Updating from upstream

.devcontainer/Dockerfile

@@ -0,0 +1,5 @@
+FROM mcr.microsoft.com/devcontainers/base:bullseye
+
+RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
+    && apt-get -y install --no-install-recommends python3-pip \
+    && pip install --no-input pre-commit

.devcontainer/devcontainer.json

@@ -0,0 +1,21 @@
+{
+	"name": "Terraform",
+	"build": {
+		"dockerfile": "./Dockerfile",
+		"context": "."
+	},
+	"features": {
+		"ghcr.io/devcontainers/features/terraform:1": {
+			"version": "latest",
+			"installTerraformDocs": true
+		}
+	},
+	"customizations": {
+		"vscode": {
+			"extensions": [
+				"EditorConfig.EditorConfig"
+			]
+		}
+	},
+	"postCreateCommand": "pre-commit install"
+}

.editorconfig

@@ -1,11 +1,14 @@
 root = true
 
 [*]
+charset = utf-8
+end_of_line = lf
 indent_style = space
 indent_size = 2
-charset = utf-8
-trim_trailing_whitespace = true
 insert_final_newline = true
+max_line_length = 80
+trim_trailing_whitespace = true
 
 [*.md]
-trim_trailing_whitespace = false
+max_line_length = 0
+trim_trailing_whitespace = false

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,36 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: bug
+assignees: ''
+
+---
+
+## Describe the bug
+
+<!-- A clear and concise description of what the bug is. -->
+
+## Versions
+
+<!-- Provide the versions of terraform, the AWS provider and this module you're using -->
+
+- Terraform: 
+- Provider: 
+- Module: 
+
+## Reproduction
+
+<!-- Steps to reproduce the behavior: -->
+
+## Expected behavior
+
+<!-- A clear and concise description of what you expected to happen. -->
+
+## Actual behavior
+
+<!-- A clear and concise description of what actually happened. -->
+
+## Additional context
+
+<!-- Add any other context about the problem here. -->

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,24 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: enhancement
+assignees: ''
+
+---
+
+## Is your feature request related to a problem? Please describe.
+
+<!-- A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] -->
+
+## Describe the solution you'd like
+
+<!-- A clear and concise description of what you want to happen. -->
+
+## Describe alternatives you've considered
+
+<!-- Optional. A clear and concise description of any alternative solutions or features you've considered. -->
+
+## Additional context
+
+<!-- Add any other context or screenshots about the feature request here. -->

.github/workflows/main.yml

@@ -1,20 +1,24 @@
-name: Terraform
+name: CI
 on:
   push:
     branches:
       - main
   pull_request:
 jobs:
-  check-format:
-    name: Check format
+  pre-commit-checks:
+    name: Pre-commit checks
     runs-on: ubuntu-latest
     steps:
-      - uses: hashicorp/setup-terraform@v1
       - name: Checkout
         uses: actions/checkout@v2
-      - name: "Terraform Format"
-        run: terraform fmt -check -recursive
-
+      - name: Terraform min/max versions
+        id: minMax
+        uses: clowdhaus/[email protected]
+      - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }}
+        uses: clowdhaus/terraform-composite-actions/[email protected]
+        with:
+          terraform-version: ${{ steps.minMax.outputs.maxVersion }}
+          terraform-docs-version: v0.16.0
   validate-examples:
     name: Validate examples
     runs-on: ubuntu-latest

.github/workflows/release-please.yml

@@ -0,0 +1,12 @@
+on:
+  push:
+    branches:
+      - main
+name: release-please
+jobs:
+  release-please:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: google-github-actions/release-please-action@v3
+        with:
+          release-type: terraform-module

.pre-commit-config.yaml

@@ -1,6 +1,12 @@
 repos:
-  - repo: git://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.51.0
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.62.3
     hooks:
       - id: terraform_fmt
       - id: terraform_docs
+        args:
+          - --args=--config=.terraform-docs.yml
+      - id: terraform_tflint
+        exclude: "test/"
+        args:
+          - --args=--config=__GIT_WORKING_DIR__/.tflint.hcl

.terraform-docs.yml

@@ -0,0 +1,16 @@
+formatter: "markdown table"
+
+sections:
+  show:
+    - requirements
+    - providers
+    - inputs
+    - outputs
+
+sort:
+  enabled: true
+  by: required
+
+settings:
+  default: false
+  lockfile: false

