diff --git a/README.md b/README.md
index eef52276..78a09e0a 100644
--- a/README.md
+++ b/README.md
@@ -409,7 +409,6 @@ Available targets:
| [spot\_max\_price](#input\_spot\_max\_price) | The maximum price per unit hour, in US$, that you're willing to pay for a Spot Instance. This option is relevant only when enable\_spot\_instances is true. Valid values are between 0.001 and 20.0 | `number` | `-1` | no |
| [ssh\_listener\_enabled](#input\_ssh\_listener\_enabled) | Enable SSH port | `bool` | `false` | no |
| [ssh\_listener\_port](#input\_ssh\_listener\_port) | SSH port | `number` | `22` | no |
-| [ssh\_source\_restriction](#input\_ssh\_source\_restriction) | Used to lock down SSH access to the EC2 instances | `string` | `"0.0.0.0/0"` | no |
| [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
| [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |
| [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no |
diff --git a/docs/terraform.md b/docs/terraform.md
index 7a8a71a8..5c41206e 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -164,7 +164,6 @@
| [spot\_max\_price](#input\_spot\_max\_price) | The maximum price per unit hour, in US$, that you're willing to pay for a Spot Instance. This option is relevant only when enable\_spot\_instances is true. Valid values are between 0.001 and 20.0 | `number` | `-1` | no |
| [ssh\_listener\_enabled](#input\_ssh\_listener\_enabled) | Enable SSH port | `bool` | `false` | no |
| [ssh\_listener\_port](#input\_ssh\_listener\_port) | SSH port | `number` | `22` | no |
-| [ssh\_source\_restriction](#input\_ssh\_source\_restriction) | Used to lock down SSH access to the EC2 instances | `string` | `"0.0.0.0/0"` | no |
| [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
| [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |
| [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no |
diff --git a/examples/shared-alb/variables.tf b/examples/shared-alb/variables.tf
index 19c10a05..3a947fc3 100644
--- a/examples/shared-alb/variables.tf
+++ b/examples/shared-alb/variables.tf
@@ -29,12 +29,6 @@ variable "loadbalancer_is_shared" {
description = "Flag to create a shared application loadbalancer. Only when loadbalancer_type = \"application\" https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/environments-cfg-alb-shared.html"
}
-variable "shared_loadbalancer_arn" {
- type = string
- default = ""
- description = "ARN of the shared application load balancer. Only when loadbalancer_type = \"application\"."
-}
-
variable "dns_zone_id" {
type = string
description = "Route53 parent zone ID. The module will create sub-domain DNS record in the parent zone for the EB environment"
diff --git a/main.tf b/main.tf
index 6f39d728..f9beee3e 100755
--- a/main.tf
+++ b/main.tf
@@ -1,6 +1,6 @@
locals {
enabled = module.this.enabled
- partition = join("", data.aws_partition.current.*.partition)
+ partition = join("", data.aws_partition.current[*].partition)
}
data "aws_partition" "current" {
@@ -31,21 +31,21 @@ resource "aws_iam_role" "service" {
count = local.enabled ? 1 : 0
name = "${module.this.id}-eb-service"
- assume_role_policy = join("", data.aws_iam_policy_document.service.*.json)
+ assume_role_policy = join("", data.aws_iam_policy_document.service[*].json)
tags = module.this.tags
}
resource "aws_iam_role_policy_attachment" "enhanced_health" {
count = local.enabled && var.enhanced_reporting_enabled ? 1 : 0
- role = join("", aws_iam_role.service.*.name)
+ role = join("", aws_iam_role.service[*].name)
policy_arn = "arn:${local.partition}:iam::aws:policy/service-role/AWSElasticBeanstalkEnhancedHealth"
