feedback changes

README.md

@@ -118,14 +118,16 @@ module "cis_alarms" {
 }
 ```
 
+AWS CloudTrail normally publishes logs into AWS CloudWatch Logs. This module creates log metric filters together with metric alarms according to [CIS AWS Foundations Benchmark v1.4.0 (05-28-2021)](https://www.cisecurity.org/benchmark/amazon_web_services/). Read more about [CIS AWS Foundations Controls](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html).
+
 ### Metric Stream 
 
 ```hcl
 module "metric_stream" {
   name          = "metric-stream"
-  firehose_arn  = aws_kinesis_firehose_delivery_stream.metric_stream.arn
+  firehose_arn  = "arn:aws:firehose:eu-west-1:835367859852:deliverystream/metric-stream-example"
   output_format = "json"
-  role_arn      = module.stream_to_firehose_role.iam_role_arn
+  role_arn      = "arn:aws:iam::835367859852:role/metric-stream-to-firehose-20240113005123755300000002"
 
   # conflicts with exclude_filter
   include_filter = {
@@ -162,8 +164,6 @@ module "metric_stream" {
 }
 ```
 
-AWS CloudTrail normally publishes logs into AWS CloudWatch Logs. This module creates log metric filters together with metric alarms according to [CIS AWS Foundations Benchmark v1.4.0 (05-28-2021)](https://www.cisecurity.org/benchmark/amazon_web_services/). Read more about [CIS AWS Foundations Controls](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html).
-
 ### Query Definition
 
 ```hcl

examples/metric-stream/README.md

@@ -34,12 +34,13 @@ Note that this example may create resources which cost money. Run `terraform des
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_firehose_to_s3"></a> [firehose\_to\_s3](#module\_firehose\_to\_s3) | terraform-aws-modules/iam/aws//modules/iam-assumable-role | ~> 5.30 |
-| <a name="module_firehose_to_s3_policy"></a> [firehose\_to\_s3\_policy](#module\_firehose\_to\_s3\_policy) | terraform-aws-modules/iam/aws//modules/iam-policy | ~> 5.30 |
-| <a name="module_metrics_bucket"></a> [metrics\_bucket](#module\_metrics\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 3.15 |
+| <a name="module_firehose_to_s3"></a> [firehose\_to\_s3](#module\_firehose\_to\_s3) | terraform-aws-modules/iam/aws//modules/iam-assumable-role | >= 5.30 |
+| <a name="module_firehose_to_s3_policy"></a> [firehose\_to\_s3\_policy](#module\_firehose\_to\_s3\_policy) | terraform-aws-modules/iam/aws//modules/iam-policy | >= 5.30 |
+| <a name="module_metrics_bucket"></a> [metrics\_bucket](#module\_metrics\_bucket) | terraform-aws-modules/s3-bucket/aws | >= 3.15 |
 | <a name="module_stream_all"></a> [stream\_all](#module\_stream\_all) | ../../modules/metric-stream | n/a |
-| <a name="module_stream_to_firehose_policy"></a> [stream\_to\_firehose\_policy](#module\_stream\_to\_firehose\_policy) | terraform-aws-modules/iam/aws//modules/iam-policy | ~> 5.30 |
-| <a name="module_stream_to_firehose_role"></a> [stream\_to\_firehose\_role](#module\_stream\_to\_firehose\_role) | terraform-aws-modules/iam/aws//modules/iam-assumable-role | ~> 5.30 |
+| <a name="module_stream_all_disabled"></a> [stream\_all\_disabled](#module\_stream\_all\_disabled) | ../../modules/metric-stream | n/a |
+| <a name="module_stream_to_firehose_policy"></a> [stream\_to\_firehose\_policy](#module\_stream\_to\_firehose\_policy) | terraform-aws-modules/iam/aws//modules/iam-policy | >= 5.30 |
+| <a name="module_stream_to_firehose_role"></a> [stream\_to\_firehose\_role](#module\_stream\_to\_firehose\_role) | terraform-aws-modules/iam/aws//modules/iam-assumable-role | >= 5.30 |
 | <a name="module_stream_with_exclude_filter"></a> [stream\_with\_exclude\_filter](#module\_stream\_with\_exclude\_filter) | ../../modules/metric-stream | n/a |
 | <a name="module_stream_with_include_filter"></a> [stream\_with\_include\_filter](#module\_stream\_with\_include\_filter) | ../../modules/metric-stream | n/a |
 

examples/metric-stream/main.tf

@@ -81,13 +81,24 @@ module "stream_all" {
   role_arn      = module.stream_to_firehose_role.iam_role_arn
 }
 
+module "stream_all_disabled" {
+  source = "../../modules/metric-stream"
+
+  create = false
+
+  name          = "${local.name}-all-disabled"
+  firehose_arn  = aws_kinesis_firehose_delivery_stream.s3_all_stream.arn
+  output_format = "json"
+  role_arn      = module.stream_to_firehose_role.iam_role_arn
+}
+
 resource "random_pet" "this" {
   length = 2
 }
 
 module "metrics_bucket" {
   source  = "terraform-aws-modules/s3-bucket/aws"
-  version = "~> 3.15"
+  version = ">= 3.15"
 
   bucket = "${local.name}-${random_pet.this.id}"
 
@@ -129,7 +140,7 @@ resource "aws_kinesis_firehose_delivery_stream" "s3_all_stream" {
 
 module "firehose_to_s3" {
   source  = "terraform-aws-modules/iam/aws//modules/iam-assumable-role"
-  version = "~> 5.30"
+  version = ">= 5.30"
 
   trusted_role_services = [
     "firehose.amazonaws.com"
@@ -147,7 +158,7 @@ module "firehose_to_s3" {
 
 module "firehose_to_s3_policy" {
   source  = "terraform-aws-modules/iam/aws//modules/iam-policy"
-  version = "~> 5.30"
+  version = ">= 5.30"
 
   name        = "${local.name}-firehose-to-s3"
   path        = "/"
@@ -178,7 +189,7 @@ data "aws_iam_policy_document" "firehose_to_s3" {
 
 module "stream_to_firehose_role" {
   source  = "terraform-aws-modules/iam/aws//modules/iam-assumable-role"
-  version = "~> 5.30"
+  version = ">= 5.30"
 
   trusted_role_services = [
     "streams.metrics.cloudwatch.amazonaws.com"
@@ -196,7 +207,7 @@ module "stream_to_firehose_role" {
 
 module "stream_to_firehose_policy" {
   source  = "terraform-aws-modules/iam/aws//modules/iam-policy"
-  version = "~> 5.30"
+  version = ">= 5.30"
 
   name        = "${local.name}-to-firehose"
   path        = "/"