docs: description on all outputs and inputs

malhussan · malhussan · commit 9c09a277dea1 · 2022-03-04T17:56:51.000+01:00
diff --git a/TERRAFORM_DOCS.md b/TERRAFORM_DOCS.md
@@ -34,17 +34,17 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_automation_account_service_role_name"></a> [automation\_account\_service\_role\_name](#input\_automation\_account\_service\_role\_name) | Name of the custom role in the automation account. See https://docs.meshcloud.io/docs/meshstack.aws.index.html#automation-account-setup | `string` | `"MeshfedAutomationRole"` | no |
+| <a name="input_automation_account_service_role_name"></a> [automation\_account\_service\_role\_name](#input\_automation\_account\_service\_role\_name) | Name of the custom role in the automation account. See https://docs.meshcloud.io/docs/meshstack.how-to.integrate-meshplatform-aws-manually.html#set-up-aws-account-3-automation | `string` | `"MeshfedAutomationRole"` | no |
 | <a name="input_automation_profile"></a> [automation\_profile](#input\_automation\_profile) | AWS Account profile for automation AWS account. | `string` | `"automation"` | no |
 | <a name="input_aws_enrollment_enabled"></a> [aws\_enrollment\_enabled](#input\_aws\_enrollment\_enabled) | Set to true, to allow meshStack to enroll Accounts via AWS Control Tower for the meshPlatform. | `bool` | `false` | no |
 | <a name="input_aws_sso_instance_arn"></a> [aws\_sso\_instance\_arn](#input\_aws\_sso\_instance\_arn) | AWS SSO Instance ARN. Needs to be of the form arn:aws:sso:::instance/ssoins-xxxxxxxxxxxxxxx. Setup instructions https://docs.meshcloud.io/docs/meshstack.aws.sso-setup.html. | `string` | n/a | yes |
 | <a name="input_cost_explorer_management_account_service_role_name"></a> [cost\_explorer\_management\_account\_service\_role\_name](#input\_cost\_explorer\_management\_account\_service\_role\_name) | Name of the custom role in the management account used by the cost explorer user. | `string` | `"MeshCostExplorerServiceRole"` | no |
 | <a name="input_cost_explorer_meshcloud_account_service_user_name"></a> [cost\_explorer\_meshcloud\_account\_service\_user\_name](#input\_cost\_explorer\_meshcloud\_account\_service\_user\_name) | Name of the user using cost explorer service to collect metering data. | `string` | `"meshcloud-cost-explorer-user"` | no |
 | <a name="input_cost_explorer_privileged_external_id"></a> [cost\_explorer\_privileged\_external\_id](#input\_cost\_explorer\_privileged\_external\_id) | Set this variable to a random UUID version 4. The external id is a secondary key to make an AssumeRole API call. | `string` | n/a | yes |
 | <a name="input_landing_zone_ou_arns"></a> [landing\_zone\_ou\_arns](#input\_landing\_zone\_ou\_arns) | Organizational Unit ARNs that are used in Landing Zones. We recommend to explicitly list the OU ARNs that meshStack should manage. | `list(string)` | <pre>[<br>  "arn:aws:organizations::*:ou/o-*/ou-*"<br>]</pre> | no |
-| <a name="input_management_account_service_role_name"></a> [management\_account\_service\_role\_name](#input\_management\_account\_service\_role\_name) | Name of the custom role in the management account. See https://docs.meshcloud.io/docs/meshstack.aws.index.html#aws-management-account-setup | `string` | `"MeshfedServiceRole"` | no |
