Support AWS Provider V5 (#142)

* Support AWS Provider V5

* Support AWS Provider V5

* Support AWS Provider V5

* bump s3

* bump s3

* bump s3

* precommit/terraform

* bump logs

* bump logs

* bump logs

* bump logs

Author: max-lobur

.github/workflows/release-branch.yml

@@ -10,6 +10,7 @@ on:
       - 'docs/**'
       - 'examples/**'
       - 'test/**'
+      - 'README.*'
 
 permissions:
   contents: write

.github/workflows/release-published.yml

@@ -11,4 +11,4 @@ permissions:
 
 jobs:
   terraform-module:
-    uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release.yml@main
+    uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release-published.yml@main

README.md

@@ -216,7 +216,7 @@ Available targets:
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_access_logs"></a> [access\_logs](#module\_access\_logs) | cloudposse/lb-s3-bucket/aws | 0.16.0 |
+| <a name="module_access_logs"></a> [access\_logs](#module\_access\_logs) | cloudposse/lb-s3-bucket/aws | 0.18.0 |
 | <a name="module_default_load_balancer_label"></a> [default\_load\_balancer\_label](#module\_default\_load\_balancer\_label) | cloudposse/label/null | 0.25.0 |
 | <a name="module_default_target_group_label"></a> [default\_target\_group\_label](#module\_default\_target\_group\_label) | cloudposse/label/null | 0.25.0 |
 | <a name="module_this"></a> [this](#module\_this) | cloudposse/label/null | 0.25.0 |
@@ -246,7 +246,6 @@ Available targets:
 | <a name="input_additional_certs"></a> [additional\_certs](#input\_additional\_certs) | A list of additonal certs to add to the https listerner | `list(string)` | `[]` | no |
 | <a name="input_additional_tag_map"></a> [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.<br>This is for some rare cases where resources want additional configuration of tags<br>and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no |
 | <a name="input_alb_access_logs_s3_bucket_force_destroy"></a> [alb\_access\_logs\_s3\_bucket\_force\_destroy](#input\_alb\_access\_logs\_s3\_bucket\_force\_destroy) | A boolean that indicates all objects should be deleted from the ALB access logs S3 bucket so that the bucket can be destroyed without error | `bool` | `false` | no |
-| <a name="input_alb_access_logs_s3_bucket_force_destroy_enabled"></a> [alb\_access\_logs\_s3\_bucket\_force\_destroy\_enabled](#input\_alb\_access\_logs\_s3\_bucket\_force\_destroy\_enabled) | When `true`, permits `force_destroy` to be set to `true`.<br>This is an extra safety precaution to reduce the chance that Terraform will destroy and recreate<br>your S3 bucket, causing COMPLETE LOSS OF ALL DATA even if it was stored in Glacier.<br>WARNING: Upgrading this module from a version prior to 0.27.0 to this version<br>  will cause Terraform to delete your existing S3 bucket CAUSING COMPLETE DATA LOSS<br>  unless you follow the upgrade instructions on the Wiki [here](https://github.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.27.0-(POTENTIAL-DATA-LOSS)).<br>  See additional instructions for upgrading from v0.27.0 to v0.28.0 [here](https://github.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.28.0-and-AWS-provider-v4-(POTENTIAL-DATA-LOSS)). | `bool` | `false` | no |
 | <a name="input_attributes"></a> [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,<br>in the order they appear in the list. New attributes are appended to the<br>end of the list. The elements of the list are joined by the `delimiter`<br>and treated as a single ID element. | `list(string)` | `[]` | no |
 | <a name="input_certificate_arn"></a> [certificate\_arn](#input\_certificate\_arn) | The ARN of the default SSL certificate for HTTPS listener | `string` | `""` | no |
 | <a name="input_context"></a> [context](#input\_context) | Single object for setting entire context at once.<br>See description of individual variables for details.<br>Leave string and numeric variables as `null` to use default value.<br>Individual variable settings (non-null) override settings in context object,<br>except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | <pre>{<br>  "additional_tag_map": {},<br>  "attributes": [],<br>  "delimiter": null,<br>  "descriptor_formats": {},<br>  "enabled": true,<br>  "environment": null,<br>  "id_length_limit": null,<br>  "label_key_case": null,<br>  "label_order": [],<br>  "label_value_case": null,<br>  "labels_as_tags": [<br>    "unset"<br>  ],<br>  "name": null,<br>  "namespace": null,<br>  "regex_replace_chars": null,<br>  "stage": null,<br>  "tags": {},<br>  "tenant": null<br>}</pre> | no |

