Merge pull request #18 from pablo19sc/main

Remove awscc requirement

README.md

@@ -358,7 +358,6 @@ Each Spoke VPC segment created is independent between each other, meaning that i
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.73.0 |
-| <a name="requirement_awscc"></a> [awscc](#requirement\_awscc) | >= 0.15.0 |
 
 ## Providers
 
@@ -371,7 +370,7 @@ Each Spoke VPC segment created is independent between each other, meaning that i
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_aws_network_firewall"></a> [aws\_network\_firewall](#module\_aws\_network\_firewall) | aws-ia/networkfirewall/aws | = 0.0.2 |
-| <a name="module_central_vpcs"></a> [central\_vpcs](#module\_central\_vpcs) | aws-ia/vpc/aws | = 3.0.1 |
+| <a name="module_central_vpcs"></a> [central\_vpcs](#module\_central\_vpcs) | aws-ia/vpc/aws | = 4.0.0 |
 
 ## Resources
 

UPGRADE-GUIDE-3.0.md

@@ -0,0 +1,50 @@
+# Upgrade from version 2 to version 3
+
+This module is being upgraded to center all its resources on a single provider. Previously we used the awscc provider for various exploration reasons. However, as the module's usage grows, we wish to place more emphasis on customer experience and using a single provider is more seamless. Unfortunately, replacing the awscc resources requires state manipulation which is detailed below.
+
+## Preparation for upgrade
+
+1. create a backup of your `tfstate` file. You will have to adjust your backup mechanism to your specific situation. 1 example of backup: `tf state pull | tee tfstateV3.bak`
+1. create a file of resources that require modification: `terraform state list | grep -e awscc | tee resources_to_replace.txt`
+
+## Upgrade procedure
+
+Switching resource types is not possible via the native `moved {}` block. For new resources types we must remove and import back the statefile.
+
+### Overview
+
+1. relocate any `var.tags` entries to [default_tags](https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider)
+1. swap `awscc_ec2_route_table` for `aws_route_table` resource via `terraform state` commands
+1. swap `awscc_ec2_subnet_route_table_association` for `aws_route_table_association` resource via `terraform state` commands
+1. Verify no unintended changes via `terraform plan`
+
+You can always fallback to prior state using the backup you created.
+
+### route_table
+
+For each `awscc_ec2_route_table` type, run the following 3 commands, replacing the relevant parts for command 3
+
+1. Show state values: `terraform state show 'module.vpc.awscc_ec2_route_table.private["private/us-east-1a"]'`
+1. Remove from state: `terraform state rm 'module.vpc.awscc_ec2_route_table.private["private/us-east-1a"]'`
+1. Import as `aws` resource: `terraform import 'module.vpc.aws_route_table.private["private/us-east-1a"]' rtb-0b9b71f291529d9fe`
+
+For command 3 you need to use the ID outputted from command 1 and you need to change `awscc_ec2_route_table` to `aws_route_table`.
+
+### route_table_association
+
+For each `awscc_ec2_subnet_route_table_association` type, run the following 3 commands, replacing the relevant parts for command 3
+
+1. Show state values:
+```
+terraform state show 'module.vpc.awscc_ec2_subnet_route_table_association.private["private/us-east-1a"]'
+resource "awscc_ec2_subnet_route_table_association" "private" {
+ id = "rtbassoc-0c65299161472413c"
+ route_table_id = "rtb-0b9b71f291529d9fe"
+ subnet_id = "subnet-0e1c7e5f9d727fdc1"
+}
+```
+2. Remove from state: `terraform state rm 'module.vpc.awscc_ec2_subnet_route_table_association.private["private/us-east-1a"]'`
+
+3. Import as `aws` resource: `terraform import 'module.vpc.aws_route_table_association.private["private/us-east-1a"]' subnet-0e1c7e5f9d727fdc1/rtb-0b9b71f291529d9fe`
+
+For command 3 you need to use the IDs outputted (format is `subnet_id`/`route_table_id`) from command 1 and you need to change `awscc_ec2_route_table` to `aws_route_table`.

examples/central_egress_ingress/.header.md

@@ -3,7 +3,7 @@
 This example builds a central Ingress and Egress VPCs. The following resources are built:
 
