diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
new file mode 100644
index 0000000..ff7d648
--- /dev/null
+++ b/.github/workflows/test.yaml
@@ -0,0 +1,57 @@
+---
+###############
+## Run tests ##
+###############
+
+#
+# Documentation:
+# https://help.github.com/en/articles/workflow-syntax-for-github-actions
+#
+
+name: Test
+on:
+ pull_request:
+ push:
+ branches: [ main ]
+
+##########################
+# Prevent duplicate jobs #
+##########################
+concurrency:
+ group: ${{ github.repository }}
+ cancel-in-progress: false
+
+permissions:
+ id-token: write
+ contents: read
+
+###############
+# Run the job #
+###############
+jobs:
+ terraform-test:
+ name: Terraform Test
+ runs-on: ubuntu-latest
+ steps:
+ ############################
+ # Checkout the source code #
+ ############################
+ - name: Checkout
+ uses: actions/checkout@v3
+
+ #############################
+ # Configure AWS credentials #
+ #############################
+ - name: Configure AWS credentials
+ uses: aws-actions/configure-aws-credentials@v2
+ with:
+ role-to-assume: arn:aws:iam::${{ vars.AWS_TESTING_ACCOUNT_ID }}:role/${{ vars.AWS_TESTING_ROLE }}
+ aws-region: ${{ vars.AWS_TESTING_REGION }}
+ mask-aws-account-id: false
+
+ #############
+ # Run tests #
+ #############
+ - name: Run Tests
+ timeout-minutes: 30
+ run: terraform init && terraform test
diff --git a/.tflint.hcl b/.tflint.hcl
index db94b46..10b40d6 100644
--- a/.tflint.hcl
+++ b/.tflint.hcl
@@ -5,6 +5,6 @@ plugin "terraform" {
plugin "aws" {
enabled = true
- version = "0.18.0"
+ version = "0.30.0"
source = "github.com/terraform-linters/tflint-ruleset-aws"
}
diff --git a/README.md b/README.md
index 1fadcfe..5ea5ff6 100644
--- a/README.md
+++ b/README.md
@@ -61,7 +61,8 @@ Comment in these badges if they apply to the repository.
| [provisioned\_throughput\_in\_mibps](#input\_provisioned\_throughput\_in\_mibps) | The throughput, measured in MiB/s, that you want to provision for the file system. | `number` | `0` | no |
| [security\_groups](#input\_security\_groups) | A list of security group IDs to associate with the file system. | `list(string)` | n/a | yes |
| [tags](#input\_tags) | A mapping of tags to assign to all resources. | `map(string)` | `{}` | no |
-| [throughput\_mode](#input\_throughput\_mode) | Throughput mode for the file system. Defaults to bursting. | `string` | `"bursting"` | no |
+| [throughput\_mode](#input\_throughput\_mode) | Throughput mode for the file system. Valid values: `bursting`, `provisioned`, or `elastic`. | `string` | `"elastic"` | no |
+| [transition\_to\_archive](#input\_transition\_to\_archive) | Indicates how long it takes to transition files to the archive storage class. Accepted values AFTER\_7\_DAYS, AFTER\_14\_DAYS, AFTER\_30\_DAYS, AFTER\_60\_DAYS, AFTER\_90\_DAYS. | `string` | `"AFTER_90_DAYS"` | no |
| [transition\_to\_ia](#input\_transition\_to\_ia) | Indicates how long it takes to transition files to the IA storage class. Accepted values AFTER\_7\_DAYS, AFTER\_14\_DAYS, AFTER\_30\_DAYS, AFTER\_60\_DAYS, AFTER\_90\_DAYS. | `string` | `"AFTER_30_DAYS"` | no |
| [transition\_to\_primary\_storage\_class](#input\_transition\_to\_primary\_storage\_class) | Describes the policy used to transition a file from infequent access storage to primary storage. Only AFTER\_1\_ACCESS is accepted | `string` | `"AFTER_1_ACCESS"` | no |
@@ -82,15 +83,15 @@ Comment in these badges if they apply to the repository.