docs/terraform.md

@@ -16,7 +16,7 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_access_logs"></a> [access\_logs](#module\_access\_logs) | cloudposse/lb-s3-bucket/aws | 0.16.0 |
+| <a name="module_access_logs"></a> [access\_logs](#module\_access\_logs) | cloudposse/lb-s3-bucket/aws | 0.18.0 |
 | <a name="module_default_load_balancer_label"></a> [default\_load\_balancer\_label](#module\_default\_load\_balancer\_label) | cloudposse/label/null | 0.25.0 |
 | <a name="module_default_target_group_label"></a> [default\_target\_group\_label](#module\_default\_target\_group\_label) | cloudposse/label/null | 0.25.0 |
 | <a name="module_this"></a> [this](#module\_this) | cloudposse/label/null | 0.25.0 |
@@ -46,7 +46,6 @@
 | <a name="input_additional_certs"></a> [additional\_certs](#input\_additional\_certs) | A list of additonal certs to add to the https listerner | `list(string)` | `[]` | no |
 | <a name="input_additional_tag_map"></a> [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.<br>This is for some rare cases where resources want additional configuration of tags<br>and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no |
 | <a name="input_alb_access_logs_s3_bucket_force_destroy"></a> [alb\_access\_logs\_s3\_bucket\_force\_destroy](#input\_alb\_access\_logs\_s3\_bucket\_force\_destroy) | A boolean that indicates all objects should be deleted from the ALB access logs S3 bucket so that the bucket can be destroyed without error | `bool` | `false` | no |
-| <a name="input_alb_access_logs_s3_bucket_force_destroy_enabled"></a> [alb\_access\_logs\_s3\_bucket\_force\_destroy\_enabled](#input\_alb\_access\_logs\_s3\_bucket\_force\_destroy\_enabled) | When `true`, permits `force_destroy` to be set to `true`.<br>This is an extra safety precaution to reduce the chance that Terraform will destroy and recreate<br>your S3 bucket, causing COMPLETE LOSS OF ALL DATA even if it was stored in Glacier.<br>WARNING: Upgrading this module from a version prior to 0.27.0 to this version<br>  will cause Terraform to delete your existing S3 bucket CAUSING COMPLETE DATA LOSS<br>  unless you follow the upgrade instructions on the Wiki [here](https://github.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.27.0-(POTENTIAL-DATA-LOSS)).<br>  See additional instructions for upgrading from v0.27.0 to v0.28.0 [here](https://github.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.28.0-and-AWS-provider-v4-(POTENTIAL-DATA-LOSS)). | `bool` | `false` | no |
 | <a name="input_attributes"></a> [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,<br>in the order they appear in the list. New attributes are appended to the<br>end of the list. The elements of the list are joined by the `delimiter`<br>and treated as a single ID element. | `list(string)` | `[]` | no |
 | <a name="input_certificate_arn"></a> [certificate\_arn](#input\_certificate\_arn) | The ARN of the default SSL certificate for HTTPS listener | `string` | `""` | no |
 | <a name="input_context"></a> [context](#input\_context) | Single object for setting entire context at once.<br>See description of individual variables for details.<br>Leave string and numeric variables as `null` to use default value.<br>Individual variable settings (non-null) override settings in context object,<br>except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | <pre>{<br>  "additional_tag_map": {},<br>  "attributes": [],<br>  "delimiter": null,<br>  "descriptor_formats": {},<br>  "enabled": true,<br>  "environment": null,<br>  "id_length_limit": null,<br>  "label_key_case": null,<br>  "label_order": [],<br>  "label_value_case": null,<br>  "labels_as_tags": [<br>    "unset"<br>  ],<br>  "name": null,<br>  "namespace": null,<br>  "regex_replace_chars": null,<br>  "stage": null,<br>  "tags": {},<br>  "tenant": null<br>}</pre> | no |