 - Built by the **Hub and Spoke module**:
- - AWS Transit Gateway Route Tables: 1 Ingress, 1 Egress, 1 Spokes (production).
+ - AWS Transit Gateway Route Tables: 1 Ingress, 1 Egress, 1 Spokes.
  - Transit Gateway routes.
  - Ingress and Egress VPC.
 - Built outside the module:

examples/central_egress_ingress/README.md

@@ -4,7 +4,7 @@
 This example builds a central Ingress and Egress VPCs. The following resources are built:
 
 - Built by the **Hub and Spoke module**:
- - AWS Transit Gateway Route Tables: 1 Ingress, 1 Egress, 1 Spokes (production).
+ - AWS Transit Gateway Route Tables: 1 Ingress, 1 Egress, 1 Spokes.
  - Transit Gateway routes.
  - Ingress and Egress VPC.
 - Built outside the module:
@@ -22,7 +22,6 @@ This example builds a central Ingress and Egress VPCs. The following resources a
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.73.0 |
-| <a name="requirement_awscc"></a> [awscc](#requirement\_awscc) | >= 0.15.0 |
 
 ## Providers
 
@@ -34,8 +33,8 @@ This example builds a central Ingress and Egress VPCs. The following resources a
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_hub-and-spoke"></a> [hub-and-spoke](#module\_hub-and-spoke) | aws-ia/network-hubandspoke | 2.0.0 |
-| <a name="module_spoke_vpcs"></a> [spoke\_vpcs](#module\_spoke\_vpcs) | aws-ia/vpc/aws | 3.1.0 |
+| <a name="module_hub-and-spoke"></a> [hub-and-spoke](#module\_hub-and-spoke) | aws-ia/network-hubandspoke/aws | 3.0.0 |
+| <a name="module_spoke_vpcs"></a> [spoke\_vpcs](#module\_spoke\_vpcs) | aws-ia/vpc/aws | 4.0.0 |
 
 ## Resources
 

examples/central_egress_ingress/main.tf

@@ -18,8 +18,8 @@ resource "aws_ec2_transit_gateway" "tgw" {
 
 # Hub and Spoke module - we only centralize the Egress and Ingress traffic
 module "hub-and-spoke" {
- source = "aws-ia/network-hubandspoke"
- version = "2.0.0"
+ source = "aws-ia/network-hubandspoke/aws"
+ version = "3.0.0"
 
  identifier = var.identifier
  transit_gateway_id = aws_ec2_transit_gateway.tgw.id
@@ -75,7 +75,7 @@ resource "aws_ec2_managed_prefix_list" "network_prefix_list" {
 module "spoke_vpcs" {
  for_each = var.spoke_vpcs
  source = "aws-ia/vpc/aws"
- version = "3.1.0"
+ version = "4.0.0"
 
  name = each.key
  cidr_block = each.value.cidr_block

examples/central_egress_ingress/providers.tf

@@ -10,10 +10,6 @@ terraform {
  source = "hashicorp/aws"
  version = ">= 3.73.0"
  }
- awscc = {
- source = "hashicorp/awscc"
- version = ">= 0.15.0"
- }
  }
 }
 
@@ -28,8 +24,4 @@ provider "aws" {
  Region = var.aws_region
  }
  }
-}
-
-provider "awscc" {
- region = var.aws_region
 }

examples/central_inspection/README.md

@@ -23,7 +23,6 @@ This example centralizes the traffic inspection and egress traffic within the sa
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.73.0 |
-| <a name="requirement_awscc"></a> [awscc](#requirement\_awscc) | >= 0.15.0 |
 
 ## Providers
 
@@ -35,8 +34,8 @@ This example centralizes the traffic inspection and egress traffic within the sa
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_hub-and-spoke"></a> [hub-and-spoke](#module\_hub-and-spoke) | aws-ia/network-hubandspoke | 2.0.0 |
-| <a name="module_spoke_vpcs"></a> [spoke\_vpcs](#module\_spoke\_vpcs) | aws-ia/vpc/aws | 3.1.0 |
+| <a name="module_hub-and-spoke"></a> [hub-and-spoke](#module\_hub-and-spoke) | aws-ia/network-hubandspoke/aws | 3.0.0 |
+| <a name="module_spoke_vpcs"></a> [spoke\_vpcs](#module\_spoke\_vpcs) | aws-ia/vpc/aws | 4.0.0 |
 
