chore: tidy code and README (#25)

Signed-off-by: Max Xu <[email protected]>

.github/CODEOWNERS

@@ -12,5 +12,5 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# Owning team's slack is #f_cloud_terraform 
+# Owning team's slack is #f_sn_cloud
 *                    @streamnative/cloud 

README.md

@@ -15,21 +15,35 @@
 -->
 
 # StreamNative Managed Cloud
-This repository contains Terraform modules for the management of StreamNative's vendor access into a Cloud Provider.
+This repository contains Terraform modules for the management of StreamNative's vendor access to a Cloud Provider.
 
-Previous verions of these modules can be found in the following locations:
+Previous versions of these modules can be found in the following locations:
 - [terraform-aws-cloud//modules/managed-cloud?ref=v2.5.0](https://github.com/streamnative/terraform-aws-cloud/tree/v2.5.0-alpha/modules/managed-cloud): This was the original location of the AWS vendor access module, which has been moved to this repository. The last version released to the Terraform Registry was `v2.5.0-alpha`.
 - [https://github.com/streamnative/terraform-aws-managed-cloud](https://github.com/streamnative/terraform-aws-managed-cloud): This repository contains an older AWS vendor access module, which has been deprecated and is no longer in use.
 
 ## Modules
 The modules are organized by Cloud Provider. For example, the AWS modules are in the `modules/aws` directory and the GCP modules (WIP) modules are in the `modules/gcp`, and so on.
 
+## Quickstart
+
+### Using AWS module
+
+Run the following terraform file within your AWS profile:
+
+```hcl
+module "sn_managed_cloud" {
+  source = "github.com/streamnative/terraform-managed-cloud//modules/aws?ref=v3.1.1"
+
+  external_id = "<YOUR_SNCLOUD_ORG_ID>"
+}
+```
+
 ## Examples
 Examples of the modules can be found in the `examples` directory.
 
 Details on the modules themselves and their requirements can be found in their respective README files, contained in the `modules` directory.
 
-## Upgrading an existing AWS module
+## Upgrading from the old AWS modules
 If you have used the previous version of the AWS vendor access module, your configuration should have looked something like this:
 
 ```hcl

modules/aws/main.tf

@@ -16,18 +16,7 @@
 
 data "aws_caller_identity" "current" {}
 
-data "aws_iam_policy_document" "streamnative_vendor_access" {
-  statement {
-    effect  = "Allow"
-    actions = ["sts:AssumeRole"]
-
-    principals {
-      type        = "AWS"
-      identifiers = var.streamnative_vendor_access_role_arns
-    }
-  }
-}
-
+data "aws_partition" "current" {}
 
 data "aws_kms_key" "ebs_default" {
   key_id = "alias/aws/ebs"
@@ -37,8 +26,6 @@ data "aws_kms_key" "s3_default" {
   key_id = "alias/aws/s3"
 }
 
-data "aws_partition" "current" {}
-
 locals {
   account_id                 = data.aws_caller_identity.current.account_id
   additional_iam_policy_arns = distinct(compact(var.additional_iam_policy_arns))
@@ -70,7 +57,7 @@ locals {
 ######
 #-- Trust Relationship for StreamNative Vendor Access Roles
 ######
-data "aws_iam_policy_document" "streamnative_control_plane_access" {
+data "aws_iam_policy_document" "streamnative_bootstrap_access" {
   statement {
     sid     = "AllowStreamNativeVendorAccess"
     effect  = "Allow"
@@ -90,6 +77,25 @@ data "aws_iam_policy_document" "streamnative_control_plane_access" {
     }
   }
 
+  statement {
+    sid     = "AllowStreamNativeEngineerAccess"
+    effect  = "Allow"
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "AWS"
+      identifiers = var.streamnative_support_access_role_arns
+    }
+    dynamic "condition" {
+      for_each = local.support_assume_conditions
+      content {
+        test     = condition.value["test"]
+        values   = condition.value["values"]
+        variable = condition.value["variable"]
+      }
+    }
+  }
+
   statement {
     sid     = "AllowStreamNativeControlPlaneAccess"
     effect  = "Allow"
@@ -109,7 +115,7 @@ data "aws_iam_policy_document" "streamnative_control_plane_access" {
   }
 }
 
-data "aws_iam_policy_document" "streamnative_bootstrap_access" {
+data "aws_iam_policy_document" "streamnative_management_access" {
   statement {
     sid     = "AllowStreamNativeVendorAccess"
     effect  = "Allow"
@@ -129,25 +135,6 @@ data "aws_iam_policy_document" "streamnative_bootstrap_access" {
     }
   }
 
-  statement {
-    sid     = "AllowStreamNativeEngineerAccess"
-    effect  = "Allow"
-    actions = ["sts:AssumeRole"]
-
-    principals {
-      type        = "AWS"
-      identifiers = var.streamnative_support_access_role_arns
-    }
-    dynamic "condition" {
-      for_each = local.support_assume_conditions
-      content {
-        test     = condition.value["test"]
-        values   = condition.value["values"]
-        variable = condition.value["variable"]
-      }
-    }
-  }
-
   statement {
     sid     = "AllowStreamNativeControlPlaneAccess"
     effect  = "Allow"
@@ -247,7 +234,7 @@ resource "aws_iam_policy" "management_role" {
 resource "aws_iam_role" "management_role" {
   name                 = "StreamNativeCloudManagementRole${var.test_suffix}"
   description          = "This role is used by StreamNative for the day to day management of the StreamNative Cloud deployment."
-  assume_role_policy   = data.aws_iam_policy_document.streamnative_control_plane_access.json
+  assume_role_policy   = data.aws_iam_policy_document.streamnative_management_access.json
   path                 = "/StreamNative/"
   permissions_boundary = aws_iam_policy.permission_boundary.arn
   tags                 = local.tag_set