Skip to content

Commit

Permalink
Support AWS Provider v5, TLS provider v4 (#74)
Browse files Browse the repository at this point in the history
  • Loading branch information
max-lobur authored Aug 1, 2023
1 parent 30d9c1c commit 4fc2f49
Show file tree
Hide file tree
Showing 11 changed files with 494 additions and 138 deletions.
1 change: 1 addition & 0 deletions .github/workflows/release-branch.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ on:
- 'docs/**'
- 'examples/**'
- 'test/**'
- 'README.*'

permissions:
contents: write
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release-published.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,4 +11,4 @@ permissions:

jobs:
terraform-module:
uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release.yml@main
uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release-published.yml@main
24 changes: 10 additions & 14 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -88,10 +88,6 @@ We highly recommend that in your code you pin the version to the exact version y
using so that your infrastructure remains stable, and update versions in a
systematic way so that they do not catch you by surprise.

Also, because of a bug in the Terraform registry ([hashicorp/terraform#21417](https://github.com/hashicorp/terraform/issues/21417)),
the registry shows many of our inputs as required when in fact they are optional.
The table below correctly indicates which inputs are required.


For a complete example, see [examples/complete](examples/complete).

Expand Down Expand Up @@ -183,27 +179,27 @@ Available targets:

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.0 |
| <a name="requirement_awsutils"></a> [awsutils](#requirement\_awsutils) | >= 0.8.0 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0 |
| <a name="requirement_awsutils"></a> [awsutils](#requirement\_awsutils) | >= 0.16.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.0 |
| <a name="provider_awsutils"></a> [awsutils](#provider\_awsutils) | >= 0.8.0 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.0 |
| <a name="provider_awsutils"></a> [awsutils](#provider\_awsutils) | >= 0.16.0 |

## Modules

| Name | Source | Version |
|------|--------|---------|
| <a name="module_cloudwatch_log"></a> [cloudwatch\_log](#module\_cloudwatch\_log) | cloudposse/cloudwatch-logs/aws | 0.6.6 |
| <a name="module_self_signed_cert_ca"></a> [self\_signed\_cert\_ca](#module\_self\_signed\_cert\_ca) | cloudposse/ssm-tls-self-signed-cert/aws | 1.1.0 |
| <a name="module_self_signed_cert_root"></a> [self\_signed\_cert\_root](#module\_self\_signed\_cert\_root) | cloudposse/ssm-tls-self-signed-cert/aws | 1.0.0 |
| <a name="module_self_signed_cert_server"></a> [self\_signed\_cert\_server](#module\_self\_signed\_cert\_server) | cloudposse/ssm-tls-self-signed-cert/aws | 1.0.0 |
| <a name="module_cloudwatch_log"></a> [cloudwatch\_log](#module\_cloudwatch\_log) | cloudposse/cloudwatch-logs/aws | 0.6.8 |
| <a name="module_self_signed_cert_ca"></a> [self\_signed\_cert\_ca](#module\_self\_signed\_cert\_ca) | cloudposse/ssm-tls-self-signed-cert/aws | 1.3.0 |
| <a name="module_self_signed_cert_root"></a> [self\_signed\_cert\_root](#module\_self\_signed\_cert\_root) | cloudposse/ssm-tls-self-signed-cert/aws | 1.3.0 |
| <a name="module_self_signed_cert_server"></a> [self\_signed\_cert\_server](#module\_self\_signed\_cert\_server) | cloudposse/ssm-tls-self-signed-cert/aws | 1.3.0 |
| <a name="module_this"></a> [this](#module\_this) | cloudposse/label/null | 0.25.0 |
| <a name="module_vpn_security_group"></a> [vpn\_security\_group](#module\_vpn\_security\_group) | cloudposse/security-group/aws | 1.0.1 |
| <a name="module_vpn_security_group"></a> [vpn\_security\_group](#module\_vpn\_security\_group) | cloudposse/security-group/aws | 2.2.0 |

## Resources

Expand Down
20 changes: 10 additions & 10 deletions docs/terraform.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,27 +3,27 @@

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.0 |
| <a name="requirement_awsutils"></a> [awsutils](#requirement\_awsutils) | >= 0.8.0 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0 |
| <a name="requirement_awsutils"></a> [awsutils](#requirement\_awsutils) | >= 0.16.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.0 |
| <a name="provider_awsutils"></a> [awsutils](#provider\_awsutils) | >= 0.8.0 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.0 |
| <a name="provider_awsutils"></a> [awsutils](#provider\_awsutils) | >= 0.16.0 |

