From 5f82b865eea544b608ab62900295e864854696b2 Mon Sep 17 00:00:00 2001
From: Tucker <tdewitt@users.noreply.github.com>
Date: Sat, 11 Feb 2023 12:41:17 -0500
Subject: [PATCH 1/2] Fix: Use less strict version string

Amazon will periodically update RDS versions behind the scenes.  By
using a less string version string, you allow for these changes to
happen without causing terraform drift issues.  Locking on the engine
version should maintain compatibility.
---
 rds.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rds.tf b/rds.tf
index bcba0ae..b9f7ed9 100644
--- a/rds.tf
+++ b/rds.tf
@@ -44,7 +44,7 @@ resource "aws_rds_cluster" "serverless_wordpress" {
   db_subnet_group_name                = aws_db_subnet_group.main_vpc.name
   cluster_identifier                  = "${var.site_name}-serverless-wordpress"
   engine                              = "aurora-mysql"
-  engine_version                      = "5.7.mysql_aurora.2.07.1"
+  engine_version                      = "5.7"
   engine_mode                         = "serverless"
   database_name                       = "wordpress"
   master_username                     = "wp_master"

From d508684f3066dc30a531568ba3001a0c37ee282d Mon Sep 17 00:00:00 2001
From: Tucker <tdewitt@users.noreply.github.com>
Date: Sat, 11 Feb 2023 12:46:24 -0500
Subject: [PATCH 2/2] Updated to support ~> 4.0 aws provider

Planned and applied sucessfully.  All deprecations have been fixed.
---
 ecs.tf                             | 10 ++++++++--
 modules/cloudfront/distribution.tf | 13 ++++++++-----
 modules/codebuild/main.tf          | 23 +++++++++++++++--------
 provider.tf                        |  2 +-
 4 files changed, 32 insertions(+), 16 deletions(-)

diff --git a/ecs.tf b/ecs.tf
index 21dd3f1..d319c97 100644
--- a/ecs.tf
+++ b/ecs.tf
@@ -237,10 +237,16 @@ resource "aws_ecs_service" "wordpress_service" {
 #tfsec:ignore:AWS090
 resource "aws_ecs_cluster" "wordpress_cluster" {
   name               = "${var.site_name}_wordpress"
+}
+
+resource "aws_ecs_cluster_capacity_providers" "example" {
+  cluster_name = aws_ecs_cluster.wordpress_cluster.name
+
   capacity_providers = ["FARGATE_SPOT"]
+
   default_capacity_provider_strategy {
+    base              = 1
+    weight            = 100
     capacity_provider = "FARGATE_SPOT"
-    weight            = "100"
-    base              = "1"
   }
 }
diff --git a/modules/cloudfront/distribution.tf b/modules/cloudfront/distribution.tf
index 9e79890..4ad5b6f 100644
--- a/modules/cloudfront/distribution.tf
+++ b/modules/cloudfront/distribution.tf
@@ -4,11 +4,14 @@
 resource "aws_s3_bucket" "wordpress_bucket" {
   bucket        = "${var.site_prefix}.${var.site_domain}"
   force_destroy = true
-  server_side_encryption_configuration {
-    rule {
-      apply_server_side_encryption_by_default {
-        sse_algorithm = "AES256"
-      }
+}
+
+resource "aws_s3_bucket_server_side_encryption_configuration" "wordpress_bucket" {
+  bucket = aws_s3_bucket.wordpress_bucket.id
+
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm     = "AES256"
     }
   }
 }
diff --git a/modules/codebuild/main.tf b/modules/codebuild/main.tf
index 70fbe2e..4699309 100644
--- a/modules/codebuild/main.tf
+++ b/modules/codebuild/main.tf
@@ -5,13 +5,20 @@ data "aws_region" "current" {}
 #tfsec:ignore:AWS002 #tfsec:ignore:AWS077
 resource "aws_s3_bucket" "code_source" {
   bucket        = var.codebuild_bucket
-  acl           = "private"
   force_destroy = true
-  server_side_encryption_configuration {
-    rule {
-      apply_server_side_encryption_by_default {
-        sse_algorithm = "AES256"
-      }
+}
+
+resource "aws_s3_bucket_acl" "example_bucket_acl" {
+  bucket = aws_s3_bucket.code_source.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_server_side_encryption_configuration" "code_source" {
+  bucket = aws_s3_bucket.code_source.id
+
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm     = "AES256"
     }
   }
 }
@@ -55,7 +62,7 @@ resource "aws_iam_role_policy_attachment" "codebuild_role_attachment" {
   policy_arn = "arn:aws:iam::aws:policy/PowerUserAccess"
 }
 
-resource "aws_s3_bucket_object" "wordpress_dockerbuild" {
+resource "aws_s3_object" "wordpress_dockerbuild" {
   bucket = aws_s3_bucket.code_source.id
   key    = "wordpress_docker.zip"
   source = "${path.module}/codebuild_files/wordpress_docker.zip"
@@ -133,7 +140,7 @@ resource "aws_codebuild_project" "wordpress_docker_build" {
 
   source {
     type     = "S3"
-    location = "${aws_s3_bucket.code_source.id}/${aws_s3_bucket_object.wordpress_dockerbuild.id}"
+    location = "${aws_s3_bucket.code_source.id}/${aws_s3_object.wordpress_dockerbuild.id}"
 
   }
 }
diff --git a/provider.tf b/provider.tf
index 4766ad4..eedb477 100644
--- a/provider.tf
+++ b/provider.tf
@@ -4,7 +4,7 @@ terraform {
     aws = {
       source = "hashicorp/aws"
       # https://github.com/hashicorp/terraform-provider-aws/blob/main/CHANGELOG.md
-      version               = "~> 3.0"
+      version               = "~> 4.0"
       configuration_aliases = [aws.ue1]
     }
     random = {