Skip to content

Commit

Permalink
Update to v5.x of terraform-provider-aws (#34)
Browse files Browse the repository at this point in the history
* Update to v5.x of terraform-provider-aws

Switch this and dependent modules to the v5.x of the Terraform AWS
provider to support the latest AWS features, like RDS' io2.

- Use updated `description` attribute name

Per the [documentation] for resource/aws_elasticache_replication_group

```
Remove availability_zones, number_cache_clusters,
replication_group_description arguments from configurations as they no
longer exist. Use preferred_cache_cluster_azs, num_cache_clusters, and
description, respectively, instead.
```

[documentation]: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/guides/version-5-upgrade#resourceaws_elasticache_replication_group

- Use `db_name` instead of `name`

Change name to db_name in configurations as name no longer exists.

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/guides/version-5-upgrade#use-db_name-instead-of-name

- Fix setting `instance_size`

```
│ Error: reading EC2 Instance Type: operation error EC2: DescribeInstanceTypes, https response error StatusCode: 400, RequestID: c975f413-b3d8-46e7-aad2-36dc1f38e063, api error InvalidInstanceType: The following supplied instance types do not exist: [2xlarge]
│
│   with module.production.module.redis_sidekiq[0].data.aws_ec2_instance_type.instance_attributes,
│   on .terraform/modules/production.redis_sidekiq/elasticache-redis/replication-group/main.tf line 226, in data "aws_ec2_instance_type" "instance_attributes":
│  226: data "aws_ec2_instance_type" "instance_attributes" {
```

* Make KMS encryption optional for RDS and Elasticache

* Make kms key input type consistent as string

* Update elasticache input variables

* terraform-docs: automated action

* terraform-docs: automated action

* terraform-docs: automated action

* terraform-docs: automated action

* terraform-docs: automated action

* terraform-docs: automated action

* terraform-docs: automated action

* terraform-docs: automated action

* terraform-docs: automated action

---------

Co-authored-by: Eric Milford <[email protected]>
Co-authored-by: Olamide <[email protected]>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
  • Loading branch information
4 people authored Jan 7, 2025
1 parent c51b377 commit de0b97c
Show file tree
Hide file tree
Showing 28 changed files with 94 additions and 70 deletions.
8 changes: 4 additions & 4 deletions elasticache-redis/auth-token/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,20 +16,20 @@ token is changed.
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.6.2 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 4.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 4.0 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 5.0 |

## Modules

| Name | Source | Version |
|------|--------|---------|
| <a name="module_rotation"></a> [rotation](#module\_rotation) | github.com/thoughtbot/terraform-aws-secrets//secret-rotation-function | v0.4.0 |
| <a name="module_secret"></a> [secret](#module\_secret) | github.com/thoughtbot/terraform-aws-secrets//secret | v0.4.0 |
| <a name="module_rotation"></a> [rotation](#module\_rotation) | github.com/thoughtbot/terraform-aws-secrets//secret-rotation-function | v0.8.0 |
| <a name="module_secret"></a> [secret](#module\_secret) | github.com/thoughtbot/terraform-aws-secrets//secret | v0.8.0 |
| <a name="module_security_group"></a> [security\_group](#module\_security\_group) | ../../security-group | n/a |

## Resources
Expand Down
4 changes: 2 additions & 2 deletions elasticache-redis/auth-token/main.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
module "secret" {
source = "github.com/thoughtbot/terraform-aws-secrets//secret?ref=v0.4.0"
source = "github.com/thoughtbot/terraform-aws-secrets//secret?ref=v0.8.0"

admin_principals = var.admin_principals
description = "Redis auth token for: ${local.full_name}"
Expand All @@ -16,7 +16,7 @@ module "secret" {
}

module "rotation" {
source = "github.com/thoughtbot/terraform-aws-secrets//secret-rotation-function?ref=v0.4.0"
source = "github.com/thoughtbot/terraform-aws-secrets//secret-rotation-function?ref=v0.8.0"

handler = "lambda_function.lambda_handler"
role_arn = module.secret.rotation_role_arn
Expand Down
2 changes: 1 addition & 1 deletion elasticache-redis/auth-token/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.0"
version = "~> 5.0"
}
}
}
10 changes: 6 additions & 4 deletions elasticache-redis/replication-group/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,22 +8,22 @@ Provision a Redis cluster using AWS ElastiCache.
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.6.2 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 4.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.0 |
| <a name="requirement_random"></a> [random](#requirement\_random) | ~> 3.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 4.0 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 5.0 |
| <a name="provider_random"></a> [random](#provider\_random) | ~> 3.0 |

