Skip to content

Commit

Permalink
Support AWS Provider V5 (#167)
Browse files Browse the repository at this point in the history
* Support AWS Provider V5

* Support AWS Provider V5

* updates
  • Loading branch information
max-lobur authored Oct 16, 2023
1 parent 4b99cf6 commit 102fe02
Show file tree
Hide file tree
Showing 13 changed files with 66 additions and 38 deletions.
7 changes: 4 additions & 3 deletions .github/renovate.json
Original file line number Diff line number Diff line change
@@ -1,13 +1,14 @@
{
"extends": [
"config:base",
":preserveSemverRanges"
":preserveSemverRanges",
":rebaseStalePrs"
],
"baseBranches": ["main", "master", "/^release\\/v\\d{1,2}$/"],
"baseBranches": ["main"],
"labels": ["auto-update"],
"dependencyDashboardAutoclose": true,
"enabledManagers": ["terraform"],
"terraform": {
"ignorePaths": ["**/context.tf", "examples/**"]
"ignorePaths": ["**/context.tf"]
}
}
1 change: 1 addition & 0 deletions .github/workflows/release-branch.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ on:
- 'docs/**'
- 'examples/**'
- 'test/**'
- 'README.*'

permissions:
contents: write
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release-published.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,4 +11,4 @@ permissions:

jobs:
terraform-module:
uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release.yml@main
uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release-published.yml@main
6 changes: 1 addition & 5 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -102,10 +102,6 @@ We highly recommend that in your code you pin the version to the exact version y
using so that your infrastructure remains stable, and update versions in a
systematic way so that they do not catch you by surprise.