+| <a name="input_management_account_service_role_name"></a> [management\_account\_service\_role\_name](#input\_management\_account\_service\_role\_name) | Name of the custom role in the management account. See https://docs.meshcloud.io/docs/meshstack.how-to.integrate-meshplatform-aws-manually.html#set-up-aws-account-2-management | `string` | `"MeshfedServiceRole"` | no |
 | <a name="input_management_profile"></a> [management\_profile](#input\_management\_profile) | AWS Account profile for management AWS account. | `string` | `"management"` | no |
-| <a name="input_meshcloud_account_service_user_name"></a> [meshcloud\_account\_service\_user\_name](#input\_meshcloud\_account\_service\_user\_name) | Name of the user for accessing meshcloud account. | `string` | `"meshfed-service-user"` | no |
+| <a name="input_meshcloud_account_service_user_name"></a> [meshcloud\_account\_service\_user\_name](#input\_meshcloud\_account\_service\_user\_name) | Name of the meshfed-service user. This user is responsible for replication. | `string` | `"meshfed-service-user"` | no |
 | <a name="input_meshcloud_profile"></a> [meshcloud\_profile](#input\_meshcloud\_profile) | AWS Account profile for meshcloud AWS account. | `string` | `"meshcloud"` | no |
 | <a name="input_region"></a> [region](#input\_region) | AWS region of the three AWS accounts needed for the meshPlatform. | `string` | `"eu-central-1"` | no |
 | <a name="input_replicator_privileged_external_id"></a> [replicator\_privileged\_external\_id](#input\_replicator\_privileged\_external\_id) | Set this variable to a random UUID version 4. The external id is a secondary key to make an AssumeRole API call. | `string` | n/a | yes |
diff --git a/modules/meshcloud-cost-explorer/management-account-access/README.md b/modules/meshcloud-cost-explorer/management-account-access/README.md
@@ -29,9 +29,9 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_management_account_service_role_name"></a> [management\_account\_service\_role\_name](#input\_management\_account\_service\_role\_name) | n/a | `string` | `"MeshCostExplorerServiceRole"` | no |
-| <a name="input_meshcloud_account_id"></a> [meshcloud\_account\_id](#input\_meshcloud\_account\_id) | The ID of meshcloud AWS Account | `string` | n/a | yes |
-| <a name="input_meshcloud_account_service_user_name"></a> [meshcloud\_account\_service\_user\_name](#input\_meshcloud\_account\_service\_user\_name) | n/a | `string` | `"meshcloud-cost-explorer-user"` | no |
+| <a name="input_management_account_service_role_name"></a> [management\_account\_service\_role\_name](#input\_management\_account\_service\_role\_name) | Name of the custom role in the management account used by the cost explorer user. | `string` | `"MeshCostExplorerServiceRole"` | no |
+| <a name="input_meshcloud_account_id"></a> [meshcloud\_account\_id](#input\_meshcloud\_account\_id) | The ID of the meshcloud AWS Account. | `string` | n/a | yes |
+| <a name="input_meshcloud_account_service_user_name"></a> [meshcloud\_account\_service\_user\_name](#input\_meshcloud\_account\_service\_user\_name) | Name of the user using cost explorer service to collect metering data. | `string` | `"meshcloud-cost-explorer-user"` | no |
 | <a name="input_privileged_external_id"></a> [privileged\_external\_id](#input\_privileged\_external\_id) | Privileged external ID for the meshfed-service to use | `string` | n/a | yes |
 
