diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index ce23276..7acf17a 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -4,9 +4,12 @@ repos:
   hooks:
     - id: terraform_fmt
     - id: terraform_docs
+      args:
+        - --args=--output-file=README.md
     - id: terraform_checkov
     - id: terraform_tflint
     - id: terraform_tfsec
     - id: terrascan
     - id: tfupdate
-    # - id: terraform_validate
+    - id: terraform_validate
+
diff --git a/terraform/modules/apigw/README.md b/terraform/modules/apigw/README.md
new file mode 100644
index 0000000..91931a7
--- /dev/null
+++ b/terraform/modules/apigw/README.md
@@ -0,0 +1,54 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | 1.3.4 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.10.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.38.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_api_gateway_deployment.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_deployment) | resource |
+| [aws_api_gateway_integration.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_integration) | resource |
+| [aws_api_gateway_integration_response.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_integration_response) | resource |
+| [aws_api_gateway_method.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_method) | resource |
+| [aws_api_gateway_method_response.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_method_response) | resource |
+| [aws_api_gateway_resource.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_resource) | resource |
+| [aws_api_gateway_rest_api.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_rest_api) | resource |
+| [aws_api_gateway_stage.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_stage) | resource |
+| [aws_lambda_permission.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_integration"></a> [integration](#input\_integration) | Map of API gateway integrations. | `map(any)` | n/a | yes |
+| <a name="input_integration_response"></a> [integration\_response](#input\_integration\_response) | Map of API gateway method integrations. | `map(any)` | n/a | yes |
+| <a name="input_lambda"></a> [lambda](#input\_lambda) | List of lambdas the API will execute. | `list(any)` | n/a | yes |
+| <a name="input_method"></a> [method](#input\_method) | Map of API gateway methods. | `map(any)` | n/a | yes |
+| <a name="input_method_response"></a> [method\_response](#input\_method\_response) | Map of API gateway method response. | `map(any)` | n/a | yes |
+| <a name="input_name"></a> [name](#input\_name) | The name of the API. | `string` | n/a | yes |
+| <a name="input_role_arn"></a> [role\_arn](#input\_role\_arn) | ARN of the IAM role (credentials). | `string` | n/a | yes |
+| <a name="input_sqs_arn"></a> [sqs\_arn](#input\_sqs\_arn) | ARN of the SQS. | `string` | n/a | yes |
+| <a name="input_tags"></a> [tags](#input\_tags) | A mapping of tags to assign to API gateway resources. | `map(string)` | `{}` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_endpoint"></a> [endpoint](#output\_endpoint) | n/a |
+| <a name="output_resource_path"></a> [resource\_path](#output\_resource\_path) | n/a |
+| <a name="output_rest_id"></a> [rest\_id](#output\_rest\_id) | n/a |
+<!-- END_TF_DOCS -->
\ No newline at end of file
diff --git a/terraform/modules/cloudfront/README.md b/terraform/modules/cloudfront/README.md
new file mode 100644
index 0000000..dd772e3
--- /dev/null
+++ b/terraform/modules/cloudfront/README.md
@@ -0,0 +1,39 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | 1.3.4 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.10.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.38.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_cloudfront_distribution.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_default_cache_behavior"></a> [default\_cache\_behavior](#input\_default\_cache\_behavior) | The default cache behavior for this distribution | `any` | n/a | yes |
+| <a name="input_default_root_object"></a> [default\_root\_object](#input\_default\_root\_object) | The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL. | `string` | `null` | no |
+| <a name="input_enabled"></a> [enabled](#input\_enabled) | Whether the distribution is enabled to accept end user requests for content. | `bool` | `true` | no |
+| <a name="input_origin"></a> [origin](#input\_origin) | One or more origins for this distribution. | `any` | n/a | yes |
+| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to assign to the resource. | `map(string)` | `{}` | no |
+| <a name="input_web_acl_id"></a> [web\_acl\_id](#input\_web\_acl\_id) | Id or ARN of the AWS WAF web ACL that is associated with the distribution. | `string` | n/a | yes |
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->
\ No newline at end of file
diff --git a/terraform/modules/dynamodb/README.md b/terraform/modules/dynamodb/README.md
new file mode 100644
index 0000000..0beafe7
--- /dev/null
+++ b/terraform/modules/dynamodb/README.md
