diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 149ae03..e08d433 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -10,51 +10,6 @@ repos:
alias: terraform_tflint_nocreds
name: terraform_tflint_nocreds
- id: terraform_tfsec
- - repo: local
- hooks:
- - id: terraform_validate
- name: terraform_validate
- entry: |
- bash -c '
- AWS_DEFAULT_REGION=us-east-1
- declare -a DIRS
- for FILE in "$@"
- do
- DIRS+=($(dirname "$FILE"))
- done
- for DIR in $(printf "%s\n" "${DIRS[@]}" | sort -u)
- do
- cd $(dirname "$FILE")
- terraform init --backend=false
- terraform validate .
- cd ..
- done
- '
- language: system
- verbose: true
- files: \.tf(vars)?$
- exclude: examples
- - id: tflock
- name: provider_locks
- entry: |
- bash -c '
- AWS_DEFAULT_REGION=us-east-1
- declare -a DIRS
- for FILE in "$@"
- do
- DIRS+=($(dirname "$FILE"))
- done
- for DIR in $(printf "%s\n" "${DIRS[@]}" | sort -u)
- do
- cd $(dirname "$FILE")
- terraform providers lock -platform=windows_amd64 -platform=darwin_amd64 -platform=linux_amd64
- cd ..
- done
- '
- language: system
- verbose: true
- files: \.tf(vars)?$
- exclude: examples
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.0.1
hooks:
diff --git a/.terraform-version b/.terraform-version
index ebf55b3..ecf56ca 100644
--- a/.terraform-version
+++ b/.terraform-version
@@ -1 +1 @@
-0.13.6
+0.14.11
diff --git a/account/.terraform.lock.hcl b/account/.terraform.lock.hcl
new file mode 100644
index 0000000..500b80d
--- /dev/null
+++ b/account/.terraform.lock.hcl
@@ -0,0 +1,40 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+ version = "3.68.0"
+ hashes = [
+ "h1:rAJft4bPPOCRBqUZqfjGwF4Yk/waqytuQZQ4twOZ6aE=",
+ "zh:05a43a7dbd409451c08a958610234619d7e0d102e601220b60aad025bf2b6e2c",
+ "zh:0d195fa738a348e511550de39caec3f10cfb9afe8d69ed2104b39e9129438739",
+ "zh:3d88a19b2a810559bc6953fe92b7a7c6e3251c5501866c94ef34648df3fdf461",
+ "zh:3e42fdaf9df636a3741871c4209c9665549d67f07a69dd8700dcdcd43cd367fb",
+ "zh:690418e0969eb36807832b48099f09e686e3d0fda42f483efc835bdef6363888",
+ "zh:7158d5ef79dc90f2da61b6bc28d450e8d61a58b314d9abed8a03a09b80a41316",
+ "zh:7ed4fac5d8de0141559fc4dbf97dd754d5af8c245a946d955b11530293f6f4d6",
+ "zh:d0961612800f75321014347b69148e2f326d8b9ff2a9ac99074d35ee3f289d17",
+ "zh:e8d35599fc8f7ca796ada775828f1dbf10668e0c7eb1f052330360eb8a2f83e3",
+ "zh:e989ac0324fd9d443da317b3d97ec9fb8c8122fa2951ac2356302891a20bb595",
+ "zh:ff135b9cac355ecd8f69a64206751503fa9aa41147241c9f99ad766f27a6dcd3",
+ ]
+}
+
+provider "registry.terraform.io/hashicorp/external" {
+ version = "1.2.0"
+ constraints = "~> 1.2"
+ hashes = [
+ "h1:jIFj6CgC748E2UkSiBCYwKAspDPDsSyd0MDuin+swho=",
+ "zh:02048f972a31ac87231dd548323ee214cf04944b289c5d9edde82ffbde5b8386",
+ "zh:06fcf617521916883c5e3cbfa533dded6725246123f18355576a07f40f2ae4b0",
+ "zh:325dbc165665b3bd31164168bb65bf1f364c4a463cc8a2f8e3639b9738d9b16e",
