diff --git a/.github/renovate.json b/.github/renovate.json
index b61ed24..909df09 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -1,13 +1,14 @@
{
"extends": [
"config:base",
- ":preserveSemverRanges"
+ ":preserveSemverRanges",
+ ":rebaseStalePrs"
],
- "baseBranches": ["main", "master", "/^release\\/v\\d{1,2}$/"],
+ "baseBranches": ["main"],
"labels": ["auto-update"],
"dependencyDashboardAutoclose": true,
"enabledManagers": ["terraform"],
"terraform": {
- "ignorePaths": ["**/context.tf", "examples/**"]
+ "ignorePaths": ["**/context.tf"]
}
}
diff --git a/.github/workflows/release-branch.yml b/.github/workflows/release-branch.yml
index 3f8fe62..b30901e 100644
--- a/.github/workflows/release-branch.yml
+++ b/.github/workflows/release-branch.yml
@@ -10,6 +10,7 @@ on:
- 'docs/**'
- 'examples/**'
- 'test/**'
+ - 'README.*'
permissions:
contents: write
diff --git a/.github/workflows/release-published.yml b/.github/workflows/release-published.yml
index f86352b..b31232b 100644
--- a/.github/workflows/release-published.yml
+++ b/.github/workflows/release-published.yml
@@ -11,4 +11,4 @@ permissions:
jobs:
terraform-module:
- uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release.yml@main
+ uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release-published.yml@main
diff --git a/README.md b/README.md
index 6fcd46f..66d27b3 100644
--- a/README.md
+++ b/README.md
@@ -102,10 +102,6 @@ We highly recommend that in your code you pin the version to the exact version y
using so that your infrastructure remains stable, and update versions in a
systematic way so that they do not catch you by surprise.
-Also, because of a bug in the Terraform registry ([hashicorp/terraform#21417](https://github.com/hashicorp/terraform/issues/21417)),
-the registry shows many of our inputs as required when in fact they are optional.
-The table below correctly indicates which inputs are required.
-
```hcl
@@ -166,7 +162,7 @@ Available targets:
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 0.13.0 |
+| [terraform](#requirement\_terraform) | >= 1.3 |
| [aws](#requirement\_aws) | >= 3.35.0 |
| [null](#requirement\_null) | >= 2.0 |
diff --git a/docs/terraform.md b/docs/terraform.md
index 8562fdf..6df0fdc 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -3,7 +3,7 @@
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 0.13.0 |
+| [terraform](#requirement\_terraform) | >= 1.3 |
| [aws](#requirement\_aws) | >= 3.35.0 |
| [null](#requirement\_null) | >= 2.0 |
diff --git a/examples/basic/versions.tf b/examples/basic/versions.tf
new file mode 100644
index 0000000..fe97db9
--- /dev/null
+++ b/examples/basic/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+ required_version = ">= 1.3"
+
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = ">= 4.0"
+ }
+ }
+}
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index b29360b..38cdaaa 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -4,21 +4,21 @@ provider "aws" {
module "vpc" {
source = "cloudposse/vpc/aws"
- version = "0.18.2"
+ version = "2.1.0"
- cidr_block = "172.16.0.0/16"
+ ipv4_primary_cidr_block = "172.16.0.0/16"
context = module.this.context
}
module "subnets" {
source = "cloudposse/dynamic-subnets/aws"
- version = "0.34.0"
+ version = "2.4.1"
availability_zones = var.availability_zones
vpc_id = module.vpc.vpc_id
- igw_id = module.vpc.igw_id
- cidr_block = module.vpc.vpc_cidr_block
+ igw_id = [module.vpc.igw_id]
+ ipv4_cidr_block = [module.vpc.vpc_cidr_block]
nat_gateway_enabled = false
nat_instance_enabled = false
diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf
index 971ae24..e74ac36 100644
--- a/examples/complete/versions.tf
+++ b/examples/complete/versions.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 0.13.0"
