From e783c3fc61534c034e83722811cc13eb6d91bef2 Mon Sep 17 00:00:00 2001 From: Max Lobur Date: Wed, 7 Jun 2023 19:58:31 +0300 Subject: [PATCH 01/10] Support AWS Provider V5 --- .github/workflows/release-branch.yml | 1 + .github/workflows/release-published.yml | 2 +- examples/complete/main.tf | 20 ++++++------ main.tf | 42 ++++++++++++------------- outputs.tf | 2 +- 5 files changed, 33 insertions(+), 34 deletions(-) diff --git a/.github/workflows/release-branch.yml b/.github/workflows/release-branch.yml index 3f8fe62..b30901e 100644 --- a/.github/workflows/release-branch.yml +++ b/.github/workflows/release-branch.yml @@ -10,6 +10,7 @@ on: - 'docs/**' - 'examples/**' - 'test/**' + - 'README.*' permissions: contents: write diff --git a/.github/workflows/release-published.yml b/.github/workflows/release-published.yml index f86352b..b31232b 100644 --- a/.github/workflows/release-published.yml +++ b/.github/workflows/release-published.yml @@ -11,4 +11,4 @@ permissions: jobs: terraform-module: - uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release.yml@main + uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release-published.yml@main diff --git a/examples/complete/main.tf b/examples/complete/main.tf index ab37526..499954c 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -3,24 +3,22 @@ provider "aws" { } module "vpc" { - source = "cloudposse/vpc/aws" - version = "0.18.1" - cidr_block = var.vpc_cidr_block - - context = module.this.context + source = "cloudposse/vpc/aws" + version = "2.1.0" + ipv4_primary_cidr_block = var.vpc_cidr_block + context = module.this.context } module "subnets" { source = "cloudposse/dynamic-subnets/aws" - version = "0.39.3" + version = "2.3.0" availability_zones = var.availability_zones vpc_id = module.vpc.vpc_id - igw_id = module.vpc.igw_id - cidr_block = module.vpc.vpc_cidr_block - nat_gateway_enabled = true + igw_id = [module.vpc.igw_id] + ipv4_cidr_block = [module.vpc.vpc_cidr_block] + nat_gateway_enabled = false nat_instance_enabled = false - - context = module.this.context + context = module.this.context } resource "aws_ecs_cluster" "default" { diff --git a/main.tf b/main.tf index 2feda47..c01788e 100644 --- a/main.tf +++ b/main.tf @@ -51,8 +51,8 @@ data "aws_iam_policy_document" "assume_role" { resource "aws_iam_role_policy_attachment" "default" { count = module.this.enabled ? 1 : 0 - role = join("", aws_iam_role.default.*.id) - policy_arn = join("", aws_iam_policy.default.*.arn) + role = join("", aws_iam_role.default[*].id) + policy_arn = join("", aws_iam_policy.default[*].arn) } resource "aws_iam_policy" "default" { @@ -86,8 +86,8 @@ data "aws_iam_policy_document" "default" { resource "aws_iam_role_policy_attachment" "s3" { count = module.this.enabled ? 1 : 0 - role = join("", aws_iam_role.default.*.id) - policy_arn = join("", aws_iam_policy.s3.*.arn) + role = join("", aws_iam_role.default[*].id) + policy_arn = join("", aws_iam_policy.s3[*].arn) } module "codepipeline_s3_policy_label" { @@ -101,7 +101,7 @@ module "codepipeline_s3_policy_label" { resource "aws_iam_policy" "s3" { count = module.this.enabled ? 1 : 0 name = module.codepipeline_s3_policy_label.id - policy = join("", data.aws_iam_policy_document.s3.*.json) + policy = join("", data.aws_iam_policy_document.s3[*].json) } data "aws_iam_policy_document" "s3" { @@ -118,8 +118,8 @@ data "aws_iam_policy_document" "s3" { ] resources = [ - join("", aws_s3_bucket.default.*.arn), - "${join("", aws_s3_bucket.default.*.arn)}/*" + join("", aws_s3_bucket.default[*].arn), + "${join("", aws_s3_bucket.default[*].arn)}/*" ] effect = "Allow" @@ -128,8 +128,8 @@ data "aws_iam_policy_document" "s3" { resource "aws_iam_role_policy_attachment" "codebuild" { count = module.this.enabled ? 1 : 0 - role = join("", aws_iam_role.default.*.id) - policy_arn = join("", aws_iam_policy.codebuild.