+ "zh:5cf47495ec9ec1953f2a94875b23a4f44ff810422f1e63b5ef849fe1138e7aa1",
+ "zh:6cb3e94f4e795892005328e9a3aa12415b03ce99d6b7c92b3122f4204bb0ee73",
+ "zh:6d731e12c616434886f007cad68d9313a178ddfb0360de84236fc5593f443c10",
+ "zh:9a269a735d9e0c3b1390e6319df46ee2d0afc057c32a899ffc885df78d012123",
+ "zh:a91b5d526011f5ee56461b1d7a9fcb230aab6c38c01facb73ecd98c5e958204e",
+ "zh:aa5f19ba3040a4a10f4c5290d075544d7cdad4b90fb10a469a1d40cbaf4607e5",
+ "zh:c986125fda03444ac8c964e999c48db450b452e0b4edf4542e3bee97ca951cbd",
+ "zh:fddff8f179925c1c76e58302ddcbead9474ea52c6e8141f5ba73bb137ca2ebc5",
+ "zh:fe2ef9dcc45291d0582bbf1f5936522682cf2e03a3811a8e6968f1ba14d91f25",
+ ]
+}
diff --git a/account/README.md b/account/README.md
index 481af84..f133dd4 100644
--- a/account/README.md
+++ b/account/README.md
@@ -3,9 +3,7 @@
## Requirements
-| Name | Version |
-|------|---------|
-| [terraform](#requirement\_terraform) | >= 0.13.0 |
+No requirements.
## Providers
@@ -17,11 +15,11 @@ No providers.
|------|--------|---------|
| [backend](#module\_backend) | rhythmictech/backend/aws | 2.1.0 |
| [cloudtrail\_bucket](#module\_cloudtrail\_bucket) | rhythmictech/cloudtrail-bucket/aws | ~> 1.2.0 |
-| [cloudtrail\_logging](#module\_cloudtrail\_logging) | rhythmictech/cloudtrail-logging/aws | ~> 1.1.0 |
+| [cloudtrail\_logging](#module\_cloudtrail\_logging) | rhythmictech/cloudtrail-logging/aws | ~> 1.3.0 |
| [does\_workspace\_match\_env](#module\_does\_workspace\_match\_env) | rhythmictech/errorcheck/terraform | ~> 1.0.0 |
| [iam\_password\_policy](#module\_iam\_password\_policy) | rhythmictech/iam-password-policy/aws | 1.0.0 |
| [rhythmic\_iam\_roles](#module\_rhythmic\_iam\_roles) | rhythmictech/rhythmic-iam-roles/aws | ~> 1.1.0 |
-| [s3logging\_bucket](#module\_s3logging\_bucket) | rhythmictech/s3logging-bucket/aws | ~> 1.0.1 |
+| [s3logging\_bucket](#module\_s3logging\_bucket) | rhythmictech/s3logging-bucket/aws | ~> 2.0.0 |
| [tags](#module\_tags) | rhythmictech/tags/terraform | ~> 1.1.0 |
## Resources
@@ -48,6 +46,6 @@ No resources.
| Name | Description |
|------|-------------|
| [cloudtrail\_log\_group](#output\_cloudtrail\_log\_group) | CloudTrail CloudWatch log group |
-| [s3\_bucket\_access\_logging](#output\_s3\_bucket\_access\_logging) | S3 bucket to receive S3 bucket access logs |
+| [s3\_bucket\_access\_logging\_bucket](#output\_s3\_bucket\_access\_logging\_bucket) | S3 bucket to receive S3 bucket access logs |
| [s3\_bucket\_access\_logging\_domain\_name](#output\_s3\_bucket\_access\_logging\_domain\_name) | S3 bucket to receive S3 bucket access logs |
diff --git a/account/main.tf b/account/main.tf
index 539f231..aa43889 100644
--- a/account/main.tf
+++ b/account/main.tf
@@ -24,10 +24,9 @@ module "rhythmic_iam_roles" {
module "s3logging_bucket" {
source = "rhythmictech/s3logging-bucket/aws"
- version = "~> 1.0.1"
