mode 100644
index 0000000..105ce2d
--- /dev/null
+++ b/.idea/inspectionProfiles/profiles_settings.xml
@@ -0,0 +1,6 @@
+<component name="InspectionProjectProfileManager">
+  <settings>
+    <option name="USE_PROJECT_PROFILE" value="false" />
+    <version value="1.0" />
+  </settings>
+</component>
\ No newline at end of file
diff --git a/.idea/misc.xml b/.idea/misc.xml
new file mode 100644
index 0000000..d56657a
--- /dev/null
+++ b/.idea/misc.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectRootManager" version="2" project-jdk-name="Python 3.9" project-jdk-type="Python SDK" />
+</project>
\ No newline at end of file
diff --git a/.idea/modules.xml b/.idea/modules.xml
new file mode 100644
index 0000000..f3268a4
--- /dev/null
+++ b/.idea/modules.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectModuleManager">
+    <modules>
+      <module fileurl="file://$PROJECT_DIR$/.idea/demo-multiple-terraform-modules.iml" filepath="$PROJECT_DIR$/.idea/demo-multiple-terraform-modules.iml" />
+    </modules>
+  </component>
+</project>
\ No newline at end of file
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
new file mode 100644
index 0000000..35eb1dd
--- /dev/null
+++ b/.idea/vcs.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="VcsDirectoryMappings">
+    <mapping directory="" vcs="Git" />
+  </component>
+</project>
\ No newline at end of file
diff --git a/modules/ec2/main.tf b/modules/ec2/main.tf
new file mode 100644
index 0000000..aa41b01
--- /dev/null
+++ b/modules/ec2/main.tf
@@ -0,0 +1,39 @@
+# aws_instance terraform resource
+resource "aws_instance" "example" {
+  #checkov:skip=CKV2_AWS_41: "This is a test instance, role not required"
+  #checkov:skip=CKV_AWS_126: "This is a test instance, detailed monitoring not required"
+  ami           = "ami-0786f5bc3943ad52d"
+  instance_type = "t2.micro"
+  tags = {
+    Name = var.name
+  }
+  security_groups = [aws_security_group.allow_ssh.name]
+  ebs_optimized   = true
+  root_block_device {
+    encrypted = true
+  }
+  metadata_options {
+    http_endpoint = "enabled"
+    http_tokens   = "required"
+  }
+}
+
+# Lookup default vpc
+data "aws_vpc" "default" {
+  default = true
+}
+
+# Add security group
+resource "aws_security_group" "allow_ssh" {
+  name        = "allow_ssh"
+  description = "Allow SSH inbound traffic"
+  vpc_id      = data.aws_vpc.default.id
+
+  ingress {
+    description = "SSH from everywhere"
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [var.my_ip]
+  }
+}
\ No newline at end of file
diff --git a/modules/ec2/outputs.tf b/modules/ec2/outputs.tf
new file mode 100644
index 0000000..bf2e19e
--- /dev/null
+++ b/modules/ec2/outputs.tf
@@ -0,0 +1,3 @@
+output "public_ip" {
+  value = aws_instance.example.public_ip
+}
\ No newline at end of file
diff --git a/modules/ec2/package.json b/modules/ec2/package.json
new file mode 100644
index 0000000..1b15829
--- /dev/null
+++ b/modules/ec2/package.json
@@ -0,0 +1,4 @@
+{
+  "name": "tjth-ec2-instance",
+  "description": "A terraform module for creating an ec2 instance"
+}
\ No newline at end of file
diff --git a/modules/ec2/variables.tf b/modules/ec2/variables.tf
new file mode 100644
index 0000000..dbcc9a4
--- /dev/null
+++ b/modules/ec2/variables.tf
@@ -0,0 +1,10 @@
+variable "name" {
+  description = "The name of the instance"
+  default     = "my-terraform-instance"
+  type        = string
+}
+
+variable "my_ip" {
+  description = "The IP address to allow SSH access from"
+  type        = string
+}
diff --git a/modules/s3/bucket.tf b/modules/s3/bucket.tf
new file mode 100644