examples/complete/main.tf

@@ -3,19 +3,19 @@ provider "aws" {
 }
 
 module "vpc" {
-  source     = "cloudposse/vpc/aws"
-  version    = "0.28.1"
-  cidr_block = var.vpc_cidr_block
-  context    = module.this.context
+  source                  = "cloudposse/vpc/aws"
+  version                 = "2.1.0"
+  ipv4_primary_cidr_block = var.vpc_cidr_block
+  context                 = module.this.context
 }
 
 module "subnets" {
   source               = "cloudposse/dynamic-subnets/aws"
-  version              = "0.39.8"
+  version              = "2.3.0"
   availability_zones   = var.availability_zones
   vpc_id               = module.vpc.vpc_id
-  igw_id               = module.vpc.igw_id
-  cidr_block           = module.vpc.vpc_cidr_block
+  igw_id               = [module.vpc.igw_id]
+  ipv4_cidr_block      = [module.vpc.vpc_cidr_block]
   nat_gateway_enabled  = false
   nat_instance_enabled = false
   context              = module.this.context
@@ -46,8 +46,7 @@ module "alb" {
   target_group_target_type          = var.target_group_target_type
   stickiness                        = var.stickiness
 
-  alb_access_logs_s3_bucket_force_destroy         = var.alb_access_logs_s3_bucket_force_destroy
-  alb_access_logs_s3_bucket_force_destroy_enabled = var.alb_access_logs_s3_bucket_force_destroy_enabled
+  alb_access_logs_s3_bucket_force_destroy = var.alb_access_logs_s3_bucket_force_destroy
 
   context = module.this.context
 }

examples/complete/variables.tf

@@ -98,19 +98,6 @@ variable "alb_access_logs_s3_bucket_force_destroy" {
   description = "A boolean that indicates all objects should be deleted from the ALB access logs S3 bucket so that the bucket can be destroyed without error"
 }
 
-variable "alb_access_logs_s3_bucket_force_destroy_enabled" {
-  type        = bool
-  description = <<-EOT
-    When `true`, permits `force_destroy` to be set to `true`.
-    This is an extra safety precaution to reduce the chance that Terraform will destroy and recreate
-    your S3 bucket, causing COMPLETE LOSS OF ALL DATA even if it was stored in Glacier.
-    WARNING: Upgrading this module from a version prior to 0.27.0 to this version
-      will cause Terraform to delete your existing S3 bucket CAUSING COMPLETE DATA LOSS
-      unless you follow the upgrade instructions on the Wiki [here](https://github.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.27.0-(POTENTIAL-DATA-LOSS)).
-      See additional instructions for upgrading from v0.27.0 to v0.28.0 [here](https://github.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.28.0-and-AWS-provider-v4-(POTENTIAL-DATA-LOSS)).
-    EOT
-}
-
 variable "target_group_port" {
   type        = number
   description = "The port for the default target group"

main.tf

@@ -13,7 +13,7 @@ resource "aws_security_group_rule" "egress" {
   to_port           = "0"
   protocol          = "-1"
   cidr_blocks       = ["0.0.0.0/0"]
-  security_group_id = join("", aws_security_group.default.*.id)
+  security_group_id = one(aws_security_group.default[*].id)
 }
 
 resource "aws_security_group_rule" "http_ingress" {
@@ -24,7 +24,7 @@ resource "aws_security_group_rule" "http_ingress" {
   protocol          = "tcp"
   cidr_blocks       = var.http_ingress_cidr_blocks
   prefix_list_ids   = var.http_ingress_prefix_list_ids
-  security_group_id = join("", aws_security_group.default.*.id)
+  security_group_id = one(aws_security_group.default[*].id)
 }
 
 resource "aws_security_group_rule" "https_ingress" {
@@ -35,22 +35,20 @@ resource "aws_security_group_rule" "https_ingress" {
   protocol          = "tcp"
   cidr_blocks       = var.https_ingress_cidr_blocks
   prefix_list_ids   = var.https_ingress_prefix_list_ids
-  security_group_id = join("", aws_security_group.default.*.id)
+  security_group_id = one(aws_security_group.default[*].id)
 }
 
 module "access_logs" {
   source  = "cloudposse/lb-s3-bucket/aws"
-  version = "0.16.0"
+  version = "0.18.0"
 
   enabled = module.this.enabled && var.access_logs_enabled && var.access_logs_s3_bucket_id == null
 
   attributes = compact(concat(module.this.attributes, ["alb", "access", "logs"]))
 
   force_destroy                 = var.alb_access_logs_s3_bucket_force_destroy
-  force_destroy_enabled         = var.alb_access_logs_s3_bucket_force_destroy_enabled
   lifecycle_configuration_rules = var.lifecycle_configuration_rules
 