+ required_version = ">= 1.3"
required_providers {
aws = {
diff --git a/examples/docs/versions.tf b/examples/docs/versions.tf
new file mode 100644
index 0000000..fe97db9
--- /dev/null
+++ b/examples/docs/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+ required_version = ">= 1.3"
+
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = ">= 4.0"
+ }
+ }
+}
diff --git a/examples/non_vpc/versions.tf b/examples/non_vpc/versions.tf
new file mode 100644
index 0000000..fe97db9
--- /dev/null
+++ b/examples/non_vpc/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+ required_version = ">= 1.3"
+
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = ">= 4.0"
+ }
+ }
+}
diff --git a/main.tf b/main.tf
index bbdfe3e..a11580e 100644
--- a/main.tf
+++ b/main.tf
@@ -36,7 +36,7 @@ resource "aws_security_group_rule" "ingress_security_groups" {
to_port = var.ingress_port_range_end
protocol = "tcp"
source_security_group_id = var.security_groups[count.index]
- security_group_id = join("", aws_security_group.default.*.id)
+ security_group_id = join("", aws_security_group.default[*].id)
}
resource "aws_security_group_rule" "ingress_cidr_blocks" {
@@ -47,7 +47,7 @@ resource "aws_security_group_rule" "ingress_cidr_blocks" {
to_port = var.ingress_port_range_end
protocol = "tcp"
cidr_blocks = var.allowed_cidr_blocks
- security_group_id = join("", aws_security_group.default.*.id)
+ security_group_id = join("", aws_security_group.default[*].id)
}
resource "aws_security_group_rule" "egress" {
@@ -58,7 +58,7 @@ resource "aws_security_group_rule" "egress" {
to_port = 65535
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
- security_group_id = join("", aws_security_group.default.*.id)
+ security_group_id = join("", aws_security_group.default[*].id)
}
# https://github.com/terraform-providers/terraform-provider-aws/issues/5218
@@ -72,7 +72,7 @@ resource "aws_iam_service_linked_role" "default" {
resource "aws_iam_role" "elasticsearch_user" {
count = module.this.enabled && var.create_elasticsearch_user_role && (length(var.iam_authorizing_role_arns) > 0 || length(var.iam_role_arns) > 0) ? 1 : 0
name = module.user_label.id
- assume_role_policy = join("", data.aws_iam_policy_document.assume_role.*.json)
+ assume_role_policy = join("", data.aws_iam_policy_document.assume_role[*].json)
description = "IAM Role to assume to access the Elasticsearch ${module.this.id} cluster"
tags = module.user_label.tags
@@ -192,7 +192,7 @@ resource "aws_elasticsearch_domain" "default" {
for_each = var.vpc_enabled ? [true] : []
content {
- security_group_ids = var.create_security_group ? [join("", aws_security_group.default.*.id)] : var.security_groups
+ security_group_ids = var.create_security_group ? [join("", aws_security_group.default[*].id)] : var.security_groups
subnet_ids = var.subnet_ids
}
}
@@ -249,8 +249,8 @@ data "aws_iam_policy_document" "default" {
actions = distinct(compact(var.iam_actions))
resources = [
- join("", aws_elasticsearch_domain.default.*.arn),
- "${join("", aws_elasticsearch_domain.default.*.arn)}/*"
+ join("", aws_elasticsearch_domain.default[*].arn),
+ "${join("", aws_elasticsearch_domain.default[*].arn)}/*"
]
principals {
@@ -263,15 +263,15 @@ data "aws_iam_policy_document" "default" {
# https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-ac.html#es-ac-types-ip
# https://aws.amazon.com/premiumsupport/knowledge-center/anonymous-not-authorized-elasticsearch/
dynamic "statement" {
- for_each = length(var.allowed_cidr_blocks) > 0 && ! var.vpc_enabled ? [true] : []
+ for_each = length(var.allowed_cidr_blocks) > 0 && !var.vpc_enabled ? [true] : []
content {
effect = "Allow"
actions = distinct(compact(var.iam_actions))