@@ -0,0 +1,43 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | 1.3.4 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.10.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.38.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_dynamodb_table.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dynamodb_table) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_attributes"></a> [attributes](#input\_attributes) | List of nested attribute definitions (used for hash and range key). | `list(map(string))` | `[]` | no |
+| <a name="input_billing_mode"></a> [billing\_mode](#input\_billing\_mode) | Controls how you are billed for read/write throughput and how you manage capacity. | `string` | `"PROVISIONED"` | no |
+| <a name="input_hash_key"></a> [hash\_key](#input\_hash\_key) | The attribute to use as the hash (partition) key. | `string` | `null` | no |
+| <a name="input_name"></a> [name](#input\_name) | Name of the DynamoDB table. | `string` | `null` | no |
+| <a name="input_range_key"></a> [range\_key](#input\_range\_key) | The attribute to use as the range (sort) key. | `string` | `null` | no |
+| <a name="input_read_capacity"></a> [read\_capacity](#input\_read\_capacity) | The number of read units for this table. | `number` | `20` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
+| <a name="input_write_capacity"></a> [write\_capacity](#input\_write\_capacity) | The number of write units for this table. | `number` | `20` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_name"></a> [name](#output\_name) | The name of the table. |
+<!-- END_TF_DOCS -->
\ No newline at end of file
diff --git a/terraform/modules/lambda/README.md b/terraform/modules/lambda/README.md
new file mode 100644
index 0000000..f5ddf65
--- /dev/null
+++ b/terraform/modules/lambda/README.md
@@ -0,0 +1,45 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | 1.3.4 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.10.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.38.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_function_name"></a> [function\_name](#input\_function\_name) | A unique name for your Lambda Function. | `string` | n/a | yes |
+| <a name="input_handler"></a> [handler](#input\_handler) | Lambda Function entrypoint in your code. | `string` | n/a | yes |
+| <a name="input_iam_role"></a> [iam\_role](#input\_iam\_role) | IAM role ARN attached to the Lambda Function. | `string` | n/a | yes |
+| <a name="input_package"></a> [package](#input\_package) | The absolute path to an existing zip-file to use. | `string` | `null` | no |
+| <a name="input_runtime"></a> [runtime](#input\_runtime) | Lambda Function runtime. | `string` | n/a | yes |
+| <a name="input_source_arn"></a> [source\_arn](#input\_source\_arn) | Lambda source ARN. | `string` | `""` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | A mapping of tags to assign to API gateway resources. | `map(string)` | `{}` | no |
+| <a name="input_vpc_security_group_ids"></a> [vpc\_security\_group\_ids](#input\_vpc\_security\_group\_ids) | List of security group ids when Lambda Function should run in the VPC. | `list(string)` | `null` | no |
+| <a name="input_vpc_subnet_ids"></a> [vpc\_subnet\_ids](#input\_vpc\_subnet\_ids) | List of subnet ids when Lambda Function should run in the VPC. | `list(string)` | `null` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_function_arn"></a> [function\_arn](#output\_function\_arn) | The ARN of the Lambda Function |
+| <a name="output_function_name"></a> [function\_name](#output\_function\_name) | The name of the Lambda Function |
+<!-- END_TF_DOCS -->
\ No newline at end of file
diff --git a/terraform/modules/s3/README.md b/terraform/modules/s3/README.md
new file mode 100644
index 0000000..6cbefa5
--- /dev/null
+++ b/terraform/modules/s3/README.md
@@ -0,0 +1,52 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | 1.3.4 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.10.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.38.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_s3_bucket.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
+| [aws_s3_bucket_acl.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl) | resource |
+| [aws_s3_bucket_logging.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_logging) | resource |
+| [aws_s3_bucket_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |
+| [aws_s3_bucket_website_configuration.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_website_configuration) | resource |
+| [aws_s3_object.index](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_object) | resource |
+| [aws_s3_object.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_object) | resource |
+| [aws_iam_policy_document.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_block_public_access"></a> [block\_public\_access](#input\_block\_public\_access) | Determines the S3 account-level Public Access Block configuration. | `bool` | `true` | no |
+| <a name="input_bucket_acl"></a> [bucket\_acl](#input\_bucket\_acl) | The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. | `string` | `"private"` | no |
+| <a name="input_bucket_name"></a> [bucket\_name](#input\_bucket\_name) | The name of the bucket. Must be less than or equal to 63 characters in length. | `string` | n/a | yes |
