diff --git a/asg/variables.tf b/asg/variables.tf index ba862f3f..d546532e 100644 --- a/asg/variables.tf +++ b/asg/variables.tf @@ -7,7 +7,7 @@ variable "ami" { type = string description = "The AMI ID to use for the instances. Keep this at the default value to automatically receive AMI updates to Amazon Linux 2" // AMI Built from packer/base.json - default = "ami-0e8eb11a5429219ed" + default = "ami-0e8eb11a5429219ed" } variable "capacity" { diff --git a/asg/versions.tf b/asg/versions.tf index ac97c6ac..241ac05c 100644 --- a/asg/versions.tf +++ b/asg/versions.tf @@ -1,4 +1,9 @@ terraform { - required_version = ">= 0.12" + required_version = ">= 0.13" + required_providers { + aws = { + source = "hashicorp/aws" + } + } } diff --git a/chamberpolicy/main.tf b/chamberpolicy/main.tf index f74e144f..bdfd4136 100644 --- a/chamberpolicy/main.tf +++ b/chamberpolicy/main.tf @@ -31,7 +31,7 @@ data "aws_iam_policy_document" "read_policy" { actions = ["kms:Decrypt"] resources = [data.aws_kms_alias.chamber_key.target_key_arn] condition { - test = "StringLike" + test = "StringLike" values = [local.namespace_parameters_arn] variable = "kms:EncryptionContext:PARAMETER_ARN" } @@ -53,7 +53,7 @@ data "aws_iam_policy_document" "readwrite_policy" { "ssm:DeleteParameter", "ssm:DeleteParameters", ] - resources = ["${local.namespace_parameters_arn}"] + resources = [local.namespace_parameters_arn] } // Read (decrypt) @@ -61,7 +61,7 @@ data "aws_iam_policy_document" "readwrite_policy" { actions = ["kms:Decrypt"] resources = [data.aws_kms_alias.chamber_key.target_key_arn] condition { - test = "StringLike" + test = "StringLike" values = [local.namespace_parameters_arn] variable = "kms:EncryptionContext:PARAMETER_ARN" } @@ -73,4 +73,3 @@ data "aws_iam_policy_document" "readwrite_policy" { resources = [data.aws_kms_alias.chamber_key.target_key_arn] } } - diff --git a/chamberpolicy/versions.tf b/chamberpolicy/versions.tf index ac97c6ac..241ac05c 100644 --- a/chamberpolicy/versions.tf +++ b/chamberpolicy/versions.tf @@ -1,4 +1,9 @@ terraform { - required_version = ">= 0.12" + required_version = ">= 0.13" + required_providers { + aws = { + source = "hashicorp/aws" + } + } } diff --git a/developerpolicy/versions.tf b/developerpolicy/versions.tf index ac97c6ac..241ac05c 100644 --- a/developerpolicy/versions.tf +++ b/developerpolicy/versions.tf @@ -1,4 +1,9 @@ terraform { - required_version = ">= 0.12" + required_version = ">= 0.13" + required_providers { + aws = { + source = "hashicorp/aws" + } + } } diff --git a/domain/versions.tf b/domain/versions.tf index ac97c6ac..241ac05c 100644 --- a/domain/versions.tf +++ b/domain/versions.tf @@ -1,4 +1,9 @@ terraform { - required_version = ">= 0.12" + required_version = ">= 0.13" + required_providers { + aws = { + source = "hashicorp/aws" + } + } } diff --git a/ecscluster/main.tf b/ecscluster/main.tf index 22d4ed85..2bbc1868 100644 --- a/ecscluster/main.tf +++ b/ecscluster/main.tf @@ -73,8 +73,8 @@ data "aws_iam_policy_document" "developer" { ] resources = ["*"] condition { - test = "ArnEquals" - values = [aws_ecs_cluster.cluster.arn] + test = "ArnEquals" + values = [aws_ecs_cluster.cluster.arn] variable = "ecs:cluster" } } diff --git a/ecscluster/versions.tf b/ecscluster/versions.tf index ac97c6ac..4b821f44 100644 --- a/ecscluster/versions.tf +++ b/ecscluster/versions.tf @@ -1,4 +1,12 @@ terraform { - required_version = ">= 0.12" + required_version = ">= 0.13" + required_providers { + aws = { + source = "hashicorp/aws" + } + template = { + source = "hashicorp/template" + } + } } diff --git a/lambda/main.tf b/lambda/main.tf index 89a73ac3..1e43ff16 100644 --- a/lambda/main.tf +++ b/lambda/main.tf @@ -27,10 +27,10 @@ resource "aws_lambda_function" "default" { } } tags = merge( - var.tags, - { - "Name" = var.name - }, + var.tags, + { + "Name" = var.name + }, ) } @@ -41,10 +41,10 @@ resource "aws_cloudwatch_log_group" "logs" { name = "/aws/lambda/${var.name}" retention_in_days = 30 tags = merge( - var.tags, - { - "Name" = var.name - }, + var.tags, + { + "Name" = var.name + }, ) } @@ -96,7 +96,7 @@ resource "aws_cloudwatch_event_rule" "schedule" { } resource "aws_cloudwatch_event_target" "schedule_target" { - count = length(var.schedule) + count = length(var.schedule) arn = aws_lambda_function.default.arn rule = element(aws_cloudwatch_event_rule.schedule.