Update READMEs for Include/Exclude support (#52)

Author: ravinadhruve10

README.md

@@ -68,12 +68,12 @@ Notice that:
 ## Organizational Install Configurations
 
 There are four new parameters to configure organizational deployments on the cloud for Sysdig Secure for Cloud :-
-1. `include_ouids` - List of AWS Organizational Unit IDs to deploy the Sysdig Secure for Cloud stack resources in.
-2. `exclude_ouids` - List of AWS Organizational Unit IDs to exclude deploying the Sysdig Secure for Cloud stack resources in.
-3. `include_accounts` - List of AWS Accounts to deploy the Sysdig Secure for Cloud stack resources in.
-4. `exclude_accounts` - List of AWS Accounts to exclude deploying the Sysdig Secure for Cloud stack resources in.
+1. `include_ouids` - List of AWS Organizational Unit IDs to deploy the Sysdig Secure for Cloud resources in.
+2. `exclude_ouids` - List of AWS Organizational Unit IDs to exclude deploying the Sysdig Secure for Cloud resources in.
+3. `include_accounts` - List of AWS Accounts to deploy the Sysdig Secure for Cloud resources in.
+4. `exclude_accounts` - List of AWS Accounts to exclude deploying the Sysdig Secure for Cloud resources in.
 
-Note: module variable `organizational_unit_ids` / `org_units` will be DEPRECATED soon going forward. You can use `include_ouids` instead to achieve the same deployment outcome.
+**WARNING**: module variable `organizational_unit_ids` / `org_units` will be DEPRECATED soon going forward. Please work with Sysdig to migrate your Terraform installs to use `include_ouids` instead to achieve the same deployment outcome.
 
 ## Best practices
 

modules/agentless-scanning/README.md

@@ -62,7 +62,7 @@ No modules.
 | <a name="input_kms_key_deletion_window"></a> [kms\_key\_deletion\_window](#input\_kms\_key\_deletion\_window) | Deletion window for shared KMS key | `number` | `7` | no |
 | <a name="input_mgt_stackset"></a> [mgt\_stackset](#input\_mgt\_stackset) | (Optional) Indicates if the management stackset should be deployed | `bool` | `true` | no |
 | <a name="input_name"></a> [name](#input\_name) | The name of the installation. Assigned to most child resource(s) | `string` | `"sysdig-secure-scanning"` | no |
-| <a name="input_org_units"></a> [org\_units](#input\_org\_units) | (Optional) List of Organization Unit IDs in which to setup Agentless Scanning. By default, Agentless Scanning will be setup in all accounts within the Organization. This field is ignored if `is_organizational = false` | `set(string)` | `[]` | no |
+| <a name="input_org_units"></a> [org\_units](#input\_org\_units) | TO BE DEPRECATED: Please work with Sysdig to migrate to using `include_ouids` instead.<br>(Optional) List of Organization Unit IDs in which to setup Agentless Scanning. By default, Agentless Scanning will be setup in all accounts within the Organization. This field is ignored if `is_organizational = false` | `set(string)` | `[]` | no |
 | <a name="input_regions"></a> [regions](#input\_regions) | (Optional) List of regions in which to install Agentless Scanning | `set(string)` | `[]` | no |
 | <a name="input_scanning_account_id"></a> [scanning\_account\_id](#input\_scanning\_account\_id) | The identifier of the account that will receive volume snapshots | `string` | `"878070807337"` | no |
 | <a name="input_stackset_admin_role_arn"></a> [stackset\_admin\_role\_arn](#input\_stackset\_admin\_role\_arn) | (Optional) stackset admin role to run SELF\_MANAGED stackset | `string` | `""` | no |

modules/agentless-scanning/variables.tf

@@ -32,7 +32,7 @@ variable "is_organizational" {
 
 variable "org_units" {
   description = <<-EOF
-    TO BE DEPRECATED: Please migrate to using `include_ouids` instead.
+    TO BE DEPRECATED: Please work with Sysdig to migrate to using `include_ouids` instead.
     When set, list of Organization Unit IDs to setup Agentless Scanning. By default, Agentless Scanning will be setup in all accounts within the Organization.
     This field is ignored if `is_organizational = false`
     EOF