-  # TODO: deprecate these inputs in favor of `lifecycle_configuration_rules`
   lifecycle_rule_enabled             = var.lifecycle_rule_enabled
   enable_glacier_transition          = var.enable_glacier_transition
   expiration_days                    = var.expiration_days
@@ -79,7 +77,7 @@ resource "aws_lb" "default" {
   load_balancer_type = "application"
 
   security_groups = compact(
-    concat(var.security_group_ids, [join("", aws_security_group.default.*.id)]),
+    concat(var.security_group_ids, [one(aws_security_group.default[*].id)]),
   )
 
   subnets                          = var.subnet_ids
@@ -152,13 +150,13 @@ resource "aws_lb_listener" "http_forward" {
   #bridgecrew:skip=BC_AWS_GENERAL_43 - Skipping Ensure that load balancer is using TLS 1.2.
   #bridgecrew:skip=BC_AWS_NETWORKING_29 - Skipping Ensure ALB Protocol is HTTPS
   count             = module.this.enabled && var.http_enabled && var.http_redirect != true ? 1 : 0
-  load_balancer_arn = join("", aws_lb.default.*.arn)
+  load_balancer_arn = one(aws_lb.default[*].arn)
   port              = var.http_port
   protocol          = "HTTP"
   tags              = merge(module.this.tags, var.listener_additional_tags)
 
   default_action {
-    target_group_arn = var.listener_http_fixed_response != null ? null : join("", aws_lb_target_group.default.*.arn)
+    target_group_arn = var.listener_http_fixed_response != null ? null : one(aws_lb_target_group.default[*].arn)
     type             = var.listener_http_fixed_response != null ? "fixed-response" : "forward"
 
     dynamic "fixed_response" {
@@ -174,13 +172,13 @@ resource "aws_lb_listener" "http_forward" {
 
 resource "aws_lb_listener" "http_redirect" {
   count             = module.this.enabled && var.http_enabled && var.http_redirect == true ? 1 : 0
-  load_balancer_arn = join("", aws_lb.default.*.arn)
+  load_balancer_arn = one(aws_lb.default[*].arn)
   port              = var.http_port
   protocol          = "HTTP"
   tags              = merge(module.this.tags, var.listener_additional_tags)
 
   default_action {
-    target_group_arn = join("", aws_lb_target_group.default.*.arn)
+    target_group_arn = one(aws_lb_target_group.default[*].arn)
     type             = "redirect"
 
     redirect {
@@ -194,7 +192,7 @@ resource "aws_lb_listener" "http_redirect" {
 resource "aws_lb_listener" "https" {
   #bridgecrew:skip=BC_AWS_GENERAL_43 - Skipping Ensure that load balancer is using TLS 1.2.
   count             = module.this.enabled && var.https_enabled ? 1 : 0
-  load_balancer_arn = join("", aws_lb.default.*.arn)
+  load_balancer_arn = one(aws_lb.default[*].arn)
 
   port            = var.https_port
   protocol        = "HTTPS"
@@ -203,7 +201,7 @@ resource "aws_lb_listener" "https" {
   tags            = merge(module.this.tags, var.listener_additional_tags)
 
   default_action {
-    target_group_arn = var.listener_https_fixed_response != null ? null : join("", aws_lb_target_group.default.*.arn)
+    target_group_arn = var.listener_https_fixed_response != null ? null : one(aws_lb_target_group.default[*].arn)
     type             = var.listener_https_fixed_response != null ? "fixed-response" : "forward"
 
     dynamic "fixed_response" {
@@ -218,7 +216,7 @@ resource "aws_lb_listener" "https" {
 }
 
 resource "aws_lb_listener_certificate" "https_sni" {
-  count           = module.this.enabled && var.https_enabled && var.additional_certs != [] ? length(var.additional_certs) : 0
-  listener_arn    = join("", aws_lb_listener.https.*.arn)
+  count           = module.this.enabled && var.https_enabled && length(var.additional_certs) > 0 ? length(var.additional_certs) : 0
+  listener_arn    = one(aws_lb_listener.https[*].arn)
   certificate_arn = var.additional_certs[count.index]
 }

