* feat: add S3 bucket key support

* chore: go mod tidy

The `aws_default_subnet` resources will only be created for existing VPC default subnets. This will fix "Default subnet not found" errors when one or multiple default subnets do not exist in the VPC. 

Fixes: #198

Co-authored-by: nozaq <[email protected]>

…h submodule. (#195)

* refactor: use `count` to toggle vpc-baseline

* refactor: use `count` to toggle guardduty-baseline

* refactor: use `count` to toggle securityhub-baseline

* refactor: use `count` to toggle ebs-baseline

* refactor: use `count` to toggle analyzer-baseline

* refactor: use `count` to toggle config-baseline

* refactor: use `count` to toggle cloudtrail-baseline

* refactor: use `count` to toggle alarm-baseline

* refactor: add migrations

* style: follow the official style conventions

* docs: remove modules/resources from README

* chore: add tflint in pre-commit hooks

* refactor: remove unused variables

* refactor: follow `terraform_standard_module_structure` rule

* refactor: define type for variables

* chore: add pre-commit checks to CI workflows

* chore: apply terraform-doc config to submodules

…m fmt to fail

Co-authored-by: Curtis <[email protected]>

This is a formatting issue and a slight editing error. (#250)

To conform to IAM.7 in AWS Foundational Security Best Practices.

to avoid the issue in terraform 1.1.3
hashicorp/terraform#30326

member accounts automatically derive the aggregator setting from the master
account.

fixes: #254

* trigger org cloudtrail with explicit var rather than local
* tfdocs
* changing var for backwards compatability
* check for master account

Co-authored-by: Jamie Dick <[email protected]>

BREAKING CHANGE: resources regarding S3 bucket configurations need manual import
after upgrade. See `docs/upgrade-1.0.md` for guidance.

Updated the provider requiremenet to avoid the issue in AWS provider
v4.1.0 that the validation fails for some AWS regions.

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: nozaq <[email protected]>

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

fixes: #280

BREAKING CHANGE: this change disables glacier transition rules by default since
transitioning small objects is officially not recommended. it
can be enabled by setting `var.audit_log_lifecycle_glacier_transition_days` to
a positive number.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-transition-general-considerations.html

It might be a case when iam roles can be created with
predefined boundaries. This PR introduce such capabilities
by providing permissions_boundary_arn option
Currently single permissions_boundary_arn will be applied
to all iam_roles provisioned by this module

Signed-off-by: Sergiy Kulanov <[email protected]>

Co-authored-by: nozaq <[email protected]>

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* Make audit log bucket access logs bucket name customizable

* docs: run terraform-docs

Co-authored-by: Kendi Paet <[email protected]>
Co-authored-by: nozaq <[email protected]>

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>