index 0000000..2a1f637
--- /dev/null
+++ b/modules/s3/bucket.tf
@@ -0,0 +1,10 @@
+resource "aws_s3_bucket" "this" {
+  bucket = var.bucket_name
+}
+
+resource "aws_s3_bucket_versioning" "this" {
+  bucket = aws_s3_bucket.this.id
+  versioning_configuration {
+    status = var.enable_versioning ? "Enabled" : "Disabled"
+  }
+}
diff --git a/modules/s3/bucket_logging.tf b/modules/s3/bucket_logging.tf
new file mode 100644
index 0000000..8c7629d
--- /dev/null
+++ b/modules/s3/bucket_logging.tf
@@ -0,0 +1,13 @@
+resource "aws_s3_bucket_logging" "example" {
+  count  = var.access_logging ? 1 : 0
+  bucket = aws_s3_bucket.this.id
+
+  # If bucket specified, otherwise use created
+  target_bucket = var.access_logging_bucket == null ? aws_s3_bucket.access_logs[0].id : var.access_logging_bucket
+  target_prefix = "log/${var.bucket_name}"
+}
+
+resource "aws_s3_bucket" "access_logs" {
+  count  = var.access_logging ? var.access_logging_bucket == null ? 1 : 0 : 0
+  bucket = var.access_logging_bucket
+}
diff --git a/modules/s3/bucket_policy.tf b/modules/s3/bucket_policy.tf
new file mode 100644
index 0000000..5d66dca
--- /dev/null
+++ b/modules/s3/bucket_policy.tf
@@ -0,0 +1,14 @@
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = jsonencode({
+    Statement = [
+      merge({
+        Actions   = "*"
+        Effect    = "Allow"
+        Principal = "*"
+        Resource  = "*"
+      })
+    ]
+    Version = "2012-10-17"
+  })
+}
diff --git a/modules/s3/bucket_security.tf b/modules/s3/bucket_security.tf
new file mode 100644
index 0000000..fb32164
--- /dev/null
+++ b/modules/s3/bucket_security.tf
@@ -0,0 +1,23 @@
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = var.bucket_public_acl != false ? "private" : "public"
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls       = var.block_public_acls
+  block_public_policy     = var.block_public_policy
+  restrict_public_buckets = var.restrict_public_buckets
+  ignore_public_acls      = var.ignore_public_acls
+}
+
+resource "aws_s3_bucket_server_side_encryption_configuration" "example" {
+  bucket = aws_s3_bucket.this.id
+
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm = "aws:kms"
+    }
+  }
+}
diff --git a/modules/s3/package.json b/modules/s3/package.json
new file mode 100644
index 0000000..bc93651
--- /dev/null
+++ b/modules/s3/package.json
@@ -0,0 +1,4 @@
+{
+  "name": "tjth-s3-bucket",
+  "description": "A terraform module for creating an s3 bucket"
+}
\ No newline at end of file
diff --git a/modules/s3/variables.tf b/modules/s3/variables.tf
new file mode 100644
index 0000000..f07248e
--- /dev/null
+++ b/modules/s3/variables.tf
@@ -0,0 +1,53 @@
+variable "bucket_name" {
+  description = "The name to be assigned to bucket and resources"
+}
+
+variable "bucket_public_acl" {
+  description = "Whether or not bucket should have a publicly accessible ACL"
+  default     = "private"
+  type        = string
+  validation {
+    condition     = can(regex("private|public-read|public-read-write|authenticated-read|aws-exec-read|log-delivery-write", var.bucket_public_acl))
+    error_message = "Must be one of \"private public-read public-read-write authenticated-read aws-exec-read log-delivery-write\"."
+  }
+}
+
+variable "block_public_acls" {
+  description = "Enable public acl block"
+  default     = true
+  type        = bool
+}
+
+variable "block_public_policy" {
+  description = "Enable block_public_policy"
+  default     = true
+  type        = bool
+}
+
+variable "restrict_public_buckets" {
+  description = "Enable restrict_public_buckets"
