From 1f4adfbc8631a2c4b3c06cc4e21e261549e336dd Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Fri, 17 May 2024 16:14:22 -0400
Subject: [PATCH] update docs

---
 acmpca-iam-rolesanywhere/README.md | 58 +++++++-----------------------
 acmpca-iam-rolesanywhere/main.tf   | 54 ++++++----------------------
 2 files changed, 24 insertions(+), 88 deletions(-)

diff --git a/acmpca-iam-rolesanywhere/README.md b/acmpca-iam-rolesanywhere/README.md
index 6928055..31bd19e 100644
--- a/acmpca-iam-rolesanywhere/README.md
+++ b/acmpca-iam-rolesanywhere/README.md
@@ -1,44 +1,28 @@
 <!-- BEGIN_TF_DOCS -->
 # About : aws-certificate/acmpca-iam-rolesanywhere
 
-This module creates an ACM-PCA certificate, using the `acmpca` submodule in this repository.  It is for the creation of the
-EKS setup for cert-manager.  See the general [documentation](../acmpca) for more low-level details.  All the requirements and pre-requisities
-for the for the [acmpca](../acmpca) submodule apply to this submodule.
-
-This creates a certificate with the subject of **C=US,O=U.S. Census Bureau,OU=PKI-EKS,CN={region\_short} {clustername} Issuer**.  It does
-not nor will it create any local files, so no longer do you need to add files to `git-secret` or add files to git in `certs/` (as the directory
-is not created).
-
-This module returns:
-- certificate\_tls\_key  
-  The base64 PEM formatted key.  This is what you need to use in the helm chart for `tls.key`.
-- certificate\_tls\_crt  
-  The base64 PEM formatted certificate and chain.  This is what you need to use in the helm chart for `tls.crt`.
-- certificate\_key  
-  The PEM formatted key. It is here for reference, but should not be needed by `cert-manager`.
-- certificate\_csr  
-  The certificate signing requested.  It is here for reference, but should not be needed by `cert-manager`.
-- certificate  
-  The PEM formatted signed certificate from ACM-PCA.  It is here for reference, but should not be needed by `cert-manager`.
-- certificate\_chain  
-  The PEM formatted certificate chain (issuer, intermediates, root).  It is here for reference, but should not be needed by `cert-manager`.
-
-It takes two arguments, the `cluster_name` and the `contact_email`, which should be a group email address.  Currently, and ACM-PCA Certificate
+This module creates an ACM-PCA certificate, using the `acmpca` submodule in this repository.  It is used for IAM Roles Anywhere.
+
+This creates a certificate with the subject of **C=US,O=U.S. Census Bureau,OU=IAM RolesAnywhere {account\_id},CN={role\_name}**.  It also
+creates local files for the key, cert, chain, CSR, and the `AWS CLI` configuration snippet. Treat the `.key` file the same as any other
+`git-secret` protected file.
+
+You will need to distribut the key, certificate, and configurtion snippet to the user who will be using the Roles Anywhere setup.
+
+It takes two arguments, the `rfole_name` and `contact_email`, which should be a group email address.  Currently, and ACM-PCA Certificate
 does not permit the use of Tags, so this email address is intended to be used at a future time through a to-be-established tracking system.
 
-The certificate issued will be good for 365 days.  ACM-PCA created for EKS cert-manager does not have an automatic renew capability as it
-is not associated with a supported AWS Service.
+The certificate issued will be good for 365 days by default, but you may select a different validity.  ACM-PCA do not have an automatic renew capability.
 
 # Usage
-## Create Subordinate CA
 
 This shows the module call with how you would use it.
 
 ```hcl
-module "subordinate_ca" {
-  source = "git@github.e.it.census.gov:terraform-modules/aws-certificates//acmpca-eks-cert-manager"
+module "certificate" {
+  source = "git@github.e.it.census.gov:terraform-modules/aws-certificates//acmpca-iam-rolesanywhere"
 
-  cluster_name  = "test-cluster-dev"
+  role_name  = "r-edl-cods"
   contact_email = "group-mailing-list@census.gov"
 
   tags = merge(
@@ -50,22 +34,6 @@ module "subordinate_ca" {
   )
 }
 ```
-## Update settings in helm chart
-Update the `tls.crt` and `tls.key` settings to their respective output values from the module.
-
-```hcl
-resource "helm_release" "intermediate-certificate-issuer" {
-  # other code
-  set {
-    name  = "tls.crt"
-    value = module.subordinate_ca.certificate_tls_crt
-  }
-  set {
-    name  = "tls.key"
-    value = module.subordinate_ca.certificate_tls_key
-  }
-
-```
 