+ version = "~> 2.0.0"
bucket_suffix = "account"
- region = var.region
tags = module.tags.tags_no_name
# store for 1 yr
@@ -43,14 +42,14 @@ module "s3logging_bucket" {
module "cloudtrail_bucket" {
source = "rhythmictech/cloudtrail-bucket/aws"
version = "~> 1.2.0"
- logging_bucket = module.s3logging_bucket.s3logging_bucket_name
+ logging_bucket = module.s3logging_bucket.s3_bucket_name
region = var.region
tags = module.tags.tags_no_name
}
module "cloudtrail_logging" {
source = "rhythmictech/cloudtrail-logging/aws"
- version = "~> 1.1.0"
+ version = "~> 1.3.0"
region = var.region
cloudtrail_bucket = module.cloudtrail_bucket.s3_bucket_name
kms_key_id = module.cloudtrail_bucket.kms_key_id
diff --git a/account/outputs.tf b/account/outputs.tf
index 8e4a4e3..e49dbff 100644
--- a/account/outputs.tf
+++ b/account/outputs.tf
@@ -8,12 +8,12 @@ output "cloudtrail_log_group" {
value = module.cloudtrail_logging.cloudwatch_loggroup_name
}
-output "s3_bucket_access_logging" {
+output "s3_bucket_access_logging_bucket" {
description = "S3 bucket to receive S3 bucket access logs"
- value = module.s3logging_bucket.s3logging_bucket_name
+ value = module.s3logging_bucket.s3_bucket_name
}
output "s3_bucket_access_logging_domain_name" {
description = "S3 bucket to receive S3 bucket access logs"
- value = module.s3logging_bucket.s3logging_bucket_domain_name
+ value = module.s3logging_bucket.s3_bucket_domain_name
}
diff --git a/account/setup/main.tf b/account/setup/main.tf
index 9a4e624..d8c9ab0 100644
--- a/account/setup/main.tf
+++ b/account/setup/main.tf
@@ -1,5 +1,5 @@
-#tfsec:ignore:aws-dynamodb-table-customer-key,aws-dynamodb-enable-recovery
+#tfsec:ignore:aws-dynamodb-table-customer-key tfsec:ignore:aws-dynamodb-enable-recovery
module "backend" {
source = "rhythmictech/backend/aws"
version = "2.1.0"
diff --git a/common/.terraform.lock.hcl b/common/.terraform.lock.hcl
new file mode 100644
index 0000000..69fdab1
--- /dev/null
+++ b/common/.terraform.lock.hcl
@@ -0,0 +1,44 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+ version = "3.68.0"
+ hashes = [
+ "h1:6Z90ORvMqC6UvbZ529U2om6CZHsDomgeyedgeKYc/ao=",
+ "h1:rAJft4bPPOCRBqUZqfjGwF4Yk/waqytuQZQ4twOZ6aE=",
+ "h1:w546dMDYshe7eeOsxSZt7ihMJOKCbl/7ifZ9lI1PUAY=",
+ "zh:05a43a7dbd409451c08a958610234619d7e0d102e601220b60aad025bf2b6e2c",
+ "zh:0d195fa738a348e511550de39caec3f10cfb9afe8d69ed2104b39e9129438739",
+ "zh:3d88a19b2a810559bc6953fe92b7a7c6e3251c5501866c94ef34648df3fdf461",
+ "zh:3e42fdaf9df636a3741871c4209c9665549d67f07a69dd8700dcdcd43cd367fb",
+ "zh:690418e0969eb36807832b48099f09e686e3d0fda42f483efc835bdef6363888",
+ "zh:7158d5ef79dc90f2da61b6bc28d450e8d61a58b314d9abed8a03a09b80a41316",
+ "zh:7ed4fac5d8de0141559fc4dbf97dd754d5af8c245a946d955b11530293f6f4d6",
+ "zh:d0961612800f75321014347b69148e2f326d8b9ff2a9ac99074d35ee3f289d17",
+ "zh:e8d35599fc8f7ca796ada775828f1dbf10668e0c7eb1f052330360eb8a2f83e3",