## Modules

| Name | Source | Version |
|------|--------|---------|
| <a name="module_cloudwatch_log"></a> [cloudwatch\_log](#module\_cloudwatch\_log) | cloudposse/cloudwatch-logs/aws | 0.6.6 |
| <a name="module_self_signed_cert_ca"></a> [self\_signed\_cert\_ca](#module\_self\_signed\_cert\_ca) | cloudposse/ssm-tls-self-signed-cert/aws | 1.1.0 |
| <a name="module_self_signed_cert_root"></a> [self\_signed\_cert\_root](#module\_self\_signed\_cert\_root) | cloudposse/ssm-tls-self-signed-cert/aws | 1.0.0 |
| <a name="module_self_signed_cert_server"></a> [self\_signed\_cert\_server](#module\_self\_signed\_cert\_server) | cloudposse/ssm-tls-self-signed-cert/aws | 1.0.0 |
| <a name="module_cloudwatch_log"></a> [cloudwatch\_log](#module\_cloudwatch\_log) | cloudposse/cloudwatch-logs/aws | 0.6.8 |
| <a name="module_self_signed_cert_ca"></a> [self\_signed\_cert\_ca](#module\_self\_signed\_cert\_ca) | cloudposse/ssm-tls-self-signed-cert/aws | 1.3.0 |
| <a name="module_self_signed_cert_root"></a> [self\_signed\_cert\_root](#module\_self\_signed\_cert\_root) | cloudposse/ssm-tls-self-signed-cert/aws | 1.3.0 |
| <a name="module_self_signed_cert_server"></a> [self\_signed\_cert\_server](#module\_self\_signed\_cert\_server) | cloudposse/ssm-tls-self-signed-cert/aws | 1.3.0 |
| <a name="module_this"></a> [this](#module\_this) | cloudposse/label/null | 0.25.0 |
| <a name="module_vpn_security_group"></a> [vpn\_security\_group](#module\_vpn\_security\_group) | cloudposse/security-group/aws | 1.0.1 |
| <a name="module_vpn_security_group"></a> [vpn\_security\_group](#module\_vpn\_security\_group) | cloudposse/security-group/aws | 2.2.0 |

## Resources

Expand Down
21 changes: 11 additions & 10 deletions examples/complete/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -14,26 +14,27 @@ locals {
}]
}

module "vpc_target" {
module "vpc" {
source = "cloudposse/vpc/aws"
version = "0.21.1"
version = "2.1.0"

cidr_block = var.target_cidr_block
ipv4_primary_cidr_block = var.target_cidr_block

context = module.this.context
}

module "subnets" {
source = "cloudposse/dynamic-subnets/aws"
version = "0.39.8"
version = "2.4.1"

availability_zones = var.availability_zones
vpc_id = module.vpc_target.vpc_id
igw_id = module.vpc_target.igw_id
cidr_block = module.vpc_target.vpc_cidr_block
nat_gateway_enabled = true
vpc_id = module.vpc.vpc_id
igw_id = [module.vpc.igw_id]
ipv4_cidr_block = [module.vpc.vpc_cidr_block]
nat_gateway_enabled = false
nat_instance_enabled = false
context = module.this.context

context = module.this.context
}

module "ec2_client_vpn" {
Expand All @@ -53,7 +54,7 @@ module "ec2_client_vpn" {
additional_routes = local.additional_routes
associated_security_group_ids = var.associated_security_group_ids
export_client_certificate = var.export_client_certificate
vpc_id = module.vpc_target.vpc_id
vpc_id = module.vpc.vpc_id
dns_servers = var.dns_servers
split_tunnel = var.split_tunnel

Expand Down
8 changes: 4 additions & 4 deletions examples/complete/versions.tf
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
terraform {
required_version = ">= 0.14"
required_version = ">= 1.0"

required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 3.0"
version = ">= 4.0"
}
awsutils = {
source = "cloudposse/awsutils"
version = ">= 0.8.0"
version = ">= 0.16.0"
}
}
}
}
22 changes: 11 additions & 11 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ locals {

module "self_signed_cert_ca" {
source = "cloudposse/ssm-tls-self-signed-cert/aws"
version = "1.1.0"
version = "1.3.0"

attributes = ["self", "signed", "cert", "ca"]

Expand Down Expand Up @@ -58,7 +58,7 @@ data "aws_ssm_parameter" "ca_key" {

module "self_signed_cert_root" {
source = "cloudposse/ssm-tls-self-signed-cert/aws"
version = "1.0.0"
version = "1.3.0"

attributes = ["self", "signed", "cert", "root"]

Expand Down Expand Up @@ -87,15 +87,15 @@ module "self_signed_cert_root" {

certificate_chain = {
cert_pem = module.self_signed_cert_ca.certificate_pem,
private_key_pem = join("", data.aws_ssm_parameter.ca_key.*.value)
private_key_pem = join("", data.aws_ssm_parameter.ca_key[*].value)
}

context = module.this.context
}

module "self_signed_cert_server" {
source = "cloudposse/ssm-tls-self-signed-cert/aws"
version = "1.0.0"
version = "1.3.0"

attributes = ["self", "signed", "cert", "server"]

