bitovi
diff --git a/‎README.md
Lines changed: 129 additions & 52 deletions b/‎README.md
Lines changed: 129 additions & 52 deletions
@@ -23,9 +23,7 @@ If you would like to deploy a backend app/service, check out our other actions:
 # Need help or have questions?
 This project is supported by [Bitovi, A DevOps consultancy](https://www.bitovi.com/services/devops-consulting).
 
-You can **get help or ask questions** on our:
-
-- [Discord Community](https://discord.gg/zAHn4JBVcX)
+You can **get help or ask questions** on our [Discord channel](https://discord.gg/zAHn4JBVcX)! Come hang out with us; We love discussing solutions!
 
 Or, you can hire us for training, consulting, or development. [Set up a free consultation](https://www.bitovi.com/services/devops-consulting).
 
@@ -37,6 +35,24 @@ Or, you can hire us for training, consulting, or development. [Set up a free con
   - `ST2_AUTH_USERNAME`
   - `ST2_AUTH_PASSWORD`
 
+:warning: In the latest release, some variables were replaced.  Old one will not work.
+
+| Old variable | Replaced By | 
+| - | - | 
+| aws_extra_tags | aws_additional_tags | 
+| aws_ec2_instance_profile | aws_ec2_iam_instance_profile |
+| aws_ec2_instance_vol_size | aws_ec2_instance_root_vol_size | 
+| aws_domain_name | aws_r53_domain_name | 
+| aws_sub_domain_name | aws_r53_sub_domain_name | 
+| aws_root_domain_deploy | aws_r53_root_domain_deploy | 
+| aws_cert_arn | aws_r53_cert_arn | 
+| aws_create_root_cert | aws_r53_create_root_cert | 
+| aws_create_sub_cert | aws_r53_create_sub_cert | 
+| aws_no_cert | aws_r53_enable_cert :warning:  |  
+
+> :warning: `aws_no_cert` has the opossite value of `aws_r53_enable_cert`. Cert lookup is set to `true` by default, and won't fail if it can't find any.
+<br/>
+
 ## Example usage
 
 Create a Github Action Workflow `.github/workflow/deploy-st2.yaml` with the following to build on push to the `main` branch.
@@ -79,56 +95,117 @@ This will create the following resources in AWS:
 ## Customizing
 
 ### Inputs
+1. [Action Defaults](#action-defaults-inputs)
+2. [AWS Configuration](#aws-configuration-inputs)
+4. [EC2](#ec2-instance-config)
+5. [Stackstorm inputs](#stackstorm-inputs)
+6. [Stack Management](#stack-management)
+7. [Domains and certificates](#domains-and-certificates)
+8. [VPC](#vpc-configuration)
+9. [Advanced Options](#advanced-options)
+
+### Outputs
+1. [Action Outpus](#action-outputs)
+
 
