From de0b97cec9bc175f6ac4e32123effbccfa204486 Mon Sep 17 00:00:00 2001 From: Clarissa Lima Borges Date: Tue, 7 Jan 2025 11:36:48 -0300 Subject: [PATCH] Update to v5.x of terraform-provider-aws (#34) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Update to v5.x of terraform-provider-aws Switch this and dependent modules to the v5.x of the Terraform AWS provider to support the latest AWS features, like RDS' io2. - Use updated `description` attribute name Per the [documentation] for resource/aws_elasticache_replication_group ``` Remove availability_zones, number_cache_clusters, replication_group_description arguments from configurations as they no longer exist. Use preferred_cache_cluster_azs, num_cache_clusters, and description, respectively, instead. ``` [documentation]: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/guides/version-5-upgrade#resourceaws_elasticache_replication_group - Use `db_name` instead of `name` Change name to db_name in configurations as name no longer exists. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/guides/version-5-upgrade#use-db_name-instead-of-name - Fix setting `instance_size` ``` │ Error: reading EC2 Instance Type: operation error EC2: DescribeInstanceTypes, https response error StatusCode: 400, RequestID: c975f413-b3d8-46e7-aad2-36dc1f38e063, api error InvalidInstanceType: The following supplied instance types do not exist: [2xlarge] │ │ with module.production.module.redis_sidekiq[0].data.aws_ec2_instance_type.instance_attributes, │ on .terraform/modules/production.redis_sidekiq/elasticache-redis/replication-group/main.tf line 226, in data "aws_ec2_instance_type" "instance_attributes": │ 226: data "aws_ec2_instance_type" "instance_attributes" { ``` * Make KMS encryption optional for RDS and Elasticache * Make kms key input type consistent as string * Update elasticache input variables * terraform-docs: automated action * terraform-docs: automated action * terraform-docs: automated action * terraform-docs: automated action * terraform-docs: automated action * terraform-docs: automated action * terraform-docs: automated action * terraform-docs: automated action * terraform-docs: automated action --------- Co-authored-by: Eric Milford Co-authored-by: Olamide Co-authored-by: github-actions[bot] --- elasticache-redis/auth-token/README.md | 8 ++-- elasticache-redis/auth-token/main.tf | 4 +- elasticache-redis/auth-token/versions.tf | 2 +- elasticache-redis/replication-group/README.md | 10 +++-- elasticache-redis/replication-group/main.tf | 39 ++++++++++--------- .../replication-group/variables.tf | 18 +++++++-- .../replication-group/versions.tf | 2 +- kafka/README.md | 4 +- kafka/versions.tf | 2 +- rds-postgres/admin-login/README.md | 8 ++-- rds-postgres/admin-login/main.tf | 4 +- rds-postgres/admin-login/versions.tf | 2 +- rds-postgres/cloudwatch-alarms/README.md | 4 +- rds-postgres/cloudwatch-alarms/versions.tf | 2 +- rds-postgres/parameter-group/README.md | 4 +- rds-postgres/parameter-group/versions.tf | 2 +- rds-postgres/primary-instance/README.md | 7 ++-- rds-postgres/primary-instance/main.tf | 4 +- rds-postgres/primary-instance/variables.tf | 6 +++ rds-postgres/primary-instance/versions.tf | 2 +- rds-postgres/rds-postgres-login/README.md | 10 ++--- rds-postgres/rds-postgres-login/main.tf | 6 +-- rds-postgres/rds-postgres-login/variables.tf | 2 +- rds-postgres/rds-postgres-login/versions.tf | 2 +- rds-postgres/replica/README.md | 4 +- rds-postgres/replica/versions.tf | 2 +- security-group-ingress/versions.tf | 2 +- security-group/versions.tf | 2 +- 28 files changed, 94 insertions(+), 70 deletions(-) diff --git a/elasticache-redis/auth-token/README.md b/elasticache-redis/auth-token/README.md index f2116ef..fbd04a1 100644 --- a/elasticache-redis/auth-token/README.md +++ b/elasticache-redis/auth-token/README.md @@ -16,20 +16,20 @@ token is changed. | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.6.2 | -| [aws](#requirement\_aws) | ~> 4.0 | +| [aws](#requirement\_aws) | ~> 5.