+  default     = true
+  type        = bool
+}
+
+variable "ignore_public_acls" {
+  description = "Enable ignore_public_acls"
+  default     = true
+  type        = bool
+}
+
+variable "enable_versioning" {
+  description = "Whether or not to enable object versioning"
+  default     = true
+  type        = bool
+}
+
+variable "access_logging" {
+  description = "Whether or not to enable access logging on the bucket"
+  default     = true
+}
+
+variable "access_logging_bucket" {
+  description = "Destination for access logging"
+  default     = ""
+}
diff --git a/scripts/prep_module.py b/scripts/prep_module.py
new file mode 100644
index 0000000..655a85f
--- /dev/null
+++ b/scripts/prep_module.py
@@ -0,0 +1,108 @@
+"""Script to prepare the module for semantic-release."""
+
+import os
+import sys
+import json
+
+skeleton_contents = {
+    "private": True,
+    "devDependencies": {
+        "@semantic-release/github": "^9.0.3",
+        "semantic-release": "^21.0.5"
+    },
+    "release": {
+        "branches": [
+            "main"
+        ]
+    },
+    "plugins": [
+        "@semantic-release/commit-analyzer",
+        "@semantic-release/release-notes-generator",
+        "@semantic-release/github"
+    ]
+}
+
+
+def open_file(filename):
+    """
+    Open a file and return its contents.
+
+    Args:
+        filename: The file to open.
+
+    Returns:
+        dict: The contents of the file.
+    """
+    try:
+        with open(filename, "r") as file:
+            return json.loads(file.read())
+    except FileNotFoundError:
+        raise FileNotFoundError(f"File {filename} not found.")
+
+    # Update the package_json file with skeleton contents
+
+
+def update_package_json(package_json, package_json_skeleton):
+    """
+    Update the package_json file with skeleton contents.
+
+    Args:
+        package_json: The package_json file to update.
+        package_json_skeleton: The skeleton contents to update with.
+
+    Returns:
+        dict: The updated package_json file.
+    """
+    try:
+        package_json_skeleton["name"] = package_json["name"]
+        package_json_skeleton["description"] = package_json["description"]
+    except KeyError as error_message:
+        print("Failed!", str(error_message))
+        sys.exit(1)
+
+    return package_json_skeleton
+
+
+def write_file(filename, contents):
+    """
+    Write the contents to the file.
+
+    Args:
+        filename: The file to write to.
+        contents: The contents to write to the file.
+    """
+    try:
+        with open(filename, "w") as file:
+            file.write(json.dumps(contents, indent=4))
+    except FileNotFoundError:
+        raise FileNotFoundError(f"File {filename} not found.")
+
+
+def main():
+    """Main function."""
+    try:
+        # Load the original package_json file
+        package_json = open_file("package.json")
+    except FileNotFoundError as error_message:
+        print("Failed!", str(error_message))
+        sys.exit(1)
+
+    # Update the package_json file with skeleton contents
+    try:
+        updated_package_json = update_package_json(package_json, skeleton_contents)
+    except KeyError as error_message:
+        print("Failed!", str(error_message))
+        sys.exit(1)
+
+    # Write the updated package_json file
+    try:
+        write_file("package.json", updated_package_json)
+    except FileNotFoundError as error_message:
+        print("Failed!", str(error_message))
+        sys.exit(1)
+
+    print("Processed successfully!")
+
+
+if __name__ == "__main__":
+    main()

