bitovi
diff --git a/‎.gitignore‎
Lines changed: 3 additions & 1 deletion b/‎.gitignore‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎README.md‎
Lines changed: 51 additions & 30 deletions b/‎README.md‎
Lines changed: 51 additions & 30 deletions
@@ -21,4 +21,6 @@ local.sh
 
 # Github Action
 00_create_*
-00_generated_*
+00_generated_*
+
+.vscode
@@ -1,13 +1,29 @@
-# Github Action: Deploy StackStorm (βeta)
+# Github Action: Deploy StackStorm
 
 [![LICENSE](https://img.shields.io/badge/license-MIT-green)](LICENSE.md)
 [![Latest Release](https://img.shields.io/github/v/release/bitovi/github-actions-deploy-stackstorm)](https://github.com/bitovi/github-actions-deploy-stackstorm/releases)
 ![GitHub closed issues](https://img.shields.io/github/issues-closed/bitovi/github-actions-deploy-stackstorm)
 ![GitHub closed pull requests](https://img.shields.io/github/issues-pr-closed/bitovi/github-actions-deploy-stackstorm)
-[![Join our Slack](https://img.shields.io/badge/slack-join%20chat-611f69.svg?logo=slack)](https://www.bitovi.com/community/slack?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
+[![Discrod Community](https://img.shields.io/discord/1007137664606150746?logo=discord&label=Discord)](https://discord.gg/J7ejFsZnJ4Z)
 
 
-GitHub action to deploy [StackStorm](https://stackstorm.com/) to an AWS VM (EC2) with [Terraform](operations/deployment/terraform/modules) and [Ansible](https://github.com/stackstorm/ansible-st2).
+## You are here
+This action deploys a Stackstorm instance to an AWS VM (EC2) with [Terraform](operations/deployment/terraform/modules) and [Ansible](https://github.com/stackstorm/ansible-st2).  
+
+If you would like to deploy a backend app/service, check out our other actions:
+| Action | Purpose |
+| ------ | ------- |
+| [Deploy Docker to EC2](https://github.com/bitovi/github-actions-deploy-docker-to-ec2) | Deploys a repo with a Dockerized application to a virtual machine (EC2) on AWS |
+| [Deploy static site to AWS (S3/CDN/R53)](https://github.com/marketplace/actions/deploy-static-site-to-aws-s3-cdn-r53) | Hosts a static site in AWS S3 with CloudFront |
+
+# Need help or have questions?
+This project is supported by [Bitovi, A DevOps consultancy](https://www.bitovi.com/services/devops-consulting).
+
+You can **get help or ask questions** on our:
+
+- [Discord Community](https://discord.gg/J7ejFsZnJ4Z)
+
+Or, you can hire us for training, consulting, or development. [Set up a free consultation](https://www.bitovi.com/services/devops-consulting).
 
 ## Prerequisites
 - An [AWS account](https://aws.amazon.com/premiumsupport/knowledge-center/create-and-activate-aws-account/) and [Access Keys](https://docs.aws.amazon.com/powershell/latest/userguide/pstools-appendix-sign-up.html)
@@ -17,7 +33,6 @@ GitHub action to deploy [StackStorm](https://stackstorm.com/) to an AWS VM (EC2)
   - `ST2_AUTH_USERNAME`
   - `ST2_AUTH_PASSWORD`
 
-
 ## Example usage
 
 Create a Github Action Workflow `.github/workflow/deploy-st2.yaml` with the following to build on push to the `main` branch.
@@ -38,7 +53,7 @@ jobs:
       name: Deploy StackStorm
       # NOTE: we recommend pinning to the latest numeric version
       # See: https://github.com/bitovi/github-actions-deploy-stackstorm/releases
-      uses: bitovi/github-actions-deploy-stackstorm@main
+      uses: bitovi/github-actions-deploy-stackstorm@v0.4.0
       with:
         aws_default_region: us-east-1
         aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID}}
@@ -53,7 +68,7 @@ This will create the following resources in AWS:
 - Route53 records
 - A load balancer
 - Security groups (ports `80`, `443`, `22`)
-- Optionally, a VPC with subnets (see `aws_create_vpc`)
+- Optionally, use an existing or define a new VPC with subnets (see `aws_create_vpc`)
 
 > For more details about what is created, see [operations/deployment/terraform/modules](operations/deployment/terraform/modules/)
 
