Merge pull request #17 from rhythmictech/terraform-v0.14.x

bump all the versions
rhythmictech · Dec 8, 2021 · 638b17a · 638b17a
2 parents 16b23c5 + b64354e
commit 638b17a
Show file tree

Hide file tree

Showing 12 changed files with 147 additions and 69 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -10,51 +10,6 @@ repos:
         alias: terraform_tflint_nocreds
         name: terraform_tflint_nocreds
       - id: terraform_tfsec
-  - repo: local
-    hooks:
-      - id: terraform_validate
-        name: terraform_validate
-        entry: |
-          bash -c '
-            AWS_DEFAULT_REGION=us-east-1
-            declare -a DIRS
-            for FILE in "$@"
-            do
-              DIRS+=($(dirname "$FILE"))
-            done
-            for DIR in $(printf "%s\n" "${DIRS[@]}" | sort -u)
-            do
-              cd $(dirname "$FILE")
-              terraform init --backend=false
-              terraform validate .
-              cd ..
-            done
-          '
-        language: system
-        verbose: true
-        files: \.tf(vars)?$
-        exclude: examples
-      - id: tflock
-        name: provider_locks
-        entry: |
-          bash -c '
-            AWS_DEFAULT_REGION=us-east-1
-            declare -a DIRS
-            for FILE in "$@"
-            do
-              DIRS+=($(dirname "$FILE"))
-            done
-            for DIR in $(printf "%s\n" "${DIRS[@]}" | sort -u)
-            do
-              cd $(dirname "$FILE")
-              terraform providers lock -platform=windows_amd64 -platform=darwin_amd64 -platform=linux_amd64
-              cd ..
-            done
-          '
-        language: system
-        verbose: true
-        files: \.tf(vars)?$
-        exclude: examples
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v4.0.1
     hooks:

diff --git a/.terraform-version b/.terraform-version
@@ -1 +1 @@
-0.13.6
+0.14.11
diff --git a/account/.terraform.lock.hcl b/account/.terraform.lock.hcl
diff --git a/account/README.md b/account/README.md
@@ -3,9 +3,7 @@
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.0 |
+No requirements.
 
 ## Providers
 
@@ -17,11 +15,11 @@ No providers.
 |------|--------|---------|
 | <a name="module_backend"></a> [backend](#module\_backend) | rhythmictech/backend/aws | 2.1.0 |
 | <a name="module_cloudtrail_bucket"></a> [cloudtrail\_bucket](#module\_cloudtrail\_bucket) | rhythmictech/cloudtrail-bucket/aws | ~> 1.2.0 |
-| <a name="module_cloudtrail_logging"></a> [cloudtrail\_logging](#module\_cloudtrail\_logging) | rhythmictech/cloudtrail-logging/aws | ~> 1.1.0 |
+| <a name="module_cloudtrail_logging"></a> [cloudtrail\_logging](#module\_cloudtrail\_logging) | rhythmictech/cloudtrail-logging/aws | ~> 1.3.0 |
 | <a name="module_does_workspace_match_env"></a> [does\_workspace\_match\_env](#module\_does\_workspace\_match\_env) | rhythmictech/errorcheck/terraform | ~> 1.0.0 |
 | <a name="module_iam_password_policy"></a> [iam\_password\_policy](#module\_iam\_password\_policy) | rhythmictech/iam-password-policy/aws | 1.0.0 |
 | <a name="module_rhythmic_iam_roles"></a> [rhythmic\_iam\_roles](#module\_rhythmic\_iam\_roles) | rhythmictech/rhythmic-iam-roles/aws | ~> 1.1.0 |
-| <a name="module_s3logging_bucket"></a> [s3logging\_bucket](#module\_s3logging\_bucket) | rhythmictech/s3logging-bucket/aws | ~> 1.0.1 |
+| <a name="module_s3logging_bucket"></a> [s3logging\_bucket](#module\_s3logging\_bucket) | rhythmictech/s3logging-bucket/aws | ~> 2.0.0 |
 | <a name="module_tags"></a> [tags](#module\_tags) | rhythmictech/tags/terraform | ~> 1.1.0 |
 
 ## Resources
@@ -48,6 +46,6 @@ No resources.
 | Name | Description |
 |------|-------------|
 | <a name="output_cloudtrail_log_group"></a> [cloudtrail\_log\_group](#output\_cloudtrail\_log\_group) | CloudTrail CloudWatch log group |
-| <a name="output_s3_bucket_access_logging"></a> [s3\_bucket\_access\_logging](#output\_s3\_bucket\_access\_logging) | S3 bucket to receive S3 bucket access logs |
+| <a name="output_s3_bucket_access_logging_bucket"></a> [s3\_bucket\_access\_logging\_bucket](#output\_s3\_bucket\_access\_logging\_bucket) | S3 bucket to receive S3 bucket access logs |
 | <a name="output_s3_bucket_access_logging_domain_name"></a> [s3\_bucket\_access\_logging\_domain\_name](#output\_s3\_bucket\_access\_logging\_domain\_name) | S3 bucket to receive S3 bucket access logs |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/account/main.tf b/account/main.tf
@@ -24,10 +24,9 @@ module "rhythmic_iam_roles" {
 
 module "s3logging_bucket" {
   source  = "rhythmictech/s3logging-bucket/aws"
-  version = "~> 1.0.1"
+  version = "~> 2.0.0"
 
   bucket_suffix = "account"
-  region        = var.region
   tags          = module.tags.tags_no_name
 