## Modules

| Name | Source | Version |
|------|--------|---------|
| <a name="module_client_security_group"></a> [client\_security\_group](#module\_client\_security\_group) | ../../security-group | n/a |
| <a name="module_customer_kms"></a> [customer\_kms](#module\_customer\_kms) | github.com/thoughtbot/terraform-aws-secrets//customer-managed-kms | v0.7.0 |
| <a name="module_customer_kms"></a> [customer\_kms](#module\_customer\_kms) | github.com/thoughtbot/terraform-aws-secrets//customer-managed-kms | v0.8.0 |
| <a name="module_server_security_group"></a> [server\_security\_group](#module\_server\_security\_group) | ../../security-group | n/a |

## Resources
Expand All @@ -50,10 +50,12 @@ Provision a Redis cluster using AWS ElastiCache.
| <a name="input_create_client_security_group"></a> [create\_client\_security\_group](#input\_create\_client\_security\_group) | Set to false to only use existing security groups | `bool` | `true` | no |
| <a name="input_create_server_security_group"></a> [create\_server\_security\_group](#input\_create\_server\_security\_group) | Set to false to only use existing security groups | `bool` | `true` | no |
| <a name="input_description"></a> [description](#input\_description) | Human-readable description for this replication group | `string` | n/a | yes |
| <a name="input_enable_kms"></a> [enable\_kms](#input\_enable\_kms) | Enable KMS encryption | `bool` | `true` | no |
| <a name="input_engine"></a> [engine](#input\_engine) | Elasticache database engine; defaults to Redis | `string` | `"redis"` | no |
| <a name="input_engine_version"></a> [engine\_version](#input\_engine\_version) | Version for RDS database engine | `string` | n/a | yes |
| <a name="input_global_replication_group_id"></a> [global\_replication\_group\_id](#input\_global\_replication\_group\_id) | The ID of the global replication group to which this replication group should belong. | `string` | `null` | no |
| <a name="input_initial_auth_token"></a> [initial\_auth\_token](#input\_initial\_auth\_token) | Override the initial auth token | `string` | `null` | no |
| <a name="input_kms_key"></a> [kms\_key](#input\_kms\_key) | Custom KMS key to encrypt data at rest | `object({ arn = string })` | `null` | no |
| <a name="input_kms_key_id"></a> [kms\_key\_id](#input\_kms\_key\_id) | KMS key to encrypt data at rest | `string` | `null` | no |
| <a name="input_name"></a> [name](#input\_name) | Name for this cluster | `string` | n/a | yes |
| <a name="input_node_type"></a> [node\_type](#input\_node\_type) | Node type for the Elasticache instance | `string` | n/a | yes |
| <a name="input_parameter_group_name"></a> [parameter\_group\_name](#input\_parameter\_group\_name) | Parameter group name for the Redis cluster | `string` | `null` | no |
Expand Down
39 changes: 21 additions & 18 deletions elasticache-redis/replication-group/main.tf
Original file line number Diff line number Diff line change
@@ -1,22 +1,23 @@
resource "aws_elasticache_replication_group" "this" {
replication_group_id = coalesce(var.replication_group_id, var.name)

at_rest_encryption_enabled = var.at_rest_encryption_enabled
automatic_failover_enabled = local.replica_enabled
engine = var.engine
engine_version = var.engine_version
kms_key_id = var.kms_key == null ? module.customer_kms.kms_key_arn : var.kms_key.id
multi_az_enabled = local.replica_enabled
node_type = var.node_type
num_cache_clusters = local.instance_count
parameter_group_name = var.parameter_group_name
port = var.port
replication_group_description = var.description
security_group_ids = local.server_security_group_ids
snapshot_name = var.snapshot_name
snapshot_retention_limit = var.snapshot_retention_limit
subnet_group_name = aws_elasticache_subnet_group.this.name
transit_encryption_enabled = var.transit_encryption_enabled
at_rest_encryption_enabled = var.at_rest_encryption_enabled
automatic_failover_enabled = local.replica_enabled
description = var.description
engine = var.engine
engine_version = var.engine_version
global_replication_group_id = var.global_replication_group_id
kms_key_id = local.primary_kms_key
multi_az_enabled = local.replica_enabled
node_type = var.node_type
num_cache_clusters = local.instance_count
parameter_group_name = var.parameter_group_name
port = var.port
security_group_ids = local.server_security_group_ids
snapshot_name = var.snapshot_name
snapshot_retention_limit = var.snapshot_retention_limit
subnet_group_name = aws_elasticache_subnet_group.this.name
transit_encryption_enabled = var.transit_encryption_enabled