From 2f9fe0134f6b91b412b4ac858e1aaee714cd3a25 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Sat, 22 Jul 2023 18:37:23 +0000
Subject: [PATCH 2/8] docs: update README.md with terraform-docs

---
 README.md | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/README.md b/README.md
index 08a8655..6ca8f9c 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,28 @@
 # demo-multiple-terraform-modules
 Demo repository containing multiple Terraform modules
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+No providers.
+
+## Modules
+
+No modules.
+
+## Resources
+
+No resources.
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->
\ No newline at end of file

From 036f5b3df88a65b2b5e05e6a0f3d20c2cb9f16c7 Mon Sep 17 00:00:00 2001
From: tjtharrison <gh@tjth.co>
Date: Sat, 22 Jul 2023 19:37:37 +0100
Subject: [PATCH 3/8] fix: removed .idea

---
 .idea/.gitignore                               |  3 ---
 .idea/demo-multiple-terraform-modules.iml      | 15 ---------------
 .idea/inspectionProfiles/profiles_settings.xml |  6 ------
 .idea/misc.xml                                 |  4 ----
 .idea/modules.xml                              |  8 --------
 .idea/vcs.xml                                  |  6 ------
 6 files changed, 42 deletions(-)
 delete mode 100644 .idea/.gitignore
 delete mode 100644 .idea/demo-multiple-terraform-modules.iml
 delete mode 100644 .idea/inspectionProfiles/profiles_settings.xml
 delete mode 100644 .idea/misc.xml
 delete mode 100644 .idea/modules.xml
 delete mode 100644 .idea/vcs.xml

diff --git a/.idea/.gitignore b/.idea/.gitignore
deleted file mode 100644
index 26d3352..0000000
--- a/.idea/.gitignore
+++ /dev/null
@@ -1,3 +0,0 @@
-# Default ignored files
-/shelf/
-/workspace.xml
diff --git a/.idea/demo-multiple-terraform-modules.iml b/.idea/demo-multiple-terraform-modules.iml
deleted file mode 100644
index 06b0085..0000000
--- a/.idea/demo-multiple-terraform-modules.iml
+++ /dev/null
@@ -1,15 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<module type="PYTHON_MODULE" version="4">
-  <component name="NewModuleRootManager">
-    <content url="file://$MODULE_DIR$" />
-    <orderEntry type="inheritedJdk" />
-    <orderEntry type="sourceFolder" forTests="false" />
-  </component>
-  <component name="PackageRequirementsSettings">
-    <option name="requirementsPath" value="" />
-  </component>
-  <component name="PyDocumentationSettings">
-    <option name="format" value="GOOGLE" />
-    <option name="myDocStringFormat" value="Google" />
-  </component>
-</module>
\ No newline at end of file
diff --git a/.idea/inspectionProfiles/profiles_settings.xml b/.idea/inspectionProfiles/profiles_settings.xml
deleted file mode 100644
index 105ce2d..0000000
--- a/.idea/inspectionProfiles/profiles_settings.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<component name="InspectionProjectProfileManager">
-  <settings>
-    <option name="USE_PROJECT_PROFILE" value="false" />
-    <version value="1.0" />
-  </settings>
-</component>
\ No newline at end of file
diff --git a/.idea/misc.xml b/.idea/misc.xml
deleted file mode 100644
index d56657a..0000000
--- a/.idea/misc.xml
+++ /dev/null
@@ -1,4 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="ProjectRootManager" version="2" project-jdk-name="Python 3.9" project-jdk-type="Python SDK" />
-</project>
\ No newline at end of file
diff --git a/.idea/modules.xml b/.idea/modules.xml
deleted file mode 100644
index f3268a4..0000000
--- a/.idea/modules.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="ProjectModuleManager">
-    <modules>
-      <module fileurl="file://$PROJECT_DIR$/.idea/demo-multiple-terraform-modules.iml" filepath="$PROJECT_DIR$/.idea/demo-multiple-terraform-modules.iml" />
-    </modules>
-  </component>
-</project>
\ No newline at end of file
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
deleted file mode 100644
index 35eb1dd..0000000
--- a/.idea/vcs.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="VcsDirectoryMappings">
-    <mapping directory="" vcs="Git" />
-  </component>
-</project>
\ No newline at end of file

From ace813b87e9fa2e38fb55b2b91d3080907c1532f Mon Sep 17 00:00:00 2001
From: tjtharrison <gh@tjth.co>
Date: Sat, 22 Jul 2023 19:40:20 +0100
Subject: [PATCH 4/8] ci: Fixed CI for tfdocs