*.name, count.index) target_id = "${var.name}_${count.index}" @@ -161,8 +161,8 @@ data "aws_iam_policy_document" "developer" { ] resources = ["*"] condition { - test = "ArnLike" - values = [aws_lambda_function.default.arn] + test = "ArnLike" + values = [aws_lambda_function.default.arn] variable = "lambda:FunctionArn" } } diff --git a/lambda/outputs.tf b/lambda/outputs.tf index dfb25c56..bdb174a1 100644 --- a/lambda/outputs.tf +++ b/lambda/outputs.tf @@ -21,4 +21,4 @@ output "function_version" { // Developer IAM policy. output "developer_policies" { value = [data.aws_iam_policy_document.developer.json] -} \ No newline at end of file +} diff --git a/lambda/variables.tf b/lambda/variables.tf index 962aa87c..2e189957 100644 --- a/lambda/variables.tf +++ b/lambda/variables.tf @@ -27,8 +27,8 @@ variable "timeout" { } variable "memory_size" { - type = string - default = 128 + type = string + default = 128 description = "The memory limit for the Lambda Function" } diff --git a/lambda/versions.tf b/lambda/versions.tf index ac97c6ac..241ac05c 100644 --- a/lambda/versions.tf +++ b/lambda/versions.tf @@ -1,4 +1,9 @@ terraform { - required_version = ">= 0.12" + required_version = ">= 0.13" + required_providers { + aws = { + source = "hashicorp/aws" + } + } } diff --git a/pipelines/pipeline/main.tf b/pipelines/pipeline/main.tf index 474a6162..c464bc16 100644 --- a/pipelines/pipeline/main.tf +++ b/pipelines/pipeline/main.tf @@ -1,8 +1,8 @@ data "aws_caller_identity" "current" {} data "aws_region" "current" {} locals { - region = "${coalesce(var.region, data.aws_region.current.name)}" - account_id = "${coalesce(var.account_id, data.aws_caller_identity.current.account_id)}" + region = coalesce(var.region, data.aws_region.current.name) + account_id = coalesce(var.account_id, data.aws_caller_identity.current.account_id) secrets_namespace = "tf/${var.namespace}" } @@ -200,15 +200,15 @@ EOD } resource "aws_cloudwatch_event_target" "build_failure" { - count = length(var.failure_topics) - arn = element(var.failure_topics, count.index) - rule = aws_cloudwatch_event_rule.build_failure.name + count = length(var.failure_topics) + arn = element(var.failure_topics, count.index) + rule = aws_cloudwatch_event_rule.build_failure.name target_id = "${var.name}-to-SNS" input_transformer { input_template = jsonencode("Codebuild job failed for ") input_paths = { "project-name" = "$.detail.project-name" - "build-id" = "$.id" + "build-id" = "$.id" } } } diff --git a/pipelines/pipeline/variables.tf b/pipelines/pipeline/variables.tf index ef49bb3b..bc5b4b8d 100644 --- a/pipelines/pipeline/variables.tf +++ b/pipelines/pipeline/variables.tf @@ -39,26 +39,26 @@ variable "failure_topics" { } variable "region" { - type = "string" + type = string description = "The AWS region to scope access to (defaults to current region)." - default = "" + default = "" } variable "account_id" { - type = "string" + type = string description = "The AWS account ID to scope access to (defaults to current account)." - default = "" + default = "" } variable "plan_policy" { - type = string + type = string description = "The ARN of an AWS IAM policy to use for 'plan' jobs." - default = "arn:aws:iam::aws:policy/ReadOnlyAccess" + default = "arn:aws:iam::aws:policy/ReadOnlyAccess" } variable "apply_policy" { - type = string + type = string description = "The ARN of an AWS IAM policy to use for 'apply' jobs." - default = "arn:aws:iam::aws:policy/AdministratorAccess" + default = "arn:aws:iam::aws:policy/AdministratorAccess" } diff --git a/pipelines/pipeline/versions.tf b/pipelines/pipeline/versions.tf index ac97c6ac..241ac05c 100644 --- a/pipelines/pipeline/versions.tf +++ b/pipelines/pipeline/versions.tf @@ -1,4 +1,9 @@ terraform { - required_version = ">= 0.12" + required_version = ">= 0.13" + required_providers { + aws = { + source = "hashicorp/aws" + } + } } diff --git a/pipelines/roles/versions.tf b/pipelines/roles/versions.tf index ac97c6ac..241ac05c 100644 --- a/pipelines/roles/versions.tf +++ b/pipelines/roles/versions.tf @@ -1,4 +1,9 @@ terraform { - required_version = ">= 0.12" + required_version = ">= 0.13" + required_providers { + aws = { + source = "hashicorp/aws" + } + } } diff --git a/rdsinstance/versions.tf b/rdsinstance/versions.tf index ac97c6ac..241ac05c 100644 --- a/rdsinstance/versions.tf +++ b/rdsinstance/versions.tf @@ -1,4 +1,9 @@ terraform { - required_version = ">= 0.12" + required_version = ">= 0.13" + required_providers { + aws = { + source = "hashicorp/aws" + } + } } diff --git a/slackalerts/versions.tf b/slackalerts/versions.tf index ac97c6ac..241ac05c 100644 --- a/slackalerts/versions.tf +++ b/slackalerts/versions.tf @@ -1,4 +1,9 @@ terraform { - required_version = ">= 0.12" + required_version = ">= 0.13" + required_providers { + aws = { + source = "hashicorp/aws" + } + } } diff --git a/static-site/iam.tf b/static-site/iam.tf index 5758d17b..17b7085e 100644 --- a/static-site/iam.tf +++ b/static-site/iam.tf @@ -26,10 +26,10 @@ data "aws_iam_policy_document" "deployment" { resource "aws_iam_group" "deployment" { count = var.create_deployment_group ? 1 : 0 - name = "${var.name}-deployment" + name = "${var.name}-deployment" } resource "aws_iam_group_policy" "deployment" { - count = var.create_deployment_group ? 1 : 0 - group = "${aws_iam_group.deployment[0].name}" - policy = "${data.aws_iam_policy_document.deployment.json}" + count = var.create_deployment_group ? 1 : 0 + group = aws_iam_group.deployment[0].name + policy = data.aws_iam_policy_document.deployment.json } diff --git a/static-site/main.tf b/static-site/main.tf index 9bb58c4a..0636c0f3 100644 --- a/static-site/main.tf +++ b/static-site/main.tf @@ -1,9 +1,9 @@ locals { domains = [ - for environment in var.environments: - environment.domain + for environment in var.environments : + environment.domain ] - primary_domain = local.domains[0] + primary_domain = local.domains[0] alternate_domains = slice(local.domains, 1, length(local.domains)) } @@ -55,7 +55,7 @@ data "aws_iam_policy_document" "oai_read" { ] principals { - type = "AWS" + type = "AWS" identifiers = [aws_cloudfront_origin_access_identity.edge[statement.key].iam_arn] } } @@ -72,12 +72,12 @@ resource "aws_s3_bucket_policy" "default" { // AWS Certificate Manager // TLS/SSL certificate for the new domain resource "aws_acm_certificate" "default" { - domain_name = local.primary_domain + domain_name = local.primary_domain subject_alternative_names = local.alternate_domains // rely on a DNS entry for validating the certificate validation_method = "DNS" tags = merge(var.tags, { - "Name": var.name + "Name" : var.name }) // Replace certificate that is currently in use lifecycle { @@ -89,7 +89,7 @@ resource "aws_acm_certificate" "default" { // dns record to use for certificate validation // create the DNS entry in th relevant zone resource "aws_route53_record" "verification" { - count = length(local.domains) + count = length(local.domains) name = aws_acm_certificate.default.domain_validation_options[count.index].resource_record_name type = aws_acm_certificate.default.domain_validation_options[count.index].resource_record_type records = [aws_acm_certificate.default.domain_validation_options[count.index].resource_record_value] @@ -107,7 +107,7 @@ resource "aws_acm_certificate_validation" "default" { //// Route 53 //// Add CNAME entry for domain resource "aws_route53_record" "default" { - count = length(var.environments) + count = length(var.environments) zone_id = var.zone_id name = var.environments[count.index].domain type = "CNAME" @@ -118,8 +118,8 @@ resource "aws_route53_record" "default" { // Cloudfront // CDN for the domain resource "aws_cloudfront_distribution" "domain_distribution" { - count = length(var.environments) - comment = "${var.name}:${var.environments[count.index].name}" + count = length(var.environments) + comment = "${var.name}:${var.environments[count.index].name}" wait_for_deployment = false enabled = true default_root_object = var.index_document @@ -145,8 +145,8 @@ resource "aws_cloudfront_distribution" "domain_distribution" { dynamic "custom_error_response" { for_each = var.is_spa ? [1] : [] content { - error_code = 404 - response_code = 200 + error_code = 404 + response_code = 200 response_page_path = "/${var.index_document}" } } @@ -157,14 +157,14 @@ resource "aws_cloudfront_distribution" "domain_distribution" { allowed_methods = var.allowed_methods cached_methods = var.cached_methods target_origin_id = "default" - default_ttl = var.default_ttl + default_ttl = var.default_ttl // There is no backend processing in this case, so we can skip forwarding // things like query string and cookies. CORS