 ## Outputs
diff --git a/modules/meshcloud-cost-explorer/management-account-access/variables.tf b/modules/meshcloud-cost-explorer/management-account-access/variables.tf
@@ -1,16 +1,18 @@
 variable "management_account_service_role_name" {
-  type    = string
-  default = "MeshCostExplorerServiceRole"
+  type        = string
+  default     = "MeshCostExplorerServiceRole"
+  description = "Name of the custom role in the management account used by the cost explorer user."
 }
 
 variable "meshcloud_account_service_user_name" {
-  type    = string
-  default = "meshcloud-cost-explorer-user"
+  type        = string
+  default     = "meshcloud-cost-explorer-user"
+  description = "Name of the user using cost explorer service to collect metering data."
 }
 
 variable "meshcloud_account_id" {
   type        = string
-  description = "The ID of meshcloud AWS Account"
+  description = "The ID of the meshcloud AWS Account."
 }
 
 variable "privileged_external_id" {
diff --git a/modules/meshcloud-cost-explorer/meshcloud-account-access/README.md b/modules/meshcloud-cost-explorer/meshcloud-account-access/README.md
@@ -29,13 +29,13 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_management_account_id"></a> [management\_account\_id](#input\_management\_account\_id) | The ID of the Management Account | `string` | n/a | yes |
-| <a name="input_management_account_service_role_name"></a> [management\_account\_service\_role\_name](#input\_management\_account\_service\_role\_name) | n/a | `string` | `"MeshCostExplorerServiceRole"` | no |
-| <a name="input_meshcloud_account_service_user_name"></a> [meshcloud\_account\_service\_user\_name](#input\_meshcloud\_account\_service\_user\_name) | n/a | `string` | `"meshcloud-cost-explorer-user"` | no |
+| <a name="input_management_account_id"></a> [management\_account\_id](#input\_management\_account\_id) | The ID of the Management Account. | `string` | n/a | yes |
+| <a name="input_management_account_service_role_name"></a> [management\_account\_service\_role\_name](#input\_management\_account\_service\_role\_name) | Name of the custom role in the management account used by the cost explorer user. | `string` | `"MeshCostExplorerServiceRole"` | no |
+| <a name="input_meshcloud_account_service_user_name"></a> [meshcloud\_account\_service\_user\_name](#input\_meshcloud\_account\_service\_user\_name) | Name of the user using cost explorer service to collect metering data. | `string` | `"meshcloud-cost-explorer-user"` | no |
 | <a name="input_privileged_external_id"></a> [privileged\_external\_id](#input\_privileged\_external\_id) | Privileged external ID for the cost-explorer-service to use | `string` | n/a | yes |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| <a name="output_aws_iam_keys"></a> [aws\_iam\_keys](#output\_aws\_iam\_keys) | n/a |
+| <a name="output_aws_iam_keys"></a> [aws\_iam\_keys](#output\_aws\_iam\_keys) | AWS access and secret keys for cost explorer user. |
diff --git a/modules/meshcloud-cost-explorer/meshcloud-account-access/outputs.tf b/modules/meshcloud-cost-explorer/meshcloud-account-access/outputs.tf
@@ -1,6 +1,8 @@
 output "aws_iam_keys" {
+  description = "AWS access and secret keys for cost explorer user."
   value = {
     aws_access_key = aws_iam_access_key.meshcloud_cost_explorer.id
     aws_secret_key = aws_iam_access_key.meshcloud_cost_explorer.secret
   }
+  sensitive = true
 }
diff --git a/modules/meshcloud-cost-explorer/meshcloud-account-access/variables.tf b/modules/meshcloud-cost-explorer/meshcloud-account-access/variables.tf
@@ -1,16 +1,18 @@
 variable "management_account_service_role_name" {
-  type    = string
-  default = "MeshCostExplorerServiceRole"
+  type        = string
+  default     = "MeshCostExplorerServiceRole"
+  description = "Name of the custom role in the management account used by the cost explorer user."
 }
 
 variable "meshcloud_account_service_user_name" {
-  type    = string
-  default = "meshcloud-cost-explorer-user"
+  type        = string
+  default     = "meshcloud-cost-explorer-user"
+  description = "Name of the user using cost explorer service to collect metering data."
 }
 
 variable "management_account_id" {
   type        = string
-  description = "The ID of the Management Account"
+  description = "The ID of the Management Account."
 }
 
