diff --git a/.githooks/pre-commit b/.githooks/pre-commit
index 98253d7..1489b2b 100755
--- a/.githooks/pre-commit
+++ b/.githooks/pre-commit
@@ -46,6 +46,11 @@ if command_exists ./node_modules/.bin/prettier; then
echo "$files" | xargs ./node_modules/.bin/prettier --ignore-unknown --write
fi
+if command_exists tflint; then
+ tflint --init
+ tflint --config "$(pwd)/.tflint.hcl" --color --recursive
+fi
+
# Add the modified/prettified files to staging
echo "$files" | xargs git add
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index f1c2f66..696a8ac 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -85,6 +85,21 @@ jobs:
git diff --exit-code --color=always || ( echo "Terraform docs are
out-of-date. See the diff above." && exit 1 )
+ tflint:
+ runs-on: ubuntu-latest
+
+ env:
+ TFLINT_CONFIG_FILE: "${{ github.workspace }}/.tflint.hcl"
+
+ steps:
+ - uses: actions/checkout@v4
+ - uses: terraform-linters/setup-tflint@v4
+ with:
+ tflint_version: "latest"
+
+ - run: tflint --init
+ - run: tflint --color --recursive
+
prettier:
runs-on: ubuntu-latest
steps:
diff --git a/.tflint.hcl b/.tflint.hcl
new file mode 100644
index 0000000..4e0dd53
--- /dev/null
+++ b/.tflint.hcl
@@ -0,0 +1,25 @@
+tflint {
+ required_version = ">= 0.53.0"
+}
+
+config {
+ plugin_dir = "~/.tflint.d/plugins"
+ call_module_type = "local"
+}
+
+plugin "terraform" {
+ enabled = true
+ preset = "all"
+}
+
+plugin "aws" {
+ enabled = true
+ version = "0.38.0"
+ source = "github.com/terraform-linters/tflint-ruleset-aws"
+}
+
+plugin "azurerm" {
+ enabled = true
+ version = "0.27.0"
+ source = "github.com/terraform-linters/tflint-ruleset-azurerm"
+}
diff --git a/asset-account/terraform/stack-set/README.md b/asset-account/terraform/stack-set/README.md
index 82ddbc0..b45a7d8 100644
--- a/asset-account/terraform/stack-set/README.md
+++ b/asset-account/terraform/stack-set/README.md
@@ -65,10 +65,10 @@ No modules.
| [managed_execution](#input_managed_execution) | [See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_set#managed_execution-1) | object({
active = optional(bool)
}) | `null` | no |
| [operation_preferences](#input_operation_preferences) | [See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_instances#operation_preferences) | object({
concurrency_mode = optional(string)
failure_tolerance_count = optional(number)
failure_tolerance_percentage = optional(number)
max_concurrent_count = optional(number)
max_concurrent_percentage = optional(number)
# Region settings are not supported, because
# there must be at most one stack per account
# in a single region.
}) | `null` | no |
| [permission_model](#input_permission_model) | [See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_set#permission_model-1) | `string` | `null` | no |
-| [region](#input_region) | The AWS region where the Elastio Asset Account stack instances will be deployed.
It is just a single region because this stack is deployed only once per AWS account. | `string` | `"us-east-1"` | no |
| [retain_stacks](#input_retain_stacks) | [See docs here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_instances#retain_stacks-1) | `bool` | `null` | no |
-| [stack_set_description](#input_stack_set_description) | n/a | `string` | `"Elastio Asset Account StackSet creates IAM roles to link the AWS accounts with\nthe Elastio Connector. This allows the Elastio Connector to scan the assets\navailable in the account where the Elastio Asset Account stack instances are\ndeployed.\n"` | no |
-| [stack_set_name](#input_stack_set_name) | n/a | `string` | `"ElastioAssetAccount"` | no |
+| [stack_instances_region](#input_stack_instances_region) | The AWS region where the Elastio Asset Account stack instances will be deployed.
