diff --git a/.github/workflows/commitmsg-conform.yml b/.github/workflows/commitmsg-conform.yml
index b8fe052..4940385 100644
--- a/.github/workflows/commitmsg-conform.yml
+++ b/.github/workflows/commitmsg-conform.yml
@@ -1,11 +1,14 @@
name: Commit Message Conformance
+
on:
pull_request: {}
+
permissions:
statuses: write
checks: write
contents: read
pull-requests: read
+
jobs:
commitmsg-conform:
- uses: tfstack/actions/.github/workflows/commitmsg-conform.yml@main
+ uses: actionsforge/actions/.github/workflows/commitmsg-conform.yml@main
diff --git a/.github/workflows/markdown-lint.yml b/.github/workflows/markdown-lint.yml
index 34ce215..034b809 100644
--- a/.github/workflows/markdown-lint.yml
+++ b/.github/workflows/markdown-lint.yml
@@ -1,11 +1,14 @@
name: Markdown Lint
+
on:
pull_request: {}
+
permissions:
statuses: write
checks: write
contents: read
pull-requests: read
+
jobs:
markdown-lint:
- uses: tfstack/actions/.github/workflows/markdown-lint.yml@main
+ uses: actionsforge/actions/.github/workflows/markdown-lint.yml@main
diff --git a/.github/workflows/terraform-docs.yml b/.github/workflows/terraform-docs.yml
new file mode 100644
index 0000000..56aa648
--- /dev/null
+++ b/.github/workflows/terraform-docs.yml
@@ -0,0 +1,13 @@
+name: Generate terraform docs
+
+on:
+ push:
+ branches:
+ - main
+
+permissions:
+ contents: write
+
+jobs:
+ terraform-docs:
+ uses: actionsforge/actions/.github/workflows/terraform-docs.yml@main
diff --git a/.github/workflows/terraform-lint-validate.yml b/.github/workflows/terraform-lint-validate.yml
index 82b5011..915f136 100644
--- a/.github/workflows/terraform-lint-validate.yml
+++ b/.github/workflows/terraform-lint-validate.yml
@@ -1,4 +1,5 @@
name: Terraform Lint & Validate
+
on:
pull_request: {}
permissions:
@@ -6,6 +7,7 @@ permissions:
checks: write
contents: read
pull-requests: read
+
jobs:
terraform-lint-validate:
- uses: tfstack/actions/.github/workflows/terraform-lint-validate.yml@main
+ uses: actionsforge/actions/.github/workflows/terraform-lint-validate.yml@main
diff --git a/.github/workflows/terraform-tag-and-release.yml b/.github/workflows/terraform-tag-and-release.yml
new file mode 100644
index 0000000..069a79e
--- /dev/null
+++ b/.github/workflows/terraform-tag-and-release.yml
@@ -0,0 +1,12 @@
+name: Terraform Tag and Release
+on:
+ workflow_run:
+ workflows: ["Generate terraform docs"]
+ types:
+ - completed
+
+permissions:
+ contents: write
+jobs:
+ terraform-tag-and-release:
+ uses: actionsforge/actions/.github/workflows/terraform-tag-and-release.yml@main
diff --git a/README.md b/README.md
index ba55fad..7f27627 100644
--- a/README.md
+++ b/README.md
@@ -2,68 +2,5 @@
Terraform module to create an S3 bucket
-## Requirements
-
-No requirements.
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| [aws](#provider\_aws) | 5.94.1 |
-
-## Modules
-
-No modules.
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_s3_bucket.logging](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
-| [aws_s3_bucket.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
-| [aws_s3_bucket_acl.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl) | resource |
-| [aws_s3_bucket_lifecycle_configuration.logging](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_lifecycle_configuration) | resource |
-| [aws_s3_bucket_logging.logging](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_logging) | resource |
-| [aws_s3_bucket_ownership_controls.logging](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_ownership_controls) | resource |
-| [aws_s3_bucket_ownership_controls.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_ownership_controls) | resource |
-| [aws_s3_bucket_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |
-| [aws_s3_bucket_public_access_block.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource |
-| [aws_s3_bucket_server_side_encryption_configuration.logging](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource |
-| [aws_s3_bucket_server_side_encryption_configuration.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource |
-| [aws_s3_bucket_versioning.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning) | resource |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| [allowed\_principals](#input\_allowed\_principals) | List of IAM principals allowed to access the S3 bucket. Use '*' for public access. | `list(string)` | [