*.arn) + role = join("", aws_iam_role.default[*].id) + policy_arn = join("", aws_iam_policy.codebuild[*].arn) } module "codebuild_label" { @@ -162,8 +162,8 @@ data "aws_iam_policy_document" "codebuild" { # https://docs.aws.amazon.com/codepipeline/latest/userguide/connections-permissions.html resource "aws_iam_role_policy_attachment" "codestar" { count = local.codestar_enabled ? 1 : 0 - role = join("", aws_iam_role.default.*.id) - policy_arn = join("", aws_iam_policy.codestar.*.arn) + role = join("", aws_iam_role.default[*].id) + policy_arn = join("", aws_iam_policy.codestar[*].arn) } module "codestar_label" { @@ -178,7 +178,7 @@ module "codestar_label" { resource "aws_iam_policy" "codestar" { count = local.codestar_enabled ? 1 : 0 name = module.codestar_label.id - policy = join("", data.aws_iam_policy_document.codestar.*.json) + policy = join("", data.aws_iam_policy_document.codestar[*].json) } data "aws_iam_policy_document" "codestar" { @@ -242,13 +242,13 @@ module "codebuild" { resource "aws_iam_role_policy_attachment" "codebuild_s3" { count = module.this.enabled ? 1 : 0 role = module.codebuild.role_id - policy_arn = join("", aws_iam_policy.s3.*.arn) + policy_arn = join("", aws_iam_policy.s3[*].arn) } resource "aws_iam_role_policy_attachment" "codebuild_codestar" { count = local.codestar_enabled && var.codestar_output_artifact_format == "CODEBUILD_CLONE_REF" ? 1 : 0 role = module.codebuild.role_id - policy_arn = join("", aws_iam_policy.codestar.*.arn) + policy_arn = join("", aws_iam_policy.codestar[*].arn) } resource "aws_iam_role_policy_attachment" "codebuild_extras" { @@ -260,10 +260,10 @@ resource "aws_iam_role_policy_attachment" "codebuild_extras" { resource "aws_codepipeline" "default" { count = module.this.enabled && var.github_oauth_token != "" ? 1 : 0 name = module.codepipeline_label.id - role_arn = join("", aws_iam_role.default.*.arn) + role_arn = join("", aws_iam_role.default[*].arn) artifact_store { - location = join("", aws_s3_bucket.default.*.bucket) + location = join("", aws_s3_bucket.default[*].bucket) type = "S3" } @@ -343,10 +343,10 @@ resource "aws_codepipeline" "default" { resource "aws_codepipeline" "bitbucket" { count = local.codestar_enabled ? 1 : 0 name = module.codepipeline_label.id - role_arn = join("", aws_iam_role.default.*.arn) + role_arn = join("", aws_iam_role.default[*].arn) artifact_store { - location = join("", aws_s3_bucket.default.*.bucket) + location = join("", aws_s3_bucket.default[*].bucket) type = "S3" } @@ -426,8 +426,8 @@ resource "random_string" "webhook_secret" { } locals { - webhook_secret = join("", random_string.webhook_secret.*.result) - webhook_url = join("", aws_codepipeline_webhook.webhook.*.url) + webhook_secret = join("", random_string.webhook_secret[*].result) + webhook_url = join("", aws_codepipeline_webhook.webhook[*].url) } resource "aws_codepipeline_webhook" "webhook" { @@ -435,7 +435,7 @@ resource "aws_codepipeline_webhook" "webhook" { name = module.codepipeline_label.id authentication = var.webhook_authentication target_action = var.webhook_target_action - target_pipeline = join("", aws_codepipeline.default.*.name) + target_pipeline = join("", aws_codepipeline.default[*].name) authentication_configuration { secret_token = local.webhook_secret diff --git a/outputs.tf b/outputs.tf index 652de5d..e9fc400 100644 --- a/outputs.tf +++ b/outputs.tf @@ -9,7 +9,7 @@ output "badge_url" { output "webhook_id" { description = "The CodePipeline webhook's ID" - value = join("", aws_codepipeline_webhook.webhook.