modules/config-posture/README.md

@@ -52,7 +52,7 @@ No modules.
 |----------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------|---------------|-------------------------------------------------------------|:--------:|
 | <a name="input_failure_tolerance_percentage"></a> [failure\_tolerance\_percentage](#input\_failure\_tolerance\_percentage) | The percentage of accounts, per Region, for which stack operations can fail before AWS CloudFormation stops the operation in that Region              | `number`      | `90`                                                        |    no    |
 | <a name="input_is_organizational"></a> [is\_organizational](#input\_is\_organizational)                                    | true/false whether secure-for-cloud should be deployed in an organizational setup (all accounts of org) or not (only on default aws provider account) | `bool`        | `false`                                                     |    no    |
-| <a name="input_org_units"></a> [org\_units](#input\_org\_units)                                                            | Org unit id to install cspm                                                                                                                           | `set(string)` | `[]`                                                        |    no    |
+| <a name="input_org_units"></a> [org\_units](#input\_org\_units)                                                            | TO BE DEPRECATED: Please work with Sysdig to migrate to using `include_ouids` instead.<br>Org unit id to install cspm                                                                                                                           | `set(string)` | `[]`                                                        |    no    |
 | <a name="input_region"></a> [region](#input\_region)                                                                       | Default region for resource creation in organization mode                                                                                             | `string`      | `""`                                                        |    no    |
 | <a name="input_tags"></a> [tags](#input\_tags)                                                                             | sysdig secure-for-cloud tags. always include 'product' default tag for resource-group proper functioning                                              | `map(string)` | <pre>{<br>  "product": "sysdig-secure-for-cloud"<br>}</pre> |    no    |
 | <a name="input_timeout"></a> [timeout](#input\_timeout)                                                                    | Default timeout values for create, update, and delete operations                                                                                      | `string`      | `"30m"`                                                     |    no    |

modules/config-posture/variables.tf

@@ -10,7 +10,7 @@ variable "is_organizational" {
 
 variable "org_units" {
   description = <<-EOF
-    TO BE DEPRECATED: Please migrate to using `include_ouids` instead.
+    TO BE DEPRECATED: Please work with Sysdig to migrate to using `include_ouids` instead.
     When set, org units to install cspm.
     EOF
   type        = set(string)

modules/integrations/event-bridge/README.md

@@ -75,7 +75,7 @@ No modules.
 | <a name="input_is_organizational"></a> [is\_organizational](#input\_is\_organizational) | (Optional) Set this field to 'true' to deploy EventBridge to an AWS Organization (Or specific OUs) | `bool` | `false` | no |
 | <a name="input_mgt_stackset"></a> [mgt\_stackset](#input\_mgt\_stackset) | (Optional) Indicates if the management stackset should be deployed | `bool` | `true` | no |
 | <a name="input_name"></a> [name](#input\_name) | (Optional) Name to be assigned to all child resources. A suffix may be added internally when required. Use default value unless you need to install multiple instances | `string` | `"sysdig-secure-events"` | no |
-| <a name="input_org_units"></a> [org\_units](#input\_org\_units) | DEPRECATED: Defaults to `[]`, use `include_ouids` instead.<br>When set, list of Organization Unit IDs in which to setup EventBridge. By default, EventBridge will be setup in all accounts within the Organization." | `set(string)` | `[]` | no |
+| <a name="input_org_units"></a> [org\_units](#input\_org\_units) | TO BE DEPRECATED: Please work with Sysdig to migrate to using `include_ouids` instead.<br>When set, list of Organization Unit IDs in which to setup EventBridge. By default, EventBridge will be setup in all accounts within the Organization." | `set(string)` | `[]` | no |
 | <a name="input_regions"></a> [regions](#input\_regions) | (Optional) List of regions in which to setup EventBridge. By default, current region is selected | `set(string)` | `[]` | no |
 | <a name="input_rule_state"></a> [rule\_state](#input\_rule\_state) | State of the rule. When state is ENABLED, the rule is enabled for all events except those delivered by CloudTrail. To also enable the rule for events delivered by CloudTrail, set state to ENABLED\_WITH\_ALL\_CLOUDTRAIL\_MANAGEMENT\_EVENTS. | `string` | `"ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS"` | no |
 | <a name="input_stackset_admin_role_arn"></a> [stackset\_admin\_role\_arn](#input\_stackset\_admin\_role\_arn) | (Optional) stackset admin role arn to run SELF\_MANAGED stackset | `string` | `""` | no |

modules/integrations/event-bridge/variables.tf

@@ -6,7 +6,7 @@ variable "is_organizational" {
 
 variable "org_units" {
   description = <<-EOF
-    TO BE DEPRECATED: Please migrate to using `include_ouids` instead.
+    TO BE DEPRECATED: Please work with Sysdig to migrate to using `include_ouids` instead.
     When set, list of Organization Unit IDs in which to setup EventBridge. By default, EventBridge will be setup in all accounts within the Organization.
     This field is ignored if `is_organizational = false`
     EOF

