feat!: Upgrade AWS provider and min required Terraform version to 6.0 and 1.5.7 respectively (#73)

Co-authored-by: Sébastien Rouaix <[email protected]>
Co-authored-by: Anton Babenko <[email protected]>
Co-authored-by: Anton Babenko <[email protected]>

Author: 3 people

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.96.3
+    rev: v1.100.0
     hooks:
       - id: terraform_fmt
       - id: terraform_wrapper_module_for_each
@@ -24,7 +24,7 @@ repos:
           - '--args=--only=terraform_workspace_remote'
       - id: terraform_validate
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v5.0.0
+    rev: v6.0.0
     hooks:
       - id: check-merge-conflict
       - id: end-of-file-fixer

README.md

@@ -132,14 +132,14 @@ $ terraform apply
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.2 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.61.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5.7 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.61.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.0 |
 
 ## Modules
 
@@ -209,6 +209,7 @@ No modules.
 | <a name="input_openid_connect_config"></a> [openid\_connect\_config](#input\_openid\_connect\_config) | Nested argument containing OpenID Connect configuration. | `map(string)` | `{}` | no |
 | <a name="input_opensearchservice_allowed_actions"></a> [opensearchservice\_allowed\_actions](#input\_opensearchservice\_allowed\_actions) | List of allowed IAM actions for datasources type AMAZON\_OPENSEARCH\_SERVICE | `list(string)` | <pre>[<br/>  "es:ESHttpDelete",<br/>  "es:ESHttpHead",<br/>  "es:ESHttpGet",<br/>  "es:ESHttpPost",<br/>  "es:ESHttpPut"<br/>]</pre> | no |
 | <a name="input_query_depth_limit"></a> [query\_depth\_limit](#input\_query\_depth\_limit) | The maximum depth a query can have in a single request. | `number` | `null` | no |
+| <a name="input_region"></a> [region](#input\_region) | Region where the resource(s) will be managed. Defaults to the region set in the provider configuration | `string` | `null` | no |
 | <a name="input_relational_database_allowed_actions"></a> [relational\_database\_allowed\_actions](#input\_relational\_database\_allowed\_actions) | List of allowed IAM actions for datasources type RELATIONAL\_DATABASE | `list(string)` | <pre>[<br/>  "rds-data:BatchExecuteStatement",<br/>  "rds-data:BeginTransaction",<br/>  "rds-data:CommitTransaction",<br/>  "rds-data:ExecuteStatement",<br/>  "rds-data:RollbackTransaction"<br/>]</pre> | no |
 | <a name="input_resolver_caching_ttl"></a> [resolver\_caching\_ttl](#input\_resolver\_caching\_ttl) | Default caching TTL for resolvers when caching is enabled | `number` | `60` | no |
 | <a name="input_resolver_count_limit"></a> [resolver\_count\_limit](#input\_resolver\_count\_limit) | The maximum number of resolvers that can be invoked in a single request. | `number` | `null` | no |

examples/complete/README.md

@@ -20,23 +20,22 @@ Note that this example may create resources which cost money. Run `terraform des
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.1 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.10 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.0 |
 | <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.1 |
-| <a name="provider_aws.us-east-1"></a> [aws.us-east-1](#provider\_aws.us-east-1) | >= 5.1 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.0 |
 | <a name="provider_random"></a> [random](#provider\_random) | >= 2.0 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_acm"></a> [acm](#module\_acm) | terraform-aws-modules/acm/aws | ~> 5.0 |
+| <a name="module_acm"></a> [acm](#module\_acm) | terraform-aws-modules/acm/aws | ~> 6.0 |
 | <a name="module_appsync"></a> [appsync](#module\_appsync) | ../../ | n/a |
 | <a name="module_disabled"></a> [disabled](#module\_disabled) | ../../ | n/a |
 

examples/complete/main.tf

@@ -10,19 +10,6 @@ provider "aws" {
   skip_requesting_account_id = false
 }
 
-provider "aws" {
-  region = "us-east-1"
-  alias  = "us-east-1"
-
-  # Make it faster by skipping something
-  skip_metadata_api_check     = true
-  skip_region_validation      = true
-  skip_credentials_validation = true
-
-  # skip_requesting_account_id should be disabled to generate valid ARN in apigatewayv2_api_execution_arn
-  skip_requesting_account_id = false
-}
-
 locals {
   # Removing trailing dot from domain - just to be sure :)
   route53_domain_name = trimsuffix(var.route53_domain_name, ".")
@@ -52,16 +39,18 @@ resource "aws_route53_record" "api" {
 data "aws_acm_certificate" "existing_certificate" {
   count = var.use_existing_acm_certificate ? 1 : 0
 
-  domain = var.existing_acm_certificate_domain_name
+  region = "us-east-1"
 
-  provider = aws.us-east-1
+  domain = var.existing_acm_certificate_domain_name
 }
 
 module "acm" {
   count = var.use_existing_acm_certificate ? 0 : 1
 
+  region = "us-east-1"
+
   source  = "terraform-aws-modules/acm/aws"
-  version = "~> 5.0"
+  version = "~> 6.0"
 
   domain_name = local.route53_domain_name
   zone_id     = try(data.aws_route53_zone.this[0].zone_id, aws_route53_zone.this[0].zone_id)
@@ -80,10 +69,6 @@ module "acm" {
   tags = {
     Name = local.route53_domain_name
   }
-
-  providers = {
-    aws = aws.us-east-1
-  }
 }
 
 data "aws_caller_identity" "current" {}
@@ -158,7 +143,7 @@ module "appsync" {
     lambda = {
       authentication_type = "AWS_LAMBDA"
       lambda_authorizer_config = {
-        authorizer_uri = "arn:aws:lambda:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:function:appsync_auth_2"
+        authorizer_uri = "arn:aws:lambda:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:function:appsync_auth_2"
       }
     }
   }

examples/complete/versions.tf

@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = ">= 1.10"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.1"
+      version = ">= 6.0"
     }
     random = {
       source  = "hashicorp/random"

main.tf

@@ -9,6 +9,8 @@ locals {
 resource "aws_appsync_graphql_api" "this" {
   count = var.create_graphql_api ? 1 : 0
 