"*"
]
| no |
-| [block\_public\_acls](#input\_block\_public\_acls) | Whether to block public ACLs on the S3 bucket. | `bool` | `true` | no |
-| [block\_public\_policy](#input\_block\_public\_policy) | Whether to block public bucket policies. | `bool` | `true` | no |
-| [bucket\_acl](#input\_bucket\_acl) | The ACL for the S3 bucket | `string` | `"private"` | no |
-| [bucket\_name](#input\_bucket\_name) | The name of the S3 bucket (must be unique, 3-63 characters, lowercase, and DNS-compliant) | `string` | n/a | yes |
-| [bucket\_suffix](#input\_bucket\_suffix) | Optional suffix for the S3 bucket name. | `string` | `""` | no |
-| [enable\_versioning](#input\_enable\_versioning) | Enable versioning for the bucket | `bool` | `true` | no |
-| [force\_destroy](#input\_force\_destroy) | Whether to allow deletion of non-empty bucket | `bool` | `false` | no |
-| [ignore\_public\_acls](#input\_ignore\_public\_acls) | Whether to ignore public ACLs for this bucket. | `bool` | `true` | no |
-| [logging\_enabled](#input\_logging\_enabled) | Enable logging for the S3 bucket | `bool` | `false` | no |
-| [logging\_encryption\_algorithm](#input\_logging\_encryption\_algorithm) | The encryption algorithm used for S3 logging. Valid values: 'AES256', 'aws:kms'. | `string` | `"AES256"` | no |
-| [logging\_encryption\_enabled](#input\_logging\_encryption\_enabled) | Enable encryption for S3 logging. | `bool` | `true` | no |
-| [logging\_lifecycle\_filter\_prefix](#input\_logging\_lifecycle\_filter\_prefix) | Prefix to apply S3 lifecycle rule to. Set to "" to apply to all objects. | `string` | `""` | no |
-| [logging\_log\_retention\_days](#input\_logging\_log\_retention\_days) | Number of days to retain S3 logging data before expiration. | `number` | `30` | no |
-| [logging\_s3\_prefix](#input\_logging\_s3\_prefix) | Prefix for S3 logging objects. | `string` | `"s3/"` | no |
-| [object\_ownership](#input\_object\_ownership) | Defines who owns newly uploaded objects in the bucket. | `string` | `"BucketOwnerPreferred"` | no |
-| [restrict\_public\_buckets](#input\_restrict\_public\_buckets) | Whether to restrict public access to the bucket. | `bool` | `true` | no |
-| [sse\_algorithm](#input\_sse\_algorithm) | The encryption algorithm for S3 bucket | `string` | `"AES256"` | no |
-| [tags](#input\_tags) | Tags for the S3 bucket | `map(string)` | `{}` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| [bucket\_arn](#output\_bucket\_arn) | The ARN of the S3 bucket |
-| [bucket\_domain\_name](#output\_bucket\_domain\_name) | The bucket domain name |
-| [bucket\_hosted\_zone\_id](#output\_bucket\_hosted\_zone\_id) | The Route 53 hosted zone ID for this bucket |
-| [bucket\_id](#output\_bucket\_id) | The ID (name) of the S3 bucket |
-| [bucket\_logging\_target](#output\_bucket\_logging\_target) | The target bucket for logging (if logging is enabled) |
-| [bucket\_region](#output\_bucket\_region) | The AWS region where the S3 bucket is located |
+
+
diff --git a/examples/minimal/.terraform.lock.hcl b/examples/minimal/.terraform.lock.hcl
new file mode 100644
index 0000000..d92d544
--- /dev/null
+++ b/examples/minimal/.terraform.lock.hcl
@@ -0,0 +1,44 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+ version = "5.84.0"
+ constraints = "5.84.0"
+ hashes = [
+ "h1:dwpeFUdcxgXVAc0JSqO57xf0/r2qOBLPloombCQWFz8=",
+ "zh:078f77438aba6ec8bf9154b7d223e5c71c48d805d6cd3bcf9db0cc1e82668ac3",
+ "zh:1f6591ff96be00501e71b792ed3a5a14b21ff03afec9a1c4a3fd9300e6e5b674",
+ "zh:2ab694e022e81dd74485351c5836148a842ed71cf640664c9d871cb517b09602",
+ "zh:33c8ccb6e3dc496e828a7572dd981366c6271075c1189f249b9b5236361d7eff",
+ "zh:6f31068ebad1d627e421c72ccdaafe678c53600ca73714e977bf45ff43ae5d17",
+ "zh:7488623dccfb639347cae66f9001d39cf06b92e8081975235a1ac3a0ac3f44aa",
+ "zh:7f042b78b9690a8725c95b91a70fc8e264011b836605bcc342ac297b9ea3937d",
+ "zh:88b56ac6c7209dc0a775b79975a371918f3aed8f015c37d5899f31deff37c61a",
+ "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+ "zh:a1979ba840d704af0932f8de5f541cbb4caa9b6bbd25ed552a24e6772175ba07",
+ "zh:b058c0533dae580e69d1adbc1f69e6a80632374abfc10e8634d06187a108e87b",
+ "zh:c88610af9cf957f8dcf4382e0c9ca566ef10e3290f5de01d4d90b2d81b078aa8",
+ "zh:e9562c055a2247d0c287772b55abef468c79f8d66a74780fe1c5e5dae1a284a9",
