chore!: bumped minimum terraform and aws provider versions (#98)

moritzzimmer · Sep 26, 2023 · 04bd4f8 · 04bd4f8
1 parent 67118ed
commit 04bd4f8
Show file tree

Hide file tree

Showing 35 changed files with 256 additions and 252 deletions.
diff --git a/.github/workflows/static-analysis.yaml b/.github/workflows/static-analysis.yaml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        terraform: [ ~0.15.0, ~1.0 ]
+        terraform: [ ~1.0 ]
     steps:
       - uses: actions/checkout@v3
 
@@ -31,7 +31,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        terraform: [ ~0.15.0, ~1.0 ]
+        terraform: [ ~1.0 ]
     steps:
       - uses: actions/checkout@v3
 
@@ -45,7 +45,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        terraform: [ ~0.15.0, ~1.0 ]
+        terraform: [ ~1.0 ]
     steps:
       - uses: actions/checkout@v3
 
@@ -68,7 +68,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        terraform: [ ~0.15.0, ~1.0 ]
+        terraform: [ ~1.0 ]
     steps:
       - uses: actions/checkout@v3
 

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.77.0
+    rev: v1.83.4
     hooks:
       - id: terraform_fmt
       - id: terraform_validate

diff --git a/.tflint.hcl b/.tflint.hcl
@@ -4,7 +4,7 @@ config {
 
 plugin "aws" {
   enabled = true
-  version = "0.21.1"
+  version = "0.27.0"
   source  = "github.com/terraform-linters/tflint-ruleset-aws"
 }
 

diff --git a/Makefile b/Makefile
@@ -46,19 +46,28 @@ tflint: ## Runs tflint on all Terraform files
 	@tflint --init
 	@for s in $(STACKS); do \
 		echo "tflint $$s"; \
-		cd $$s; terraform init -backend=false > /dev/null; \
-		tflint -f compact --config $(ROOT_DIR)/.tflint.hcl || exit 1; cd $(ROOT_DIR);\
+		terraform -chdir=$$s init -backend=false > /dev/null; \
+		tflint -chdir=$$s -f compact --config $(ROOT_DIR)/.tflint.hcl || exit 1; \
 	done;
 
 .PHONY: tfsec
 tfsec: ## Runs tfsec on all Terraform files
 	@echo "+ $@"
 	@for s in $(STACKS); do \
 		echo "tfsec $$s"; \
-		cd $$s; terraform init -backend=false > /dev/null; \
-		tfsec --concise-output --minimum-severity HIGH --exclude aws-s3-encryption-customer-key,aws-sns-topic-encryption-use-cmk,aws-sqs-queue-encryption-use-cmk || exit 1; cd $(ROOT_DIR);\
+		terraform -chdir=$$s init -backend=false > /dev/null; \
+		tfsec --custom-check-dir $$s --concise-output --minimum-severity HIGH --exclude aws-s3-encryption-customer-key,aws-sns-topic-encryption-use-cmk,aws-sqs-queue-encryption-use-cmk || exit 1; \
 	done;
 
+.PHONY: providers
+providers: ## Upgrades all providers and platform independent dependency locks (slow)
+	@echo "+ $@"
+	@for s in $(STACKS) ; do \
+  		echo upgrading: $$s ;\
+		terraform -chdir=$$s init -upgrade=true -backend=false > /dev/null; \
+		terraform -chdir=$$s providers lock -platform=darwin_amd64 -platform=linux_amd64 ;\
+	done
+
 .PHONY: test
 test: ## Runs all terratests
 	@echo "+ $@"

diff --git a/README.md b/README.md
@@ -343,14 +343,14 @@ should migrate to this module as a drop-in replacement to benefit from new featu
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.51 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.51 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 |
 
 ## Modules
 

diff --git a/examples/container-image/README.md b/examples/container-image/README.md
@@ -17,15 +17,15 @@ Note that this example may create resources which cost money. Run `terraform des
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.51 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.2 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.51 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 |
 | <a name="provider_null"></a> [null](#provider\_null) | >= 3.2 |
 
 ## Modules

diff --git a/examples/container-image/versions.tf b/examples/container-image/versions.tf
@@ -1,14 +1,14 @@
 terraform {
-  required_version = ">= 0.12.0"
+  required_version = ">= 1.0"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.51"
+      version = ">= 5.0"
     }
     null = {
       source  = "hashicorp/null"
       version = ">= 3.2"
     }
   }
-}
+}
diff --git a/examples/deployment/complete/README.md b/examples/deployment/complete/README.md
@@ -29,16 +29,16 @@ aws s3api put-object --bucket example-ci-{account_id}-{region} --key deployment-
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
 | <a name="requirement_archive"></a> [archive](#requirement\_archive) | >= 2.2 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.51 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
 | <a name="provider_archive"></a> [archive](#provider\_archive) | >= 2.2 |
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.51 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 |
 
