fix: some of the filters on the thresholds were not working

.terraform-docs.yaml

@@ -0,0 +1,21 @@
+formatter: markdown
+#header-from: .header.md
+settings:
+  anchor: true
+  color: true
+  default: true
+  escape: true
+  html: true
+  indent: 2
+  required: true
+  sensitive: true
+  type: true
+  lockfile: false
+
+sort:
+  enabled: true
+  by: required
+
+output:
+  file: README.md
+  mode: inject

.trivyignore

@@ -2,3 +2,4 @@ AVD-DS-0002 # (Dockerfile) Least Privilege User (HIGH) - https://avd.aquasec.com
 AVD-DS-0013 # (Dockerfile) Use Workdir Over Cd (MEDIUM) - https://avd.aquasec.com/misconfig/dockerfile/general/avd-ds-0013/
 AVD-DS-0015 # (Dockerfile) Use COPY instead of ADD (MEDIUM) - https://avd.aquasec.com/misconfig/dockerfile/general/avd-ds-0015/
 AVD-DS-0026 # (Dockerfile) Add HEALTHCHECK instruction in your Dockerfile (LOW) - https://avd.aquasec.com/misconfig/dockerfile/general/avd-ds-0013/
+AVD-AWS-0057 # https://avd.aquasec.com/misconfig/aws/iam/avd-aws-0057/

README.md

@@ -49,7 +49,7 @@ The `terraform-docs` utility is used to generate this README. Follow the below s
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.65.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0.0 |
 
 ## Modules
 
@@ -68,13 +68,13 @@ The `terraform-docs` utility is used to generate this README. Follow the below s
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_enable_notification_creation"></a> [enable\_notification\_creation](#input\_enable\_notification\_creation) | Indicates whether to create a notification lambda stack, default is true, but useful to toggle if using existing resources | `bool` | `true` | no |
-| <a name="input_enable_sns_topic_creation"></a> [enable\_sns\_topic\_creation](#input\_enable\_sns\_topic\_creation) | Indicates whether to create an SNS topic within this module | `bool` | `true` | no |
 | <a name="input_monitors"></a> [monitors](#input\_monitors) | A collection of cost anomaly monitors to create | <pre>list(object({<br>    name = string<br>    # The name of the monitor <br>    monitor_type = optional(string, "DIMENSIONAL")<br>    # The type of monitor to create <br>    monitor_dimension = optional(string, "DIMENSIONAL")<br>    # The dimension to monitor<br>    monitor_specification = optional(string, null)<br>    # The specification to monitor <br>    notify = optional(object({<br>      frequency = string<br>      # The frequency of notifications<br>      threshold_expression = optional(any, null)<br>      # The threshold expression to use for notifications<br>      }), {<br>      frequency = "DAILY"<br>    })<br>  }))</pre> | n/a | yes |
 | <a name="input_notifications"></a> [notifications](#input\_notifications) | The configuration of the notification | <pre>object({<br>    email = optional(object({<br>      addresses = list(string)<br>    }), null)<br>    slack = optional(object({<br>      channel = optional(string, null)<br>      # The channel name for notifications, required if secret_name is not provided<br>      secret_name = optional(string, null)<br>      # An optional secret name in the AWS Secrets Manager, containing this information <br>      lambda_name = optional(string, "cost-anomaly-notification")<br>      # The name of the Lambda function to use for notifications <br>      username = optional(string, "AWS Cost Anomaly Detection")<br>      # The username to use for notifications<br>      webhook_url = optional(string, null)<br>      # The URL of the Slack webhook to use for notifications, required if secret_name is not provided<br>    }), null)<br>  })</pre> | n/a | yes |
+| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | n/a | yes |
+| <a name="input_enable_notification_creation"></a> [enable\_notification\_creation](#input\_enable\_notification\_creation) | Indicates whether to create a notification lambda stack, default is true, but useful to toggle if using existing resources | `bool` | `true` | no |
+| <a name="input_enable_sns_topic_creation"></a> [enable\_sns\_topic\_creation](#input\_enable\_sns\_topic\_creation) | Indicates whether to create an SNS topic within this module | `bool` | `true` | no |
 | <a name="input_sns_topic_arn"></a> [sns\_topic\_arn](#input\_sns\_topic\_arn) | The ARN of an existing SNS topic for notifications | `string` | `null` | no |
 | <a name="input_sns_topic_name"></a> [sns\_topic\_name](#input\_sns\_topic\_name) | The name of an existing or new SNS topic  for notifications | `string` | `"cost-anomaly-notifications"` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | n/a | yes |
 
 ## Outputs
 

examples/basic/README.md

@@ -9,9 +9,7 @@
 
 ## Providers
 
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.65.0 |
+No providers.
 
