diff --git a/modules/management/credentials.tf b/modules/management/credentials.tf index bbc1ee0..f2d13c3 100644 --- a/modules/management/credentials.tf +++ b/modules/management/credentials.tf @@ -1,7 +1,8 @@ resource "vault_policy" "boundary_controller" { for_each = var.credential_store_vault - name = "boundary_controller" - policy = < unq } + for_each = { for unq in local.static_values : unq.ip => unq } + name = "${each.value.project}-${each.value.type}-${each.key}" description = "${each.value.project}-${each.value.type}-${each.key} host" address = each.key @@ -37,13 +39,15 @@ resource "boundary_host_set_static" "this" { "ip" = j }]) ]) : idx => record } + name = each.value.type host_catalog_id = boundary_host_catalog_static.this[each.value.project].id host_ids = [for i in each.value.ip : boundary_host_static.this[i].id] } resource "boundary_target" "this" { - for_each = var.targets + for_each = var.targets + name = each.value.name description = "Target for ${each.value.name}" type = each.value.type diff --git a/modules/management_static/credentials.tf b/modules/management_static/credentials.tf index d7d8b4d..d961f01 100644 --- a/modules/management_static/credentials.tf +++ b/modules/management_static/credentials.tf @@ -1,5 +1,6 @@ resource "boundary_credential_store_static" "this" { - for_each = var.credential_store_static + for_each = var.credential_store_static + name = "${each.value.name}-static-credential-store" description = "${each.key} scoped static credential store" scope_id = lookup(var.projects, each.key).id diff --git a/modules/management_static/host_targets.tf b/modules/management_static/host_targets.tf index 2c9d7e0..97e7883 100644 --- a/modules/management_static/host_targets.tf +++ b/modules/management_static/host_targets.tf @@ -14,14 +14,16 @@ locals { } resource "boundary_host_catalog_static" "this" { - for_each = local.unq_env + for_each = local.unq_env + name = "${each.key}-static" description = "Static Hosts Catalog for ${each.key}" scope_id = lookup(var.projects, each.key).id } resource "boundary_host_static" "this" { - for_each = { for unq in local.static_values : unq.ip => unq } + for_each = { for unq in local.static_values : unq.ip => unq } + name = "${each.value.project}-${each.value.type}-${each.key}" description = "${each.value.project}-${each.value.type}-${each.key} host" address = each.key @@ -37,13 +39,15 @@ resource "boundary_host_set_static" "this" { "ip" = j }]) ]) : idx => record } + name = each.value.type host_catalog_id = boundary_host_catalog_static.this[each.value.project].id host_ids = [for i in each.value.ip : boundary_host_static.this[i].id] } resource "boundary_target" "this" { - for_each = var.targets + for_each = var.targets + name = each.value.name description = "Target for ${each.value.name}" type = each.value.type diff --git a/modules/structure/roles.tf b/modules/structure/roles.tf index 2bf5861..83280cd 100644 --- a/modules/structure/roles.tf +++ b/modules/structure/roles.tf @@ -14,7 +14,8 @@ resource "boundary_role" "org_admin" { } resource "boundary_role" "proj_admin" { - for_each = toset(var.project_names) + for_each = toset(var.project_names) + name = "${var.org_name}-${each.key}-role" scope_id = boundary_scope.org.id grant_scope_id = boundary_scope.projects[each.key].id diff --git a/modules/structure/scopes.tf b/modules/structure/scopes.tf index 15b5212..8e6077a 100644 --- a/modules/structure/scopes.tf +++ b/modules/structure/scopes.tf @@ -8,7 +8,8 @@ resource "boundary_scope" "org" { // create project resource "boundary_scope" "projects" { - for_each = toset(var.project_names) + for_each = toset(var.project_names) + name = each.key description = "Project for ${each.key}" scope_id = boundary_scope.org.id diff --git a/modules/worker_ec2/resources.tf b/modules/worker_ec2/resources.tf index 02e2121..5d1386c 100644 --- a/modules/worker_ec2/resources.tf +++ b/modules/worker_ec2/resources.tf @@ -1,7 +1,7 @@ module "ec2_boundary_worker" { #checkov:skip=CKV_TF_1:Ensure Terraform module sources use a commit hash source = "terraform-aws-modules/ec2-instance/aws" - version = "~> 4.2.0" + version = "~> 5.5.0" ami = var.ami associate_public_ip_address = var.pub_enable diff --git a/modules/worker_ec2/versions.tf b/modules/worker_ec2/versions.tf index c419b15..247e7be 100644 --- a/modules/worker_ec2/versions.tf +++ b/modules/worker_ec2/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.38.0" + version = ">= 4.66" } cloudinit = { source = "hashicorp/cloudinit" diff --git a/modules/worker_fargate/containers.tf b/modules/worker_fargate/containers.tf index df89306..d07822d 100644 --- a/modules/worker_fargate/containers.tf +++ b/modules/worker_fargate/containers.tf @@ -22,7 +22,7 @@ locals { module "container_boundary" { #checkov:skip=CKV_TF_1:Ensure Terraform module sources use a commit hash source = "cloudposse/ecs-container-definition/aws" - version = "0.58.1" + version = "~> 0.61.0" container_name = "container-${var.name}" container_image = var.container_image diff --git a/modules/worker_fargate/loadbalancer.tf b/modules/worker_fargate/loadbalancer.tf index ad19a11..a9eb2fa 100644 --- a/modules/worker_fargate/loadbalancer.tf +++ b/modules/worker_fargate/loadbalancer.tf @@ -1,7 +1,7 @@ module "nlb" { #checkov:skip=CKV_TF_1:Ensure Terraform module sources use a commit hash source = "terraform-aws-modules/alb/aws" - version = "~> 6.0" + version = "~> 8.7" name = "nlb-${var.name}" diff --git a/modules/worker_fargate/versions.tf b/modules/worker_fargate/versions.tf index 9ade4ee..8f7a5da 100644 --- a/modules/worker_fargate/versions.tf +++ b/modules/worker_fargate/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.38.0" + version = ">= 4.38.0" } random = { source = "hashicorp/random"