outputs.tf

@@ -1,62 +1,62 @@
 output "alb_name" {
   description = "The ARN suffix of the ALB"
-  value       = join("", aws_lb.default.*.name)
+  value       = one(aws_lb.default[*].name)
 }
 
 output "alb_arn" {
   description = "The ARN of the ALB"
-  value       = join("", aws_lb.default.*.arn)
+  value       = one(aws_lb.default[*].arn)
 }
 
 output "alb_arn_suffix" {
   description = "The ARN suffix of the ALB"
-  value       = join("", aws_lb.default.*.arn_suffix)
+  value       = one(aws_lb.default[*].arn_suffix)
 }
 
 output "alb_dns_name" {
   description = "DNS name of ALB"
-  value       = join("", aws_lb.default.*.dns_name)
+  value       = one(aws_lb.default[*].dns_name)
 }
 
 output "alb_zone_id" {
   description = "The ID of the zone which ALB is provisioned"
-  value       = join("", aws_lb.default.*.zone_id)
+  value       = one(aws_lb.default[*].zone_id)
 }
 
 output "security_group_id" {
   description = "The security group ID of the ALB"
-  value       = join("", aws_security_group.default.*.id)
+  value       = one(aws_security_group.default[*].id)
 }
 
 output "default_target_group_arn" {
   description = "The default target group ARN"
-  value       = join("", aws_lb_target_group.default.*.arn)
+  value       = one(aws_lb_target_group.default[*].arn)
 }
 
 output "default_target_group_arn_suffix" {
   description = "The default target group ARN suffix"
-  value       = join("", aws_lb_target_group.default.*.arn_suffix)
+  value       = one(aws_lb_target_group.default[*].arn_suffix)
 }
 
 output "http_listener_arn" {
   description = "The ARN of the HTTP forwarding listener"
-  value       = join("", aws_lb_listener.http_forward.*.arn)
+  value       = one(aws_lb_listener.http_forward[*].arn)
 }
 
 output "http_redirect_listener_arn" {
   description = "The ARN of the HTTP to HTTPS redirect listener"
-  value       = join("", aws_lb_listener.http_redirect.*.arn)
+  value       = one(aws_lb_listener.http_redirect[*].arn)
 }
 
 output "https_listener_arn" {
   description = "The ARN of the HTTPS listener"
-  value       = join("", aws_lb_listener.https.*.arn)
+  value       = one(aws_lb_listener.https[*].arn)
 }
 
 output "listener_arns" {
   description = "A list of all the listener ARNs"
   value = compact(
-    concat(aws_lb_listener.http_forward.*.arn, aws_lb_listener.http_redirect.*.arn, aws_lb_listener.https.*.arn)
+    concat(aws_lb_listener.http_forward[*].arn, aws_lb_listener.http_redirect[*].arn, aws_lb_listener.https[*].arn)
   )
 }
 

variables.tf

@@ -206,20 +206,6 @@ variable "alb_access_logs_s3_bucket_force_destroy" {
   description = "A boolean that indicates all objects should be deleted from the ALB access logs S3 bucket so that the bucket can be destroyed without error"
 }
 
-variable "alb_access_logs_s3_bucket_force_destroy_enabled" {
-  type        = bool
-  default     = false
-  description = <<-EOT
-    When `true`, permits `force_destroy` to be set to `true`.
-    This is an extra safety precaution to reduce the chance that Terraform will destroy and recreate
-    your S3 bucket, causing COMPLETE LOSS OF ALL DATA even if it was stored in Glacier.
-    WARNING: Upgrading this module from a version prior to 0.27.0 to this version
-      will cause Terraform to delete your existing S3 bucket CAUSING COMPLETE DATA LOSS
-      unless you follow the upgrade instructions on the Wiki [here](https://github.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.27.0-(POTENTIAL-DATA-LOSS)).
-      See additional instructions for upgrading from v0.27.0 to v0.28.0 [here](https://github.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.28.0-and-AWS-provider-v4-(POTENTIAL-DATA-LOSS)).
-    EOT
-}
-
 variable "target_group_port" {
   type        = number
   default     = 80