@@ -71,12 +86,26 @@ The following inputs can be used as `steps.with` keys:
 | `aws_secret_access_key` | string | | AWS secret access key (Required) |
 | `aws_session_token` | string | | AWS session token, if you're using temporary credentials |
 | `aws_default_region` | string | `us-east-1` | AWS default region (Required) |
-| `aws_ec2_instance_type` | string | `t2.medium` | The AWS EC2 instance type. |
-| `aws_ec2_instance_profile` | string | | [The AWS IAM instance profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) to use for the EC2 instance. Use if you want to pass an AWS role with specific permissions granted to the instance |
 | `aws_resource_identifier` | string | `${org}-${repo}-${branch}` | Auto-generated by default so it's unique for org/repo/branch. Set to override with custom naming the unique AWS resource identifier for the deployment. |
-| `aws_create_vpc` | bool | `false` | Whether an AWS VPC should be created in the action. Otherwise, the existing default VPC will be used. |
 | `aws_extra_tags` | json | | A list of additional tags that will be included on created resources. Example: `{"key1": "value1", "key2": "value2"}`. |
+| **EC2 Instance config** |
+| `aws_ec2_instance_type` | string | `t2.medium` | The AWS EC2 instance type. |
+| `aws_ec2_instance_profile` | string | | [The AWS IAM instance profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) to use for the EC2 instance. Use if you want to pass an AWS role with specific permissions granted to the instance |
+| `aws_ec2_create_keypair_sm` |  bool | | Generates and manage a secret manager entry that contains the public and private keys created for the ec2 instance. |
+| `aws_ec2_instance_vol_size` | string | 8 | Define the volume size (in GiB) for the root volume on the AWS Instance. | 
+| `aws_ec2_additional_tags` | string | | Add additional tags to the terraform [default tags](https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider), any tags put here will be added to ec2 provisioned resources.|
 | `infrastructure_only` | bool | `false` | Set to true to provision infrastructure (with Terraform) but skip the app deployment (with ansible) |
+| **StackStorm configuration** |
+| `st2_auth_username` | string | | Username used by StackStorm standalone authentication. Set as a secret in GH Actions. |
+| `st2_auth_password` | string | | Password used by StackStorm standalone authentication. Set as a secret in GH Actions. |
+| `st2_packs` | string |`"st2"` | Comma separated list of packs to install. If you modify this option, be sure to also include `st2` in the list. |
+| `st2_ansible_extra_vars_file` | string | | Relative path from project root to Ansible vars file. If you'd like to adjust more advanced configuration; st2 version, st2.conf, RBAC, chatops, auth, etc. See https://github.com/stackStorm/ansible-st2#variables for the full list of settings. The Ansible vars will take higher precedence over the GHA inputs. |
+| **Stack Management** |
+| `tf_stack_destroy` | bool | `false` | Set to `true` to Destroy the created AWS infrastructure for this instance |
+| `tf_state_file_name` | string | `tf-state-aws` | Change this to be anything you want to. Carefull to be consistent here. A missing file could trigger recreation, or stepping over destruction of non-defined objects. |
+| `tf_state_file_name_append` | string | | Appends a string to the tf-state-file name. Setting this to `unique` will generate `tf-state-aws-unique`. (Can co-exist with `tf_state_file_name`) |
+| `tf_state_bucket` | string | `${aws_resource_identifier}-tf-state` | AWS S3 bucket to use for Terraform state. By default, a new deployment will be created for each unique branch. Hardcode if you want to keep a shared resource state between the several branches. |
+| `tf_state_bucket_destroy` | bool | `false` | Force purge and deletion of `tf_state_bucket` defined. Any file contained there will be destroyed. `tf_stack_destroy` must also be `true` |
 | **Domain and certificates configuration** |
 | `aws_domain_name` | string | | Define the root domain name for the application. e.g. bitovi.com'. If empty, ELB URL will be provided. |
 | `aws_sub_domain` | string | `${org}-${repo}-${branch}` | Define the sub-domain part of the URL. |
@@ -85,16 +114,16 @@ The following inputs can be used as `steps.with` keys:
 | `aws_create_root_cert` | bool | `false`| Generates and manage the root certificate for the application to be used in the ELB. **See note**.|
 | `aws_create_sub_cert` | bool | `false` | Generates and manage the sub-domain certificate for the application to be used in the ELB. **See note**.|
 | `aws_no_cert` | bool | `false` | Set this to true if you want not to use a certificate in the ELB. **See note**. |
-| **Teraform configuration** |
-| `tf_state_bucket` | string | `${org}-${repo}-${branch}-tf-state` | AWS S3 bucket to use for Terraform state. By default, a new deployment will be created for each unique branch. Hardcode if you want to keep a shared resource state between the several branches. |
-| **StackStorm configuration** |
-| `st2_auth_username` | string | | Username used by StackStorm standalone authentication. Set as a secret in GH Actions. |
-| `st2_auth_password` | string | | Password used by StackStorm standalone authentication. Set as a secret in GH Actions. |
-| `st2_packs` | string |`"st2"` | Comma separated list of packs to install. If you modify this option, be sure to also include `st2` in the list. |
-| `st2_ansible_extra_vars_file` | string | | Relative path from project root to Ansible vars file. If you'd like to adjust more advanced configuration; st2 version, st2.conf, RBAC, chatops, auth, etc. See https://github.com/stackStorm/ansible-st2#variables for the full list of settings. The Ansible vars will take higher precedence over the GHA inputs. |
-| **Cleanup** |
-| `tf_stack_destroy` | bool | `false` | Set to `true` to Destroy the created AWS infrastructure for this instance |
-| `tf_state_bucket_destroy` | bool | `false` | Force purge and deletion of `tf_state_bucket` defined. Any file contained there will be destroyed. `tf_stack_destroy` must also be `true` |
+| **VPC configuration** |
+| `aws_vpc_create` | bool | | Define if a VPC should be created |
+| `aws_vpc_name` | string | | Define a name for the VPC. If none defined, will use `VPC for ${aws_resource_identifier}`. |
+| `aws_vpc_cidr_block` | string | `10.0.0.0/16` | Define Base CIDR block which is divided into subnet CIDR blocks. |
+| `aws_vpc_public_subnets` | string | `10.10.110.0/24` | Comma separated list of public subnets. |
+| `aws_vpc_private_subnets` | string | | Comma separated list of private subnets. If no input, no private subnet will be created. |
+| `aws_vpc_availability_zones` | string | `aws_default_region+<random>` | Comma separated list of availability zones. If a list is defined, the first zone will be the one used for the EC2 instance. |
+| `aws_vpc_id` | string | | AWS VPC ID to use with existing VPCs. Accepts `vpc-###` values. |
+| `aws_vpc_subnet_id` | string | | AWS VPC Subnet ID. If none provided, will pick one. (Ideal when there's only one) |
+| `aws_vpc_additional_tags` | string | | Add additional tags to the VPC resources. |
 