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | ~> 4.0 | +| [aws](#provider\_aws) | ~> 5.0 | ## Modules | Name | Source | Version | |------|--------|---------| -| [rotation](#module\_rotation) | github.com/thoughtbot/terraform-aws-secrets//secret-rotation-function | v0.4.0 | -| [secret](#module\_secret) | github.com/thoughtbot/terraform-aws-secrets//secret | v0.4.0 | +| [rotation](#module\_rotation) | github.com/thoughtbot/terraform-aws-secrets//secret-rotation-function | v0.8.0 | +| [secret](#module\_secret) | github.com/thoughtbot/terraform-aws-secrets//secret | v0.8.0 | | [security\_group](#module\_security\_group) | ../../security-group | n/a | ## Resources diff --git a/elasticache-redis/auth-token/main.tf b/elasticache-redis/auth-token/main.tf index 64e2206..f1e3554 100644 --- a/elasticache-redis/auth-token/main.tf +++ b/elasticache-redis/auth-token/main.tf @@ -1,5 +1,5 @@ module "secret" { - source = "github.com/thoughtbot/terraform-aws-secrets//secret?ref=v0.4.0" + source = "github.com/thoughtbot/terraform-aws-secrets//secret?ref=v0.8.0" admin_principals = var.admin_principals description = "Redis auth token for: ${local.full_name}" @@ -16,7 +16,7 @@ module "secret" { } module "rotation" { - source = "github.com/thoughtbot/terraform-aws-secrets//secret-rotation-function?ref=v0.4.0" + source = "github.com/thoughtbot/terraform-aws-secrets//secret-rotation-function?ref=v0.8.0" handler = "lambda_function.lambda_handler" role_arn = module.secret.rotation_role_arn diff --git a/elasticache-redis/auth-token/versions.tf b/elasticache-redis/auth-token/versions.tf index 8319361..bc31fc9 100644 --- a/elasticache-redis/auth-token/versions.tf +++ b/elasticache-redis/auth-token/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.0" + version = "~> 5.0" } } } diff --git a/elasticache-redis/replication-group/README.md b/elasticache-redis/replication-group/README.md index a5c0f2c..d255ab6 100644 --- a/elasticache-redis/replication-group/README.md +++ b/elasticache-redis/replication-group/README.md @@ -8,14 +8,14 @@ Provision a Redis cluster using AWS ElastiCache. | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.6.2 | -| [aws](#requirement\_aws) | ~> 4.0 | +| [aws](#requirement\_aws) | ~> 5.0 | | [random](#requirement\_random) | ~> 3.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | ~> 4.0 | +| [aws](#provider\_aws) | ~> 5.0 | | [random](#provider\_random) | ~> 3.0 | ## Modules @@ -23,7 +23,7 @@ Provision a Redis cluster using AWS ElastiCache. | Name | Source | Version | |------|--------|---------| | [client\_security\_group](#module\_client\_security\_group) | ../../security-group | n/a | -| [customer\_kms](#module\_customer\_kms) | github.com/thoughtbot/terraform-aws-secrets//customer-managed-kms | v0.7.0 | +| [customer\_kms](#module\_customer\_kms) | github.com/thoughtbot/terraform-aws-secrets//customer-managed-kms | v0.8.0 | | [server\_security\_group](#module\_server\_security\_group) | ../../security-group | n/a | ## Resources @@ -50,10 +50,12 @@ Provision a Redis cluster using AWS ElastiCache. | [create\_client\_security\_group](#input\_create\_client\_security\_group) | Set to false to only use existing security groups | `bool` | `true` | no | | [create\_server\_security\_group](#input\_create\_server\_security\_group) | Set to false to only use existing security groups | `bool` | `true` | no | | [description](#input\_description) | Human-readable description for this replication group | `string` | n/a | yes | +| [enable\_kms](#input\_enable\_kms) | Enable KMS encryption | `bool` | `true` | no | | [engine](#input\_engine) | Elasticache database engine; defaults to Redis | `string` | `"redis"` | no | | [engine\_version](#input\_engine\_version) | Version for RDS database engine | `string` | n/a | yes | +| [global\_replication\_group\_id](#input\_global\_replication\_group\_id) | The ID of the global replication group to which this replication group should belong. | `string` | `null` | no | | [initial\_auth\_token](#input\_initial\_auth\_token) | Override the initial auth token | `string` | `null` | no | -| [kms\_key](#input\_kms\_key) | Custom KMS key to encrypt data at rest | `object({ arn = string })` | `null` | no | +| [kms\_key\_id](#input\_kms\_key\_id) | KMS key to encrypt data at rest | `string` | `null` | no | | [name](#input\_name) | Name for this cluster | `string` | n/a | yes | | [node\_type](#input\_node\_type) | Node type for the Elasticache instance | `string` | n/a | yes | | [parameter\_group\_name](#input\_parameter\_group\_name) | Parameter group name for the Redis cluster | `string` | `null` | no | diff --git a/elasticache-redis/replication-group/main.tf b/elasticache-redis/replication-group/main.tf index 66f4570..adf4dc4 100644 --- a/elasticache-redis/replication-group/main.tf +++ b/elasticache-redis/replication-group/main.tf @@ -1,22 +1,23 @@ resource "aws_elasticache_replication_group" "this" { replication_group_id = coalesce(var.replication_group_id, var.name) - at_rest_encryption_enabled = var.at_rest_encryption_enabled - automatic_failover_enabled = local.replica_enabled - engine = var.engine - engine_version = var.engine_version - kms_key_id = var.kms_key == null ? module.customer_kms.kms_key_arn : var.kms_key.id - multi_az_enabled = local.replica_enabled - node_type = var.node_type - num_cache_clusters = local.instance_count - parameter_group_name = var.parameter_group_name - port = var.port - replication_group_description = var.description - security_group_ids = local.server_security_group_ids - snapshot_name = var.snapshot_name - snapshot_retention_limit = var.snapshot_retention_limit - subnet_group_name = aws_elasticache_subnet_group.this.name - transit_encryption_enabled = var.transit_encryption_enabled + at_rest_encryption_enabled = var.at_rest_encryption_enabled + automatic_failover_enabled = local.replica_enabled + description = var.description + engine = var.engine + engine_version = var.engine_version + global_replication_group_id = var.global_replication_group_id + kms_key_id = local.primary_kms_key + multi_az_enabled = local.replica_enabled + node_type = var.node_type + num_cache_clusters = local.instance_count + parameter_group_name = var.parameter_group_name + port = var.port + security_group_ids = local.server_security_group_ids + snapshot_name = var.snapshot_name + snapshot_retention_limit = var.snapshot_retention_limit + subnet_group_name = aws_elasticache_subnet_group.this.name + transit_encryption_enabled = var.transit_encryption_enabled # Auth tokens aren't supported without TLS auth_token = ( @@ -36,7 +37,7 @@ resource "aws_elasticache_replication_group" "this" { } module "customer_kms" { - source = "github.com/thoughtbot/terraform-aws-secrets//customer-managed-kms?ref=v0.7.0" + source = "github.com/thoughtbot/terraform-aws-secrets//customer-managed-kms?ref=v0.8.0" name = var.name } @@ -229,7 +230,7 @@ data "aws_ec2_instance_type" "instance_attributes" { locals { instance_count = var.replica_count + 1 - instance_size = split(".", var.node_type)[2] + instance_size = replace(var.node_type, "cache.", "") instances = sort(aws_elasticache_replication_group.this.member_clusters) owned_security_group_ids = module.server_security_group[*].id replica_enabled = var.replica_count > 0 @@ -241,4 +242,6 @@ locals { local.owned_security_group_ids, local.shared_security_group_ids ) + + primary_kms_key = var.enable_kms ? (var.kms_key_id == null ? module.customer_kms.kms_key_arn : var.kms_key_id) : var.kms_key_id } diff --git a/elasticache-redis/replication-group/variables.tf b/elasticache-redis/replication-group/variables.tf index 91224ee..d41553c 100644 --- a/elasticache-redis/replication-group/variables.tf +++ b/elasticache-redis/replication-group/variables.tf @@ -10,9 +10,9 @@ variable "at_rest_encryption_enabled" { default = true } -variable "kms_key" { - description = "Custom KMS key to encrypt data at rest" - type = object({ arn = string }) +variable "kms_key_id" { + description = "KMS key to encrypt data at rest" + type = string default = null } @@ -21,6 +21,12 @@ variable "description" { type = string } +variable "enable_kms" { + type = bool + description = "Enable KMS encryption" + default = true +} + variable "engine" { type = string description = "Elasticache database engine; defaults to Redis" @@ -32,6 +38,12 @@ variable "engine_version" { description = "Version for RDS database engine" } +variable "global_replication_group_id" { + type = string + description = "The ID of the global replication group to which this replication group should belong." + default = null +} + variable "initial_auth_token" { type = string description = "Override the initial auth token" diff --git a/elasticache-redis/replication-group/versions.tf b/elasticache-redis/replication-group/versions.tf index 36f33c1..cc98794 100644 --- a/elasticache-redis/replication-group/versions.tf +++ b/elasticache-redis/replication-group/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.0" + version = "~> 5.0" } random = { source = "hashicorp/random" diff --git a/kafka/README.md b/kafka/README.md index f52917f..32e00fd 100644 --- a/kafka/README.md +++ b/kafka/README.md @@ -25,13 +25,13 @@ module "kafka_staging" { | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.6.2 | -| [aws](#requirement\_aws) | ~> 4.0 | +| [aws](#requirement\_aws) | ~> 5.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | ~> 4.0 | +| [aws](#provider\_aws) | ~> 5.0 | ## Modules diff --git a/kafka/versions.tf b/kafka/versions.tf index 8319361..bc31fc9 100644 --- a/kafka/versions.tf +++ b/kafka/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.0" + version = "~> 5.0" } } } diff --git a/rds-postgres/admin-login/README.md b/rds-postgres/admin-login/README.md index a5c2ad8..b701e8e 100644 --- a/rds-postgres/admin-login/README.md +++ b/rds-postgres/admin-login/README.md @@ -16,20 +16,20 @@ suitable for application credentials. We recommend you combine this module with | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.6.2 | -| [aws](#requirement\_aws) | ~> 4.0 | +| [aws](#requirement\_aws) | ~> 5.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | ~> 4.0 | +| [aws](#provider\_aws) | ~> 5.0 | ## Modules | Name | Source | Version | |------|--------|---------| -| [rotation](#module\_rotation) | github.com/thoughtbot/terraform-aws-secrets//secret-rotation-function | v0.4.0 | -| [secret](#module\_secret) | github.com/thoughtbot/terraform-aws-secrets//secret | v0.4.0 | +| [rotation](#module\_rotation) | github.com/thoughtbot/terraform-aws-secrets//secret-rotation-function | v0.8.0 | +| [secret](#module\_secret) | github.com/thoughtbot/terraform-aws-secrets//secret | v0.8.0 | | [security\_group](#module\_security\_group) | ../../security-group | n/a | ## Resources diff --git a/rds-postgres/admin-login/main.tf b/rds-postgres/admin-login/main.tf index 4ad1b59..716ad2b 100644 --- a/rds-postgres/admin-login/main.tf +++ b/rds-postgres/admin-login/main.tf @@ -1,5 +1,5 @@ module "secret" { - source = "github.com/thoughtbot/terraform-aws-secrets//secret?ref=v0.4.0" + source = "github.com/thoughtbot/terraform-aws-secrets//secret?ref=v0.8.0" admin_principals = var.admin_principals description = "Postgres password for: ${local.full_name}" @@ -19,7 +19,7 @@ module "secret" { } module "rotation" { - source = "github.com/thoughtbot/terraform-aws-secrets//secret-rotation-function?ref=v0.4.0" + source = "github.com/thoughtbot/terraform-aws-secrets//secret-rotation-function?ref=v0.8.0" handler = "lambda_function.lambda_handler" role_arn = module.secret.rotation_role_arn diff --git a/rds-postgres/admin-login/versions.tf b/rds-postgres/admin-login/versions.tf index 8319361..bc31fc9 100644 --- a/rds-postgres/admin-login/versions.tf +++ b/rds-postgres/admin-login/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.0" + version = "~> 5.0" } } } diff --git a/rds-postgres/cloudwatch-alarms/README.md b/rds-postgres/cloudwatch-alarms/README.md index 3985832..7e15278 100644 --- a/rds-postgres/cloudwatch-alarms/README.md +++ b/rds-postgres/cloudwatch-alarms/README.md @@ -8,13 +8,13 @@ Creates useful CloudWatch Alarms for an RDS Postgres database. | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.6.2 | -| [aws](#requirement\_aws) | ~> 4.0 | +| [aws](#requirement\_aws) | ~> 5.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | ~> 4.0 | +| [aws](#provider\_aws) | ~> 5.0 | ## Resources diff --git a/rds-postgres/cloudwatch-alarms/versions.tf b/rds-postgres/cloudwatch-alarms/versions.tf index 8319361..bc31fc9 100644 --- a/rds-postgres/cloudwatch-alarms/versions.tf +++ b/rds-postgres/cloudwatch-alarms/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.0" + version = "~> 5.0" } } } diff --git a/rds-postgres/parameter-group/README.md b/rds-postgres/parameter-group/README.md index 6c9f6e1..883ec26 100644 --- a/rds-postgres/parameter-group/README.md +++ b/rds-postgres/parameter-group/README.md @@ -8,13 +8,13 @@ Provision a Postgres-compatible RDS parameter group. | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.6.2 | -| [aws](#requirement\_aws) | ~> 4.0 | +| [aws](#requirement\_aws) | ~> 5.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | ~> 4.0 | +| [aws](#provider\_aws) | ~> 5.0 | ## Resources diff --git a/rds-postgres/parameter-group/versions.tf b/rds-postgres/parameter-group/versions.tf index 8319361..bc31fc9 100644 --- a/rds-postgres/parameter-group/versions.tf +++ b/rds-postgres/parameter-group/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.0" + version = "~> 5.0" } } } diff --git a/rds-postgres/primary-instance/README.md b/rds-postgres/primary-instance/README.md index 3252052..0b35ab9 100644 --- a/rds-postgres/primary-instance/README.md +++ b/rds-postgres/primary-instance/README.md @@ -8,14 +8,14 @@ Provision a Postgres database using AWS RDS. | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.6.2 | -| [aws](#requirement\_aws) | ~> 4.0 | +| [aws](#requirement\_aws) | ~> 5.0 | | [random](#requirement\_random) | ~> 3.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | ~> 4.0 | +| [aws](#provider\_aws) | ~> 5.0 | | [random](#provider\_random) | ~> 3.0 | ## Modules @@ -24,7 +24,7 @@ Provision a Postgres database using AWS RDS. |------|--------|---------| | [alarms](#module\_alarms) | ../cloudwatch-alarms | n/a | | [client\_security\_group](#module\_client\_security\_group) | ../../security-group | n/a | -| [customer\_kms](#module\_customer\_kms) | github.com/thoughtbot/terraform-aws-secrets//customer-managed-kms | v0.7.0 | +| [customer\_kms](#module\_customer\_kms) | github.com/thoughtbot/terraform-aws-secrets//customer-managed-kms | v0.8.0 | | [parameter\_group](#module\_parameter\_group) | ../parameter-group | n/a | | [server\_security\_group](#module\_server\_security\_group) | ../../security-group | n/a | @@ -59,6 +59,7 @@ Provision a Postgres database using AWS RDS. | [create\_server\_security\_group](#input\_create\_server\_security\_group) | Set to false to only use existing security groups | `bool` | `true` | no | | [create\_subnet\_group](#input\_create\_subnet\_group) | Set to false to use existing subnet group | `bool` | `true` | no | | [default\_database](#input\_default\_database) | Name of the default database | `string` | `"postgres"` | no | +| [enable\_kms](#input\_enable\_kms) | Enable KMS encryption | `bool` | `true` | no | | [enabled\_cloudwatch\_logs\_exports](#input\_enabled\_cloudwatch\_logs\_exports) | Set of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported | `list(string)` | `[]` | no | | [engine](#input\_engine) | RDS database engine; defaults to Postgres | `string` | `"postgres"` | no | | [engine\_version](#input\_engine\_version) | Version for RDS database engine | `string` | n/a | yes | diff --git a/rds-postgres/primary-instance/main.tf b/rds-postgres/primary-instance/main.tf index 9201787..9284ad1 100644 --- a/rds-postgres/primary-instance/main.tf +++ b/rds-postgres/primary-instance/main.tf @@ -52,7 +52,7 @@ resource "aws_db_instance" "this" { } module "customer_kms" { - source = "github.com/thoughtbot/terraform-aws-secrets//customer-managed-kms?ref=v0.7.0" + source = "github.com/thoughtbot/terraform-aws-secrets//customer-managed-kms?ref=v0.8.0" name = var.identifier } @@ -156,5 +156,5 @@ locals { local.shared_vpc_security_group_ids ) - primary_kms_key = var.kms_key_id == null ? module.customer_kms.kms_key_arn : var.kms_key_id + primary_kms_key = var.enable_kms ? (var.kms_key_id == null ? module.customer_kms.kms_key_arn : var.kms_key_id) : var.kms_key_id } diff --git a/rds-postgres/primary-instance/variables.tf b/rds-postgres/primary-instance/variables.tf index 304a6b7..06a5036 100644 --- a/rds-postgres/primary-instance/variables.tf +++ b/rds-postgres/primary-instance/variables.tf @@ -59,6 +59,12 @@ variable "enabled_cloudwatch_logs_exports" { default = [] } +variable "enable_kms" { + type = bool + description = "Enable KMS encryption" + default = true +} + variable "engine" { type = string description = "RDS database engine; defaults to Postgres" diff --git a/rds-postgres/primary-instance/versions.tf b/rds-postgres/primary-instance/versions.tf index 36f33c1..cc98794 100644 --- a/rds-postgres/primary-instance/versions.tf +++ b/rds-postgres/primary-instance/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.0" + version = "~> 5.0" } random = { source = "hashicorp/random" diff --git a/rds-postgres/rds-postgres-login/README.md b/rds-postgres/rds-postgres-login/README.md index a8cf560..ae4a20d 100644 --- a/rds-postgres/rds-postgres-login/README.md +++ b/rds-postgres/rds-postgres-login/README.md @@ -50,20 +50,20 @@ module "rds_admin_password" { | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.6.2 | -| [aws](#requirement\_aws) | ~> 4.0 | +| [aws](#requirement\_aws) | ~> 5.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | ~> 4.0 | +| [aws](#provider\_aws) | ~> 5.0 | ## Modules | Name | Source | Version | |------|--------|---------| -| [rotation](#module\_rotation) | github.com/thoughtbot/terraform-aws-secrets//secret-rotation-function | v0.4.0 | -| [secret](#module\_secret) | github.com/thoughtbot/terraform-aws-secrets//secret | v0.4.0 | +| [rotation](#module\_rotation) | github.com/thoughtbot/terraform-aws-secrets//secret-rotation-function | v0.8.0 | +| [secret](#module\_secret) | github.com/thoughtbot/terraform-aws-secrets//secret | v0.8.0 | ## Resources @@ -84,7 +84,7 @@ module "rds_admin_password" { | [admin\_login\_secret\_arn](#input\_admin\_login\_secret\_arn) | ARN of a SecretsManager secret containing admin login | `string` | `null` | no | | [admin\_principals](#input\_admin\_principals) | Principals allowed to peform admin actions (default: current account) | `list(string)` | `null` | no | | [alternate\_username](#input\_alternate\_username) | Username for the alternate login used during rotation | `string` | `null` | no | -| [database](#input\_database) | The database instance for which a login will be managed | 
object({
    address    = string
