fix(main.tf): handle enabled boolean in manage_rules (#124)

* fix(main.tf): handle enabled boolean in manage_rules * update: add missing output descriptions * fix typo * update: add versions.tf to cis-1-2-rules
cloudposse · Jan 2, 2025 · 100b25c · 100b25c
1 parent f837d33
commit 100b25c
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 4 deletions.
diff --git a/examples/cis/outputs.tf b/examples/cis/outputs.tf
@@ -1,5 +1,6 @@
 output "enabled_rules" {
-  value = module.cis_rules.rules
+  value       = module.cis_rules.rules
+  description = "The output of the enabled CIS rules"
 }
 
 output "config_recorder_id" {

diff --git a/main.tf b/main.tf
@@ -55,7 +55,7 @@ resource "aws_config_configuration_recorder_status" "recorder_status" {
 }
 
 resource "aws_config_config_rule" "rules" {
-  for_each   = module.this.enabled ? var.managed_rules : {}
+  for_each   = module.this.enabled ? { for k, v in var.managed_rules : k => v if v.enabled } : {}
   depends_on = [aws_config_configuration_recorder_status.recorder_status]
 
   name        = each.key

diff --git a/modules/cis-1-2-rules/outputs.tf b/modules/cis-1-2-rules/outputs.tf
@@ -1,3 +1,4 @@
 output "rules" {
-  value = local.enabled_rules
+  value       = local.enabled_rules
+  description = "Enabled rules"
 }
diff --git a/modules/cis-1-2-rules/versions.tf b/modules/cis-1-2-rules/versions.tf
@@ -0,0 +1,15 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.0"
+    }
+
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4.1"
+    }
+  }
+}
diff --git a/modules/conformance-pack/outputs.tf b/modules/conformance-pack/outputs.tf
@@ -1,3 +1,4 @@
 output "arn" {
-  value = aws_config_conformance_pack.default.arn
+  value       = aws_config_conformance_pack.default.arn
+  description = "ARN of the conformance pack"
 }