*.id) + value = join("", aws_codepipeline_webhook.webhook[*].id) } output "webhook_url" { From 40d8dadbff7c01d6cab45ea315fdd0e3147ff5b5 Mon Sep 17 00:00:00 2001 From: Max Lobur Date: Fri, 10 Nov 2023 17:09:46 +0100 Subject: [PATCH 02/10] Support AWS Provider V5 --- .github/renovate.json | 7 ++-- README.md | 63 ++++++++--------------------------- docs/terraform.md | 2 +- examples/complete/main.tf | 16 +++++---- examples/complete/versions.tf | 2 +- versions.tf | 2 +- 6 files changed, 31 insertions(+), 61 deletions(-) diff --git a/.github/renovate.json b/.github/renovate.json index b61ed24..909df09 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -1,13 +1,14 @@ { "extends": [ "config:base", - ":preserveSemverRanges" + ":preserveSemverRanges", + ":rebaseStalePrs" ], - "baseBranches": ["main", "master", "/^release\\/v\\d{1,2}$/"], + "baseBranches": ["main"], "labels": ["auto-update"], "dependencyDashboardAutoclose": true, "enabledManagers": ["terraform"], "terraform": { - "ignorePaths": ["**/context.tf", "examples/**"] + "ignorePaths": ["**/context.tf"] } } diff --git a/README.md b/README.md index 5ebcf3a..6af4ca3 100644 --- a/README.md +++ b/README.md @@ -33,12 +33,6 @@ Terraform Module for CI/CD with AWS Code Pipeline using GitHub webhook triggers --- This project is part of our comprehensive ["SweetOps"](https://cpco.io/sweetops) approach towards DevOps. -[][share_email] -[][share_googleplus] -[][share_facebook] -[][share_reddit] -[][share_linkedin] -[][share_twitter] [![Terraform Open Source Modules](https://docs.cloudposse.com/images/terraform-open-source-modules.svg)][terraform_modules] @@ -88,10 +82,6 @@ We highly recommend that in your code you pin the version to the exact version y using so that your infrastructure remains stable, and update versions in a systematic way so that they do not catch you by surprise. -Also, because of a bug in the Terraform registry ([hashicorp/terraform#21417](https://github.com/hashicorp/terraform/issues/21417)), -the registry shows many of our inputs as required when in fact they are optional. -The table below correctly indicates which inputs are required. - For a complete example, see [examples/complete](examples/complete). @@ -207,7 +197,7 @@ Available targets: | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 2.0 | | [random](#requirement\_random) | >= 2.1 | @@ -343,8 +333,6 @@ Available targets: Like this project? Please give it a ★ on [our GitHub](https://github.com/cloudposse/terraform-aws-ecs-codepipeline)! (it helps us **a lot**) -Are you using this project or any of our other projects? Consider [leaving a testimonial][testimonial]. =) - ## Related Projects @@ -401,10 +389,6 @@ We deliver 10x the value for a fraction of the cost of a full-time engineer. Our Join our [Open Source Community][slack] on Slack. It's **FREE** for everyone! Our "SweetOps" community is where you get to talk with others who share a similar vision for how to rollout and manage infrastructure. This is the best place to talk shop, ask questions, solicit feedback, and work together as a community to build totally *sweet* infrastructure. -## Discourse Forums - -Participate in our [Discourse Forums][discourse]. Here you'll find answers to commonly asked questions. Most questions will be related to the enormous number of projects we support on our GitHub. Come here to collaborate on answers, find solutions, and get ideas about the products and services we value. It only takes a minute to get started! Just sign in with SSO using your GitHub account. - ## Newsletter Sign up for [our newsletter][newsletter] that covers everything on our technology radar. Receive updates on what we're up to on GitHub as well as awesome new projects we discover. @@ -415,7 +399,18 @@ Sign up for [our newsletter][newsletter] that covers everything on our technolog [![zoom](https://img.cloudposse.com/fit-in/200x200/https://cloudposse.com/wp-content/uploads/2019/08/Powered-by-Zoom.png")][office_hours] -## Contributing +## ✨ Contributing + + + +This project is under active development, and we encourage contributions from our community. +Many thanks to our outstanding contributors: + + + + + + ### Bug Reports & Feature Requests @@ -489,29 +484,7 @@ We're a [DevOps Professional Services][hire] company based in Los Angeles, CA. W We offer [paid support][commercial_support] on all of our projects. -Check out [our other projects][github], [follow us on twitter][twitter], [apply for a job][jobs], or [hire us][hire] to help with your cloud strategy and implementation. - - - -### Contributors - - -| [![Erik Osterman][osterman_avatar]][osterman_homepage]