    arn        = string
    engine     = string
    identifier = string
    name       = string
    port       = number
  })
| n/a | yes | +| [database](#input\_database) | The database instance for which a login will be managed | 
object({
    address    = string
    arn        = string
    db_name    = string
    engine     = string
    identifier = string
    port       = number
  })
| n/a | yes | | [grants](#input\_grants) | List of GRANT statements for this user | `list(string)` | n/a | yes | | [read\_principals](#input\_read\_principals) | Principals allowed to read the secret (default: current account) | `list(string)` | `null` | no | | [replica](#input\_replica) | Whether the login is for a replica instance | `bool` | `false` | no | diff --git a/rds-postgres/rds-postgres-login/main.tf b/rds-postgres/rds-postgres-login/main.tf index d266f79..3ed7101 100644 --- a/rds-postgres/rds-postgres-login/main.tf +++ b/rds-postgres/rds-postgres-login/main.tf @@ -1,5 +1,5 @@ module "secret" { - source = "github.com/thoughtbot/terraform-aws-secrets//secret?ref=v0.4.0" + source = "github.com/thoughtbot/terraform-aws-secrets//secret?ref=v0.8.0" admin_principals = var.admin_principals description = "Postgres password for: ${local.full_name}" @@ -9,7 +9,7 @@ module "secret" { trust_tags = var.trust_tags initial_value = jsonencode({ - dbname = var.database.name + dbname = var.database.db_name engine = var.database.engine host = var.database.address password = "" @@ -19,7 +19,7 @@ module "secret" { } module "rotation" { - source = "github.com/thoughtbot/terraform-aws-secrets//secret-rotation-function?ref=v0.4.0" + source = "github.com/thoughtbot/terraform-aws-secrets//secret-rotation-function?ref=v0.8.0" handler = "lambda_function.lambda_handler" role_arn = module.secret.rotation_role_arn diff --git a/rds-postgres/rds-postgres-login/variables.tf b/rds-postgres/rds-postgres-login/variables.tf index 25b34b3..4ce829d 100644 --- a/rds-postgres/rds-postgres-login/variables.tf +++ b/rds-postgres/rds-postgres-login/variables.tf @@ -27,9 +27,9 @@ variable "database" { type = object({ address = string arn = string + db_name = string engine = string identifier = string - name = string port = number }) } diff --git a/rds-postgres/rds-postgres-login/versions.tf b/rds-postgres/rds-postgres-login/versions.tf index 8319361..bc31fc9 100644 --- a/rds-postgres/rds-postgres-login/versions.tf +++ b/rds-postgres/rds-postgres-login/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.0" + version = "~> 5.0" } } } diff --git a/rds-postgres/replica/README.md b/rds-postgres/replica/README.md index d2d73d8..9a6e3da 100644 --- a/rds-postgres/replica/README.md +++ b/rds-postgres/replica/README.md @@ -8,13 +8,13 @@ Provision a Postgres database configured as a replica using AWS RDS. | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.6.2 | -| [aws](#requirement\_aws) | ~> 4.0 | +| [aws](#requirement\_aws) | ~> 5.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | ~> 4.0 | +| [aws](#provider\_aws) | ~> 5.0 | ## Modules diff --git a/rds-postgres/replica/versions.tf b/rds-postgres/replica/versions.tf index 8319361..bc31fc9 100644 --- a/rds-postgres/replica/versions.tf +++ b/rds-postgres/replica/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.0" + version = "~> 5.0" } } } diff --git a/security-group-ingress/versions.tf b/security-group-ingress/versions.tf index 8319361..bc31fc9 100644 --- a/security-group-ingress/versions.tf +++ b/security-group-ingress/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.0" + version = "~> 5.0" } } } diff --git a/security-group/versions.tf b/security-group/versions.tf index bce71d3..d393b90 100644 --- a/security-group/versions.tf +++ b/security-group/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.0" + version = "~> 5.0" } random = { source = "hashicorp/random"