headers are forwarded, if // we're using CORS for the site. forwarded_values { query_string = false - headers = var.enable_cors ? ["Origin", "Access-Control-Request-Headers", "Access-Control-Request-Method"] : [] + headers = var.enable_cors ? ["Origin", "Access-Control-Request-Headers", "Access-Control-Request-Method"] : [] cookies { forward = "none" } @@ -173,8 +173,8 @@ resource "aws_cloudfront_distribution" "domain_distribution" { for_each = var.environments[count.index].edge_lambdas content { - event_type = lambda_function_association.value.event_type - lambda_arn = lambda_function_association.value.lambda_arn + event_type = lambda_function_association.value.event_type + lambda_arn = lambda_function_association.value.lambda_arn include_body = coalesce(lambda_function_association.value.include_body, false) } } @@ -204,7 +204,7 @@ resource "aws_cloudfront_distribution" "domain_distribution" { // Create an identity allowing Cloudfront to access the origin. resource "aws_cloudfront_origin_access_identity" "edge" { - count = length(var.environments) + count = length(var.environments) comment = "Cloudfront ID for ${var.name}:${var.environments[count.index].name}" } diff --git a/static-site/variables.tf b/static-site/variables.tf index 59aca9a3..c3e93a25 100644 --- a/static-site/variables.tf +++ b/static-site/variables.tf @@ -8,7 +8,7 @@ variable "name" { } variable "bucket_name" { - type = "string" + type = "string" default = null } @@ -21,11 +21,11 @@ variable "zone_id" { variable "environments" { description = "A set of environment (dev/stage/prod) configurations. List production domain first." type = list(object({ - name = string + name = string domain = string edge_lambdas = list(object({ - event_type = string - lambda_arn = string + event_type = string + lambda_arn = string include_body = string })) })) @@ -33,68 +33,68 @@ variable "environments" { // error document variable "error_document" { - type = string + type = string description = "The error document being used for errors." - default = null + default = null } variable "index_document" { - type = string + type = string description = "The default document (usually index.html)" - default = "index.html" + default = "index.html" } variable "allowed_methods" { - type = list(string) + type = list(string) description = "A list of HTTP methods that are allowed." - default = ["GET", "HEAD", "OPTIONS"] + default = ["GET", "HEAD", "OPTIONS"] } variable "cached_methods" { - type = list(string) + type = list(string) description = "A list of HTTP methods that can be cached." - default = ["GET", "HEAD", "OPTIONS"] + default = ["GET", "HEAD", "OPTIONS"] } variable "default_ttl" { - type = string + type = string description = "The cache TTL that will be used if no Cache-Control headers are present." - default = 3600 + default = 3600 } variable "enable_cors" { - type = string + type = string default = false } variable "cors_allowed_methods" { - type = list(string) + type = list(string) default = ["GET", "HEAD"] } variable "cors_allowed_headers" { - type = list(string) + type = list(string) default = ["*"] } variable "cors_allowed_origins" { - type = list(string) + type = list(string) default = ["*"] } variable "is_spa" { - type = string + type = string description = "A boolean indicating whether the site is a single page app. If it is, the index document will be used instead of a 404 response." - default = false + default = false } variable "create_deployment_group" { - type = string + type = string description = "A boolean indicating whether to create the IAM group for static site deployment." - default = true + default = true } variable "tags" { - type = map(string) + type = map(string) default = {} } diff --git a/static-site/versions.tf b/static-site/versions.tf index ac97c6ac..241ac05c 100644 --- a/static-site/versions.tf +++ b/static-site/versions.tf @@ -1,4 +1,9 @@ terraform { - required_version = ">= 0.12" + required_version = ">= 0.13" + required_providers { + aws = { + source = "hashicorp/aws" + } + } } diff --git a/vpcread/versions.tf b/vpcread/versions.tf index ac97c6ac..241ac05c 100644 --- a/vpcread/versions.tf +++ b/vpcread/versions.tf @@ -1,4 +1,9 @@ terraform { - required_version = ">= 0.12" + required_version = ">= 0.13" + required_providers { + aws = { + source = "hashicorp/aws" + } + } }