   # store for 1 yr
@@ -43,14 +42,14 @@ module "s3logging_bucket" {
 module "cloudtrail_bucket" {
   source         = "rhythmictech/cloudtrail-bucket/aws"
   version        = "~> 1.2.0"
-  logging_bucket = module.s3logging_bucket.s3logging_bucket_name
+  logging_bucket = module.s3logging_bucket.s3_bucket_name
   region         = var.region
   tags           = module.tags.tags_no_name
 }
 
 module "cloudtrail_logging" {
   source            = "rhythmictech/cloudtrail-logging/aws"
-  version           = "~> 1.1.0"
+  version           = "~> 1.3.0"
   region            = var.region
   cloudtrail_bucket = module.cloudtrail_bucket.s3_bucket_name
   kms_key_id        = module.cloudtrail_bucket.kms_key_id

diff --git a/account/outputs.tf b/account/outputs.tf
@@ -8,12 +8,12 @@ output "cloudtrail_log_group" {
   value       = module.cloudtrail_logging.cloudwatch_loggroup_name
 }
 
-output "s3_bucket_access_logging" {
+output "s3_bucket_access_logging_bucket" {
   description = "S3 bucket to receive S3 bucket access logs"
-  value       = module.s3logging_bucket.s3logging_bucket_name
+  value       = module.s3logging_bucket.s3_bucket_name
 }
 
 output "s3_bucket_access_logging_domain_name" {
   description = "S3 bucket to receive S3 bucket access logs"
-  value       = module.s3logging_bucket.s3logging_bucket_domain_name
+  value       = module.s3logging_bucket.s3_bucket_domain_name
 }
diff --git a/account/setup/main.tf b/account/setup/main.tf
@@ -1,5 +1,5 @@
 
-#tfsec:ignore:aws-dynamodb-table-customer-key,aws-dynamodb-enable-recovery
+#tfsec:ignore:aws-dynamodb-table-customer-key tfsec:ignore:aws-dynamodb-enable-recovery
 module "backend" {
   source  = "rhythmictech/backend/aws"
   version = "2.1.0"

diff --git a/common/.terraform.lock.hcl b/common/.terraform.lock.hcl
diff --git a/common/common.tf b/common/common.tf
@@ -7,8 +7,6 @@ provider "aws" {
 
 terraform {
   backend "s3" {}
-
-  required_version = ">= 0.13.0"
 }
 
 # Intentionally throws an error if the workspace doesn't match the env

diff --git a/network/.terraform.lock.hcl b/network/.terraform.lock.hcl
diff --git a/network/README.md b/network/README.md
@@ -3,15 +3,13 @@
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.0 |
+No requirements.
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 3.68.0 |
 | <a name="provider_terraform"></a> [terraform](#provider\_terraform) | n/a |
 
 ## Modules
@@ -20,7 +18,7 @@
 |------|--------|---------|
 | <a name="module_does_workspace_match_env"></a> [does\_workspace\_match\_env](#module\_does\_workspace\_match\_env) | rhythmictech/errorcheck/terraform | ~> 1.0.0 |
 | <a name="module_tags"></a> [tags](#module\_tags) | rhythmictech/tags/terraform | ~> 1.1.0 |
-| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 2.44.0 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.11.0 |
 | <a name="module_vpcflowlogs"></a> [vpcflowlogs](#module\_vpcflowlogs) | rhythmictech/vpcflowlogs/aws | ~> 1.1.2 |
 
 ## Resources

diff --git a/network/main.tf b/network/main.tf
@@ -36,7 +36,7 @@ module "tags" {
 
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 2.44.0"
+  version = "~> 3.11.0"
 
   name               = module.tags.name
   azs                = var.availability_zones
@@ -47,13 +47,14 @@ module "vpc" {
   tags               = module.tags.tags
 }
 
+#tfsec:ignore:aws-iam-no-policy-wildcards
 module "vpcflowlogs" {
   source  = "rhythmictech/vpcflowlogs/aws"
   version = "~> 1.1.2"
 
   create_bucket  = true
   create_kms_key = true
-  logging_bucket = data.terraform_remote_state.account.outputs.s3_bucket_access_logging
+  logging_bucket = data.terraform_remote_state.account.outputs.s3_bucket_access_logging_bucket
   region         = var.region
   tags           = module.tags.tags
   vpc_ids        = [module.vpc.vpc_id]