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 4.36 |
+| [aws](#provider\_aws) | >= 5.35 |
| [random](#provider\_random) | >= 3.4 |
## Resources
-- resource.aws_efs_access_point.main (main.tf#44)
+- resource.aws_efs_access_point.main (main.tf#48)
- resource.aws_efs_file_system.main (main.tf#3)
-- resource.aws_efs_file_system_policy.main (main.tf#37)
-- resource.aws_efs_mount_target.main (main.tf#28)
+- resource.aws_efs_file_system_policy.main (main.tf#41)
+- resource.aws_efs_mount_target.main (main.tf#32)
- resource.random_uuid.main (main.tf#1)
- data source.aws_iam_policy_document.main (data.tf#1)
diff --git a/main.tf b/main.tf
index 54dc61a..1d516eb 100644
--- a/main.tf
+++ b/main.tf
@@ -16,6 +16,10 @@ resource "aws_efs_file_system" "main" {
transition_to_ia = var.transition_to_ia
}
+ lifecycle_policy {
+ transition_to_archive = var.transition_to_archive
+ }
+
lifecycle_policy {
transition_to_primary_storage_class = var.transition_to_primary_storage_class
}
diff --git a/test/.gitignore b/test/.gitignore
deleted file mode 100644
index e69de29..0000000
diff --git a/tests/basic.tftest.hcl b/tests/basic.tftest.hcl
new file mode 100644
index 0000000..1b4f98a
--- /dev/null
+++ b/tests/basic.tftest.hcl
@@ -0,0 +1,52 @@
+run "setup" {
+ module {
+ source = "./tests/network"
+ }
+}
+
+run "basic_efs" {
+ variables {
+ name = "basic-efs-test"
+
+ private_subnets = run.setup.subnet_ids
+ security_groups = [run.setup.security_group_id]
+
+ throughput_mode = "elastic"
+ transition_to_ia = "AFTER_7_DAYS"
+ transition_to_archive = "AFTER_14_DAYS"
+
+ access_points = {
+ for dir in ["private", "public"] : dir => {
+ posix_user = {
+ gid = 1000
+ uid = 1000
+ }
+
+ root_directory = {
+ path = "/${dir}"
+
+ creation_info = {
+ owner_gid = 1000
+ owner_uid = 1000
+ permissions = "0755"
+ }
+ }
+ }
+ }
+
+ tags = {
+ SomeTag = "foo"
+ AnotherTag = "bar"
+ }
+ }
+
+ assert {
+ condition = length(output.arn) >= 0
+ error_message = "Expected EFS to be created."
+ }
+
+ assert {
+ condition = length(output.access_point_ids) == 2
+ error_message = "Expected EFS to have 2 access points."
+ }
+}
diff --git a/tests/network/main.tf b/tests/network/main.tf
new file mode 100644
index 0000000..27b9a8f
--- /dev/null
+++ b/tests/network/main.tf
@@ -0,0 +1,12 @@
+data "aws_availability_zones" "available" {}
+
+resource "aws_default_vpc" "default" {}
+
+resource "aws_default_security_group" "default" {
+ vpc_id = aws_default_vpc.default.id
+}
+
+data "aws_subnet" "default" {
+ availability_zone = data.aws_availability_zones.available.names[0]
+ default_for_az = true
+}
diff --git a/tests/network/output.tf b/tests/network/output.tf
new file mode 100644
index 0000000..3b89d30
--- /dev/null
+++ b/tests/network/output.tf
@@ -0,0 +1,11 @@
+output "vpc_id" {
+ value = aws_default_vpc.default.id
+}
+
+output "security_group_id" {
+ value = aws_default_security_group.default.id
+}
+
+output "subnet_ids" {
+ value = [data.aws_subnet.default.id]
+}
diff --git a/tests/network/versions.tf b/tests/network/versions.tf
new file mode 100644
index 0000000..4a759ac
--- /dev/null
+++ b/tests/network/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+ required_version = ">= 1.6"
+
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = ">= 5.35"
+ }
+ }
+}
diff --git a/variables.tf b/variables.tf
index a9e93ad..4541cd2 100644
--- a/variables.tf
+++ b/variables.tf
@@ -64,8 +64,8 @@ variable "security_groups" {
}
variable "throughput_mode" {
- default = "bursting"
- description = "Throughput mode for the file system. Defaults to bursting."
+ default = "elastic"
+ description = "Throughput mode for the file system. Valid values: `bursting`, `provisioned`, or `elastic`."
type = string
}
@@ -81,6 +81,12 @@ variable "transition_to_primary_storage_class" {
type = string
}
+variable "transition_to_archive" {
+ default = "AFTER_90_DAYS"
+ description = "Indicates how long it takes to transition files to the archive storage class. Accepted values AFTER_7_DAYS, AFTER_14_DAYS, AFTER_30_DAYS, AFTER_60_DAYS, AFTER_90_DAYS."
+ type = string
+}
+
variable "access_points" {
default = {}
description = "List of access points to create."
diff --git a/versions.tf b/versions.tf
index 947c3d4..77bfffa 100644
--- a/versions.tf
+++ b/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 4.36"
+ version = ">= 5.35"
}
random = {
source = "hashicorp/random"