Upgrade to 0.12.17

iam-source.tf

@@ -4,8 +4,16 @@ data "aws_iam_policy_document" "source_write" {
       "s3:PutObject",
     ]
 
+    # TF-UPGRADE-TODO: In Terraform v0.10 and earlier, it was sometimes necessary to
+    # force an interpolation expression to be interpreted as a list by wrapping it
+    # in an extra set of list brackets. That form was supported for compatibility in
+    # v0.11, but is no longer supported in Terraform v0.12.
+    #
+    # If the expression in the following list itself returns a list, remove the
+    # brackets to avoid interpretation as a list of lists. If the expression
+    # returns a single list item then leave it as-is and remove this TODO comment.
     resources = [
-      "${local.source_bucket_object_arn}",
+      local.source_bucket_object_arn,
     ]
   }
 
@@ -14,31 +22,40 @@ data "aws_iam_policy_document" "source_write" {
       "s3:ListBucket",
     ]
 
+    # TF-UPGRADE-TODO: In Terraform v0.10 and earlier, it was sometimes necessary to
+    # force an interpolation expression to be interpreted as a list by wrapping it
+    # in an extra set of list brackets. That form was supported for compatibility in
+    # v0.11, but is no longer supported in Terraform v0.12.
+    #
+    # If the expression in the following list itself returns a list, remove the
+    # brackets to avoid interpretation as a list of lists. If the expression
+    # returns a single list item then leave it as-is and remove this TODO comment.
     resources = [
-      "${local.source_bucket_arn}",
+      local.source_bucket_arn,
     ]
   }
 }
 
 resource "aws_iam_policy" "source_write" {
-  provider    = "aws.source"
+  provider    = aws.source
   name_prefix = "${local.replication_name}-source-write-"
-  policy      = "${data.aws_iam_policy_document.source_write.json}"
+  policy      = data.aws_iam_policy_document.source_write.json
 }
 
 resource "aws_iam_user" "source_write" {
-  provider      = "aws.source"
+  provider      = aws.source
   name          = "${local.replication_name}-source-write-user"
   force_destroy = true
 }
 
 resource "aws_iam_user_policy_attachment" "source_write" {
-  provider   = "aws.source"
-  user       = "${aws_iam_user.source_write.name}"
-  policy_arn = "${aws_iam_policy.source_write.arn}"
+  provider   = aws.source
+  user       = aws_iam_user.source_write.name
+  policy_arn = aws_iam_policy.source_write.arn
 }
 
 resource "aws_iam_access_key" "source_write" {
-  provider = "aws.source"
-  user     = "${aws_iam_user.source_write.name}"
+  provider = aws.source
+  user     = aws_iam_user.source_write.name
 }
+

locals.tf

@@ -1,8 +1,9 @@
 locals {
-  "source_bucket_arn"        = "arn:aws:s3:::${var.source_bucket_name}"
-  "dest_bucket_arn"          = "arn:aws:s3:::${var.dest_bucket_name}"
-  "source_bucket_object_arn" = "arn:aws:s3:::${var.source_bucket_name}/${var.replicate_prefix}*"
-  "dest_bucket_object_arn"   = "arn:aws:s3:::${var.dest_bucket_name}/${var.replicate_prefix}*"
-  "replication_name"         = "tf-${var.replication_name}"
-  "source_root_user_arn"     = "arn:aws:iam::${data.aws_caller_identity.source.account_id}:root"
+  source_bucket_arn        = "arn:aws:s3:::${var.source_bucket_name}"
+  dest_bucket_arn          = "arn:aws:s3:::${var.dest_bucket_name}"
+  source_bucket_object_arn = "arn:aws:s3:::${var.source_bucket_name}/${var.replicate_prefix}*"
+  dest_bucket_object_arn   = "arn:aws:s3:::${var.dest_bucket_name}/${var.replicate_prefix}*"
+  replication_name         = "tf-${var.replication_name}"
+  source_root_user_arn     = "arn:aws:iam::${data.aws_caller_identity.source.account_id}:root"
 }
+

main.tf

@@ -9,9 +9,10 @@ provider "aws" {
 }
 
 data "aws_caller_identity" "source" {
-  provider = "aws.source"
+  provider = aws.source
 }
 
 data "aws_caller_identity" "dest" {
-  provider = "aws.dest"
+  provider = aws.dest
 }
+

outputs.tf

@@ -1,16 +1,17 @@
 # Destination bucket policy to add manually
 
 output "dest_bucket_policy_json" {
-  value = "${var.create_dest_bucket == "true" ? "not needed" : data.aws_iam_policy_document.dest_bucket_policy.json}"
+  value = var.create_dest_bucket == "true" ? "not needed" : data.aws_iam_policy_document.dest_bucket_policy.json
 }
 