.tflint.hcl

@@ -0,0 +1,53 @@
+config {
+  module = false
+  force = false
+  disabled_by_default = false
+}
+
+rule "terraform_deprecated_interpolation" {
+  enabled = true
+}
+
+rule "terraform_deprecated_index" {
+  enabled = true
+}
+
+rule "terraform_unused_declarations" {
+  enabled = true
+}
+
+rule "terraform_comment_syntax" {
+  enabled = true
+}
+
+rule "terraform_documented_outputs" {
+  enabled = true
+}
+
+rule "terraform_documented_variables" {
+  enabled = true
+}
+
+rule "terraform_typed_variables" {
+  enabled = true
+}
+
+rule "terraform_module_pinned_source" {
+  enabled = true
+}
+
+rule "terraform_required_version" {
+  enabled = true
+}
+
+rule "terraform_required_providers" {
+  enabled = true
+}
+
+rule "terraform_standard_module_structure" {
+  enabled = true
+}
+
+rule "terraform_workspace_remote" {
+  enabled = true
+}

CHANGELOG.md

@@ -1,5 +1,115 @@
-<a name="unreleased"></a>
-## [Unreleased]
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [2.1.0](https://github.com/nozaq/terraform-aws-secure-baseline/compare/v2.0.0...v2.1.0) (2022-12-03)
+
+
+### Features
+
+* enable CIS benchmark v1.4.0 standard ([#308](https://github.com/nozaq/terraform-aws-secure-baseline/issues/308)) ([bb724cd](https://github.com/nozaq/terraform-aws-secure-baseline/commit/bb724cd7783ae3e645cbbb4468b367fc5095cb53))
+* make audit log bucket access logs bucket name customizable ([#303](https://github.com/nozaq/terraform-aws-secure-baseline/issues/303)) ([07dc101](https://github.com/nozaq/terraform-aws-secure-baseline/commit/07dc101179fa2d1649cd987e3d8f3d269db546b8))
+
+## [2.0.0](https://github.com/nozaq/terraform-aws-secure-baseline/compare/v1.1.0...v2.0.0) (2022-06-05)
+
+
+### ⚠ BREAKING CHANGES
+
+* this change disables glacier transition rules by default since transitioning small objects is officially not recommended. it can be enabled by setting `var.audit_log_lifecycle_glacier_transition_days` to a positive number.
+
+### Features
+
+* add permissions boundaries for IAM entities support ([#288](https://github.com/nozaq/terraform-aws-secure-baseline/issues/288)) ([219f003](https://github.com/nozaq/terraform-aws-secure-baseline/commit/219f0032626a793b1c7ca304793d924b829b2c18))
+* make glacier transition rules optional ([#293](https://github.com/nozaq/terraform-aws-secure-baseline/issues/293)) ([f0cdf3e](https://github.com/nozaq/terraform-aws-secure-baseline/commit/f0cdf3e6294a97ef455cf5e313aba14bfba38467))
+
+## [1.1.0](https://github.com/nozaq/terraform-aws-secure-baseline/compare/v1.0.1...v1.1.0) (2022-04-16)
+
+
+### Features
+
+* use S3 lifecycle rule V2 ([#285](https://github.com/nozaq/terraform-aws-secure-baseline/issues/285)) ([2b471bd](https://github.com/nozaq/terraform-aws-secure-baseline/commit/2b471bd321f3f7503690076d9321aeca38401796))
+
+
+### Bug Fixes
+
+* upgrade the AWS provider to v4.3 ([#287](https://github.com/nozaq/terraform-aws-secure-baseline/issues/287)) ([271d99e](https://github.com/nozaq/terraform-aws-secure-baseline/commit/271d99ef6206fab0886f6961674340e986b5bc0c))
+
+## [1.0.1](https://github.com/nozaq/terraform-aws-secure-baseline/compare/v1.0.0...v1.0.1) (2022-03-06)
+### Bug Fixes
+- avoid for_each key error ([#273](https://github.com/nozaq/terraform-aws-secure-baseline/issues/273)) ([0122d6f](https://github.com/nozaq/terraform-aws-secure-baseline/commit/0122d6fcd00ecd1114a2d5e7853027ebb0322d71))
+- mark `var.member_accounts` required ([#272](https://github.com/nozaq/terraform-aws-secure-baseline/issues/272)) ([8612941](https://github.com/nozaq/terraform-aws-secure-baseline/commit/8612941317db8c5f3eb82fd8c5218b8ef5a5d41f))
+
+## [1.0.0] - 2022-02-19
+### Feat
+- add new S3 bucket configuration resources ([#261](https://github.com/nozaq/terraform-aws-secure-baseline/issues/261))
+- allow use of organization trail to be toggled via variable ([#259](https://github.com/nozaq/terraform-aws-secure-baseline/issues/259))
+
+### Fix
+- require AWS provider v4.2.0 ([#270](https://github.com/nozaq/terraform-aws-secure-baseline/issues/270))
+- require AWS provider v4.1.0 ([#268](https://github.com/nozaq/terraform-aws-secure-baseline/issues/268))
+- the condition to use the organization trail ([#265](https://github.com/nozaq/terraform-aws-secure-baseline/issues/265))
+- use count instead of `var.enabled` ([#262](https://github.com/nozaq/terraform-aws-secure-baseline/issues/262))
+
+### Refactor
+- remove `destination_options` ([#267](https://github.com/nozaq/terraform-aws-secure-baseline/issues/267))
+- explicitly define a format for FlowLogs ([#264](https://github.com/nozaq/terraform-aws-secure-baseline/issues/264))
+- replace deprecated arguments ([#263](https://github.com/nozaq/terraform-aws-secure-baseline/issues/263))
+
+### BREAKING CHANGE
+
+resources regarding S3 bucket configurations need manual import
+after upgrade. See `docs/upgrade-1.0.md` for guidance.
+
+
+<a name="0.34.0"></a>
+## [0.34.0] - 2022-01-22
+### Feat
+- automatically accepts invite from the master ([#256](https://github.com/nozaq/terraform-aws-secure-baseline/issues/256))
+- enforce strong password policy by default ([#252](https://github.com/nozaq/terraform-aws-secure-baseline/issues/252))
+
+### Fix
+- no findings aggregator for member accounts ([#257](https://github.com/nozaq/terraform-aws-secure-baseline/issues/257))
+- set the minimum terraform version to 1.1.4 ([#255](https://github.com/nozaq/terraform-aws-secure-baseline/issues/255))
+- upgrade minimum provider requirements ([#248](https://github.com/nozaq/terraform-aws-secure-baseline/issues/248))
+
+
+<a name="0.33.0"></a>
+## [0.33.0] - 2022-01-10
+### Refactor
+- add tflint checks ([#246](https://github.com/nozaq/terraform-aws-secure-baseline/issues/246))
+- re-organize locals ([#243](https://github.com/nozaq/terraform-aws-secure-baseline/issues/243))
+
+
+<a name="0.32.0"></a>
+## [0.32.0] - 2022-01-08
+### Feat
+- enable finding aggregator in the main region ([#241](https://github.com/nozaq/terraform-aws-secure-baseline/issues/241))
+
+
+<a name="0.31.0"></a>
+## [0.31.0] - 2022-01-08
+### Feat
+- add inputs to toggle submodules ([#240](https://github.com/nozaq/terraform-aws-secure-baseline/issues/240))
+- optionally ignore SSO logins for MFA alarms ([#234](https://github.com/nozaq/terraform-aws-secure-baseline/issues/234))
+- apply default subnet changes to existing subnets ([#237](https://github.com/nozaq/terraform-aws-secure-baseline/issues/237))
+
+### Fix
+- use CIS recommended filter pattern ([#239](https://github.com/nozaq/terraform-aws-secure-baseline/issues/239))
+- remove `aws_default_vpc` dependency ([#238](https://github.com/nozaq/terraform-aws-secure-baseline/issues/238))
+
+### Refactor
+- use module count instead of having ennabled variable in each submodule. ([#195](https://github.com/nozaq/terraform-aws-secure-baseline/issues/195))
+
+
+<a name="0.30.0"></a>
+## [0.30.0] - 2021-11-23
+### Feat
+- add S3 bucket key support ([#236](https://github.com/nozaq/terraform-aws-secure-baseline/issues/236))
+
+### Fix
+- the minimum required version of the AWS provider ([#227](https://github.com/nozaq/terraform-aws-secure-baseline/issues/227))
 