 The following inputs can be used as `steps.with` keys:
+<br/>
+<br/>
+
+#### **Action defaults Inputs**
+| Name             | Type    | Description                        | 
+|------------------|---------|------------------------------------|
+| `checkout` | Boolean | Set to `false` if the code is already checked out. (Default is `true`). |
+<hr/>
+<br/>
+
+#### **AWS Configuration Inputs**
+| Name             | Type    | Description                        |
+|------------------|---------|------------------------------------|
+| `aws_access_key_id` | String | AWS access key ID |
+| `aws_secret_access_key` | String | AWS secret access key |
+| `aws_session_token` | String | AWS session token |
+| `aws_default_region` | String | AWS default region. Defaults to `us-east-1` |
+| `aws_resource_identifier` | String | Set to override the AWS resource identifier for the deployment. Defaults to `${GITHUB_ORG_NAME}-${GITHUB_REPO_NAME}-${GITHUB_BRANCH_NAME}`. |
+| `aws_additional_tags` | JSON | Add additional tags to the terraform [default tags](https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider), any tags put here will be added to all provisioned resources. |
+<hr/>
+<br/>
+
+ #### **EC2 Instance config** 
+| Name             | Type    | Description                        |
+|------------------|---------|------------------------------------|
+| `aws_ec2_instance_type` | String | The AWS IAM instance type to use. Default is `t3.medium`. See [this list](https://aws.amazon.com/ec2/instance-types/) for reference. |
+| `aws_ec2_instance_root_vol_size` | Integer | Define the volume size (in GiB) for the root volume on the AWS Instance. Defaults to `8`. | 
+| `aws_ec2_instance_root_vol_preserve` | Boolean | Set this to true to avoid deletion of root volume on termination. Defaults to `false`. | 
+| `aws_ec2_security_group_name` | String | The name of the EC2 security group. Defaults to `SG for ${aws_resource_identifier} - EC2`. |
+| `aws_ec2_iam_instance_profile` | String | The AWS IAM instance profile to use for the EC2 instance. Will create one if none provided with the name `aws_resource_identifier`. |
+| `aws_ec2_create_keypair_sm` | Boolean | Generates and manages a secret manager entry that contains the public and private keys created for the ec2 instance. Defaults to `false`. |
+| `aws_ec2_instance_public_ip` | Boolean | Add a public IP to the instance or not. Defaults to `true`. |
+| `aws_ec2_additional_tags` | JSON | Add additional tags to the terraform [default tags](https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider), any tags put here will be added to ec2 provisioned resources.|
+<hr/>
+<br/>
+
+ #### **Stackstorm inputs** 
+| Name             | Type    | Description                        |
+|------------------|---------|------------------------------------|
+| `st2_auth_username` | String | Username used by StackStorm standalone authentication. Set as a secret in GH Actions. |
+| `st2_auth_password` | String | Password used by StackStorm standalone authentication. Set as a secret in GH Actions. |
+| `st2_packs` | String | Comma separated list of packs to install. If you modify this option, be sure to also include `st2` in the list. Defaults to `"st2"` |
+| `st2_ansible_extra_vars_file` | String | Relative path from project root to Ansible vars file. If you'd like to adjust more advanced configuration; st2 version, st2.conf, RBAC, chatops, auth, etc. See https://github.com/stackStorm/ansible-st2#variables for the full list of settings. The Ansible vars will take higher precedence over the GHA inputs. |
+| `st2_version_tag` | String | Stackstorm Ansible release tag to use. See https://github.com/StackStorm/ansible-st2/releases |
+<hr/>
+<br/>
+
+#### **Stack Management** 
+| Name             | Type    | Description                        |
+|------------------|---------|------------------------------------|