resources = [
- join("", aws_elasticsearch_domain.default.*.arn),
- "${join("", aws_elasticsearch_domain.default.*.arn)}/*"
+ join("", aws_elasticsearch_domain.default[*].arn),
+ "${join("", aws_elasticsearch_domain.default[*].arn)}/*"
]
principals {
@@ -291,7 +291,7 @@ data "aws_iam_policy_document" "default" {
resource "aws_elasticsearch_domain_policy" "default" {
count = module.this.enabled && (length(var.iam_authorizing_role_arns) > 0 || length(var.iam_role_arns) > 0) ? 1 : 0
domain_name = module.this.id
- access_policies = join("", data.aws_iam_policy_document.default.*.json)
+ access_policies = join("", data.aws_iam_policy_document.default[*].json)
}
module "domain_hostname" {
@@ -302,7 +302,7 @@ module "domain_hostname" {
dns_name = var.elasticsearch_subdomain_name == "" ? module.this.id : var.elasticsearch_subdomain_name
ttl = 60
zone_id = var.dns_zone_id
- records = [join("", aws_elasticsearch_domain.default.*.endpoint)]
+ records = [join("", aws_elasticsearch_domain.default[*].endpoint)]
context = module.this.context
}
@@ -318,7 +318,7 @@ module "kibana_hostname" {
# Note: kibana_endpoint is not just a domain name, it includes a path component,
# and as such is not suitable for a DNS record. The plain endpoint is the
# hostname portion and should be used for DNS.
- records = [join("", aws_elasticsearch_domain.default.*.endpoint)]
+ records = [join("", aws_elasticsearch_domain.default[*].endpoint)]
context = module.this.context
}
\ No newline at end of file
diff --git a/outputs.tf b/outputs.tf
index f48ca86..5a379d7 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -1,30 +1,30 @@
output "security_group_id" {
- value = join("", aws_security_group.default.*.id)
+ value = join("", aws_security_group.default[*].id)
description = "Security Group ID to control access to the Elasticsearch domain"
}
output "domain_arn" {
- value = join("", aws_elasticsearch_domain.default.*.arn)
+ value = join("", aws_elasticsearch_domain.default[*].arn)
description = "ARN of the Elasticsearch domain"
}
output "domain_id" {
- value = join("", aws_elasticsearch_domain.default.*.domain_id)
+ value = join("", aws_elasticsearch_domain.default[*].domain_id)
description = "Unique identifier for the Elasticsearch domain"
}
output "domain_name" {
- value = join("", aws_elasticsearch_domain.default.*.domain_name)
+ value = join("", aws_elasticsearch_domain.default[*].domain_name)
description = "Name of the Elasticsearch domain"
}
output "domain_endpoint" {
- value = join("", aws_elasticsearch_domain.default.*.endpoint)
+ value = join("", aws_elasticsearch_domain.default[*].endpoint)
description = "Domain-specific endpoint used to submit index, search, and data upload requests"
}
output "kibana_endpoint" {
- value = join("", aws_elasticsearch_domain.default.*.kibana_endpoint)
+ value = join("", aws_elasticsearch_domain.default[*].kibana_endpoint)
description = "Domain-specific endpoint for Kibana without https scheme"
}
@@ -39,11 +39,11 @@ output "kibana_hostname" {
}
output "elasticsearch_user_iam_role_name" {
- value = join(",", aws_iam_role.elasticsearch_user.*.name)
+ value = join(",", aws_iam_role.elasticsearch_user[*].name)
description = "The name of the IAM role to allow access to Elasticsearch cluster"
}
output "elasticsearch_user_iam_role_arn" {
- value = join(",", aws_iam_role.elasticsearch_user.*.arn)
+ value = join(",", aws_iam_role.elasticsearch_user[*].arn)
description = "The ARN of the IAM role to allow access to Elasticsearch cluster"
}
diff --git a/versions.tf b/versions.tf
index 588d1c7..f365c51 100644
--- a/versions.tf
+++ b/versions.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 0.13.0"
+ required_version = ">= 1.3"
required_providers {
aws = {