 variable "privileged_external_id" {
diff --git a/modules/meshcloud-replicator/automation-account-access/README.md b/modules/meshcloud-replicator/automation-account-access/README.md
@@ -34,10 +34,10 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_automation_account_service_role_name"></a> [automation\_account\_service\_role\_name](#input\_automation\_account\_service\_role\_name) | n/a | `string` | `"MeshfedAutomationRole"` | no |
-| <a name="input_meshcloud_account_id"></a> [meshcloud\_account\_id](#input\_meshcloud\_account\_id) | The ID of the meshcloud AWS Account | `string` | n/a | yes |
-| <a name="input_meshcloud_account_service_user_name"></a> [meshcloud\_account\_service\_user\_name](#input\_meshcloud\_account\_service\_user\_name) | n/a | `string` | n/a | yes |
-| <a name="input_privileged_external_id"></a> [privileged\_external\_id](#input\_privileged\_external\_id) | Privileged external ID for the meshfed-service to use | `string` | n/a | yes |
+| <a name="input_automation_account_service_role_name"></a> [automation\_account\_service\_role\_name](#input\_automation\_account\_service\_role\_name) | Name of the custom role in the automation account. See https://docs.meshcloud.io/docs/meshstack.how-to.integrate-meshplatform-aws-manually.html#set-up-aws-account-3-automation | `string` | `"MeshfedAutomationRole"` | no |
+| <a name="input_meshcloud_account_id"></a> [meshcloud\_account\_id](#input\_meshcloud\_account\_id) | The ID of the meshcloud AWS Account. | `string` | n/a | yes |
+| <a name="input_meshcloud_account_service_user_name"></a> [meshcloud\_account\_service\_user\_name](#input\_meshcloud\_account\_service\_user\_name) | Name of the meshfed-service user. This user is responsible for replication. | `string` | `"meshfed-service-user"` | no |
+| <a name="input_privileged_external_id"></a> [privileged\_external\_id](#input\_privileged\_external\_id) | Privileged external ID for the meshfed-service to use. | `string` | n/a | yes |
 
 ## Outputs
 
diff --git a/modules/meshcloud-replicator/automation-account-access/variables.tf b/modules/meshcloud-replicator/automation-account-access/variables.tf
@@ -1,18 +1,21 @@
 variable "meshcloud_account_service_user_name" {
-  type = string
+  type        = string
+  default     = "meshfed-service-user"
+  description = "Name of the meshfed-service user. This user is responsible for replication."
 }
 
 variable "meshcloud_account_id" {
   type        = string
-  description = "The ID of the meshcloud AWS Account"
+  description = "The ID of the meshcloud AWS Account."
 }
 
 variable "privileged_external_id" {
   type        = string
-  description = "Privileged external ID for the meshfed-service to use"
+  description = "Privileged external ID for the meshfed-service to use."
 }
 
 variable "automation_account_service_role_name" {
-  type    = string
-  default = "MeshfedAutomationRole"
+  type        = string
+  default     = "MeshfedAutomationRole"
+  description = "Name of the custom role in the automation account. See https://docs.meshcloud.io/docs/meshstack.how-to.integrate-meshplatform-aws-manually.html#set-up-aws-account-3-automation"