+ "zh:e989ac0324fd9d443da317b3d97ec9fb8c8122fa2951ac2356302891a20bb595",
+ "zh:ff135b9cac355ecd8f69a64206751503fa9aa41147241c9f99ad766f27a6dcd3",
+ ]
+}
+
+provider "registry.terraform.io/hashicorp/external" {
+ version = "1.2.0"
+ constraints = "~> 1.2"
+ hashes = [
+ "h1:MvRkudSV2zEua8Fb7PRaSNQPREGrZXMK6ymG4zvuTwk=",
+ "h1:jIFj6CgC748E2UkSiBCYwKAspDPDsSyd0MDuin+swho=",
+ "h1:wDfbBn+171g9/+aWqkicrN5l1S3kuqEX4J1zyPCDsoY=",
+ "zh:02048f972a31ac87231dd548323ee214cf04944b289c5d9edde82ffbde5b8386",
+ "zh:06fcf617521916883c5e3cbfa533dded6725246123f18355576a07f40f2ae4b0",
+ "zh:325dbc165665b3bd31164168bb65bf1f364c4a463cc8a2f8e3639b9738d9b16e",
+ "zh:5cf47495ec9ec1953f2a94875b23a4f44ff810422f1e63b5ef849fe1138e7aa1",
+ "zh:6cb3e94f4e795892005328e9a3aa12415b03ce99d6b7c92b3122f4204bb0ee73",
+ "zh:6d731e12c616434886f007cad68d9313a178ddfb0360de84236fc5593f443c10",
+ "zh:9a269a735d9e0c3b1390e6319df46ee2d0afc057c32a899ffc885df78d012123",
+ "zh:a91b5d526011f5ee56461b1d7a9fcb230aab6c38c01facb73ecd98c5e958204e",
+ "zh:aa5f19ba3040a4a10f4c5290d075544d7cdad4b90fb10a469a1d40cbaf4607e5",
+ "zh:c986125fda03444ac8c964e999c48db450b452e0b4edf4542e3bee97ca951cbd",
+ "zh:fddff8f179925c1c76e58302ddcbead9474ea52c6e8141f5ba73bb137ca2ebc5",
+ "zh:fe2ef9dcc45291d0582bbf1f5936522682cf2e03a3811a8e6968f1ba14d91f25",
+ ]
+}
diff --git a/common/common.tf b/common/common.tf
index 4a53677..684a390 100644
--- a/common/common.tf
+++ b/common/common.tf
@@ -7,8 +7,6 @@ provider "aws" {
terraform {
backend "s3" {}
-
- required_version = ">= 0.13.0"
}
# Intentionally throws an error if the workspace doesn't match the env
diff --git a/network/.terraform.lock.hcl b/network/.terraform.lock.hcl
new file mode 100644
index 0000000..0da709a
--- /dev/null
+++ b/network/.terraform.lock.hcl
@@ -0,0 +1,45 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+ version = "3.68.0"
+ constraints = ">= 3.63.0"
+ hashes = [
+ "h1:6Z90ORvMqC6UvbZ529U2om6CZHsDomgeyedgeKYc/ao=",
+ "h1:rAJft4bPPOCRBqUZqfjGwF4Yk/waqytuQZQ4twOZ6aE=",
+ "h1:w546dMDYshe7eeOsxSZt7ihMJOKCbl/7ifZ9lI1PUAY=",
+ "zh:05a43a7dbd409451c08a958610234619d7e0d102e601220b60aad025bf2b6e2c",
+ "zh:0d195fa738a348e511550de39caec3f10cfb9afe8d69ed2104b39e9129438739",
+ "zh:3d88a19b2a810559bc6953fe92b7a7c6e3251c5501866c94ef34648df3fdf461",
+ "zh:3e42fdaf9df636a3741871c4209c9665549d67f07a69dd8700dcdcd43cd367fb",
+ "zh:690418e0969eb36807832b48099f09e686e3d0fda42f483efc835bdef6363888",
+ "zh:7158d5ef79dc90f2da61b6bc28d450e8d61a58b314d9abed8a03a09b80a41316",
+ "zh:7ed4fac5d8de0141559fc4dbf97dd754d5af8c245a946d955b11530293f6f4d6",
+ "zh:d0961612800f75321014347b69148e2f326d8b9ff2a9ac99074d35ee3f289d17",
+ "zh:e8d35599fc8f7ca796ada775828f1dbf10668e0c7eb1f052330360eb8a2f83e3",
+ "zh:e989ac0324fd9d443da317b3d97ec9fb8c8122fa2951ac2356302891a20bb595",
+ "zh:ff135b9cac355ecd8f69a64206751503fa9aa41147241c9f99ad766f27a6dcd3",