 ### Note about AWS resource identifiers
 Most resources will contain the tag `GITHUB_ORG-GITHUB_REPO-GITHUB_BRANCH` to make them unique. Because some AWS resources have a length limit, we shorten identifiers to a `60` characters max string.
@@ -156,7 +185,7 @@ jobs:
     steps:
     - id: deploy-st2-advanced
       name: Deploy StackStorm with extra Ansible vars
-      uses: bitovi/github-actions-deploy-stackstorm@main
+      uses: bitovi/github-actions-deploy-stackstorm@v0.4.0
       with:
         aws_default_region: us-east-1
         aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID}}
@@ -176,7 +205,7 @@ We encourage to keep your infrastructure codified!
 You can pass additional `BITOPS_` ENV variables to adjust the deployment behavior.
 ```yaml
 - name: Deploy StackStorm to AWS (dry-run)
-  uses: bitovi/github-actions-deploy-stackstorm@main
+  uses: bitovi/github-actions-deploy-stackstorm@v0.4.0
   env:
     # Extra BitOps configuration:
     BITOPS_LOGGING_LEVEL: INFO
@@ -196,15 +225,7 @@ You can pass additional `BITOPS_` ENV variables to adjust the deployment behavio
 In this example, we instruct BitOps to run a `terraform plan` instead of `terraform apply` and to run Ansible in `--check` mode, additionally, we set the BitOps container logging level to `DEBUG`.
 
 ## Future
-In the future, this action may support more cloud providers (via [BitOps Plugins](https://bitops.sh/plugins/) like [AWS](https://github.com/bitops-plugins/aws)) such as:
-- [Google Cloud Platform](https://cloud.google.com/gcp)
-- [Microsoft Azure](https://azure.microsoft.com/en-us/)
-- [Nutanix](https://www.nutanix.com/)
-- [Open Stack](https://www.openstack.org/)
-- [VMWare](https://www.vmware.com/)
-- etc
-
-This action may also support multiple deployment types such as:
+In the future, this action may support multiple deployment types such as:
 - [Kubernetes](https://github.com/StackStorm/stackstorm-k8s)
 - Multi-VM