+ "zh:f7a7c71d28441d925a25c08c4485c015b2d9f0338bc9707443e91ff8e161d3d9",
+ "zh:fee533e81976d0900aa6fa443dc54ef171cbd901847f28a6e8edb1d161fa6fde",
+ ]
+}
+
+provider "registry.terraform.io/hashicorp/random" {
+ version = "3.7.2"
+ hashes = [
+ "h1:356j/3XnXEKr9nyicLUufzoF4Yr6hRy481KIxRVpK0c=",
+ "zh:14829603a32e4bc4d05062f059e545a91e27ff033756b48afbae6b3c835f508f",
+ "zh:1527fb07d9fea400d70e9e6eb4a2b918d5060d604749b6f1c361518e7da546dc",
+ "zh:1e86bcd7ebec85ba336b423ba1db046aeaa3c0e5f921039b3f1a6fc2f978feab",
+ "zh:24536dec8bde66753f4b4030b8f3ef43c196d69cccbea1c382d01b222478c7a3",
+ "zh:29f1786486759fad9b0ce4fdfbbfece9343ad47cd50119045075e05afe49d212",
+ "zh:4d701e978c2dd8604ba1ce962b047607701e65c078cb22e97171513e9e57491f",
+ "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+ "zh:7b8434212eef0f8c83f5a90c6d76feaf850f6502b61b53c329e85b3b281cba34",
+ "zh:ac8a23c212258b7976e1621275e3af7099e7e4a3d4478cf8d5d2a27f3bc3e967",
+ "zh:b516ca74431f3df4c6cf90ddcdb4042c626e026317a33c53f0b445a3d93b720d",
+ "zh:dc76e4326aec2490c1600d6871a95e78f9050f9ce427c71707ea412a2f2f1a62",
+ "zh:eac7b63e86c749c7d48f527671c7aee5b4e26c10be6ad7232d6860167f99dbb0",
+ ]
+}
diff --git a/output.tf b/output.tf
deleted file mode 100644
index eb2dfda..0000000
--- a/output.tf
+++ /dev/null
@@ -1,29 +0,0 @@
-output "bucket_id" {
- description = "The ID (name) of the S3 bucket"
- value = aws_s3_bucket.this.id
-}
-
-output "bucket_arn" {
- description = "The ARN of the S3 bucket"
- value = aws_s3_bucket.this.arn
-}
-
-output "bucket_region" {
- description = "The AWS region where the S3 bucket is located"
- value = aws_s3_bucket.this.region
-}
-
-output "bucket_domain_name" {
- description = "The bucket domain name"
- value = aws_s3_bucket.this.bucket_domain_name
-}
-
-output "bucket_hosted_zone_id" {
- description = "The Route 53 hosted zone ID for this bucket"
- value = aws_s3_bucket.this.hosted_zone_id
-}
-
-output "bucket_logging_target" {
- description = "The target bucket for logging (if logging is enabled)"
- value = var.logging_enabled ? aws_s3_bucket.logging[0].id : null
-}
diff --git a/outputs.tf b/outputs.tf
new file mode 100644
index 0000000..c90005f
--- /dev/null
+++ b/outputs.tf
@@ -0,0 +1,64 @@
+output "bucket_arn" {
+ description = "The ARN of the S3 bucket"
+ value = aws_s3_bucket.this.arn
+}
+
+output "bucket_bucket_domain_name" {
+ description = "The bucket domain name (suitable for direct website hosting)"
+ value = aws_s3_bucket.this.bucket_domain_name
+}
+
+output "bucket_bucket_regional_domain_name" {
+ description = "The bucket region-specific domain name"
+ value = aws_s3_bucket.this.bucket_regional_domain_name
+}
+
+output "bucket_domain_name" {
+ description = "The bucket domain name"
+ value = aws_s3_bucket.this.bucket_domain_name
+}
+
+output "bucket_encryption_configuration" {
+ description = "The bucket's server-side encryption configuration"
+ value = length(aws_s3_bucket.this.server_side_encryption_configuration) > 0 ? aws_s3_bucket.this.server_side_encryption_configuration : null
+}
+
+output "bucket_hosted_zone_id" {
+ description = "The Route 53 hosted zone ID for this bucket"
+ value = aws_s3_bucket.this.hosted_zone_id
+}
+
+output "bucket_id" {
+ description = "The ID of the S3 bucket"
+ value = aws_s3_bucket.this.id
+}
+
+output "bucket_lifecycle_configuration" {
+ description = "The bucket's lifecycle configuration"
+ value = length(aws_s3_bucket.this.lifecycle_rule) > 0 ? aws_s3_bucket.this.lifecycle_rule : null
+}
+
+output "bucket_logging_target" {
+ description = "The target bucket for logging (if logging is enabled)"
+ value = var.logging_enabled ? aws_s3_bucket.logging[0].id : null
+}
+
+output "bucket_name" {
+ description = "The name of the S3 bucket"
+ value = aws_s3_bucket.this.bucket
+}
+
+output "bucket_region" {
+ description = "The AWS region where the S3 bucket is located"
+ value = aws_s3_bucket.this.region
+}
+
+output "bucket_replication_configuration" {
+ description = "The bucket's replication configuration"
+ value = length(aws_s3_bucket.this.replication_configuration) > 0 ? aws_s3_bucket.this.replication_configuration : null
+}
+
+output "bucket_versioning" {
+ description = "The bucket's versioning configuration"
+ value = length(aws_s3_bucket.this.versioning) > 0 ? aws_s3_bucket.this.versioning : null
+}