modules/onboarding/README.md

@@ -59,7 +59,7 @@ No modules.
 |----------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------|-------------------------------------------------------------|:--------:|
 | <a name="input_failure_tolerance_percentage"></a> [failure\_tolerance\_percentage](#input\_failure\_tolerance\_percentage) | The percentage of accounts, per Region, for which stack operations can fail before AWS CloudFormation stops the operation in that Region                                                     | `number`      | `90`                                                        |    no    |
 | <a name="input_is_organizational"></a> [is\_organizational](#input\_is\_organizational)                                    | true/false whether secure-for-cloud should be deployed in an organizational setup (all accounts of org) or not (only on default aws provider account)                                        | `bool`        | `false`                                                     |    no    |
-| <a name="input_organizational_unit_ids"></a> [organizational\_unit\_ids](#input\_organizational\_unit\_ids)                | DEPRECATED: Defaults to `[]`, use `include_ouids` instead. Restrict onboarding to a set of organizational unit identifiers whose child accounts and organizational units are to be onboarded | `set(string)` | `[]`                                                        |    no    |
+| <a name="input_organizational_unit_ids"></a> [organizational\_unit\_ids](#input\_organizational\_unit\_ids)                | TO BE DEPRECATED: Please work with Sysdig to migrate to using `include_ouids` instead.<br>Restrict onboarding to a set of organizational unit identifiers whose child accounts and organizational units are to be onboarded | `set(string)` | `[]`                                                        |    no    |
 | <a name="input_region"></a> [region](#input\_region)                                                                       | Default region for resource creation in organization mode                                                                                                                                    | `string`      | `""`                                                        |    no    |
 | <a name="input_tags"></a> [tags](#input\_tags)                                                                             | sysdig secure-for-cloud tags. always include 'product' default tag for resource-group proper functioning                                                                                     | `map(string)` | <pre>{<br>  "product": "sysdig-secure-for-cloud"<br>}</pre> |    no    |
 | <a name="input_timeout"></a> [timeout](#input\_timeout)                                                                    | Default timeout values for create, update, and delete operations                                                                                                                             | `string`      | `"30m"`                                                     |    no    |

modules/onboarding/variables.tf

@@ -49,7 +49,7 @@ variable "is_gov_cloud_onboarding" {
 
 variable "organizational_unit_ids" {
   description = <<-EOF
-    TO BE DEPRECATED: Please migrate to using `include_ouids` instead.
+    TO BE DEPRECATED: Please work with Sysdig to migrate to using `include_ouids` instead.
     When set, restrict onboarding to a set of organizational unit identifiers whose child accounts and organizational units are to be onboarded.
     Default: onboard all organizational units.
     EOF

modules/vm-workload-scanning/README.md

@@ -53,7 +53,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_tags"></a> [tags](#input_tags) | sysdig secure-for-cloud tags. always include 'product' default tag for resource-group proper functioning | `map(string)` | <pre>{<br>"product": "sysdig-secure-for-cloud"<br>}</pre> | no |
 | <a name="input_is_organizational"></a> [is_organizational](#input_is_organizational) | Set this field to 'true' to deploy Agentless Workload Scanning to an AWS Organization (Or specific OUs) | `bool` | `false` | no |
-| <a name="input_organizational_units_ids"></a> [organizational_units_ids](#input_org_units) | List of Organization Unit IDs in which to setup Agentless Workload Scanning. By default, Agentless Workload Scanning will be setup in all accounts within the Organization. This field is ignored if `is_organizational = false` | `set(string)` | `[]` | no |
+| <a name="input_organizational_units_ids"></a> [organizational_units_ids](#input_org_units) | TO BE DEPRECATED: Please work with Sysdig to migrate to using `include_ouids` instead.<br>List of Organization Unit IDs in which to setup Agentless Workload Scanning. By default, Agentless Workload Scanning will be setup in all accounts within the Organization. This field is ignored if `is_organizational = false` | `set(string)` | `[]` | no |
 | <a name="input_timeout"></a> [timeout](#input_timeout) | Default timeout values for create, update, and delete operations | `string` | `"30m"` | no |
 | <a name="input_failure_tolerance_percentage"></a> [failure_tolerance_percentage](#input_failure_tolerance_percentage) | The percentage of accounts, per Region, for which stack operations can fail before AWS CloudFormation stops the operation in that Region | `number` | `90` | no |
 | <a name="input_lambda_scanning_enabled"></a> [lambda_scanning_enabled](#input_lambda_scanning_enabled) | Set this field to 'true' to deploy Agentless Workload Scanning for Lambda functions | `bool` | `false` | no |