+ ]
+}
+
+provider "registry.terraform.io/hashicorp/external" {
+ version = "1.2.0"
+ constraints = "~> 1.2"
+ hashes = [
+ "h1:MvRkudSV2zEua8Fb7PRaSNQPREGrZXMK6ymG4zvuTwk=",
+ "h1:jIFj6CgC748E2UkSiBCYwKAspDPDsSyd0MDuin+swho=",
+ "h1:wDfbBn+171g9/+aWqkicrN5l1S3kuqEX4J1zyPCDsoY=",
+ "zh:02048f972a31ac87231dd548323ee214cf04944b289c5d9edde82ffbde5b8386",
+ "zh:06fcf617521916883c5e3cbfa533dded6725246123f18355576a07f40f2ae4b0",
+ "zh:325dbc165665b3bd31164168bb65bf1f364c4a463cc8a2f8e3639b9738d9b16e",
+ "zh:5cf47495ec9ec1953f2a94875b23a4f44ff810422f1e63b5ef849fe1138e7aa1",
+ "zh:6cb3e94f4e795892005328e9a3aa12415b03ce99d6b7c92b3122f4204bb0ee73",
+ "zh:6d731e12c616434886f007cad68d9313a178ddfb0360de84236fc5593f443c10",
+ "zh:9a269a735d9e0c3b1390e6319df46ee2d0afc057c32a899ffc885df78d012123",
+ "zh:a91b5d526011f5ee56461b1d7a9fcb230aab6c38c01facb73ecd98c5e958204e",
+ "zh:aa5f19ba3040a4a10f4c5290d075544d7cdad4b90fb10a469a1d40cbaf4607e5",
+ "zh:c986125fda03444ac8c964e999c48db450b452e0b4edf4542e3bee97ca951cbd",
+ "zh:fddff8f179925c1c76e58302ddcbead9474ea52c6e8141f5ba73bb137ca2ebc5",
+ "zh:fe2ef9dcc45291d0582bbf1f5936522682cf2e03a3811a8e6968f1ba14d91f25",
+ ]
+}
diff --git a/network/README.md b/network/README.md
index 61f8b2d..03008fd 100644
--- a/network/README.md
+++ b/network/README.md
@@ -3,15 +3,13 @@
## Requirements
-| Name | Version |
-|------|---------|
-| [terraform](#requirement\_terraform) | >= 0.13.0 |
+No requirements.
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | n/a |
+| [aws](#provider\_aws) | 3.68.0 |
| [terraform](#provider\_terraform) | n/a |
## Modules
@@ -20,7 +18,7 @@
|------|--------|---------|
| [does\_workspace\_match\_env](#module\_does\_workspace\_match\_env) | rhythmictech/errorcheck/terraform | ~> 1.0.0 |
| [tags](#module\_tags) | rhythmictech/tags/terraform | ~> 1.1.0 |
-| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 2.44.0 |
+| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.11.0 |
| [vpcflowlogs](#module\_vpcflowlogs) | rhythmictech/vpcflowlogs/aws | ~> 1.1.2 |
## Resources
diff --git a/network/main.tf b/network/main.tf
index 20289a2..602919c 100644
--- a/network/main.tf
+++ b/network/main.tf
@@ -36,7 +36,7 @@ module "tags" {
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
- version = "~> 2.44.0"
+ version = "~> 3.11.0"
name = module.tags.name
azs = var.availability_zones
@@ -47,13 +47,14 @@ module "vpc" {
tags = module.tags.tags
}
+#tfsec:ignore:aws-iam-no-policy-wildcards
module "vpcflowlogs" {
source = "rhythmictech/vpcflowlogs/aws"
version = "~> 1.1.2"
create_bucket = true
create_kms_key = true
- logging_bucket = data.terraform_remote_state.account.outputs.s3_bucket_access_logging
+ logging_bucket = data.terraform_remote_state.account.outputs.s3_bucket_access_logging_bucket
region = var.region
tags = module.tags.tags
vpc_ids = [module.vpc.vpc_id]