}
resource "aws_iam_role_policy_attachment" "service" {
count = local.enabled ? 1 : 0
- role = join("", aws_iam_role.service.*.name)
+ role = join("", aws_iam_role.service[*].name)
policy_arn = var.prefer_legacy_service_policy ? "arn:${local.partition}:iam::aws:policy/service-role/AWSElasticBeanstalkService" : "arn:${local.partition}:iam::aws:policy/AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy"
}
@@ -89,7 +89,7 @@ data "aws_iam_policy_document" "ec2" {
resource "aws_iam_role_policy_attachment" "elastic_beanstalk_multi_container_docker" {
count = local.enabled ? 1 : 0
- role = join("", aws_iam_role.ec2.*.name)
+ role = join("", aws_iam_role.ec2[*].name)
policy_arn = "arn:${local.partition}:iam::aws:policy/AWSElasticBeanstalkMulticontainerDocker"
}
@@ -97,7 +97,7 @@ resource "aws_iam_role" "ec2" {
count = local.enabled ? 1 : 0
name = "${module.this.id}-eb-ec2"
- assume_role_policy = join("", data.aws_iam_policy_document.ec2.*.json)
+ assume_role_policy = join("", data.aws_iam_policy_document.ec2[*].json)
tags = module.this.tags
}
@@ -105,28 +105,28 @@ resource "aws_iam_role_policy" "default" {
count = local.enabled ? 1 : 0
name = "${module.this.id}-eb-default"
- role = join("", aws_iam_role.ec2.*.id)
- policy = join("", data.aws_iam_policy_document.extended.*.json)
+ role = join("", aws_iam_role.ec2[*].id)
+ policy = join("", data.aws_iam_policy_document.extended[*].json)
}
resource "aws_iam_role_policy_attachment" "web_tier" {
count = local.enabled ? 1 : 0
- role = join("", aws_iam_role.ec2.*.name)
+ role = join("", aws_iam_role.ec2[*].name)
policy_arn = "arn:${local.partition}:iam::aws:policy/AWSElasticBeanstalkWebTier"
}
resource "aws_iam_role_policy_attachment" "worker_tier" {
count = local.enabled ? 1 : 0
- role = join("", aws_iam_role.ec2.*.name)
+ role = join("", aws_iam_role.ec2[*].name)
policy_arn = "arn:${local.partition}:iam::aws:policy/AWSElasticBeanstalkWorkerTier"
}
resource "aws_iam_role_policy_attachment" "ssm_ec2" {
count = local.enabled ? 1 : 0
- role = join("", aws_iam_role.ec2.*.name)
+ role = join("", aws_iam_role.ec2[*].name)
policy_arn = var.prefer_legacy_ssm_policy ? "arn:${local.partition}:iam::aws:policy/service-role/AmazonEC2RoleforSSM" : "arn:${local.partition}:iam::aws:policy/AmazonSSMManagedInstanceCore"
lifecycle {
@@ -137,7 +137,7 @@ resource "aws_iam_role_policy_attachment" "ssm_ec2" {
resource "aws_iam_role_policy_attachment" "ssm_automation" {
count = local.enabled ? 1 : 0
- role = join("", aws_iam_role.ec2.*.name)
+ role = join("", aws_iam_role.ec2[*].name)
policy_arn = "arn:${local.partition}:iam::aws:policy/service-role/AmazonSSMAutomationRole"
lifecycle {
@@ -150,7 +150,7 @@ resource "aws_iam_role_policy_attachment" "ssm_automation" {
resource "aws_iam_role_policy_attachment" "ecr_readonly" {
count = local.enabled ? 1 : 0
- role = join("", aws_iam_role.ec2.*.name)
+ role = join("", aws_iam_role.ec2[*].name)
policy_arn = "arn:${local.partition}:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
}
@@ -158,7 +158,7 @@ resource "aws_ssm_activation" "ec2" {
count = local.enabled ? 1 : 0
name = module.this.id
- iam_role = join("", aws_iam_role.ec2.*.id)
+ iam_role = join("", aws_iam_role.ec2[*].id)
registration_limit = var.autoscale_max
tags = module.this.tags
depends_on = [aws_elastic_beanstalk_environment.default]
@@ -289,8 +289,8 @@ data "aws_iam_policy_document" "default" {
]
resources = [
- join("", aws_iam_role.ec2.*.arn),
- join("", aws_iam_role.service.*.arn)
+ join("", aws_iam_role.ec2[*].arn),
+ join("", aws_iam_role.service[*].arn)
]
effect = "Allow"
