Terraform 1.x support

.github/workflows/validate.yaml

@@ -9,56 +9,6 @@ on:
       - main
 
 jobs:
-  ## TODO: Enable this once the repo is totally formatted to standard.
-  # lint-style:
-  #   name: Linting and Styling
-  #   runs-on: ubuntu-latest
-  #   steps:
-  #     - name: Checkout Source
-  #       uses: actions/checkout@v3
-  #       with:
-  #         fetch-depth: 0
-
-  #     - name: Setup Dependencies
-  #       uses: './.github/actions/dep-setup'
-  #       with:
-  #         python-version: '3.10'
-
-  #     - name: Run Styling Enforcement
-  #       shell: bash
-  #       run: poetry poe check
-
-  #     # TODO: As soon as the repo is in a state to enable this, we'll do so.
-  #     - name: Run Style Linting Enforcement
-  #       shell: bash
-  #       run: poetry poe lint
-
-  ## TODO: Enable unit tests via GH Actions when unit tests are fixed and migrated to pytest.
-  # unit-tests:
-  #   name: Run Unit Tests
-  #   strategy:
-  #     matrix:
-  #       version: ['3.7', '3.8', '3.9', '3.10', '3.11']
-  #       os: [ubuntu-latest]
-  #   runs-on: ${{ matrix.os }}
-  #   steps:
-  #     - name: Checkout Source
-  #       uses: actions/checkout@v3
-  #       with:
-  #         fetch-depth: 0
-
-  #     - name: Setup Dependencies
-  #       uses: './.github/actions/dep-setup'
-  #       with:
-  #         python-version: '${{ matrix.version }}'
-
-  #     - name: Run Tests
-  #       shell: bash
-  #       run: poetry poe test
-
-  #     - name: Codecov
-  #       uses: codecov/codecov-action@v3
-
   security:
     name: Run Security Checks
     runs-on: ubuntu-latest

.gitignore

@@ -128,3 +128,7 @@ API_GW_NOT_EDGE_OPTIMISED/
 manageTest/
 
 football/
+
+terraform.tfvars
+**/.terraform
+.terraform.lock.hcl

docs/commands/export.md

@@ -1,19 +1,36 @@
 # Export
 
-This command will export the specified Rule(s) to the terraform file, it
-supports the terraform versions 0.11 and 0.12.
-
-The `--format` flag can be used to specify export format, currently it
-supports only terraform. The `--version` flag can be used to specify the
-terraform version. The `--rdklib-layer-arn` flag can be used for
-attaching Lambda Layer ARN that contains the desired rdklib. Note that
-Lambda Layers are region-specific. The `--lambda-role-arn` flag can be
-used for assigning existing iam role to all Lambda functions created for
-Custom Config Rules. The `--lambda-layers` flag can be used for
-attaching a comma-separated list of Lambda Layer ARNs to deploy with
-your Lambda function(s). The `--lambda-subnets` flag can be used for
-attaching a comma-separated list of Subnets to deploy your Lambda
-function(s). The `--lambda-security-groups` flag can be used for
-attaching a comma-separated list of Security Groups to deploy with your
-Lambda function(s). The `--lambda-timeout` flag can be used for
-specifying the timeout associated to the lambda function
+This command will export the specified Rule(s) to Terraform.
+
+It supports Terraform version 1.x (older TF version support is deprecated).
+
+In order to reduce repeated code, the 1.x Terraform export will generate a module invocation that passes appropriate arguments to the source module.
+
+The source module will live in `rdk/template/terraform/1.x/rdk_module` and will be exported by default (though you can also point it to a different module folder if you want to reduce repeated code).
+
+The intended usage in CI/CD pipelines looks something like this:
+```bash
+# Assuming a folder of rules, with one subfolder per rule, containing:
+#  parameters.json
+#  rule.py
+#  rule_test.py
+
+TF_STATE_BUCKET=my-bucket
+rdk export -a --add-terragrunt-file --backend-bucket $TF_STATE_BUCKET # Creates a TF manifest, terragrunt placeholder file, and backend in each rule folder in your rules directory
+terragrunt run-all apply
+```
+
+# Arguments
+
+- The `--format` flag can be used to specify export format, currently it supports only Terraform.
+- The `--output-version` flag can be used to specify the Terraform version. Currently, only "1.x" is supported.
+- The `--rdklib-layer-arn` flag can be used for attaching Lambda Layer ARN that contains the desired `rdklib` layer. Note that Lambda Layers are region-specific.
+- The `--lambda-role-arn` flag can be used for assigning existing iam role to all Lambda functions created for Custom Config Rules.
+- The `--lambda-layers` flag can be used for attaching a comma-separated list of Lambda Layer ARNs to deploy with your Lambda function(s).
+- The `--lambda-subnets` flag can be used for attaching a comma-separated list of Subnets to deploy your Lambda function(s).
+- The `--lambda-security-groups` flag can be used for attaching a comma-separated list of Security Groups to deploy with your Lambda function(s).
+- The `--lambda-timeout` flag can be used for specifying the timeout associated to the lambda function
+- The `--copy-terraform-module` flag will copy the `rdk_module` folder into your rule directory.
+- The `custom-module-source-location` flag will set the exported TF module invocation to be sourced from the location you specify. This is useful if you modify the module or want to source it from a central location. For example, you could pass the module call to a source that deploys an Config Organization rule.
+- The `backend-bucket` flag will create a `backend.tf` file in the rule directory, pointing to the specified backend S3 bucket. The key for the state file will be `rdk_modules/<rule name>`. 
+- The `add-terragrunt-file` flag will create a `terragrunt.hcl` file in the rule directory. This is used to indicate to `terragrunt` that the module should be included in `terragrunt` automations like `run-all`.

mkdocs.yml

@@ -6,11 +6,6 @@ theme:
     primary: navy
 plugins:
   - search
-  # TODO: Enable this if/when docstrings are expanded in the core rdk module.
-  # - mkdocstrings:
-  #     handlers:
-  #       python:
-  #         paths: [rdk]
 markdown_extensions:
   - markdown_include.include:
       base_path: .

pyproject.toml

@@ -7,7 +7,7 @@
 #    or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
 [tool.poetry]
 name = "rdk"
-version = "0.17.12"
+version = "0.17.13"
 description = "Rule Development Kit CLI for AWS Config"
 authors = [
     "AWS RDK Maintainers <[email protected]>",

rdk/__init__.py

@@ -6,4 +6,4 @@
 #
 #    or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
 
-MY_VERSION = "0.17.12"
+MY_VERSION = "0.17.13"