[Erik Osterman][osterman_homepage] | [![Igor Rodionov][goruha_avatar]][goruha_homepage]
[Igor Rodionov][goruha_homepage] | [![Andriy Knysh][aknysh_avatar]][aknysh_homepage]
[Andriy Knysh][aknysh_homepage] | [![Sarkis Varozian][sarkis_avatar]][sarkis_homepage]
[Sarkis Varozian][sarkis_homepage] | [![Joe Niland][joe-niland_avatar]][joe-niland_homepage]
[Joe Niland][joe-niland_homepage] | -|---|---|---|---|---| - - - [osterman_homepage]: https://github.com/osterman - [osterman_avatar]: https://img.cloudposse.com/150x150/https://github.com/osterman.png - [goruha_homepage]: https://github.com/goruha - [goruha_avatar]: https://img.cloudposse.com/150x150/https://github.com/goruha.png - [aknysh_homepage]: https://github.com/aknysh - [aknysh_avatar]: https://img.cloudposse.com/150x150/https://github.com/aknysh.png - [sarkis_homepage]: https://github.com/sarkis - [sarkis_avatar]: https://img.cloudposse.com/150x150/https://github.com/sarkis.png - [joe-niland_homepage]: https://github.com/joe-niland - [joe-niland_avatar]: https://img.cloudposse.com/150x150/https://github.com/joe-niland.png - -[![README Footer][readme_footer_img]][readme_footer_link] +Check out [our other projects][github], [follow us on twitter][twitter], [apply for a job][jobs], or [hire us][hire] to help with your cloud strategy and implementation.[![README Footer][readme_footer_img]][readme_footer_link] [![Beacon][beacon]][website] [logo]: https://cloudposse.com/logo-300x69.svg @@ -521,12 +494,10 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply [jobs]: https://cpco.io/jobs?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-ecs-codepipeline&utm_content=jobs [hire]: https://cpco.io/hire?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-ecs-codepipeline&utm_content=hire [slack]: https://cpco.io/slack?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-ecs-codepipeline&utm_content=slack - [linkedin]: https://cpco.io/linkedin?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-ecs-codepipeline&utm_content=linkedin [twitter]: https://cpco.io/twitter?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-ecs-codepipeline&utm_content=twitter [testimonial]: https://cpco.io/leave-testimonial?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-ecs-codepipeline&utm_content=testimonial [office_hours]: https://cloudposse.com/office-hours?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-ecs-codepipeline&utm_content=office_hours [newsletter]: https://cpco.io/newsletter?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-ecs-codepipeline&utm_content=newsletter - [discourse]: https://ask.sweetops.com/?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-ecs-codepipeline&utm_content=discourse [email]: https://cpco.io/email?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-ecs-codepipeline&utm_content=email [commercial_support]: https://cpco.io/commercial-support?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-ecs-codepipeline&utm_content=commercial_support [we_love_open_source]: https://cpco.io/we-love-open-source?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-ecs-codepipeline&utm_content=we_love_open_source @@ -537,11 +508,5 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply [readme_footer_link]: https://cloudposse.com/readme/footer/link?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-ecs-codepipeline&utm_content=readme_footer_link [readme_commercial_support_img]: https://cloudposse.com/readme/commercial-support/img [readme_commercial_support_link]: https://cloudposse.com/readme/commercial-support/link?