# Auth tokens aren't supported without TLS
auth_token = (
Expand All @@ -36,7 +37,7 @@ resource "aws_elasticache_replication_group" "this" {
}

module "customer_kms" {
source = "github.com/thoughtbot/terraform-aws-secrets//customer-managed-kms?ref=v0.7.0"
source = "github.com/thoughtbot/terraform-aws-secrets//customer-managed-kms?ref=v0.8.0"

name = var.name
}
Expand Down Expand Up @@ -229,7 +230,7 @@ data "aws_ec2_instance_type" "instance_attributes" {

locals {
instance_count = var.replica_count + 1
instance_size = split(".", var.node_type)[2]
instance_size = replace(var.node_type, "cache.", "")
instances = sort(aws_elasticache_replication_group.this.member_clusters)
owned_security_group_ids = module.server_security_group[*].id
replica_enabled = var.replica_count > 0
Expand All @@ -241,4 +242,6 @@ locals {
local.owned_security_group_ids,
local.shared_security_group_ids
)

primary_kms_key = var.enable_kms ? (var.kms_key_id == null ? module.customer_kms.kms_key_arn : var.kms_key_id) : var.kms_key_id
}
18 changes: 15 additions & 3 deletions elasticache-redis/replication-group/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,9 @@ variable "at_rest_encryption_enabled" {
default = true
}

variable "kms_key" {
description = "Custom KMS key to encrypt data at rest"
type = object({ arn = string })
variable "kms_key_id" {
description = "KMS key to encrypt data at rest"
type = string
default = null
}

Expand All @@ -21,6 +21,12 @@ variable "description" {
type = string
}

variable "enable_kms" {
type = bool
description = "Enable KMS encryption"
default = true
}

variable "engine" {
type = string
description = "Elasticache database engine; defaults to Redis"
Expand All @@ -32,6 +38,12 @@ variable "engine_version" {
description = "Version for RDS database engine"
}

variable "global_replication_group_id" {
type = string
description = "The ID of the global replication group to which this replication group should belong."
default = null
}

variable "initial_auth_token" {
type = string
description = "Override the initial auth token"
Expand Down
2 changes: 1 addition & 1 deletion elasticache-redis/replication-group/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.0"
version = "~> 5.0"
}
random = {
source = "hashicorp/random"
Expand Down
4 changes: 2 additions & 2 deletions kafka/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,13 +25,13 @@ module "kafka_staging" {
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.6.2 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 4.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 4.0 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 5.0 |

## Modules

Expand Down
2 changes: 1 addition & 1 deletion kafka/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.0"
version = "~> 5.0"
}
}
}
8 changes: 4 additions & 4 deletions rds-postgres/admin-login/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,20 +16,20 @@ suitable for application credentials. We recommend you combine this module with
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.6.2 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 4.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 4.0 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 5.0 |

## Modules

| Name | Source | Version |
|------|--------|---------|
| <a name="module_rotation"></a> [rotation](#module\_rotation) | github.com/thoughtbot/terraform-aws-secrets//secret-rotation-function | v0.4.0 |
| <a name="module_secret"></a> [secret](#module\_secret) | github.com/thoughtbot/terraform-aws-secrets//secret | v0.4.0 |
| <a name="module_rotation"></a> [rotation](#module\_rotation) | github.com/thoughtbot/terraform-aws-secrets//secret-rotation-function | v0.8.0 |
| <a name="module_secret"></a> [secret](#module\_secret) | github.com/thoughtbot/terraform-aws-secrets//secret | v0.8.0 |
| <a name="module_security_group"></a> [security\_group](#module\_security\_group) | ../../security-group | n/a |

## Resources
Expand Down
4 changes: 2 additions & 2 deletions rds-postgres/admin-login/main.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
module "secret" {
source = "github.com/thoughtbot/terraform-aws-secrets//secret?ref=v0.4.0"
source = "github.com/thoughtbot/terraform-aws-secrets//secret?ref=v0.8.0"

admin_principals = var.admin_principals
description = "Postgres password for: ${local.full_name}"
Expand All @@ -19,7 +19,7 @@ module "secret" {
}

module "rotation" {
source = "github.com/thoughtbot/terraform-aws-secrets//secret-rotation-function?ref=v0.4.0"
source = "github.com/thoughtbot/terraform-aws-secrets//secret-rotation-function?ref=v0.8.0"

handler = "lambda_function.lambda_handler"
role_arn = module.secret.rotation_role_arn
Expand Down
2 changes: 1 addition & 1 deletion rds-postgres/admin-login/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.0"
version = "~> 5.0"
}
}
}
4 changes: 2 additions & 2 deletions rds-postgres/cloudwatch-alarms/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,13 @@ Creates useful CloudWatch Alarms for an RDS Postgres database.
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.6.2 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 4.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 4.0 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 5.0 |

