From af5f2c7da782c1096f05c8624e124ac05f13f5b7 Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Mon, 11 Jul 2022 13:51:50 -0400
Subject: [PATCH] fix docs

---
 title26/README.md | 72 +++++++++++++++++++++++------------------------
 title26/main.tf   |  3 --
 2 files changed, 35 insertions(+), 40 deletions(-)

diff --git a/title26/README.md b/title26/README.md
index 5c2c84e..a7d0b15 100644
--- a/title26/README.md
+++ b/title26/README.md
@@ -18,32 +18,29 @@ do not include a `versions.tf`, do not pin the AWS provider.  Two different vers
 coexist (easily).
 
 ````hcl
-module "my-bucket" {
-
-```hcl
 module "mybucket" {
   source = "git@github.e.it.census.gov:terraform-modules/aws-s3.git//title26?ref=3"
 
-  bucket\_name = "myt26bucket"
-  access\_log\_bucket = "mylogbucket"
-  # enable\_title26 = true
-  kms\_admin\_roles   = [ aws\_iam\_role.cloud-admin.arn ]
+  bucket_name = "myt26bucket"
+  access_log_bucket = "mylogbucket"
+  # enable_title26 = true
+  kms_admin_roles   = [ aws_iam_role.cloud-admin.arn ]
 
   ## optional
-  # kms\_policy\_document = data.aws\_iam\_policy\_document.mypolicy.json
-  # bucket\_policy\_document = data.aws\_iam\_policy\_document.mybucketpolicy.json
-  # bucket\_policy\_document\_template = data.aws\_iam\_policy\_document.my-bucketpolicy-template.json
-  # name\_include\_account   = true
-  # name\_include\_region    = true
-  # name\_include\_region\_compact = true
-  # name\_enforce\_region\_compact = false
+  # kms_policy_document = data.aws_iam_policy_document.mypolicy.json
+  # bucket_policy_document = data.aws_iam_policy_document.mybucketpolicy.json
+  # bucket_policy_document_template = data.aws_iam_policy_document.my-bucketpolicy-template.json
+  # name_include_account   = true
+  # name_include_region    = true
+  # name_include_region_compact = true
+  # name_enforce_region_compact = false
 }
 ```
 
 Sample policy for write access to the bucket and use of KMS key
 
 ```hcl
-data "aws\_iam\_policy\_document" "policy" {
+data "aws_iam_policy_document" "policy" {
   statement {
     sid = "ListBuckets"
     actions = [
@@ -63,8 +60,8 @@ data "aws\_iam\_policy\_document" "policy" {
       "s3:DeleteObject"
     ]
     resources = [
-      module.mybucket.s3\_bucket\_arn,
-      format("%v/*", mybucket.s3\_bucket\_arn),
+      module.mybucket.s3_bucket_arn,
+      format("%v/*", mybucket.s3_bucket_arn),
     ]
   }
   statement {
@@ -76,18 +73,18 @@ data "aws\_iam\_policy\_document" "policy" {
       "kms:Encrypt",
       "kms:Decrypt"
     ]
-    resources = [module.mybucket.kms\_key\_id]
+    resources = [module.mybucket.kms_key_id]
   }
 }
 
-resource "aws\_iam\_policy" "policy" {
+resource "aws_iam_policy" "policy" {
   name        = "mypolicy-s3-access"
   description = "Policy for S3 access"
-  policy      = data.aws\_iam\_policy\_document.policy.json
+  policy      = data.aws_iam_policy_document.policy.json
 }
 ```
 
-This automatically enables the enable_title26 flag, giving you a tag of `boc:safeguard=title26`.
+This automatically enables the enable\_title26 flag, giving you a tag of `boc:safeguard=title26`.
 It does all you to add other safeguards as necessary (title13, pii, etc), and these are joined together
 to make a comma separated list.
 
@@ -106,27 +103,27 @@ optionally requires explicit encryption (`require_explicit_encryption` flag, def
 and address restrictions (lists `allowed_cidr` and `allowed_endpoints`).
 
 # Options
-## Options :: name_include_account
+## Options :: name\_include\_account
 Use of this flag as true will include AWS account ID after the bucket name (name-ACCOUNTID).  Default
 is false.
 
-## Options :: name_include_region
+## Options :: name\_include\_region
 Use of this flag as true will include current region after the bucket name (name-REGION).  Default
 is false.  If used in conjunction with `name_include_account`, the region will be at the end.
 
-## Options :: name_include_region_compact
+## Options :: name\_include\_region\_compact
 This flag determines if we compact the region to a shorter name, and use it if the name with the full
 region is longer than the maximum of 63 characters.  It takes the first character of the full region
 name and uses that. For example, `us-gov-west-1` becomes `ugw1`.  The default value is true.
 It is still possible to construct a name that is longer than 63 characters and get a failure, even with
 this shorter region value.
 
-## Options :: name_enforce_region_compact
+## Options :: name\_enforce\_region\_compact
 This flag always compacts the region, no mater whehter the name is longer than 63 characters or not.
 
-## Options :: object_lock_enable
+## Options :: object\_lock\_enable
 This is usable on bucket creation, and it will allow you to add external to this module an object lock
-configuration (aws_s3_object_lock_configuration).  See the [AWS Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html)
+configuration (aws\_s3\_object\_lock\_configuration).  See the [AWS Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html)
 and the [Terraform AWS Provider](https://registry.terraform.io/providers/hashicorp%20%20/aws/4.7.0/docs/resources/s3_bucket_object_lock_configuration) docs for
 more details.  Setting this after bucket creation is possible but requires a support tickets, so you're better off doing it up front.
 
@@ -135,21 +132,22 @@ One output of note is the `s3_module_settings`. With this, you can get the setti
 module, the original bucket name before prefix and suffixes, and other things.  It is a map.
 
 ```hcl
-output "s3\_module\_settings" {
+output "s3_module_settings" {
   description = "S3 module settings and values"
   value = {
-    bucket\_name                 = var.bucket\_name
-    resulting\_bucket\_name       = local.bucket\_name
-    resulting\_bucket\_arn        = aws\_s3\_bucket.this.arn
-    name\_include\_region         = var.name\_include\_region
-    name\_include\_account        = var.name\_include\_account
-    name\_include\_region\_compact = var.name\_include\_region\_compact
-    name\_enforce\_region\_compact = var.name\_enforce\_region\_compact
-    account\_id                  = local.account\_id
+    bucket_name                 = var.bucket_name
+    resulting_bucket_name       = local.bucket_name
+    resulting_bucket_arn        = aws_s3_bucket.this.arn
+    name_include_region         = var.name_include_region
+    name_include_account        = var.name_include_account
+    name_include_region_compact = var.name_include_region_compact
+    name_enforce_region_compact = var.name_enforce_region_compact
+    account_id                  = local.account_id
     region                      = local.region
-    region\_short                = local.region\_short
+    region_short                = local.region_short
   }
 }
+```
 
 ## Requirements
 
diff --git a/title26/main.tf b/title26/main.tf
index 0df06e8..9ec8c15 100644
--- a/title26/main.tf
+++ b/title26/main.tf
@@ -19,9 +19,6 @@
 * coexist (easily).
 *
 * ```hcl
-* module "my-bucket" {
-*
-* ```hcl
 * module "mybucket" {
 *   source = "git@github.e.it.census.gov:terraform-modules/aws-s3.git//title26?ref=3"
 *