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-ecs-codepipeline&utm_content=readme_commercial_support_link - [share_twitter]: https://twitter.com/intent/tweet/?text=terraform-aws-ecs-codepipeline&url=https://github.com/cloudposse/terraform-aws-ecs-codepipeline - [share_linkedin]: https://www.linkedin.com/shareArticle?mini=true&title=terraform-aws-ecs-codepipeline&url=https://github.com/cloudposse/terraform-aws-ecs-codepipeline - [share_reddit]: https://reddit.com/submit/?url=https://github.com/cloudposse/terraform-aws-ecs-codepipeline - [share_facebook]: https://facebook.com/sharer/sharer.php?u=https://github.com/cloudposse/terraform-aws-ecs-codepipeline - [share_googleplus]: https://plus.google.com/share?url=https://github.com/cloudposse/terraform-aws-ecs-codepipeline - [share_email]: mailto:?subject=terraform-aws-ecs-codepipeline&body=https://github.com/cloudposse/terraform-aws-ecs-codepipeline [beacon]: https://ga-beacon.cloudposse.com/UA-76589703-4/cloudposse/terraform-aws-ecs-codepipeline?pixel&cs=github&cm=readme&an=terraform-aws-ecs-codepipeline diff --git a/docs/terraform.md b/docs/terraform.md index 7c51802..0bf227c 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -3,7 +3,7 @@ | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.0 | +| [terraform](#requirement\_terraform) | >= 1.3 | | [aws](#requirement\_aws) | >= 2.0 | | [random](#requirement\_random) | >= 2.1 | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 499954c..22df392 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -3,22 +3,26 @@ provider "aws" { } module "vpc" { - source = "cloudposse/vpc/aws" - version = "2.1.0" + source = "cloudposse/vpc/aws" + version = "2.1.1" + ipv4_primary_cidr_block = var.vpc_cidr_block - context = module.this.context + + context = module.this.context } module "subnets" { - source = "cloudposse/dynamic-subnets/aws" - version = "2.3.0" + source = "cloudposse/dynamic-subnets/aws" + version = "2.4.1" + availability_zones = var.availability_zones vpc_id = module.vpc.vpc_id igw_id = [module.vpc.igw_id] ipv4_cidr_block = [module.vpc.vpc_cidr_block] nat_gateway_enabled = false nat_instance_enabled = false - context = module.this.context + + context = module.this.context } resource "aws_ecs_cluster" "default" { diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index ad19696..84578dd 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13.0" + required_version = ">= 1.3" required_providers { aws = { diff --git a/versions.tf b/versions.tf index ad19696..84578dd 100644 --- a/versions.tf +++ b/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13.0" + required_version = ">= 1.3" required_providers { aws = { From b01d9e7850ef0af58dc19dc97b4717c47c23340d Mon Sep 17 00:00:00 2001 From: Max Lobur Date: Fri, 10 Nov 2023 21:45:08 +0100 Subject: [PATCH 03/10] bump codebuild --- main.tf | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/main.tf b/main.tf index c01788e..4120199 100644 --- a/main.tf +++ b/main.tf @@ -10,10 +10,14 @@ module "codepipeline_label" { context = module.this.context } +resource "aws_s3_bucket_acl" "default" { + bucket = resource.aws_s3_bucket.id + acl = "private" +} + resource "aws_s3_bucket" "default" { count = module.this.enabled ? 1 : 0 bucket = module.codepipeline_label.id - acl = "private" force_destroy = var.s3_bucket_force_destroy tags = module.codepipeline_label.tags } @@ -213,7 +217,7 @@ data "aws_region" "default" { module "codebuild" { enabled = module.this.enabled source = "cloudposse/codebuild/aws" - version = "1.0.0" + version = "2.0.0" build_image = var.build_image build_compute_type = var.build_compute_type build_timeout = var.build_timeout From 1bca737fe5c2096bd79704a36bec4e3e98818678 Mon Sep 17 00:00:00 2001 From: Max Lobur Date: Fri, 10 Nov 2023 21:53:27 +0100 Subject: [PATCH 04/10] Support AWS Provider V5 --- README.md | 7 ++++--- docs/terraform.md | 7 ++++--- examples/complete/versions.tf | 2 +- main.tf | 2 +- versions.tf | 2 +- 5 files changed, 11 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 6af4ca3..f8dcfa7 100644 --- a/README.md +++ b/README.md @@ -198,21 +198,21 @@ Available targets: | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3 | -| [aws](#requirement\_aws) | >= 2.0 | +| [aws](#requirement\_aws) | >= 5.0 | | [random](#requirement\_random) | >= 2.1 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 2.0 | +| [aws](#provider\_aws) | >= 5.0 | | [random](#provider\_random) | >= 2.1 | ## Modules | Name | Source | Version | |------|--------|---------| -| [codebuild](#module\_codebuild) | cloudposse/codebuild/aws | 1.0.0 | +| [codebuild](#module\_codebuild) | cloudposse/codebuild/aws | 2.0.0 | | [codebuild\_label](#module\_codebuild\_label) | cloudposse/label/null | 0.25.0 | | [codepipeline\_assume\_role\_label](#module\_codepipeline\_assume\_role\_label) | cloudposse/label/null | 0.25.0 | | [codepipeline\_label](#module\_codepipeline\_label) | cloudposse/label/null | 0.25.0 | @@ -241,6 +241,7 @@ Available targets: | [aws_iam_role_policy_attachment.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [aws_iam_role_policy_attachment.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [aws_s3_bucket.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | +| [aws_s3_bucket_acl.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl) | resource | | [random_string.webhook_secret](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | | [aws_caller_identity.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | | [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | diff --git a/docs/terraform.md b/docs/terraform.md index 0bf227c..f2f8666 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -4,21 +4,21 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3 | -| [aws](#requirement\_aws) | >= 2.0 | +| [aws](#requirement\_aws) | >= 5.0 | | [random](#requirement\_random) | >= 2.1 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 2.0 | +| [aws](#provider\_aws) | >= 5.0 | | [random](#provider\_random) | >= 2.1 | ## Modules | Name | Source | Version | |------|--------|---------| -| [codebuild](#module\_codebuild) | cloudposse/codebuild/aws | 1.0.0 | +| [codebuild](#module\_codebuild) | cloudposse/codebuild/aws | 2.0.0 | | [codebuild\_label](#module\_codebuild\_label) | cloudposse/label/null | 0.25.0 | | [codepipeline\_assume\_role\_label](#module\_codepipeline\_assume\_role\_label) | cloudposse/label/null | 0.25.0 | | [codepipeline\_label](#module\_codepipeline\_label) | cloudposse/label/null | 0.25.0 | @@ -47,6 +47,7 @@ | [aws_iam_role_policy_attachment.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [aws_iam_role_policy_attachment.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [aws_s3_bucket.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | +| [aws_s3_bucket_acl.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl) | resource | | [random_string.webhook_secret](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | | [aws_caller_identity.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | | [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 84578dd..2bc15af 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 2.0" + version = ">= 5.0" } random = { source = "hashicorp/random" diff --git a/main.tf b/main.tf index 4120199..d675c2e 100644 --- a/main.tf +++ b/main.tf @@ -12,7 +12,7 @@ module "codepipeline_label" { resource "aws_s3_bucket_acl" "default" { bucket = resource.aws_s3_bucket.id - acl = "private" + acl = "private" } resource "aws_s3_bucket" "default" { diff --git a/versions.tf b/versions.tf index 84578dd..2bc15af 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 2.0" + version = ">= 5.0" } random = { source = "hashicorp/random" From 6a565a5bdd0caab68b983d8cd0803646e84daaac Mon Sep 17 00:00:00 2001 From: Max Lobur Date: Fri, 10 Nov 2023 22:07:14 +0100 