Expand All @@ -122,15 +122,15 @@ module "self_signed_cert_server" {

certificate_chain = {
cert_pem = module.self_signed_cert_ca.certificate_pem,
private_key_pem = join("", data.aws_ssm_parameter.ca_key.*.value)
private_key_pem = join("", data.aws_ssm_parameter.ca_key[*].value)
}

context = module.this.context
}

module "cloudwatch_log" {
source = "cloudposse/cloudwatch-logs/aws"
version = "0.6.6"
version = "0.6.8"
enabled = local.logging_enabled

stream_names = [var.logging_stream_name]
Expand Down Expand Up @@ -192,7 +192,7 @@ resource "aws_ec2_client_vpn_endpoint" "default" {

module "vpn_security_group" {
source = "cloudposse/security-group/aws"
version = "1.0.1"
version = "2.2.0"

enabled = local.security_group_enabled
security_group_name = var.security_group_name
Expand Down Expand Up @@ -229,7 +229,7 @@ module "vpn_security_group" {
resource "aws_ec2_client_vpn_network_association" "default" {
count = local.enabled ? length(var.associated_subnets) : 0

client_vpn_endpoint_id = join("", aws_ec2_client_vpn_endpoint.default.*.id)
client_vpn_endpoint_id = join("", aws_ec2_client_vpn_endpoint.default[*].id)
subnet_id = var.associated_subnets[count.index]
}

Expand All @@ -238,7 +238,7 @@ resource "aws_ec2_client_vpn_authorization_rule" "default" {

access_group_id = lookup(var.authorization_rules[count.index], "access_group_id", null)
authorize_all_groups = lookup(var.authorization_rules[count.index], "authorize_all_groups", null)
client_vpn_endpoint_id = join("", aws_ec2_client_vpn_endpoint.default.*.id)
client_vpn_endpoint_id = join("", aws_ec2_client_vpn_endpoint.default[*].id)
description = var.authorization_rules[count.index].description
target_network_cidr = var.authorization_rules[count.index].target_network_cidr
}
Expand All @@ -248,7 +248,7 @@ resource "aws_ec2_client_vpn_route" "default" {

description = try(var.additional_routes[count.index].description, null)
destination_cidr_block = var.additional_routes[count.index].destination_cidr_block
client_vpn_endpoint_id = join("", aws_ec2_client_vpn_endpoint.default.*.id)
client_vpn_endpoint_id = join("", aws_ec2_client_vpn_endpoint.default[*].id)
target_vpc_subnet_id = var.additional_routes[count.index].target_vpc_subnet_id

depends_on = [
Expand All @@ -264,7 +264,7 @@ resource "aws_ec2_client_vpn_route" "default" {
data "awsutils_ec2_client_vpn_export_client_config" "default" {
count = local.enabled ? 1 : 0

id = join("", aws_ec2_client_vpn_endpoint.default.*.id)
id = join("", aws_ec2_client_vpn_endpoint.default[*].id)
}

data "aws_ssm_parameter" "root_key" {
Expand Down
12 changes: 6 additions & 6 deletions outputs.tf
Original file line number Diff line number Diff line change
@@ -1,20 +1,20 @@
output "vpn_endpoint_arn" {
value = local.enabled ? join("", aws_ec2_client_vpn_endpoint.default.*.arn) : null
value = local.enabled ? join("", aws_ec2_client_vpn_endpoint.default[*].arn) : null
description = "The ARN of the Client VPN Endpoint Connection."
}

output "vpn_endpoint_id" {
value = local.enabled ? join("", aws_ec2_client_vpn_endpoint.default.*.id) : null
value = local.enabled ? join("", aws_ec2_client_vpn_endpoint.default[*].id) : null
description = "The ID of the Client VPN Endpoint Connection."
}

output "vpn_endpoint_dns_name" {
value = local.enabled ? join("", aws_ec2_client_vpn_endpoint.default.*.dns_name) : null
value = local.enabled ? join("", aws_ec2_client_vpn_endpoint.default[*].dns_name) : null
description = "The DNS Name of the Client VPN Endpoint Connection."
}

output "client_configuration" {
value = local.enabled ? join("", data.awsutils_ec2_client_vpn_export_client_config.default.*.client_configuration) : null
value = local.enabled ? join("", data.awsutils_ec2_client_vpn_export_client_config.default[*].client_configuration) : null
description = "VPN Client Configuration data."
}

Expand All @@ -23,9 +23,9 @@ output "full_client_configuration" {
local.client_conf_tmpl_path,
{
cert = module.self_signed_cert_root.certificate_pem,
private_key = join("", data.aws_ssm_parameter.root_key.*.value)
private_key = join("", data.aws_ssm_parameter.root_key[*].value)
original_client_config = replace(
join("", data.awsutils_ec2_client_vpn_export_client_config.default.*.client_configuration),
join("", data.awsutils_ec2_client_vpn_export_client_config.default[*].client_configuration),
"remote cvpn",
"remote ${module.this.id}.cvpn"
)
Expand Down
Loading

0 comments on commit 4fc2f49

Please sign in to comment.