+| `tf_stack_destroy` | Boolean  | Set to `true` to destroy the stack - Will delete the `elb logs bucket` after the destroy action runs. |
+| `tf_state_file_name` | String | Change this to be anything you want to. Carefull to be consistent here. A missing file could trigger recreation, or stepping over destruction of non-defined objects. Defaults to `tf-state-aws`. |
+| `tf_state_file_name_append` | String | Appends a string to the tf-state-file. Setting this to `unique` will generate `tf-state-aws-unique`. (Can co-exist with `tf_state_file_name`) |
+| `tf_state_bucket` | String | AWS S3 bucket name to use for Terraform state. See [note](#s3-buckets-naming) | 
+| `tf_state_bucket_destroy` | Boolean | Force purge and deletion of S3 bucket defined. Any file contained there will be destroyed. `tf_stack_destroy` must also be `true`. Default is `false`. |
+<hr/>
+<br/>
+
+#### **Domains and certificates** 
+| Name             | Type    | Description                        |
+|------------------|---------|------------------------------------|
+| `aws_r53_domain_name` | String | Define the root domain name for the application. e.g. bitovi.com'. |
+| `aws_r53_sub_domain_name` | String | Define the sub-domain part of the URL. Defaults to `aws_resource_identifier`. |
+| `aws_r53_root_domain_deploy` | Boolean | Deploy application to root domain. Will create root and www records. Default is `false`. |
+| `aws_r53_enable_cert` | Boolean | Set this to true if you wish to manage certificates through AWS Certificate Manager with Terraform. **See note**. Default is `false`. | 
+| `aws_r53_cert_arn` | String | Define the certificate ARN to use for the application. **See note**. |
+| `aws_r53_create_root_cert` | Boolean | Generates and manage the root cert for the application. **See note**. Default is `false`. |
+| `aws_r53_create_sub_cert` | Boolean | Generates and manage the sub-domain certificate for the application. **See note**. Default is `false`. |
+| `aws_r53_additional_tags` | JSON | Add additional tags to the terraform [default tags](https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider), any tags put here will be added to R53 provisioned resources.|
+<hr/>
+<br/>
+
+#### **VPC configuration**
+| Name             | Type    | Description                        |
+|------------------|---------|------------------------------------|
+| `aws_vpc_create` | Boolean | Define if a VPC should be created. Defaults to `false`. |
+| `aws_vpc_name` | String | Define a name for the VPC. Defaults to `VPC for ${aws_resource_identifier}`. |
+| `aws_vpc_cidr_block` | String | Define Base CIDR block which is divided into subnet CIDR blocks. Defaults to `10.0.0.0/16`. |
+| `aws_vpc_public_subnets` | String | Comma separated list of public subnets. Defaults to `10.10.110.0/24`|
+| `aws_vpc_private_subnets` | String | Comma separated list of private subnets. If no input, no private subnet will be created. Defaults to `<none>`. |
+| `aws_vpc_availability_zones` | String | Comma separated list of availability zones. Defaults to `aws_default_region+<random>` value. If a list is defined, the first zone will be the one used for the EC2 instance. |
+| `aws_vpc_id` | String | **Existing** AWS VPC ID to use. Accepts `vpc-###` values. |
+| `aws_vpc_subnet_id` | String | **Existing** AWS VPC Subnet ID. If none provided, will pick one. (Ideal when there's only one). |
+| `aws_vpc_enable_nat_gateway` | Boolean | Adds a NAT gateway for each public subnet. Defaults to `false`. |
+| `aws_vpc_single_nat_gateway` | Boolean | Toggles only one NAT gateway for all of the public subnets. Defaults to `false`. |
+| `aws_vpc_external_nat_ip_ids` | String | **Existing** comma separated list of IP IDs if reusing. (ElasticIPs). |
+| `aws_vpc_additional_tags` | JSON | Add additional tags to the terraform [default tags](https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider), any tags put here will be added to vpc provisioned resources.|
+<hr/>
+<br/>
 