Subject: [PATCH 05/10] bump codebuild --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index d675c2e..f6e2ae0 100644 --- a/main.tf +++ b/main.tf @@ -217,7 +217,7 @@ data "aws_region" "default" { module "codebuild" { enabled = module.this.enabled source = "cloudposse/codebuild/aws" - version = "2.0.0" + version = "2.0.1" build_image = var.build_image build_compute_type = var.build_compute_type build_timeout = var.build_timeout From 53a29c083b7fdf67da6fbee79843706e14aecbab Mon Sep 17 00:00:00 2001 From: Max Lobur Date: Sat, 11 Nov 2023 01:27:44 +0100 Subject: [PATCH 06/10] readme --- README.md | 2 +- docs/terraform.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f8dcfa7..8989521 100644 --- a/README.md +++ b/README.md @@ -212,7 +212,7 @@ Available targets: | Name | Source | Version | |------|--------|---------| -| [codebuild](#module\_codebuild) | cloudposse/codebuild/aws | 2.0.0 | +| [codebuild](#module\_codebuild) | cloudposse/codebuild/aws | 2.0.1 | | [codebuild\_label](#module\_codebuild\_label) | cloudposse/label/null | 0.25.0 | | [codepipeline\_assume\_role\_label](#module\_codepipeline\_assume\_role\_label) | cloudposse/label/null | 0.25.0 | | [codepipeline\_label](#module\_codepipeline\_label) | cloudposse/label/null | 0.25.0 | diff --git a/docs/terraform.md b/docs/terraform.md index f2f8666..4070241 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -18,7 +18,7 @@ | Name | Source | Version | |------|--------|---------| -| [codebuild](#module\_codebuild) | cloudposse/codebuild/aws | 2.0.0 | +| [codebuild](#module\_codebuild) | cloudposse/codebuild/aws | 2.0.1 | | [codebuild\_label](#module\_codebuild\_label) | cloudposse/label/null | 0.25.0 | | [codepipeline\_assume\_role\_label](#module\_codepipeline\_assume\_role\_label) | cloudposse/label/null | 0.25.0 | | [codepipeline\_label](#module\_codepipeline\_label) | cloudposse/label/null | 0.25.0 | From a1a5ce68483d413fd4d1ccd46b1d9bfb456c1c79 Mon Sep 17 00:00:00 2001 From: Max Lobur Date: Sat, 11 Nov 2023 01:49:20 +0100 Subject: [PATCH 07/10] updates --- main.tf | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/main.tf b/main.tf index f6e2ae0..f6d8f68 100644 --- a/main.tf +++ b/main.tf @@ -10,9 +10,19 @@ module "codepipeline_label" { context = module.this.context } +resource "aws_s3_bucket_ownership_controls" "default" { + count = module.this.enabled ? 1 : 0 + bucket = join("", resource.aws_s3_bucket.default[*].id) + rule { + object_ownership = "BucketOwnerPreferred" + } +} + resource "aws_s3_bucket_acl" "default" { - bucket = resource.aws_s3_bucket.id + count = module.this.enabled ? 1 : 0 + bucket = join("", resource.aws_s3_bucket.default[*].id) acl = "private" + depends_on = [aws_s3_bucket_ownership_controls.default] } resource "aws_s3_bucket" "default" { From 267c192c95ce53a8c32b5640003f3bec518cb04f Mon Sep 17 00:00:00 2001 From: Max Lobur Date: Sat, 11 Nov 2023 01:50:35 +0100 Subject: [PATCH 08/10] updates --- README.md | 1 + docs/terraform.md | 1 + main.tf | 6 +++--- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 8989521..5f4fa77 100644 --- a/README.md +++ b/README.md @@ -242,6 +242,7 @@ Available targets: | [aws_iam_role_policy_attachment.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [aws_s3_bucket.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | | [aws_s3_bucket_acl.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl) | resource | +| [aws_s3_bucket_ownership_controls.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_ownership_controls) | resource | | [random_string.webhook_secret](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | | [aws_caller_identity.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | | [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | diff --git a/docs/terraform.md b/docs/terraform.md index 4070241..ba7a6aa 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -48,6 +48,7 @@ | [aws_iam_role_policy_attachment.