 
 <a name="0.29.2"></a>
@@ -344,7 +454,12 @@
 <a name="0.0.1"></a>
 ## 0.0.1 - 2018-02-12
 
-[Unreleased]: https://github.com/nozaq/terraform-aws-secure-baseline/compare/0.29.2...HEAD
+[1.0.0]: https://github.com/nozaq/terraform-aws-secure-baseline/compare/0.34.0...1.0.0
+[0.34.0]: https://github.com/nozaq/terraform-aws-secure-baseline/compare/0.33.0...0.34.0
+[0.33.0]: https://github.com/nozaq/terraform-aws-secure-baseline/compare/0.32.0...0.33.0
+[0.32.0]: https://github.com/nozaq/terraform-aws-secure-baseline/compare/0.31.0...0.32.0
+[0.31.0]: https://github.com/nozaq/terraform-aws-secure-baseline/compare/0.30.0...0.31.0
+[0.30.0]: https://github.com/nozaq/terraform-aws-secure-baseline/compare/0.29.2...0.30.0
 [0.29.2]: https://github.com/nozaq/terraform-aws-secure-baseline/compare/0.29.1...0.29.2
 [0.29.1]: https://github.com/nozaq/terraform-aws-secure-baseline/compare/0.29.0...0.29.1
 [0.29.0]: https://github.com/nozaq/terraform-aws-secure-baseline/compare/0.28.0...0.29.0