 ## Requirements
 
diff --git a/acmpca-iam-rolesanywhere/main.tf b/acmpca-iam-rolesanywhere/main.tf
index 0c83f92..ab6e3ca 100644
--- a/acmpca-iam-rolesanywhere/main.tf
+++ b/acmpca-iam-rolesanywhere/main.tf
@@ -1,44 +1,28 @@
 /* 
 * # About : aws-certificate/acmpca-iam-rolesanywhere
 * 
-* This module creates an ACM-PCA certificate, using the `acmpca` submodule in this repository.  It is for the creation of the
-* EKS setup for cert-manager.  See the general [documentation](../acmpca) for more low-level details.  All the requirements and pre-requisities
-* for the for the [acmpca](../acmpca) submodule apply to this submodule.
+* This module creates an ACM-PCA certificate, using the `acmpca` submodule in this repository.  It is used for IAM Roles Anywhere.
 * 
-* This creates a certificate with the subject of **C=US,O=U.S. Census Bureau,OU=PKI-EKS,CN={region_short} {clustername} Issuer**.  It does
-* not nor will it create any local files, so no longer do you need to add files to `git-secret` or add files to git in `certs/` (as the directory
-* is not created).
-* 
-* This module returns:
-* - certificate_tls_key  
-*   The base64 PEM formatted key.  This is what you need to use in the helm chart for `tls.key`.
-* - certificate_tls_crt  
-*   The base64 PEM formatted certificate and chain.  This is what you need to use in the helm chart for `tls.crt`.
-* - certificate_key  
-*   The PEM formatted key. It is here for reference, but should not be needed by `cert-manager`.
-* - certificate_csr  
-*   The certificate signing requested.  It is here for reference, but should not be needed by `cert-manager`.
-* - certificate  
-*   The PEM formatted signed certificate from ACM-PCA.  It is here for reference, but should not be needed by `cert-manager`.
-* - certificate_chain  
-*   The PEM formatted certificate chain (issuer, intermediates, root).  It is here for reference, but should not be needed by `cert-manager`.
+* This creates a certificate with the subject of **C=US,O=U.S. Census Bureau,OU=IAM RolesAnywhere {account_id},CN={role_name}**.  It also
+* creates local files for the key, cert, chain, CSR, and the `AWS CLI` configuration snippet. Treat the `.key` file the same as any other
+* `git-secret` protected file.
 *
-* It takes two arguments, the `cluster_name` and the `contact_email`, which should be a group email address.  Currently, and ACM-PCA Certificate
+* You will need to distribut the key, certificate, and configurtion snippet to the user who will be using the Roles Anywhere setup.
+* 
+* It takes two arguments, the `rfole_name` and `contact_email`, which should be a group email address.  Currently, and ACM-PCA Certificate
 * does not permit the use of Tags, so this email address is intended to be used at a future time through a to-be-established tracking system.
 *
-* The certificate issued will be good for 365 days.  ACM-PCA created for EKS cert-manager does not have an automatic renew capability as it
-* is not associated with a supported AWS Service.
+* The certificate issued will be good for 365 days by default, but you may select a different validity.  ACM-PCA do not have an automatic renew capability.
 * 
 * # Usage
-* ## Create Subordinate CA
 * 
 * This shows the module call with how you would use it.
 *
 * ```hcl
-* module "subordinate_ca" {
-*   source = "git@github.e.it.census.gov:terraform-modules/aws-certificates//acmpca-eks-cert-manager"
+* module "certificate" {
+*   source = "git@github.e.it.census.gov:terraform-modules/aws-certificates//acmpca-iam-rolesanywhere"
 * 
-*   cluster_name  = "test-cluster-dev"
+*   role_name  = "r-edl-cods"
 *   contact_email = "group-mailing-list@census.gov"
 * 
 *   tags = merge(
@@ -50,22 +34,6 @@
 *   )
 * }
 * ```
-* ## Update settings in helm chart
-* Update the `tls.crt` and `tls.key` settings to their respective output values from the module.
-* 
-* ```hcl
-* resource "helm_release" "intermediate-certificate-issuer" {
-*   # other code
-*   set {
-*     name  = "tls.crt"
-*     value = module.subordinate_ca.certificate_tls_crt
-*   }
-*   set {
-*     name  = "tls.key"
-*     value = module.subordinate_ca.certificate_tls_key
-*   }
-* 
-* ```
 */
 
 locals {