+  region = var.region
+
   name                = var.name
   authentication_type = var.authentication_type
   schema              = var.schema
@@ -116,6 +118,8 @@ resource "aws_appsync_graphql_api" "this" {
 resource "aws_appsync_domain_name" "this" {
   count = var.create_graphql_api && var.domain_name_association_enabled ? 1 : 0
 
+  region = var.region
+
   domain_name     = var.domain_name
   description     = var.domain_name_description
   certificate_arn = var.certificate_arn
@@ -124,6 +128,8 @@ resource "aws_appsync_domain_name" "this" {
 resource "aws_appsync_domain_name_api_association" "this" {
   count = var.create_graphql_api && var.domain_name_association_enabled ? 1 : 0
 
+  region = var.region
+
   api_id      = aws_appsync_graphql_api.this[0].id
   domain_name = aws_appsync_domain_name.this[0].domain_name
 }
@@ -132,6 +138,8 @@ resource "aws_appsync_domain_name_api_association" "this" {
 resource "aws_appsync_api_cache" "this" {
   count = var.create_graphql_api && var.caching_enabled ? 1 : 0
 
+  region = var.region
+
   api_id = aws_appsync_graphql_api.this[0].id
 
   api_caching_behavior       = var.caching_behavior
@@ -145,6 +153,8 @@ resource "aws_appsync_api_cache" "this" {
 resource "aws_appsync_api_key" "this" {
   for_each = var.create_graphql_api && var.authentication_type == "API_KEY" ? var.api_keys : {}
 
+  region = var.region
+
   api_id      = aws_appsync_graphql_api.this[0].id
   description = each.key
   expires     = each.value
@@ -154,6 +164,8 @@ resource "aws_appsync_api_key" "this" {
 resource "aws_appsync_datasource" "this" {
   for_each = var.create_graphql_api ? var.datasources : {}
 
+  region = var.region
+
   api_id           = aws_appsync_graphql_api.this[0].id
   name             = each.key
   type             = each.value.type
@@ -233,6 +245,8 @@ resource "aws_appsync_datasource" "this" {
 resource "aws_appsync_resolver" "this" {
   for_each = local.resolvers
 
+  region = var.region
+
   api_id = aws_appsync_graphql_api.this[0].id
   type   = each.value.type
   field  = each.value.field
@@ -280,6 +294,8 @@ resource "aws_appsync_resolver" "this" {
 resource "aws_appsync_function" "this" {
   for_each = { for k, v in var.functions : k => v if var.create_graphql_api == true }
 
+  region = var.region
+
   api_id           = aws_appsync_graphql_api.this[0].id
   data_source      = lookup(each.value, "data_source", null)
   name             = each.key

variables.tf

@@ -350,3 +350,9 @@ variable "resolver_count_limit" {
   type        = number
   default     = null
 }
+
+variable "region" {
+  description = "Region where the resource(s) will be managed. Defaults to the region set in the provider configuration"
+  type        = string
+  default     = null
+}

versions.tf

@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.3.2"
+  required_version = ">= 1.5.7"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.61.0"
+      version = ">= 6.0"
     }
   }
 }

wrappers/main.tf

@@ -59,12 +59,14 @@ module "wrapper" {
   log_exclude_verbose_content         = try(each.value.log_exclude_verbose_content, var.defaults.log_exclude_verbose_content, false)
   log_field_log_level                 = try(each.value.log_field_log_level, var.defaults.log_field_log_level, null)
   logging_enabled                     = try(each.value.logging_enabled, var.defaults.logging_enabled, false)
+  logs_role_description               = try(each.value.logs_role_description, var.defaults.logs_role_description, null)
   logs_role_name                      = try(each.value.logs_role_name, var.defaults.logs_role_name, null)
   logs_role_tags                      = try(each.value.logs_role_tags, var.defaults.logs_role_tags, {})
   name                                = try(each.value.name, var.defaults.name, "")
   openid_connect_config               = try(each.value.openid_connect_config, var.defaults.openid_connect_config, {})
   opensearchservice_allowed_actions   = try(each.value.opensearchservice_allowed_actions, var.defaults.opensearchservice_allowed_actions, ["es:ESHttpDelete", "es:ESHttpHead", "es:ESHttpGet", "es:ESHttpPost", "es:ESHttpPut"])
   query_depth_limit                   = try(each.value.query_depth_limit, var.defaults.query_depth_limit, null)
+  region                              = try(each.value.region, var.defaults.region, null)
   relational_database_allowed_actions = try(each.value.relational_database_allowed_actions, var.defaults.relational_database_allowed_actions, ["rds-data:BatchExecuteStatement", "rds-data:BeginTransaction", "rds-data:CommitTransaction", "rds-data:ExecuteStatement", "rds-data:RollbackTransaction"])
   resolver_caching_ttl                = try(each.value.resolver_caching_ttl, var.defaults.resolver_caching_ttl, 60)
   resolver_count_limit                = try(each.value.resolver_count_limit, var.defaults.resolver_count_limit, null)

wrappers/versions.tf

@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.3.2"
+  required_version = ">= 1.5.7"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.61.0"
+      version = ">= 6.0"
     }
   }
 }