@@ -346,7 +346,7 @@ data "aws_iam_policy_document" "default" {
data "aws_iam_policy_document" "extended" {
count = local.enabled ? 1 : 0
- source_json = join("", data.aws_iam_policy_document.default.*.json)
+ source_json = join("", data.aws_iam_policy_document.default[*].json)
override_policy_documents = [var.extended_ec2_policy_document]
}
@@ -354,7 +354,7 @@ resource "aws_iam_instance_profile" "ec2" {
count = local.enabled ? 1 : 0
name = "${module.this.id}-eb-ec2"
- role = join("", aws_iam_role.ec2.*.name)
+ role = join("", aws_iam_role.ec2[*].name)
tags = module.this.tags
}
@@ -469,7 +469,7 @@ locals {
{
namespace = "aws:elbv2:loadbalancer"
name = "AccessLogsS3Bucket"
- value = !var.loadbalancer_is_shared ? join("", sort(aws_s3_bucket.elb_logs.*.id)) : ""
+ value = !var.loadbalancer_is_shared ? join("", sort(aws_s3_bucket.elb_logs[*].id)) : ""
},
{
namespace = "aws:elbv2:loadbalancer"
@@ -650,7 +650,7 @@ resource "aws_elastic_beanstalk_environment" "default" {
setting {
namespace = "aws:autoscaling:launchconfiguration"
name = "IamInstanceProfile"
- value = join("", aws_iam_instance_profile.ec2.*.name)
+ value = join("", aws_iam_instance_profile.ec2[*].name)
resource = ""
}
@@ -671,7 +671,7 @@ resource "aws_elastic_beanstalk_environment" "default" {
setting {
namespace = "aws:elasticbeanstalk:environment"
name = "ServiceRole"
- value = join("", aws_iam_role.service.*.name)
+ value = join("", aws_iam_role.service[*].name)
resource = ""
}
@@ -1111,7 +1111,7 @@ data "aws_iam_policy_document" "elb_logs" {
principals {
type = "AWS"
- identifiers = [join("", data.aws_elb_service_account.main.*.arn)]
+ identifiers = [join("", data.aws_elb_service_account.main[*].arn)]
}
effect = "Allow"
@@ -1130,7 +1130,7 @@ resource "aws_s3_bucket" "elb_logs" {
bucket = "${module.this.id}-eb-loadbalancer-logs"
acl = "private"
force_destroy = var.force_destroy
- policy = join("", data.aws_iam_policy_document.elb_logs.*.json)
+ policy = join("", data.aws_iam_policy_document.elb_logs[*].json)
tags = module.this.tags
dynamic "server_side_encryption_configuration" {
@@ -1166,20 +1166,20 @@ module "dns_hostname" {
dns_name = var.dns_subdomain != "" ? var.dns_subdomain : module.this.name
zone_id = var.dns_zone_id
- records = [join("", aws_elastic_beanstalk_environment.default.*.cname)]
+ records = [join("", aws_elastic_beanstalk_environment.default[*].cname)]
context = module.this.context
}
data "aws_lb_listener" "http" {
count = local.enabled && var.loadbalancer_redirect_http_to_https ? 1 : 0
- load_balancer_arn = var.loadbalancer_is_shared ? var.shared_loadbalancer_arn : one(aws_elastic_beanstalk_environment.default.0.load_balancers)
+ load_balancer_arn = var.loadbalancer_is_shared ? var.shared_loadbalancer_arn : one(aws_elastic_beanstalk_environment.default[0].load_balancers)
port = var.application_port
}
resource "aws_lb_listener_rule" "redirect_http_to_https" {
count = local.enabled && var.loadbalancer_redirect_http_to_https ? 1 : 0
- listener_arn = one(data.aws_lb_listener.http.*.arn)
+ listener_arn = one(data.aws_lb_listener.http[*].arn)
priority = var.loadbalancer_redirect_http_to_https_priority
condition {
diff --git a/outputs.tf b/outputs.tf
index 7deb453f..a4478b97 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -4,12 +4,12 @@ output "hostname" {
}
output "id" {
- value = join("", aws_elastic_beanstalk_environment.default.*.id)
+ value = join("", aws_elastic_beanstalk_environment.default[*].id)
description = "ID of the Elastic Beanstalk environment"
}
output "name" {
- value = join("", aws_elastic_beanstalk_environment.default.*.name)