 # Source write IAM user
 
 output "source_write_iam_user_access_key_id" {
-  value = "${aws_iam_access_key.source_write.id}"
+  value = aws_iam_access_key.source_write.id
 }
 
 output "source_write_iam_user_secret_access_key" {
-  value     = "${aws_iam_access_key.source_write.secret}"
+  value     = aws_iam_access_key.source_write.secret
   sensitive = true
 }
+

s3-dest.tf

@@ -10,28 +10,45 @@ data "aws_iam_policy_document" "dest_bucket_policy" {
       "s3:ObjectOwnerOverrideToBucketOwner",
     ]
 
+    # TF-UPGRADE-TODO: In Terraform v0.10 and earlier, it was sometimes necessary to
+    # force an interpolation expression to be interpreted as a list by wrapping it
+    # in an extra set of list brackets. That form was supported for compatibility in
+    # v0.11, but is no longer supported in Terraform v0.12.
+    #
+    # If the expression in the following list itself returns a list, remove the
+    # brackets to avoid interpretation as a list of lists. If the expression
+    # returns a single list item then leave it as-is and remove this TODO comment.
     resources = [
-      "${local.dest_bucket_object_arn}",
+      local.dest_bucket_object_arn,
     ]
 
     principals {
       type = "AWS"
 
+      # TF-UPGRADE-TODO: In Terraform v0.10 and earlier, it was sometimes necessary to
+      # force an interpolation expression to be interpreted as a list by wrapping it
+      # in an extra set of list brackets. That form was supported for compatibility in
+      # v0.11, but is no longer supported in Terraform v0.12.
+      #
+      # If the expression in the following list itself returns a list, remove the
+      # brackets to avoid interpretation as a list of lists. If the expression
+      # returns a single list item then leave it as-is and remove this TODO comment.
       identifiers = [
-        "${local.source_root_user_arn}",
+        local.source_root_user_arn,
       ]
     }
   }
 }
 
 resource "aws_s3_bucket" "dest" {
-  count    = "${var.create_dest_bucket == "true" ? 1 : 0}"
-  provider = "aws.dest"
-  bucket   = "${var.dest_bucket_name}"
-  region   = "${var.dest_region}"
-  policy   = "${data.aws_iam_policy_document.dest_bucket_policy.json}"
+  count    = var.create_dest_bucket == "true" ? 1 : 0
+  provider = aws.dest
+  bucket   = var.dest_bucket_name
+  region   = var.dest_region
+  policy   = data.aws_iam_policy_document.dest_bucket_policy.json
 
   versioning {
     enabled = true
   }
 }
+

s3-source.tf

@@ -20,8 +20,16 @@ data "aws_iam_policy_document" "source_replication_policy" {
       "s3:ListBucket",
     ]
 
+    # TF-UPGRADE-TODO: In Terraform v0.10 and earlier, it was sometimes necessary to
+    # force an interpolation expression to be interpreted as a list by wrapping it
+    # in an extra set of list brackets. That form was supported for compatibility in
+    # v0.11, but is no longer supported in Terraform v0.12.
+    #
+    # If the expression in the following list itself returns a list, remove the
+    # brackets to avoid interpretation as a list of lists. If the expression
+    # returns a single list item then leave it as-is and remove this TODO comment.
     resources = [
-      "${local.source_bucket_arn}",
+      local.source_bucket_arn,
     ]
   }
 
@@ -31,8 +39,16 @@ data "aws_iam_policy_document" "source_replication_policy" {
       "s3:GetObjectVersionAcl",
     ]
 
+    # TF-UPGRADE-TODO: In Terraform v0.10 and earlier, it was sometimes necessary to
+    # force an interpolation expression to be interpreted as a list by wrapping it
+    # in an extra set of list brackets. That form was supported for compatibility in
+    # v0.11, but is no longer supported in Terraform v0.12.
+    #
+    # If the expression in the following list itself returns a list, remove the
+    # brackets to avoid interpretation as a list of lists. If the expression
+    # returns a single list item then leave it as-is and remove this TODO comment.
     resources = [
-      "${local.source_bucket_object_arn}",
+      local.source_bucket_object_arn,
     ]
   }
 