It is just a single region because this stack is deployed only once per AWS account. | `string` | `"us-east-1"` | no |
+| [stack_set_description](#input_stack_set_description) | The description of the CloudFormation StackSet. | `string` | `"Elastio Asset Account StackSet creates IAM roles to link the AWS accounts with\nthe Elastio Connector. This allows the Elastio Connector to scan the assets\navailable in the account where the Elastio Asset Account stack instances are\ndeployed.\n"` | no |
+| [stack_set_name](#input_stack_set_name) | The name of the CloudFormation StackSet. | `string` | `"ElastioAssetAccount"` | no |
| [tags](#input_tags) | Additional tags to apply to all resources created by this stack. | `map(string)` | `{}` | no |
| [template_url](#input_template_url) | The URL of the Elastio Asset Account CloudFormation template obtained from
the Elastio Portal.
This parameter is sensitive, because anyone who knows this URL can deploy
Elastio Account stack and linking it to your Elastio tenant. | `string` | n/a | yes |
diff --git a/asset-account/terraform/stack-set/examples/self-managed/main.tf b/asset-account/terraform/stack-set/examples/self-managed/main.tf
new file mode 100644
index 0000000..e69de29
diff --git a/asset-account/terraform/stack-set/examples/self-managed/outputs.tf b/asset-account/terraform/stack-set/examples/self-managed/outputs.tf
new file mode 100644
index 0000000..e69de29
diff --git a/asset-account/terraform/stack-set/examples/self-managed/variables.tf b/asset-account/terraform/stack-set/examples/self-managed/variables.tf
index e355baf..3769478 100644
--- a/asset-account/terraform/stack-set/examples/self-managed/variables.tf
+++ b/asset-account/terraform/stack-set/examples/self-managed/variables.tf
@@ -13,11 +13,13 @@ variable "template_url" {
}
variable "admin_account_aws_profile" {
+ description = "The AWS CLI profile name for the admin account."
type = string
default = null
}
variable "asset_account_aws_profile" {
+ description = "The AWS CLI profile name for the asset account."
type = string
default = null
}
diff --git a/asset-account/terraform/stack-set/examples/self-managed/versions.tf b/asset-account/terraform/stack-set/examples/self-managed/versions.tf
new file mode 100644
index 0000000..ddfcb0e
--- /dev/null
+++ b/asset-account/terraform/stack-set/examples/self-managed/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+ required_version = ">= 1.0"
+
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = ">= 5.0"
+ }
+ }
+}
diff --git a/asset-account/terraform/stack-set/examples/service-managed/outputs.tf b/asset-account/terraform/stack-set/examples/service-managed/outputs.tf
new file mode 100644
index 0000000..e69de29
diff --git a/asset-account/terraform/stack-set/examples/service-managed/versions.tf b/asset-account/terraform/stack-set/examples/service-managed/versions.tf
new file mode 100644
index 0000000..7117131
--- /dev/null
+++ b/asset-account/terraform/stack-set/examples/service-managed/versions.tf
@@ -0,0 +1,3 @@
+terraform {
+ required_version = ">= 1.0"
+}
diff --git a/asset-account/terraform/stack-set/main.tf b/asset-account/terraform/stack-set/main.tf
index 91fe644..aa4ec97 100644
--- a/asset-account/terraform/stack-set/main.tf
+++ b/asset-account/terraform/stack-set/main.tf
@@ -61,6 +61,7 @@ resource "aws_cloudformation_stack_instances" "this" {
stack_set_name = aws_cloudformation_stack_set.this.name
accounts = var.accounts
+ regions = [var.stack_instances_region]
dynamic "deployment_targets" {
for_each = var.deployment_targets[*]
diff --git a/asset-account/terraform/stack-set/variables.tf b/asset-account/terraform/stack-set/variables.tf
index 4c6ba4d..24bb656 100644
--- a/asset-account/terraform/stack-set/variables.tf
+++ b/asset-account/terraform/stack-set/variables.tf
@@ -51,7 +51,7 @@ variable "deployment_targets" {
## Optional parameters ##
#########################
-variable "region" {
+variable "stack_instances_region" {
description = <<-DESCR
The AWS region where the Elastio Asset Account stack instances will be deployed.
It is just a single region because this stack is deployed only once per AWS account.
@@ -82,12 +82,14 @@ variable "auto_deployment" {
}
variable "stack_set_name" {
+ description = "The name of the CloudFormation StackSet."
type = string
nullable = false
default = "ElastioAssetAccount"
}
variable "stack_set_description" {
+ description = "The description of the CloudFormation StackSet."
type = string
nullable = false
default = <<-DESCR