+ value = join("", aws_elastic_beanstalk_environment.default[*].name)
description = "Name of the Elastic Beanstalk environment"
}
@@ -34,61 +34,61 @@ output "elb_zone_id" {
}
output "ec2_instance_profile_role_name" {
- value = join("", aws_iam_role.ec2.*.name)
+ value = join("", aws_iam_role.ec2[*].name)
description = "Instance IAM role name"
}
output "tier" {
- value = join("", aws_elastic_beanstalk_environment.default.*.tier)
+ value = join("", aws_elastic_beanstalk_environment.default[*].tier)
description = "The environment tier"
}
output "application" {
- value = join("", aws_elastic_beanstalk_environment.default.*.application)
+ value = join("", aws_elastic_beanstalk_environment.default[*].application)
description = "The Elastic Beanstalk Application for this environment"
}
output "setting" {
- value = try(aws_elastic_beanstalk_environment.default.0.setting, [])
+ value = try(aws_elastic_beanstalk_environment.default[0].setting, [])
description = "Settings specifically set for this environment"
}
output "all_settings" {
- value = try(aws_elastic_beanstalk_environment.default.0.all_settings, [])
+ value = try(aws_elastic_beanstalk_environment.default[0].all_settings, [])
description = "List of all option settings configured in the environment. These are a combination of default settings and their overrides from setting in the configuration"
}
output "endpoint" {
- value = join("", aws_elastic_beanstalk_environment.default.*.cname)
+ value = join("", aws_elastic_beanstalk_environment.default[*].cname)
description = "Fully qualified DNS name for the environment"
}
output "autoscaling_groups" {
- value = try(aws_elastic_beanstalk_environment.default.0.autoscaling_groups, [])
+ value = try(aws_elastic_beanstalk_environment.default[0].autoscaling_groups, [])
description = "The autoscaling groups used by this environment"
}
output "instances" {
- value = try(aws_elastic_beanstalk_environment.default.*.instances, [])
+ value = try(aws_elastic_beanstalk_environment.default[*].instances, [])
description = "Instances used by this environment"
}
output "launch_configurations" {
- value = try(aws_elastic_beanstalk_environment.default.*.launch_configurations, [])
+ value = try(aws_elastic_beanstalk_environment.default[*].launch_configurations, [])
description = "Launch configurations in use by this environment"
}
output "load_balancers" {
- value = try(aws_elastic_beanstalk_environment.default.0.load_balancers, [])
+ value = try(aws_elastic_beanstalk_environment.default[0].load_balancers, [])
description = "Elastic Load Balancers in use by this environment"
}
output "queues" {
- value = try(aws_elastic_beanstalk_environment.default.*.queues, [])
+ value = try(aws_elastic_beanstalk_environment.default[*].queues, [])
description = "SQS queues in use by this environment"
}
output "triggers" {
- value = try(aws_elastic_beanstalk_environment.default.*.triggers, [])
+ value = try(aws_elastic_beanstalk_environment.default[*].triggers, [])
description = "Autoscaling triggers in use by this environment"
}
diff --git a/variables.tf b/variables.tf
index 3129b99f..7790d719 100755
--- a/variables.tf
+++ b/variables.tf
@@ -371,12 +371,6 @@ variable "elb_scheme" {
description = "Specify `internal` if you want to create an internal load balancer in your Amazon VPC so that your Elastic Beanstalk application cannot be accessed from outside your Amazon VPC"
}
-variable "ssh_source_restriction" {
- type = string
- default = "0.0.0.0/0"
- description = "Used to lock down SSH access to the EC2 instances"
-}
-
variable "ssh_listener_enabled" {
type = bool
default = false