---
 .github/workflows/pr-terraform-docs.yaml | 17 +++++++-
 .idea/workspace.xml                      | 54 ++++++++++++++++++++++++
 README.md                                | 26 +-----------
 3 files changed, 71 insertions(+), 26 deletions(-)
 create mode 100644 .idea/workspace.xml

diff --git a/.github/workflows/pr-terraform-docs.yaml b/.github/workflows/pr-terraform-docs.yaml
index 32bbb39..1182d6b 100644
--- a/.github/workflows/pr-terraform-docs.yaml
+++ b/.github/workflows/pr-terraform-docs.yaml
@@ -8,8 +8,23 @@ permissions:
   contents: write
 
 jobs:
+  generate-matrix:
+    name: Generate matrix
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.get-matrix.outputs.matrix }}
+    steps:
+      - name: Get matrix
+        id: get-matrix
+        uses: hellofresh/action-changed-files@v3
+        with:
+          pattern: modules/(?P<module>[^/]+)
   write-docs:
     runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix: ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
+    if: ${{ fromJson(needs.generate-matrix.outputs.matrix).include[0] }}
     steps:
       - uses: actions/checkout@v3
         with:
@@ -18,7 +33,7 @@ jobs:
       - name: Render terraform docs inside the README.md and push changes back to PR branch
         uses: terraform-docs/gh-actions@v1.0.0
         with:
-          working-dir: .
+          working-dir: modules/${{ matrix.module }}
           output-file: README.md
           output-method: inject
           git-push: "true"
diff --git a/.idea/workspace.xml b/.idea/workspace.xml
new file mode 100644
index 0000000..e2d0765
--- /dev/null
+++ b/.idea/workspace.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="AutoImportSettings">
+    <option name="autoReloadType" value="SELECTIVE" />
+  </component>
+  <component name="ChangeListManager">
+    <list default="true" id="d6b36014-33a2-407d-9dcb-64fd36276c84" name="Changes" comment="">
+      <change beforePath="$PROJECT_DIR$/.github/workflows/pr-terraform-docs.yaml" beforeDir="false" afterPath="$PROJECT_DIR$/.github/workflows/pr-terraform-docs.yaml" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/README.md" beforeDir="false" afterPath="$PROJECT_DIR$/README.md" afterDir="false" />
+    </list>
+    <option name="SHOW_DIALOG" value="false" />
+    <option name="HIGHLIGHT_CONFLICTS" value="true" />
+    <option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
+    <option name="LAST_RESOLUTION" value="IGNORE" />
+  </component>
+  <component name="Git.Settings">
+    <option name="RECENT_GIT_ROOT_PATH" value="$PROJECT_DIR$" />
+  </component>
+  <component name="MarkdownSettingsMigration">
+    <option name="stateVersion" value="1" />
+  </component>
+  <component name="ProjectId" id="2Sqqbb1jD2NTXteife9GW6IIMtD" />
+  <component name="ProjectViewState">
+    <option name="hideEmptyMiddlePackages" value="true" />
+    <option name="showLibraryContents" value="true" />
+  </component>
+  <component name="PropertiesComponent"><![CDATA[{
+  "keyToString": {
+    "RunOnceActivity.ShowReadmeOnStart": "true",
+    "last_opened_file_path": "/Users/tim/git/demo-multiple-terraform-modules/modules/s3",
+    "settings.editor.selected.configurable": "com.jetbrains.python.configuration.PyIntegratedToolsModulesConfigurable"
+  }
+}]]></component>
+  <component name="RecentsManager">
+    <key name="CopyFile.RECENT_KEYS">
+      <recent name="$PROJECT_DIR$/modules/s3" />
+    </key>
+    <key name="MoveFile.RECENT_KEYS">
+      <recent name="$PROJECT_DIR$" />
+      <recent name="$PROJECT_DIR$/modules/ec2" />
+    </key>
+  </component>
+  <component name="SpellCheckerSettings" RuntimeDictionaries="0" Folders="0" CustomDictionaries="0" DefaultDictionary="application-level" UseSingleDictionary="true" transferred="true" />
+  <component name="TaskManager">
+    <task active="true" id="Default" summary="Default task">
+      <changelist id="d6b36014-33a2-407d-9dcb-64fd36276c84" name="Changes" comment="" />
+      <created>1689884530781</created>
+      <option name="number" value="Default" />
+      <option name="presentableId" value="Default" />
+      <updated>1689884530781</updated>
+    </task>
+    <servers />
+  </component>
+</project>
\ No newline at end of file
diff --git a/README.md b/README.md
index 6ca8f9c..9c8ffb1 100644
--- a/README.md
+++ b/README.md
@@ -1,28 +1,4 @@
 # demo-multiple-terraform-modules
 Demo repository containing multiple Terraform modules
 
