Update to Aws provider 5.x (#11)

* Update to aws provider 5.x * Update s3 resource * Add parameter for setting security group rules * Strict requirements for SG rules
Flaconi · Jan 21, 2025 · 2b97c1a · 2b97c1a
1 parent a402b01
commit 2b97c1a
Show file tree

Hide file tree

Showing 6 changed files with 51 additions and 13 deletions.
diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml
@@ -2,12 +2,17 @@ name: Release Drafter
 
 on:
   push:
-    # branches to consider in the event; optional, defaults to all
     branches:
       - master
 
+permissions:
+  contents: read
+
 jobs:
   update_release_draft:
+    permissions:
+      contents: write
+      pull-requests: read
     runs-on: ubuntu-latest
     steps:
       - uses: release-drafter/release-drafter@v5

diff --git a/Makefile b/Makefile
@@ -12,9 +12,9 @@ TF_MODULES  = $(sort $(dir $(wildcard $(CURRENT_DIR)modules/*/)))
 # Container versions
 # -------------------------------------------------------------------------------------------------
 TF_VERSION      = 1.0.11
-TFDOCS_VERSION  = 0.16.0-0.31
-FL_VERSION      = 0.4
-JL_VERSION      = 1.6.0-0.5
+TFDOCS_VERSION  = 0.16.0-0.34
+FL_VERSION      = latest-0.8
+JL_VERSION      = 1.6.0-0.14
 
 
 # -------------------------------------------------------------------------------------------------

diff --git a/README.md b/README.md
@@ -16,7 +16,7 @@ Template for Terraform modules
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 |
 
 <!-- TFDOCS_PROVIDER_END -->
 
@@ -25,8 +25,8 @@ Template for Terraform modules
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.1 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |
 
 <!-- TFDOCS_REQUIREMENTS_END -->
 
@@ -321,6 +321,25 @@ Type: `string`
 
 Default: `""`
 
+### <a name="input_additional_security_group_rules"></a> [additional\_security\_group\_rules](#input\_additional\_security\_group\_rules)
+
+Description: A list of Security Group rule objects to add to the created security group, in addition to the ones this module normally creates.
+
+Type:
+
+```hcl
+list(object({
+    from_port   = number
+    to_port     = number
+    protocol    = string
+    type        = string
+    cidr_blocks = list(string)
+    description = optional(string)
+  }))
+```
+
+Default: `[]`
+
 <!-- TFDOCS_INPUTS_END -->
 
 <!-- TFDOCS_OUTPUTS_START -->

diff --git a/main.tf b/main.tf
@@ -11,7 +11,7 @@ module "elastic_beanstalk_application" {
 
 module "elastic_beanstalk_environment" {
   source  = "cloudposse/elastic-beanstalk-environment/aws"
-  version = "0.46.0"
+  version = "0.51.0"
 
   depends_on = [
     aws_elastic_beanstalk_application_version.default,
@@ -50,6 +50,8 @@ module "elastic_beanstalk_environment" {
 
   allow_all_egress = true
 
+  additional_security_group_rules = var.additional_security_group_rules
+
   solution_stack_name = var.solution_stack_name
   env_vars            = var.env_vars
 
@@ -85,7 +87,7 @@ data "aws_iam_policy_document" "minimal_s3_permissions" {
   }
 }
 
-resource "aws_s3_bucket_object" "deployment" {
+resource "aws_s3_object" "deployment" {
   bucket  = var.deployment_bucket
   key     = "${var.application_name}-${var.deployment_version}-${var.deployment_file_path}"
   content = var.deployment_definition
@@ -98,7 +100,7 @@ resource "aws_elastic_beanstalk_application_version" "default" {
   application = var.application_name
   description = "application version created by terraform"
   bucket      = var.deployment_bucket
-  key         = aws_s3_bucket_object.deployment.id
+  key         = aws_s3_object.deployment.id
 }
 
 data "aws_route53_zone" "parent" {

diff --git a/variables.tf b/variables.tf
@@ -203,3 +203,16 @@ variable "keypair" {
   description = "Name of SSH key that will be deployed on Elastic Beanstalk and DataPipeline instance. The key should be present in AWS"
   default     = ""
 }
+
+variable "additional_security_group_rules" {
+  type = list(object({
+    from_port   = number
+    to_port     = number
+    protocol    = string
+    type        = string
+    cidr_blocks = list(string)
+    description = optional(string)
+  }))
+  default     = []
+  description = "A list of Security Group rule objects to add to the created security group, in addition to the ones this module normally creates."
+}
diff --git a/versions.tf b/versions.tf
@@ -1,10 +1,9 @@
 terraform {
-  required_version = "~> 1.1"
-
+  required_version = ">= 1.3"
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 3.0"
+      version = ">= 5.0"
     }
   }
 }