Merge pull request #22 from SPHTech-Platform/aws-v5

Update AWS Provider to support V5
SPHTech-Platform · Oct 20, 2023 · e28251d · e28251d
2 parents 631578b + bc9c67b
commit e28251d
Show file tree

Hide file tree

Showing 11 changed files with 39 additions and 22 deletions.
diff --git a/modules/management/credentials.tf b/modules/management/credentials.tf
@@ -1,7 +1,8 @@
 resource "vault_policy" "boundary_controller" {
   for_each = var.credential_store_vault
-  name     = "boundary_controller"
-  policy   = <<EOF
+
+  name   = "boundary_controller"
+  policy = <<EOF
   path "auth/token/lookup-self" {
   capabilities = ["read"]
   }
@@ -25,8 +26,9 @@ resource "vault_policy" "boundary_controller" {
 
 resource "vault_policy" "admin_read" {
   for_each = var.credential_store_vault
-  name     = "admin-read"
-  policy   = <<EOF
+
+  name   = "admin-read"
+  policy = <<EOF
   path "*" {
     capabilities = ["read"]
   }
@@ -35,7 +37,8 @@ resource "vault_policy" "admin_read" {
 
 
 resource "vault_token" "boundary" {
-  for_each          = var.credential_store_vault
+  for_each = var.credential_store_vault
+
   policies          = [vault_policy.boundary_controller[each.key].name, vault_policy.admin_read[each.key].name]
   no_parent         = true
   no_default_policy = true
@@ -50,7 +53,8 @@ resource "vault_token" "boundary" {
 
 
 resource "boundary_credential_store_vault" "this" {
-  for_each    = var.credential_store_vault
+  for_each = var.credential_store_vault
+
   name        = "${each.key}-vault-credential-store"
   description = "${each.key}-vault-credential-store"
   address     = var.vault_pub_url
@@ -62,7 +66,8 @@ resource "boundary_credential_store_vault" "this" {
 
 
 resource "boundary_credential_library_vault" "this" {
-  for_each            = var.credential_lib_vault
+  for_each = var.credential_lib_vault
+
   name                = each.value.name
   description         = each.value.name
   credential_store_id = boundary_credential_store_vault.this[each.value.project].id
@@ -72,7 +77,8 @@ resource "boundary_credential_library_vault" "this" {
 }
 
 resource "boundary_credential_store_static" "this" {
-  for_each    = var.credential_store_static
+  for_each = var.credential_store_static
+
   name        = "${each.value.name}-static-credential-store"
   description = "${each.key} scoped static credential store"
   scope_id    = lookup(var.projects, each.key).id

diff --git a/modules/management/host_targets.tf b/modules/management/host_targets.tf
@@ -14,14 +14,16 @@ locals {
 }
 
 resource "boundary_host_catalog_static" "this" {
-  for_each    = local.unq_env
+  for_each = local.unq_env
+
   name        = "${each.key}-static"
   description = "Static Hosts Catalog for ${each.key}"
   scope_id    = lookup(var.projects, each.key).id
 }
 
 resource "boundary_host_static" "this" {
-  for_each        = { for unq in local.static_values : unq.ip => unq }
+  for_each = { for unq in local.static_values : unq.ip => unq }
+
   name            = "${each.value.project}-${each.value.type}-${each.key}"
   description     = "${each.value.project}-${each.value.type}-${each.key} host"
   address         = each.key
@@ -37,13 +39,15 @@ resource "boundary_host_set_static" "this" {
         "ip"      = j
     }])
   ]) : idx => record }
+
   name            = each.value.type
   host_catalog_id = boundary_host_catalog_static.this[each.value.project].id
   host_ids        = [for i in each.value.ip : boundary_host_static.this[i].id]
 }
 
 resource "boundary_target" "this" {
-  for_each     = var.targets
+  for_each = var.targets
+
   name         = each.value.name
   description  = "Target for ${each.value.name}"
   type         = each.value.type

diff --git a/modules/management_static/credentials.tf b/modules/management_static/credentials.tf
@@ -1,5 +1,6 @@
 resource "boundary_credential_store_static" "this" {
-  for_each    = var.credential_store_static
+  for_each = var.credential_store_static
+
   name        = "${each.value.name}-static-credential-store"
   description = "${each.key} scoped static credential store"
   scope_id    = lookup(var.projects, each.key).id