@@ -43,58 +59,67 @@ data "aws_iam_policy_document" "source_replication_policy" {
       "s3:ObjectOwnerOverrideToBucketOwner",
     ]
 
+    # TF-UPGRADE-TODO: In Terraform v0.10 and earlier, it was sometimes necessary to
+    # force an interpolation expression to be interpreted as a list by wrapping it
+    # in an extra set of list brackets. That form was supported for compatibility in
+    # v0.11, but is no longer supported in Terraform v0.12.
+    #
+    # If the expression in the following list itself returns a list, remove the
+    # brackets to avoid interpretation as a list of lists. If the expression
+    # returns a single list item then leave it as-is and remove this TODO comment.
     resources = [
-      "${local.dest_bucket_object_arn}",
+      local.dest_bucket_object_arn,
     ]
   }
 }
 
 resource "aws_iam_role" "source_replication" {
-  provider           = "aws.source"
+  provider           = aws.source
   name               = "${local.replication_name}-replication-role"
-  assume_role_policy = "${data.aws_iam_policy_document.source_replication_role.json}"
+  assume_role_policy = data.aws_iam_policy_document.source_replication_role.json
 }
 
 resource "aws_iam_policy" "source_replication" {
-  provider = "aws.source"
+  provider = aws.source
   name     = "${local.replication_name}-replication-policy"
-  policy   = "${data.aws_iam_policy_document.source_replication_policy.json}"
+  policy   = data.aws_iam_policy_document.source_replication_policy.json
 }
 
 resource "aws_iam_role_policy_attachment" "source_replication" {
-  provider   = "aws.source"
-  role       = "${aws_iam_role.source_replication.name}"
-  policy_arn = "${aws_iam_policy.source_replication.arn}"
+  provider   = aws.source
+  role       = aws_iam_role.source_replication.name
+  policy_arn = aws_iam_policy.source_replication.arn
 }
 
 # S3 source bucket
 
 resource "aws_s3_bucket" "source" {
-  provider = "aws.source"
-  bucket   = "${var.source_bucket_name}"
-  region   = "${var.source_region}"
+  provider = aws.source
+  bucket   = var.source_bucket_name
+  region   = var.source_region
 
   versioning {
     enabled = true
   }
 
   replication_configuration {
-    role = "${aws_iam_role.source_replication.arn}"
+    role = aws_iam_role.source_replication.arn
 
     rules {
-      id     = "${local.replication_name}"
+      id     = local.replication_name
       status = "Enabled"
-      prefix = "${var.replicate_prefix}"
+      priority = var.priority
+      prefix = var.replicate_prefix
 
       destination {
-        bucket        = "${local.dest_bucket_arn}"
+        bucket        = local.dest_bucket_arn
         storage_class = "STANDARD"
 
-        access_control_translation = {
+        access_control_translation {
           owner = "Destination"
         }
 
-        account_id = "${data.aws_caller_identity.dest.account_id}"
+        account_id = data.aws_caller_identity.dest.account_id
       }
     }
   }

variables.tf

@@ -1,36 +1,41 @@
 variable "source_region" {
-  type        = "string"
+  type        = string
   description = "AWS region for the source bucket"
 }
 
 variable "dest_region" {
-  type        = "string"
+  type        = string
   description = "AWS region for the destination bucket"
 }
 
 variable "source_bucket_name" {
-  type        = "string"
+  type        = string
   description = "Name for source s3 bucket"
 }
 
 variable "replicate_prefix" {
-  type        = "string"
+  type        = string
   description = "Prefix to replicate, default \"\" for all objects. Note if specifying, must end in a /"
   default     = ""
 }
 
 variable "dest_bucket_name" {
-  type        = "string"
+  type        = string
   description = "Name for dest s3 bucket"
 }
 
 variable "create_dest_bucket" {
-  type        = "string"
+  type        = string
   description = "Boolean for whether this module should create the destination bucket"
   default     = "true"
 }
 
 variable "replication_name" {
-  type        = "string"
+  type        = string
   description = "Short name to describe this replication"
 }
+
+variable "priority" {
+  description = "The priority associated with the rule."
+  default = 0
+}