-<!-- BEGIN_TF_DOCS -->
-## Requirements
-
-No requirements.
-
-## Providers
-
-No providers.
-
-## Modules
-
-No modules.
-
-## Resources
-
-No resources.
-
-## Inputs
-
-No inputs.
-
-## Outputs
-
-No outputs.
-<!-- END_TF_DOCS -->
\ No newline at end of file
+Used for an article on [Medium](https://tjtharrison.medium.com)
\ No newline at end of file

From 9219b1b742821bc45894a29ac16ef0887a412ed2 Mon Sep 17 00:00:00 2001
From: tjtharrison <gh@tjth.co>
Date: Sat, 22 Jul 2023 19:44:53 +0100
Subject: [PATCH 5/8] fix: Fixed checkov

---
 .gitignore                   |  1 +
 .idea/workspace.xml          | 54 ------------------------------------
 modules/s3/bucket.tf         |  6 ++++
 modules/s3/bucket_logging.tf |  6 ++++
 4 files changed, 13 insertions(+), 54 deletions(-)
 create mode 100644 .gitignore
 delete mode 100644 .idea/workspace.xml

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..723ef36
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.idea
\ No newline at end of file
diff --git a/.idea/workspace.xml b/.idea/workspace.xml
deleted file mode 100644
index e2d0765..0000000
--- a/.idea/workspace.xml
+++ /dev/null
@@ -1,54 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="AutoImportSettings">
-    <option name="autoReloadType" value="SELECTIVE" />
-  </component>
-  <component name="ChangeListManager">
-    <list default="true" id="d6b36014-33a2-407d-9dcb-64fd36276c84" name="Changes" comment="">
-      <change beforePath="$PROJECT_DIR$/.github/workflows/pr-terraform-docs.yaml" beforeDir="false" afterPath="$PROJECT_DIR$/.github/workflows/pr-terraform-docs.yaml" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/README.md" beforeDir="false" afterPath="$PROJECT_DIR$/README.md" afterDir="false" />
-    </list>
-    <option name="SHOW_DIALOG" value="false" />
-    <option name="HIGHLIGHT_CONFLICTS" value="true" />
-    <option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
-    <option name="LAST_RESOLUTION" value="IGNORE" />
-  </component>
-  <component name="Git.Settings">
-    <option name="RECENT_GIT_ROOT_PATH" value="$PROJECT_DIR$" />
-  </component>
-  <component name="MarkdownSettingsMigration">
-    <option name="stateVersion" value="1" />
-  </component>
-  <component name="ProjectId" id="2Sqqbb1jD2NTXteife9GW6IIMtD" />
-  <component name="ProjectViewState">
-    <option name="hideEmptyMiddlePackages" value="true" />
-    <option name="showLibraryContents" value="true" />
-  </component>
-  <component name="PropertiesComponent"><![CDATA[{
-  "keyToString": {
-    "RunOnceActivity.ShowReadmeOnStart": "true",
-    "last_opened_file_path": "/Users/tim/git/demo-multiple-terraform-modules/modules/s3",
-    "settings.editor.selected.configurable": "com.jetbrains.python.configuration.PyIntegratedToolsModulesConfigurable"
-  }
-}]]></component>
-  <component name="RecentsManager">
-    <key name="CopyFile.RECENT_KEYS">
-      <recent name="$PROJECT_DIR$/modules/s3" />
-    </key>
-    <key name="MoveFile.RECENT_KEYS">
-      <recent name="$PROJECT_DIR$" />
-      <recent name="$PROJECT_DIR$/modules/ec2" />
-    </key>
-  </component>
-  <component name="SpellCheckerSettings" RuntimeDictionaries="0" Folders="0" CustomDictionaries="0" DefaultDictionary="application-level" UseSingleDictionary="true" transferred="true" />
-  <component name="TaskManager">
-    <task active="true" id="Default" summary="Default task">
-      <changelist id="d6b36014-33a2-407d-9dcb-64fd36276c84" name="Changes" comment="" />
-      <created>1689884530781</created>
-      <option name="number" value="Default" />
-      <option name="presentableId" value="Default" />
-      <updated>1689884530781</updated>
-    </task>
-    <servers />
-  </component>
-</project>
\ No newline at end of file
diff --git a/modules/s3/bucket.tf b/modules/s3/bucket.tf
index 2a1f637..f4860bd 100644
--- a/modules/s3/bucket.tf
+++ b/modules/s3/bucket.tf
@@ -1,4 +1,10 @@
 resource "aws_s3_bucket" "this" {
+  #checkov:skip=CKV2_AWS_61: "This is a demo bucket"
+  #checkov:skip=CKV2_AWS_62: "This is a demo bucket"
+  #checkov:skip=CKV_AWS_144: "This is a demo bucket"
+  #checkov:skip=CKV_AWS_145: "This is a demo bucket"
+  #checkov:skip=CKV_AWS_21: "This is a demo bucket"
+  #checkov:skip=CKV2_AWS_6: "This is a demo bucket"
   bucket = var.bucket_name
 }
 