Also, because of a bug in the Terraform registry ([hashicorp/terraform#21417](https://github.com/hashicorp/terraform/issues/21417)),
the registry shows many of our inputs as required when in fact they are optional.
The table below correctly indicates which inputs are required.



```hcl
Expand Down Expand Up @@ -166,7 +162,7 @@ Available targets:

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.0 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.35.0 |
| <a name="requirement_null"></a> [null](#requirement\_null) | >= 2.0 |

Expand Down
2 changes: 1 addition & 1 deletion docs/terraform.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.0 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.35.0 |
| <a name="requirement_null"></a> [null](#requirement\_null) | >= 2.0 |

Expand Down
10 changes: 10 additions & 0 deletions examples/basic/versions.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
terraform {
required_version = ">= 1.3"

required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 4.0"
}
}
}
10 changes: 5 additions & 5 deletions examples/complete/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,21 +4,21 @@ provider "aws" {

module "vpc" {
source = "cloudposse/vpc/aws"
version = "0.18.2"
version = "2.1.0"

cidr_block = "172.16.0.0/16"
ipv4_primary_cidr_block = "172.16.0.0/16"

context = module.this.context
}

module "subnets" {
source = "cloudposse/dynamic-subnets/aws"
version = "0.34.0"
version = "2.4.1"

availability_zones = var.availability_zones
vpc_id = module.vpc.vpc_id
igw_id = module.vpc.igw_id
cidr_block = module.vpc.vpc_cidr_block
igw_id = [module.vpc.igw_id]
ipv4_cidr_block = [module.vpc.vpc_cidr_block]
nat_gateway_enabled = false
nat_instance_enabled = false

Expand Down
2 changes: 1 addition & 1 deletion examples/complete/versions.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 0.13.0"
required_version = ">= 1.3"

required_providers {
aws = {
Expand Down
10 changes: 10 additions & 0 deletions examples/docs/versions.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
terraform {
required_version = ">= 1.3"

required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 4.0"
}
}
}
10 changes: 10 additions & 0 deletions examples/non_vpc/versions.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
terraform {
required_version = ">= 1.3"

required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 4.0"
}
}
}
26 changes: 13 additions & 13 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ resource "aws_security_group_rule" "ingress_security_groups" {
to_port = var.ingress_port_range_end
protocol = "tcp"
source_security_group_id = var.security_groups[count.index]
security_group_id = join("", aws_security_group.default.*.id)
security_group_id = join("", aws_security_group.default[*].id)
}

resource "aws_security_group_rule" "ingress_cidr_blocks" {
Expand All @@ -47,7 +47,7 @@ resource "aws_security_group_rule" "ingress_cidr_blocks" {
to_port = var.ingress_port_range_end
protocol = "tcp"
cidr_blocks = var.allowed_cidr_blocks
security_group_id = join("", aws_security_group.default.*.id)
security_group_id = join("", aws_security_group.default[*].id)
}

resource "aws_security_group_rule" "egress" {
Expand All @@ -58,7 +58,7 @@ resource "aws_security_group_rule" "egress" {
to_port = 65535
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
security_group_id = join("", aws_security_group.default.*.id)
security_group_id = join("", aws_security_group.default[*].id)
}

# https://github.com/terraform-providers/terraform-provider-aws/issues/5218
Expand All @@ -72,7 +72,7 @@ resource "aws_iam_service_linked_role" "default" {
resource "aws_iam_role" "elasticsearch_user" {
count = module.this.enabled && var.create_elasticsearch_user_role && (length(var.iam_authorizing_role_arns) > 0 || length(var.iam_role_arns) > 0) ? 1 : 0
name = module.user_label.id
assume_role_policy = join("", data.aws_iam_policy_document.assume_role.*.json)
assume_role_policy = join("", data.aws_iam_policy_document.assume_role[*].json)
description = "IAM Role to assume to access the Elasticsearch ${module.this.id} cluster"
tags = module.user_label.tags

Expand Down Expand Up @@ -192,7 +192,7 @@ resource "aws_elasticsearch_domain" "default" {
for_each = var.vpc_enabled ? [true] : []

content {
security_group_ids = var.create_security_group ? [join("", aws_security_group.default.*.id)] : var.security_groups
security_group_ids = var.create_security_group ? [join("", aws_security_group.default[*].id)] : var.security_groups
subnet_ids = var.subnet_ids
}
}
Expand Down Expand Up @@ -249,8 +249,8 @@ data "aws_iam_policy_document" "default" {
actions = distinct(compact(var.iam_actions))

resources = [
join("", aws_elasticsearch_domain.default.*.arn),
"${join("", aws_elasticsearch_domain.default.*.arn)}/*"
join("", aws_elasticsearch_domain.default[*].arn),
"${join("", aws_elasticsearch_domain.default[*].arn)}/*"
]

principals {
Expand All @@ -263,15 +263,15 @@ data "aws_iam_policy_document" "default" {
# https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-ac.html#es-ac-types-ip
# https://aws.amazon.com/premiumsupport/knowledge-center/anonymous-not-authorized-elasticsearch/
dynamic "statement" {
for_each = length(var.allowed_cidr_blocks) > 0 && ! var.vpc_enabled ? [true] : []
for_each = length(var.allowed_cidr_blocks) > 0 && !var.vpc_enabled ? [true] : []
content {
effect = "Allow"

actions = distinct(compact(var.iam_actions))

resources = [
join("", aws_elasticsearch_domain.default.*.arn),
"${join("", aws_elasticsearch_domain.default.*.arn)}/*"
join("", aws_elasticsearch_domain.default[*].arn),
"${join("", aws_elasticsearch_domain.default[*].arn)}/*"
]

principals {
Expand All @@ -291,7 +291,7 @@ data "aws_iam_policy_document" "default" {
resource "aws_elasticsearch_domain_policy" "default" {
count = module.this.enabled && (length(var.iam_authorizing_role_arns) > 0 || length(var.iam_role_arns) > 0) ? 1 : 0
domain_name = module.this.id
access_policies = join("", data.aws_iam_policy_document.default.*.json)
access_policies = join("", data.aws_iam_policy_document.default[*].json)
}

module "domain_hostname" {
Expand All @@ -302,7 +302,7 @@ module "domain_hostname" {
dns_name = var.elasticsearch_subdomain_name == "" ? module.this.id : var.elasticsearch_subdomain_name
ttl = 60
zone_id = var.dns_zone_id
records = [join("", aws_elasticsearch_domain.default.*.endpoint)]
records = [join("", aws_elasticsearch_domain.default[*].endpoint)]

context = module.this.context
}
Expand All @@ -318,7 +318,7 @@ module "kibana_hostname" {
# Note: kibana_endpoint is not just a domain name, it includes a path component,
# and as such is not suitable for a DNS record. The plain endpoint is the
# hostname portion and should be used for DNS.
records = [join("", aws_elasticsearch_domain.default.*.endpoint)]
records = [join("", aws_elasticsearch_domain.default[*].endpoint)]

context = module.this.context
}
16 changes: 8 additions & 8 deletions outputs.tf
Original file line number Diff line number Diff line change
@@ -1,30 +1,30 @@
output "security_group_id" {
value = join("", aws_security_group.default.*.id)
value = join("", aws_security_group.default[*].id)
description = "Security Group ID to control access to the Elasticsearch domain"
}

output "domain_arn" {
value = join("", aws_elasticsearch_domain.default.*.arn)
value = join("", aws_elasticsearch_domain.default[*].arn)
description = "ARN of the Elasticsearch domain"
}

output "domain_id" {
value = join("", aws_elasticsearch_domain.default.*.domain_id)
value = join("", aws_elasticsearch_domain.default[*].domain_id)
description = "Unique identifier for the Elasticsearch domain"
}

output "domain_name" {
value = join("", aws_elasticsearch_domain.default.*.domain_name)
value = join("", aws_elasticsearch_domain.default[*].domain_name)
description = "Name of the Elasticsearch domain"
}

output "domain_endpoint" {
value = join("", aws_elasticsearch_domain.default.*.endpoint)
value = join("", aws_elasticsearch_domain.default[*].endpoint)
description = "Domain-specific endpoint used to submit index, search, and data upload requests"
}

output "kibana_endpoint" {
value = join("", aws_elasticsearch_domain.default.*.kibana_endpoint)
value = join("", aws_elasticsearch_domain.default[*].kibana_endpoint)
description = "Domain-specific endpoint for Kibana without https scheme"
}

Expand All @@ -39,11 +39,11 @@ output "kibana_hostname" {
}

output "elasticsearch_user_iam_role_name" {
value = join(",", aws_iam_role.elasticsearch_user.*.name)
value = join(",", aws_iam_role.elasticsearch_user[*].name)
description = "The name of the IAM role to allow access to Elasticsearch cluster"
}

output "elasticsearch_user_iam_role_arn" {
value = join(",", aws_iam_role.elasticsearch_user.*.arn)
value = join(",", aws_iam_role.elasticsearch_user[*].arn)
description = "The ARN of the IAM role to allow access to Elasticsearch cluster"
}
2 changes: 1 addition & 1 deletion versions.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 0.13.0"
required_version = ">= 1.3"

required_providers {
aws = {
Expand Down

0 comments on commit 102fe02

Please sign in to comment.