 ## Resources
 

examples/central_inspection/main.tf

@@ -5,8 +5,8 @@
 
 # Hub and Spoke module - we only centralize the Inspection
 module "hub-and-spoke" {
- source = "aws-ia/network-hubandspoke"
- version = "2.0.0"
+ source = "aws-ia/network-hubandspoke/aws"
+ version = "3.0.0"
 
  identifier = var.identifier
  transit_gateway_attributes = {
@@ -55,7 +55,7 @@ module "hub-and-spoke" {
 module "spoke_vpcs" {
  for_each = var.spoke_vpcs
  source = "aws-ia/vpc/aws"
- version = "3.1.0"
+ version = "4.0.0"
 
  name = each.key
  cidr_block = each.value.cidr_block

examples/central_inspection/providers.tf

@@ -10,10 +10,6 @@ terraform {
  source = "hashicorp/aws"
  version = ">= 3.73.0"
  }
- awscc = {
- source = "hashicorp/awscc"
- version = ">= 0.15.0"
- }
  }
 }
 
@@ -28,8 +24,4 @@ provider "aws" {
  Region = var.aws_region
  }
  }
-}
-
-provider "awscc" {
- region = var.aws_region
 }

examples/central_shared_services/README.md

@@ -21,7 +21,6 @@ This example centralizes VPC endpoints with a central Shared Services VPC. The f
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.73.0 |
-| <a name="requirement_awscc"></a> [awscc](#requirement\_awscc) | >= 0.15.0 |
 
 ## Providers
 
@@ -33,8 +32,8 @@ This example centralizes VPC endpoints with a central Shared Services VPC. The f
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_hub-and-spoke"></a> [hub-and-spoke](#module\_hub-and-spoke) | ../.. | n/a |
-| <a name="module_spoke_vpcs"></a> [spoke\_vpcs](#module\_spoke\_vpcs) | aws-ia/vpc/aws | 3.1.0 |
+| <a name="module_hub-and-spoke"></a> [hub-and-spoke](#module\_hub-and-spoke) | aws-ia/network-hubandspoke/aws | 3.0.0 |
+| <a name="module_spoke_vpcs"></a> [spoke\_vpcs](#module\_spoke\_vpcs) | aws-ia/vpc/aws | 4.0.0 |
 
 ## Resources
 

examples/central_shared_services/main.tf

@@ -18,9 +18,8 @@ resource "aws_ec2_transit_gateway" "tgw" {
 
 # Hub and Spoke module - we only centralize the Shared Services and Hybrid DNS VPCs
 module "hub-and-spoke" {
- source = "../.."
- #source = "aws-ia/network-hubandspoke"
- #version = "2.0.0"
+ source = "aws-ia/network-hubandspoke/aws"
+ version = "3.0.0"
 
  identifier = var.identifier
  transit_gateway_id = aws_ec2_transit_gateway.tgw.id
@@ -56,7 +55,7 @@ module "hub-and-spoke" {
 module "spoke_vpcs" {
  for_each = var.spoke_vpcs
  source = "aws-ia/vpc/aws"
- version = "3.1.0"
+ version = "4.0.0"
 
  name = each.key
  cidr_block = each.value.cidr_block

examples/central_shared_services/providers.tf

@@ -10,10 +10,6 @@ terraform {
  source = "hashicorp/aws"
  version = ">= 3.73.0"
  }
- awscc = {
- source = "hashicorp/awscc"
- version = ">= 0.15.0"
- }
  }
 }
 
@@ -28,8 +24,4 @@ provider "aws" {
  Region = var.aws_region
  }
  }
-}
-
-provider "awscc" {
- region = var.aws_region
 }

main.tf

@@ -27,7 +27,7 @@ module "central_vpcs" {
  for_each = var.central_vpcs
 
  source = "aws-ia/vpc/aws"
- version = "= 3.0.1"
+ version = "= 4.0.0"
 
  name = try(each.value.name, each.key)
  vpc_id = try(each.value.vpc_id, null)

providers.tf

@@ -10,9 +10,5 @@ terraform {
  source = "hashicorp/aws"
  version = ">= 3.73.0"
  }
- awscc = {
- source = "hashicorp/awscc"
- version = ">= 0.15.0"
- }
  }
 }