+| <a name="input_content"></a> [content](#input\_content) | Website bucket content. | `string` | n/a | yes |
+| <a name="input_objects"></a> [objects](#input\_objects) | Map of objects to upload to the bucket. | `map(any)` | `{}` | no |
+| <a name="input_type"></a> [type](#input\_type) | Determines the type of the bucket. 1 for static website and 2 for logs. | `number` | `1` | no |
+| <a name="input_website"></a> [website](#input\_website) | Map that defines the configuration of the website. | `map(any)` | `{}` | no |
+| <a name="input_website_id"></a> [website\_id](#input\_website\_id) | Website bucket ID. | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_arn"></a> [arn](#output\_arn) | The ARN of the bucket. Will be of format arn:aws:s3:::bucketname. |
+| <a name="output_id"></a> [id](#output\_id) | The bucket domain name. Will be of format bucketname.s3.amazonaws.com. |
+| <a name="output_website_endpoint"></a> [website\_endpoint](#output\_website\_endpoint) | The website endpoint, if the bucket is configured with a website. If not, this will be an empty string. |
+<!-- END_TF_DOCS -->
\ No newline at end of file
diff --git a/terraform/modules/sqs/README.md b/terraform/modules/sqs/README.md
new file mode 100644
index 0000000..b3d8f56
--- /dev/null
+++ b/terraform/modules/sqs/README.md
@@ -0,0 +1,47 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | 1.3.4 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.10.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.38.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_lambda_event_source_mapping.event_source_mapping](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | resource |
+| [aws_lambda_permission.allows_sqs_to_trigger_lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
+| [aws_sqs_queue.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_content_based_deduplication"></a> [content\_based\_deduplication](#input\_content\_based\_deduplication) | Enables content-based deduplication for FIFO queues. | `bool` | `false` | no |
+| <a name="input_delay_seconds"></a> [delay\_seconds](#input\_delay\_seconds) | The time in seconds that the delivery of all messages in the queue will be delayed. An integer from 0 to 900 (15 minutes). | `number` | `0` | no |
+| <a name="input_fifo_queue"></a> [fifo\_queue](#input\_fifo\_queue) | Boolean designating a FIFO queue. | `bool` | `false` | no |
+| <a name="input_lambda_name"></a> [lambda\_name](#input\_lambda\_name) | The name of the lambda to trigger when a message is queued. | `string` | `null` | no |
+| <a name="input_max_message_size"></a> [max\_message\_size](#input\_max\_message\_size) | The limit of how many bytes a message can contain before Amazon SQS rejects it. An integer from 1024 bytes (1 KiB) up to 262144 bytes (256 KiB). | `number` | `262144` | no |
+| <a name="input_message_retention_seconds"></a> [message\_retention\_seconds](#input\_message\_retention\_seconds) | The number of seconds Amazon SQS retains a message. Integer representing seconds, from 60 (1 minute) to 1209600 (14 days). | `number` | `345600` | no |
+| <a name="input_name"></a> [name](#input\_name) | This is the human-readable name of the queue. | `string` | n/a | yes |
+| <a name="input_receive_wait_time_seconds"></a> [receive\_wait\_time\_seconds](#input\_receive\_wait\_time\_seconds) | The time for which a ReceiveMessage call will wait for a message to arrive (long polling) before returning. An integer from 0 to 20 (seconds). | `number` | `0` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | A mapping of tags to assign to all resources. | `map(string)` | `{}` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_name"></a> [name](#output\_name) | The name of the SQS. |
+| <a name="output_sqs_arn"></a> [sqs\_arn](#output\_sqs\_arn) | The ARN of SQS. |
+<!-- END_TF_DOCS -->
\ No newline at end of file
diff --git a/terraform/modules/waf/README.md b/terraform/modules/waf/README.md
new file mode 100644
index 0000000..78a0bbf
--- /dev/null
+++ b/terraform/modules/waf/README.md
@@ -0,0 +1,39 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | 1.3.4 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.10.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.38.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_wafv2_web_acl.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafv2_web_acl) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_name"></a> [name](#input\_name) | This is the human-readable name of the WAF. | `string` | n/a | yes |
+| <a name="input_rule"></a> [rule](#input\_rule) | Map of WAF rules. | `map(any)` | `{}` | no |
+| <a name="input_scope"></a> [scope](#input\_scope) | WAF scope (cloudfront or regional). | `string` | n/a | yes |
+| <a name="input_tags"></a> [tags](#input\_tags) | A mapping of tags to assign to all resources. | `map(string)` | `{}` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_web_acl_arn"></a> [web\_acl\_arn](#output\_web\_acl\_arn) | The web ACL ARN. |
+<!-- END_TF_DOCS -->
\ No newline at end of file