 }
diff --git a/modules/meshcloud-replicator/management-account-access/README.md b/modules/meshcloud-replicator/management-account-access/README.md
@@ -37,10 +37,10 @@ No modules.
 | <a name="input_aws_enrollment_enabled"></a> [aws\_enrollment\_enabled](#input\_aws\_enrollment\_enabled) | Set to true, to allow meshStack to enroll Accounts via AWS Control Tower for the meshPlatform | `bool` | `false` | no |
 | <a name="input_aws_sso_instance_arn"></a> [aws\_sso\_instance\_arn](#input\_aws\_sso\_instance\_arn) | ARN of the AWS SSO instance to use | `string` | n/a | yes |
 | <a name="input_landing_zone_ou_arns"></a> [landing\_zone\_ou\_arns](#input\_landing\_zone\_ou\_arns) | Organizational Unit ARNs that are used in Landing Zones. We recommend to explicitly list the OU ARNs that meshStack should manage. | `list(string)` | <pre>[<br>  "arn:aws:organizations::*:ou/o-*/ou-*"<br>]</pre> | no |
-| <a name="input_management_account_service_role_name"></a> [management\_account\_service\_role\_name](#input\_management\_account\_service\_role\_name) | n/a | `string` | `"MeshfedServiceRole"` | no |
-| <a name="input_meshcloud_account_id"></a> [meshcloud\_account\_id](#input\_meshcloud\_account\_id) | The ID of the meshCloud AWS Account | `string` | n/a | yes |
-| <a name="input_meshcloud_account_service_user_name"></a> [meshcloud\_account\_service\_user\_name](#input\_meshcloud\_account\_service\_user\_name) | n/a | `string` | `"meshfed-service-user"` | no |
-| <a name="input_meshstack_access_role_name"></a> [meshstack\_access\_role\_name](#input\_meshstack\_access\_role\_name) | n/a | `string` | `"MeshstackAccountAccessRole"` | no |
+| <a name="input_management_account_service_role_name"></a> [management\_account\_service\_role\_name](#input\_management\_account\_service\_role\_name) | Name of the custom role in the management account. See https://docs.meshcloud.io/docs/meshstack.how-to.integrate-meshplatform-aws-manually.html#set-up-aws-account-2-management | `string` | `"MeshfedServiceRole"` | no |
+| <a name="input_meshcloud_account_id"></a> [meshcloud\_account\_id](#input\_meshcloud\_account\_id) | The ID of the meshcloud AWS Account | `string` | n/a | yes |
+| <a name="input_meshcloud_account_service_user_name"></a> [meshcloud\_account\_service\_user\_name](#input\_meshcloud\_account\_service\_user\_name) | Name of the meshfed-service user. This user is responsible for replication. | `string` | `"meshfed-service-user"` | no |
+| <a name="input_meshstack_access_role_name"></a> [meshstack\_access\_role\_name](#input\_meshstack\_access\_role\_name) | Account access role used by meshfed-service. | `string` | `"MeshstackAccountAccessRole"` | no |
 | <a name="input_privileged_external_id"></a> [privileged\_external\_id](#input\_privileged\_external\_id) | Privileged external ID for the meshfed-service to use | `string` | n/a | yes |
 | <a name="input_support_root_account_via_aws_sso"></a> [support\_root\_account\_via\_aws\_sso](#input\_support\_root\_account\_via\_aws\_sso) | Set to true to allow meshStack to manage the Organization's AWS Root account's access via AWS SSO | `bool` | `false` | no |
 