diff --git a/modules/management_static/host_targets.tf b/modules/management_static/host_targets.tf
@@ -14,14 +14,16 @@ locals {
 }
 
 resource "boundary_host_catalog_static" "this" {
-  for_each    = local.unq_env
+  for_each = local.unq_env
+
   name        = "${each.key}-static"
   description = "Static Hosts Catalog for ${each.key}"
   scope_id    = lookup(var.projects, each.key).id
 }
 
 resource "boundary_host_static" "this" {
-  for_each        = { for unq in local.static_values : unq.ip => unq }
+  for_each = { for unq in local.static_values : unq.ip => unq }
+
   name            = "${each.value.project}-${each.value.type}-${each.key}"
   description     = "${each.value.project}-${each.value.type}-${each.key} host"
   address         = each.key
@@ -37,13 +39,15 @@ resource "boundary_host_set_static" "this" {
         "ip"      = j
     }])
   ]) : idx => record }
+
   name            = each.value.type
   host_catalog_id = boundary_host_catalog_static.this[each.value.project].id
   host_ids        = [for i in each.value.ip : boundary_host_static.this[i].id]
 }
 
 resource "boundary_target" "this" {
-  for_each     = var.targets
+  for_each = var.targets
+
   name         = each.value.name
   description  = "Target for ${each.value.name}"
   type         = each.value.type

diff --git a/modules/structure/roles.tf b/modules/structure/roles.tf
@@ -14,7 +14,8 @@ resource "boundary_role" "org_admin" {
 }
 
 resource "boundary_role" "proj_admin" {
-  for_each       = toset(var.project_names)
+  for_each = toset(var.project_names)
+
   name           = "${var.org_name}-${each.key}-role"
   scope_id       = boundary_scope.org.id
   grant_scope_id = boundary_scope.projects[each.key].id

diff --git a/modules/structure/scopes.tf b/modules/structure/scopes.tf
@@ -8,7 +8,8 @@ resource "boundary_scope" "org" {
 
 // create project
 resource "boundary_scope" "projects" {
-  for_each                 = toset(var.project_names)
+  for_each = toset(var.project_names)
+
   name                     = each.key
   description              = "Project for ${each.key}"
   scope_id                 = boundary_scope.org.id

diff --git a/modules/worker_ec2/resources.tf b/modules/worker_ec2/resources.tf
@@ -1,7 +1,7 @@
 module "ec2_boundary_worker" {
   #checkov:skip=CKV_TF_1:Ensure Terraform module sources use a commit hash
   source  = "terraform-aws-modules/ec2-instance/aws"
-  version = "~> 4.2.0"
+  version = "~> 5.5.0"
 
   ami                         = var.ami
   associate_public_ip_address = var.pub_enable

diff --git a/modules/worker_ec2/versions.tf b/modules/worker_ec2/versions.tf
@@ -3,7 +3,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 4.38.0"
+      version = ">= 4.66"
     }
     cloudinit = {
       source  = "hashicorp/cloudinit"

diff --git a/modules/worker_fargate/containers.tf b/modules/worker_fargate/containers.tf
@@ -22,7 +22,7 @@ locals {
 module "container_boundary" {
   #checkov:skip=CKV_TF_1:Ensure Terraform module sources use a commit hash
   source  = "cloudposse/ecs-container-definition/aws"
-  version = "0.58.1"
+  version = "~> 0.61.0"
 
   container_name  = "container-${var.name}"
   container_image = var.container_image

diff --git a/modules/worker_fargate/loadbalancer.tf b/modules/worker_fargate/loadbalancer.tf
@@ -1,7 +1,7 @@
 module "nlb" {
   #checkov:skip=CKV_TF_1:Ensure Terraform module sources use a commit hash
   source  = "terraform-aws-modules/alb/aws"
-  version = "~> 6.0"
+  version = "~> 8.7"
 
   name = "nlb-${var.name}"
 

diff --git a/modules/worker_fargate/versions.tf b/modules/worker_fargate/versions.tf
@@ -3,7 +3,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 4.38.0"
+      version = ">= 4.38.0"
     }
     random = {
       source  = "hashicorp/random"