## Resources

Expand Down
2 changes: 1 addition & 1 deletion rds-postgres/cloudwatch-alarms/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.0"
version = "~> 5.0"
}
}
}
4 changes: 2 additions & 2 deletions rds-postgres/parameter-group/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,13 @@ Provision a Postgres-compatible RDS parameter group.
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.6.2 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 4.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 4.0 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 5.0 |

## Resources

Expand Down
2 changes: 1 addition & 1 deletion rds-postgres/parameter-group/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.0"
version = "~> 5.0"
}
}
}
7 changes: 4 additions & 3 deletions rds-postgres/primary-instance/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,14 @@ Provision a Postgres database using AWS RDS.
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.6.2 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 4.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.0 |
| <a name="requirement_random"></a> [random](#requirement\_random) | ~> 3.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 4.0 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 5.0 |
| <a name="provider_random"></a> [random](#provider\_random) | ~> 3.0 |

## Modules
Expand All @@ -24,7 +24,7 @@ Provision a Postgres database using AWS RDS.
|------|--------|---------|
| <a name="module_alarms"></a> [alarms](#module\_alarms) | ../cloudwatch-alarms | n/a |
| <a name="module_client_security_group"></a> [client\_security\_group](#module\_client\_security\_group) | ../../security-group | n/a |
| <a name="module_customer_kms"></a> [customer\_kms](#module\_customer\_kms) | github.com/thoughtbot/terraform-aws-secrets//customer-managed-kms | v0.7.0 |
| <a name="module_customer_kms"></a> [customer\_kms](#module\_customer\_kms) | github.com/thoughtbot/terraform-aws-secrets//customer-managed-kms | v0.8.0 |
| <a name="module_parameter_group"></a> [parameter\_group](#module\_parameter\_group) | ../parameter-group | n/a |
| <a name="module_server_security_group"></a> [server\_security\_group](#module\_server\_security\_group) | ../../security-group | n/a |

Expand Down Expand Up @@ -59,6 +59,7 @@ Provision a Postgres database using AWS RDS.
| <a name="input_create_server_security_group"></a> [create\_server\_security\_group](#input\_create\_server\_security\_group) | Set to false to only use existing security groups | `bool` | `true` | no |
| <a name="input_create_subnet_group"></a> [create\_subnet\_group](#input\_create\_subnet\_group) | Set to false to use existing subnet group | `bool` | `true` | no |
| <a name="input_default_database"></a> [default\_database](#input\_default\_database) | Name of the default database | `string` | `"postgres"` | no |
| <a name="input_enable_kms"></a> [enable\_kms](#input\_enable\_kms) | Enable KMS encryption | `bool` | `true` | no |
| <a name="input_enabled_cloudwatch_logs_exports"></a> [enabled\_cloudwatch\_logs\_exports](#input\_enabled\_cloudwatch\_logs\_exports) | Set of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported | `list(string)` | `[]` | no |
| <a name="input_engine"></a> [engine](#input\_engine) | RDS database engine; defaults to Postgres | `string` | `"postgres"` | no |
| <a name="input_engine_version"></a> [engine\_version](#input\_engine\_version) | Version for RDS database engine | `string` | n/a | yes |
Expand Down
4 changes: 2 additions & 2 deletions rds-postgres/primary-instance/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ resource "aws_db_instance" "this" {
}

module "customer_kms" {
source = "github.com/thoughtbot/terraform-aws-secrets//customer-managed-kms?ref=v0.7.0"
source = "github.com/thoughtbot/terraform-aws-secrets//customer-managed-kms?ref=v0.8.0"

name = var.identifier
}
Expand Down Expand Up @@ -156,5 +156,5 @@ locals {
local.shared_vpc_security_group_ids
)

primary_kms_key = var.kms_key_id == null ? module.customer_kms.kms_key_arn : var.kms_key_id
primary_kms_key = var.enable_kms ? (var.kms_key_id == null ? module.customer_kms.kms_key_arn : var.kms_key_id) : var.kms_key_id
}
6 changes: 6 additions & 0 deletions rds-postgres/primary-instance/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,12 @@ variable "enabled_cloudwatch_logs_exports" {
default = []
}

variable "enable_kms" {
type = bool
description = "Enable KMS encryption"
default = true
}

variable "engine" {
type = string
description = "RDS database engine; defaults to Postgres"
Expand Down
2 changes: 1 addition & 1 deletion rds-postgres/primary-instance/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.0"
version = "~> 5.0"
}
random = {
source = "hashicorp/random"
Expand Down
Loading

0 comments on commit de0b97c

Please sign in to comment.