diff --git a/modules/meshcloud-replicator/management-account-access/variables.tf b/modules/meshcloud-replicator/management-account-access/variables.tf
@@ -1,21 +1,24 @@
 variable "management_account_service_role_name" {
-  type    = string
-  default = "MeshfedServiceRole"
+  type        = string
+  default     = "MeshfedServiceRole"
+  description = "Name of the custom role in the management account. See https://docs.meshcloud.io/docs/meshstack.how-to.integrate-meshplatform-aws-manually.html#set-up-aws-account-2-management"
 }
 
 variable "meshcloud_account_service_user_name" {
-  type    = string
-  default = "meshfed-service-user"
+  type        = string
+  default     = "meshfed-service-user"
+  description = "Name of the meshfed-service user. This user is responsible for replication."
 }
 
 variable "meshstack_access_role_name" {
-  type    = string
-  default = "MeshstackAccountAccessRole"
+  type        = string
+  default     = "MeshstackAccountAccessRole"
+  description = "Account access role used by meshfed-service."
 }
 
 variable "meshcloud_account_id" {
   type        = string
-  description = "The ID of the meshCloud AWS Account"
+  description = "The ID of the meshcloud AWS Account"
 }
 
 variable "privileged_external_id" {
diff --git a/modules/meshcloud-replicator/meshcloud-account-access/README.md b/modules/meshcloud-replicator/meshcloud-account-access/README.md
@@ -30,14 +30,14 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_automation_account_id"></a> [automation\_account\_id](#input\_automation\_account\_id) | The ID of the Management Account ID | `string` | n/a | yes |
-| <a name="input_automation_account_service_role_name"></a> [automation\_account\_service\_role\_name](#input\_automation\_account\_service\_role\_name) | n/a | `string` | `"MeshfedAutomationRole"` | no |
+| <a name="input_automation_account_service_role_name"></a> [automation\_account\_service\_role\_name](#input\_automation\_account\_service\_role\_name) | Name of the custom role in the automation account. See https://docs.meshcloud.io/docs/meshstack.how-to.integrate-meshplatform-aws-manually.html#set-up-aws-account-3-automation | `string` | `"MeshfedAutomationRole"` | no |
 | <a name="input_management_account_id"></a> [management\_account\_id](#input\_management\_account\_id) | The ID of the Management Account ID | `string` | n/a | yes |
-| <a name="input_management_account_service_role_name"></a> [management\_account\_service\_role\_name](#input\_management\_account\_service\_role\_name) | n/a | `string` | `"MeshfedServiceRole"` | no |
-| <a name="input_meshcloud_account_service_user_name"></a> [meshcloud\_account\_service\_user\_name](#input\_meshcloud\_account\_service\_user\_name) | n/a | `string` | `"meshfed-service-user"` | no |
+| <a name="input_management_account_service_role_name"></a> [management\_account\_service\_role\_name](#input\_management\_account\_service\_role\_name) | Name of the custom role in the management account. See https://docs.meshcloud.io/docs/meshstack.how-to.integrate-meshplatform-aws-manually.html#set-up-aws-account-2-management | `string` | `"MeshfedServiceRole"` | no |
+| <a name="input_meshcloud_account_service_user_name"></a> [meshcloud\_account\_service\_user\_name](#input\_meshcloud\_account\_service\_user\_name) | Name of the meshfed-service user. This user is responsible for replication. | `string` | `"meshfed-service-user"` | no |
 | <a name="input_privileged_external_id"></a> [privileged\_external\_id](#input\_privileged\_external\_id) | Privileged external ID for the meshfed-service to use | `string` | n/a | yes |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| <a name="output_aws_iam_keys"></a> [aws\_iam\_keys](#output\_aws\_iam\_keys) | n/a |
+| <a name="output_aws_iam_keys"></a> [aws\_iam\_keys](#output\_aws\_iam\_keys) | AWS access and secret keys for meshfed-service user. |
diff --git a/modules/meshcloud-replicator/meshcloud-account-access/outputs.tf b/modules/meshcloud-replicator/meshcloud-account-access/outputs.tf
@@ -1,6 +1,8 @@
 output "aws_iam_keys" {
+  description = "AWS access and secret keys for meshfed-service user."
   value = {
     aws_access_key = aws_iam_access_key.meshfed_service.id
     aws_secret_key = aws_iam_access_key.meshfed_service.secret
   }
+  sensitive = true
 }
diff --git a/modules/meshcloud-replicator/meshcloud-account-access/variables.tf b/modules/meshcloud-replicator/meshcloud-account-access/variables.tf
diff --git a/variables.tf b/variables.tf

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,8 @@`
`1`	`1`	`output "aws_iam_keys" {`
	`2`	`+ description = "AWS access and secret keys for cost explorer user."`
`2`	`3`	`value = {`
`3`	`4`	`aws_access_key = aws_iam_access_key.meshcloud_cost_explorer.id`
`4`	`5`	`aws_secret_key = aws_iam_access_key.meshcloud_cost_explorer.secret`
`5`	`6`	`}`
	`7`	`+ sensitive = true`
`6`	`8`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,18 +1,21 @@`
`1`	`1`	`variable "meshcloud_account_service_user_name" {`
`2`		`- type = string`
	`2`	`+ type = string`
	`3`	`+ default = "meshfed-service-user"`
	`4`	`+ description = "Name of the meshfed-service user. This user is responsible for replication."`
`3`	`5`	`}`
`4`	`6`
`5`	`7`	`variable "meshcloud_account_id" {`
`6`	`8`	`type = string`
`7`		`- description = "The ID of the meshcloud AWS Account"`
	`9`	`+ description = "The ID of the meshcloud AWS Account."`
`8`	`10`	`}`
`9`	`11`
`10`	`12`	`variable "privileged_external_id" {`
`11`	`13`	`type = string`
`12`		`- description = "Privileged external ID for the meshfed-service to use"`
	`14`	`+ description = "Privileged external ID for the meshfed-service to use."`
`13`	`15`	`}`
`14`	`16`
`15`	`17`	`variable "automation_account_service_role_name" {`
`16`		`- type = string`
`17`		`- default = "MeshfedAutomationRole"`
	`18`	`+ type = string`
	`19`	`+ default = "MeshfedAutomationRole"`
	`20`	`+ description = "Name of the custom role in the automation account. See https://docs.meshcloud.io/docs/meshstack.how-to.integrate-meshplatform-aws-manually.html#set-up-aws-account-3-automation"`
`18`	`21`	`}`