 ## Modules
 
@@ -21,10 +19,7 @@
 
 ## Resources
 
-| Name | Type |
-|------|------|
-| [aws_secretsmanager_secret.notification](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/secretsmanager_secret) | data source |
-| [aws_secretsmanager_secret_version.notification](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/secretsmanager_secret_version) | data source |
+No resources.
 
 ## Inputs
 

examples/basic/main.tf

@@ -13,6 +13,27 @@ locals {
       notify = {
         frequency = "IMMEDIATE"
         threshold_expression = [
+          {
+            dimension = {
+              key           = "ANOMALY_TOTAL_IMPACT_ABSOLUTE"
+              match_options = ["GREATER_THAN_OR_EQUAL"]
+              values        = ["100"]
+            }
+          },
+          {
+            cost_category = {
+              key           = "Environment"
+              match_options = ["EQUALS"]
+              values        = ["Development"]
+            }
+          },
+          {
+            tags = {
+              key           = "Environment"
+              match_options = ["EQUALS"]
+              values        = ["Development"]
+            }
+          },
           {
             and = {
               dimension = {
@@ -38,14 +59,14 @@ locals {
 }
 
 ## Read the secret for aws secrets manager 
-data "aws_secretsmanager_secret" "notification" {
-  name = var.notification_secret_name
-}
+# data "aws_secretsmanager_secret" "notification" {
+#  name = var.notification_secret_name
+#}
 
 ## Retrieve the current version of the secret
-data "aws_secretsmanager_secret_version" "notification" {
-  secret_id = data.aws_secretsmanager_secret.notification.id
-}
+#data "aws_secretsmanager_secret_version" "notification" {
+#  secret_id = data.aws_secretsmanager_secret.notification.id
+#}
 
 module "cost_anomaly_detection" {
   source = "../../"
@@ -56,8 +77,8 @@ module "cost_anomaly_detection" {
       addresses = var.notification_email_addresses
     }
     slack = {
-      channel     = jsondecode(data.aws_secretsmanager_secret_version.notification.secret_string).channel
-      webhook_url = jsondecode(data.aws_secretsmanager_secret_version.notification.secret_string).webhook_url
+      channel     = "myfakechannel"
+      webhook_url = "https://hooks.slack.com/services/FAKE/URL"
     }
   }
   tags = var.tags

examples/existing_sns/README.md

@@ -11,7 +11,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.65.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0.0 |
 
 ## Modules
 
@@ -30,8 +30,8 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_notification_email_addresses"></a> [notification\_email\_addresses](#input\_notification\_email\_addresses) | The list of email addresses to notify | `list(string)` | `[]` | no |
 | <a name="input_notification_secret_name"></a> [notification\_secret\_name](#input\_notification\_secret\_name) | The name of the secret that contains the notification configuration | `string` | n/a | yes |
+| <a name="input_notification_email_addresses"></a> [notification\_email\_addresses](#input\_notification\_email\_addresses) | The list of email addresses to notify | `list(string)` | `[]` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to the resources | `map(string)` | `{}` | no |
 
 ## Outputs

main.tf

@@ -39,27 +39,27 @@ resource "aws_ce_anomaly_subscription" "this" {
       dynamic "dimension" {
         for_each = [for x in each.value.notify.threshold_expression : x if lookup(x, "dimension", null) != null]
         content {
-          key           = dimension.value.key
-          match_options = dimension.value.match_options
-          values        = dimension.value.values
+          key           = dimension.value.dimension.key
+          match_options = dimension.value.dimension.match_options
+          values        = dimension.value.dimension.values
         }
       }
 
       dynamic "cost_category" {
         for_each = [for x in each.value.notify.threshold_expression : x if lookup(x, "cost_category", null) != null]
         content {
-          key           = cost_category.value.key
-          match_options = cost_category.value.match_options
-          values        = cost_category.value.values
+          key           = cost_category.value.cost_category.key
+          match_options = cost_category.value.cost_category.match_options
+          values        = cost_category.value.cost_category.values
         }
       }
 
       dynamic "tags" {
         for_each = [for x in each.value.notify.threshold_expression : x if lookup(x, "tags", null) != null]
         content {
-          key           = tags.value.key
-          match_options = tags.value.match_options
-          values        = tags.value.values
+          key           = tags.value.tags.key
+          match_options = tags.value.tags.match_options
+          values        = tags.value.tags.values
         }
       }