diff --git a/modules/s3/bucket_logging.tf b/modules/s3/bucket_logging.tf
index 8c7629d..61a43ee 100644
--- a/modules/s3/bucket_logging.tf
+++ b/modules/s3/bucket_logging.tf
@@ -8,6 +8,12 @@ resource "aws_s3_bucket_logging" "example" {
 }
 
 resource "aws_s3_bucket" "access_logs" {
+  #checkov:skip=CKV2_AWS_61: "This is a demo bucket"
+  #checkov:skip=CKV2_AWS_62: "This is a demo bucket"
+  #checkov:skip=CKV_AWS_144: "This is a demo bucket"
+  #checkov:skip=CKV_AWS_145: "This is a demo bucket"
+  #checkov:skip=CKV_AWS_21: "This is a demo bucket"
+  #checkov:skip=CKV2_AWS_6: "This is a demo bucket"
   count  = var.access_logging ? var.access_logging_bucket == null ? 1 : 0 : 0
   bucket = var.access_logging_bucket
 }

From 316d50e722ecfa4678343bd23cf2bccf617e9041 Mon Sep 17 00:00:00 2001
From: tjtharrison <gh@tjth.co>
Date: Sat, 22 Jul 2023 19:49:17 +0100
Subject: [PATCH 6/8] ci: actionlint issues

---
 .github/workflows/main-release.yaml      | 5 +++--
 .github/workflows/pr-terraform-docs.yaml | 2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/main-release.yaml b/.github/workflows/main-release.yaml
index 8291ee0..0a9eeb0 100644
--- a/.github/workflows/main-release.yaml
+++ b/.github/workflows/main-release.yaml
@@ -41,15 +41,16 @@ jobs:
       - name: Setup Python
         uses: actions/setup-python@v2
         with:
-        python-version: '3.10'
+          python-version: '3.10'
       - name: Install dependencies
         run: |
           cd modules/${{ matrix.module }}
-          python3 ${GITHUB_WORKSPACE}/scripts/prep_module.py
+          python3 "${GITHUB_WORKSPACE}"/scripts/prep_module.py
           npm install
       - name: Release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           cd modules/${{ matrix.module }}
+          # shellcheck disable=SC2016
           npx semantic-release -t ${{ matrix.module }}/'${version}'
diff --git a/.github/workflows/pr-terraform-docs.yaml b/.github/workflows/pr-terraform-docs.yaml
index 1182d6b..0b3bd0c 100644
--- a/.github/workflows/pr-terraform-docs.yaml
+++ b/.github/workflows/pr-terraform-docs.yaml
@@ -21,6 +21,7 @@ jobs:
           pattern: modules/(?P<module>[^/]+)
   write-docs:
     runs-on: ubuntu-latest
+    needs: generate-matrix
     strategy:
       fail-fast: false
       matrix: ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
@@ -29,7 +30,6 @@ jobs:
       - uses: actions/checkout@v3
         with:
           ref: ${{ github.event.pull_request.head.ref }}
-
       - name: Render terraform docs inside the README.md and push changes back to PR branch
         uses: terraform-docs/gh-actions@v1.0.0
         with:

From beac861110d0b32a22c2bfd2d05a3704d8faa59d Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Sat, 22 Jul 2023 18:49:42 +0000
Subject: [PATCH 7/8] docs: update README.md with terraform-docs

---
 modules/ec2/README.md | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 modules/ec2/README.md

diff --git a/modules/ec2/README.md b/modules/ec2/README.md
new file mode 100644
index 0000000..1eef7bc
--- /dev/null
+++ b/modules/ec2/README.md
@@ -0,0 +1,36 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_instance.example](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource |
+| [aws_security_group.allow_ssh](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
+| [aws_vpc.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_my_ip"></a> [my\_ip](#input\_my\_ip) | The IP address to allow SSH access from | `string` | n/a | yes |
+| <a name="input_name"></a> [name](#input\_name) | The name of the instance | `string` | `"my-terraform-instance"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_public_ip"></a> [public\_ip](#output\_public\_ip) | n/a |
+<!-- END_TF_DOCS -->
\ No newline at end of file

From 2c14be0f289988193b1a2f618b72c82a93ead675 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Sat, 22 Jul 2023 18:49:47 +0000
Subject: [PATCH 8/8] docs: update README.md with terraform-docs

---
 modules/s3/README.md | 46 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 modules/s3/README.md

diff --git a/modules/s3/README.md b/modules/s3/README.md
new file mode 100644
index 0000000..2d41db8
--- /dev/null
+++ b/modules/s3/README.md
@@ -0,0 +1,46 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_s3_bucket.access_logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
+| [aws_s3_bucket.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
+| [aws_s3_bucket_acl.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl) | resource |
+| [aws_s3_bucket_logging.example](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_logging) | resource |
+| [aws_s3_bucket_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |
+| [aws_s3_bucket_public_access_block.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource |
+| [aws_s3_bucket_server_side_encryption_configuration.example](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource |
+| [aws_s3_bucket_versioning.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_access_logging"></a> [access\_logging](#input\_access\_logging) | Whether or not to enable access logging on the bucket | `bool` | `true` | no |
+| <a name="input_access_logging_bucket"></a> [access\_logging\_bucket](#input\_access\_logging\_bucket) | Destination for access logging | `string` | `""` | no |
+| <a name="input_block_public_acls"></a> [block\_public\_acls](#input\_block\_public\_acls) | Enable public acl block | `bool` | `true` | no |
+| <a name="input_block_public_policy"></a> [block\_public\_policy](#input\_block\_public\_policy) | Enable block\_public\_policy | `bool` | `true` | no |
+| <a name="input_bucket_name"></a> [bucket\_name](#input\_bucket\_name) | The name to be assigned to bucket and resources | `any` | n/a | yes |
+| <a name="input_bucket_public_acl"></a> [bucket\_public\_acl](#input\_bucket\_public\_acl) | Whether or not bucket should have a publicly accessible ACL | `string` | `"private"` | no |
+| <a name="input_enable_versioning"></a> [enable\_versioning](#input\_enable\_versioning) | Whether or not to enable object versioning | `bool` | `true` | no |
+| <a name="input_ignore_public_acls"></a> [ignore\_public\_acls](#input\_ignore\_public\_acls) | Enable ignore\_public\_acls | `bool` | `true` | no |
+| <a name="input_restrict_public_buckets"></a> [restrict\_public\_buckets](#input\_restrict\_public\_buckets) | Enable restrict\_public\_buckets | `bool` | `true` | no |
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->
\ No newline at end of file