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [aws_s3_bucket.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | | [aws_s3_bucket_acl.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl) | resource | +| [aws_s3_bucket_ownership_controls.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_ownership_controls) | resource | | [random_string.webhook_secret](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | | [aws_caller_identity.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | | [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | diff --git a/main.tf b/main.tf index f6d8f68..bcdf61d 100644 --- a/main.tf +++ b/main.tf @@ -19,9 +19,9 @@ resource "aws_s3_bucket_ownership_controls" "default" { } resource "aws_s3_bucket_acl" "default" { - count = module.this.enabled ? 1 : 0 - bucket = join("", resource.aws_s3_bucket.default[*].id) - acl = "private" + count = module.this.enabled ? 1 : 0 + bucket = join("", resource.aws_s3_bucket.default[*].id) + acl = "private" depends_on = [aws_s3_bucket_ownership_controls.default] } From 5e9eb8a2cf30841e055935381f2a841843680754 Mon Sep 17 00:00:00 2001 From: Max Lobur Date: Sat, 11 Nov 2023 01:51:53 +0100 Subject: [PATCH 09/10] updates --- README.md | 1 + docs/terraform.md | 1 + main.tf | 10 ++++++++++ 3 files changed, 12 insertions(+) diff --git a/README.md b/README.md index 5f4fa77..07efc85 100644 --- a/README.md +++ b/README.md @@ -243,6 +243,7 @@ Available targets: | [aws_s3_bucket.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | | [aws_s3_bucket_acl.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl) | resource | | [aws_s3_bucket_ownership_controls.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_ownership_controls) | resource | +| [aws_s3_bucket_public_access_block.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource | | [random_string.webhook_secret](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | | [aws_caller_identity.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | | [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | diff --git a/docs/terraform.md b/docs/terraform.md index ba7a6aa..ccb0d58 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -49,6 +49,7 @@ | [aws_s3_bucket.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | | [aws_s3_bucket_acl.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl) | resource | | [aws_s3_bucket_ownership_controls.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_ownership_controls) | resource | +| [aws_s3_bucket_public_access_block.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource | | [random_string.webhook_secret](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | | [aws_caller_identity.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | | [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | diff --git a/main.tf b/main.tf index bcdf61d..923176f 100644 --- a/main.tf +++ b/main.tf @@ -25,6 +25,16 @@ resource "aws_s3_bucket_acl" "default" { depends_on = [aws_s3_bucket_ownership_controls.default] } +resource "aws_s3_bucket_public_access_block" "default" { + count = module.this.enabled ? 1 : 0 + bucket = join("", resource.aws_s3_bucket.default[*].id) + + block_public_acls = true + block_public_policy = true + ignore_public_acls = true + restrict_public_buckets = true +} + resource "aws_s3_bucket" "default" { count = module.this.enabled ? 1 : 0 bucket = module.codepipeline_label.id From 421d66927f9456dd68ac019fbf41987619dc1e1f Mon Sep 17 00:00:00 2001 From: Max Lobur Date: Sat, 11 Nov 2023 01:58:40 +0100 Subject: [PATCH 10/10] updates --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 923176f..db6ca46 100644 --- a/main.tf +++ b/main.tf @@ -307,7 +307,7 @@ resource "aws_codepipeline" "default" { category = "Source" owner = "ThirdParty" provider = "GitHub" - version = "1" + version = "2" output_artifacts = ["code"] configuration = {