-| Name             | Type    | Default     | Description                        |
-|------------------|---------|-------------|------------------------------------|
-| `checkout` | bool | `true` | Specifies if this action should checkout the code (i.e. whether or not to run the `uses: actions/checkout@v3` action prior to deploying so that the deployment has access to the repo files) |
-| **AWS configuration** |
-| `aws_access_key_id` | string | | AWS access key ID (Required) |
-| `aws_secret_access_key` | string | | AWS secret access key (Required) |
-| `aws_session_token` | string | | AWS session token, if you're using temporary credentials |
-| `aws_default_region` | string | `us-east-1` | AWS default region (Required) |
-| `aws_resource_identifier` | string | `${org}-${repo}-${branch}` | Auto-generated by default so it's unique for org/repo/branch. Set to override with custom naming the unique AWS resource identifier for the deployment. |
-| `aws_extra_tags` | json | | A list of additional tags that will be included on created resources. Example: `{"key1": "value1", "key2": "value2"}`. |
-| **EC2 Instance config** |
-| `aws_ec2_instance_type` | string | `t2.medium` | The AWS EC2 instance type. |
-| `aws_ec2_instance_profile` | string | | [The AWS IAM instance profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) to use for the EC2 instance. Use if you want to pass an AWS role with specific permissions granted to the instance |
-| `aws_ec2_create_keypair_sm` |  bool | | Generates and manage a secret manager entry that contains the public and private keys created for the ec2 instance. |
-| `aws_ec2_instance_vol_size` | string | 8 | Define the volume size (in GiB) for the root volume on the AWS Instance. | 
-| `aws_ec2_additional_tags` | string | | Add additional tags to the terraform [default tags](https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider), any tags put here will be added to ec2 provisioned resources.|
-| `infrastructure_only` | bool | `false` | Set to true to provision infrastructure (with Terraform) but skip the app deployment (with ansible) |
-| **StackStorm configuration** |
-| `st2_auth_username` | string | | Username used by StackStorm standalone authentication. Set as a secret in GH Actions. |
-| `st2_auth_password` | string | | Password used by StackStorm standalone authentication. Set as a secret in GH Actions. |
-| `st2_packs` | string |`"st2"` | Comma separated list of packs to install. If you modify this option, be sure to also include `st2` in the list. |
-| `st2_ansible_extra_vars_file` | string | | Relative path from project root to Ansible vars file. If you'd like to adjust more advanced configuration; st2 version, st2.conf, RBAC, chatops, auth, etc. See https://github.com/stackStorm/ansible-st2#variables for the full list of settings. The Ansible vars will take higher precedence over the GHA inputs. |
-| `st2_version_tag` | | Stackstorm Ansible release tag to use. See https://github.com/StackStorm/ansible-st2/releases |
-| **Stack Management** |
-| `tf_stack_destroy` | bool | `false` | Set to `true` to Destroy the created AWS infrastructure for this instance |
-| `tf_state_file_name` | string | `tf-state-aws` | Change this to be anything you want to. Carefull to be consistent here. A missing file could trigger recreation, or stepping over destruction of non-defined objects. |
-| `tf_state_file_name_append` | string | | Appends a string to the tf-state-file name. Setting this to `unique` will generate `tf-state-aws-unique`. (Can co-exist with `tf_state_file_name`) |
-| `tf_state_bucket` | string | `${aws_resource_identifier}-tf-state` | AWS S3 bucket to use for Terraform state. By default, a new deployment will be created for each unique branch. Hardcode if you want to keep a shared resource state between the several branches. |
-| `tf_state_bucket_destroy` | bool | `false` | Force purge and deletion of `tf_state_bucket` defined. Any file contained there will be destroyed. `tf_stack_destroy` must also be `true` |
-| **Domain and certificates configuration** |
-| `aws_domain_name` | string | | Define the root domain name for the application. e.g. bitovi.com'. If empty, ELB URL will be provided. |
-| `aws_sub_domain` | string | `${org}-${repo}-${branch}` | Define the sub-domain part of the URL. |
-| `aws_root_domain` | bool | `false` | Deploy application to root domain. Will create root and www DNS records. Domain must exist in Route53. |
-| `aws_cert_arn` | string | | Existing certificate ARN to be used in the ELB. Use if you manage a certificate outside of this action. See [this](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-list.html) for how to find the certificate ARN. **See note**. |
-| `aws_create_root_cert` | bool | `false`| Generates and manage the root certificate for the application to be used in the ELB. **See note**.|
-| `aws_create_sub_cert` | bool | `false` | Generates and manage the sub-domain certificate for the application to be used in the ELB. **See note**.|
-| `aws_no_cert` | bool | `false` | Set this to true if you want not to use a certificate in the ELB. **See note**. |
-| **VPC configuration** |
-| `aws_vpc_create` | bool | | Define if a VPC should be created |
-| `aws_vpc_name` | string | | Define a name for the VPC. If none defined, will use `VPC for ${aws_resource_identifier}`. |
-| `aws_vpc_cidr_block` | string | `10.0.0.0/16` | Define Base CIDR block which is divided into subnet CIDR blocks. |
-| `aws_vpc_public_subnets` | string | `10.10.110.0/24` | Comma separated list of public subnets. |
-| `aws_vpc_private_subnets` | string | | Comma separated list of private subnets. If no input, no private subnet will be created. |
-| `aws_vpc_availability_zones` | string | `aws_default_region+<random>` | Comma separated list of availability zones. If a list is defined, the first zone will be the one used for the EC2 instance. |
-| `aws_vpc_id` | string | | AWS VPC ID to use with existing VPCs. Accepts `vpc-###` values. |
-| `aws_vpc_subnet_id` | string | | AWS VPC Subnet ID. If none provided, will pick one. (Ideal when there's only one) |
-| `aws_vpc_additional_tags` | string | | Add additional tags to the VPC resources. |
+#### **Action Outputs**
+| Name             | Description                        |
+|------------------|------------------------------------|
+| `aws_vpc_id` | The selected VPC ID used. |
+| `vm_url` | The URL of the generated app. |
+| `instance_endpoint` | The URL of the generated ec2 instance. |
+| `ec2_sg_id` | SG ID for the EC2 instance. |
 
 ### Note about AWS resource identifiers
 Most resources will contain the tag `GITHUB_ORG-GITHUB_REPO-GITHUB_BRANCH` to make them unique. Because some AWS resources have a length limit, we shorten identifiers to a `60` characters max string.
@@ -190,7 +267,7 @@ jobs:
     steps:
     - id: deploy-st2-advanced
       name: Deploy StackStorm with extra Ansible vars
-      uses: bitovi/[email protected].1
+      uses: bitovi/[email protected].2
       with:
         aws_default_region: us-east-1
         aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID}}
@@ -210,7 +287,7 @@ We encourage to keep your infrastructure codified!
 You can pass additional `BITOPS_` ENV variables to adjust the deployment behavior.
 ```yaml
 - name: Deploy StackStorm to AWS (dry-run)
-  uses: bitovi/[email protected].1
+  uses: bitovi/[email protected].2
   env:
     # Extra BitOps configuration:
     BITOPS_LOGGING_LEVEL: INFO