 ## Modules
 
@@ -61,6 +61,7 @@ aws s3api put-object --bucket example-ci-{account_id}-{region} --key deployment-
 | [aws_s3_bucket.source](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
 | [aws_s3_bucket_notification.source](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_notification) | resource |
 | [aws_s3_bucket_public_access_block.source](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource |
+| [aws_s3_bucket_versioning.source](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning) | resource |
 | [aws_s3_object.initial](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_object) | resource |
 | [archive_file.traffic_hook](https://registry.terraform.io/providers/hashicorp/archive/latest/docs/data-sources/file) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |

diff --git a/examples/deployment/complete/main.tf b/examples/deployment/complete/main.tf
@@ -166,12 +166,15 @@ resource "aws_iam_role_policy_attachment" "traffic_hook" {
 
 #tfsec:ignore:aws-s3-enable-bucket-encryption - configure bucket encryption in production!
 resource "aws_s3_bucket" "source" {
-  acl           = "private"
   bucket        = "ci-${data.aws_caller_identity.current.account_id}-${data.aws_region.current.name}"
   force_destroy = true
+}
+
+resource "aws_s3_bucket_versioning" "source" {
+  bucket = aws_s3_bucket.source.id
 
-  versioning {
-    enabled = true
+  versioning_configuration {
+    status = "Enabled"
   }
 }
 

diff --git a/examples/deployment/complete/versions.tf b/examples/deployment/complete/versions.tf
@@ -1,14 +1,14 @@
 terraform {
-  required_version = ">= 0.12.0"
+  required_version = ">= 1.0"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.51"
+      version = ">= 5.0"
     }
     archive = {
       source  = "hashicorp/archive"
       version = ">= 2.2"
     }
   }
-}
+}
diff --git a/examples/deployment/container-image/README.md b/examples/deployment/container-image/README.md
@@ -26,15 +26,15 @@ docker push {account_id}.dkr.ecr.{region}.amazonaws.com/with-ecr-deployment:prod
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.51 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.2 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.51 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 |
 | <a name="provider_null"></a> [null](#provider\_null) | >= 3.2 |
 
 ## Modules

diff --git a/examples/deployment/container-image/versions.tf b/examples/deployment/container-image/versions.tf
@@ -1,14 +1,14 @@
 terraform {
-  required_version = ">= 0.12.0"
+  required_version = ">= 1.0"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.51"
+      version = ">= 5.0"
     }
     null = {
       source  = "hashicorp/null"
       version = ">= 3.2"
     }
   }
-}
+}
diff --git a/examples/deployment/s3/README.md b/examples/deployment/s3/README.md
@@ -24,14 +24,14 @@ aws s3api put-object --bucket example-ci-{account_id}-{region} --key s3-deployme
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.51 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.51 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 |
 
 ## Modules
 
@@ -49,6 +49,7 @@ aws s3api put-object --bucket example-ci-{account_id}-{region} --key s3-deployme
 | [aws_s3_bucket.source](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
 | [aws_s3_bucket_notification.source](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_notification) | resource |
 | [aws_s3_bucket_public_access_block.source](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource |
+| [aws_s3_bucket_versioning.source](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning) | resource |
 | [aws_s3_object.initial](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_object) | resource |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |

diff --git a/examples/deployment/s3/main.tf b/examples/deployment/s3/main.tf
@@ -54,12 +54,15 @@ module "deployment" {
 
 #tfsec:ignore:aws-s3-enable-bucket-encryption - configure bucket encryption in production!
 resource "aws_s3_bucket" "source" {
-  acl           = "private"
   bucket        = "ci-${data.aws_caller_identity.current.account_id}-${data.aws_region.current.name}"
   force_destroy = true
+}
+
+resource "aws_s3_bucket_versioning" "source" {
+  bucket = aws_s3_bucket.source.id
 
-  versioning {
-    enabled = true
+  versioning_configuration {
+    status = "Enabled"
   }
 }
 

diff --git a/examples/deployment/s3/versions.tf b/examples/deployment/s3/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 0.12.0"
+  required_version = ">= 1.0"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.51"
+      version = ">= 5.0"
     }
   }
-}
+}
diff --git a/examples/fixtures/versions.tf b/examples/fixtures/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 0.12.0"
+  required_version = ">= 1.0"
 
   required_providers {
     archive = {

diff --git a/examples/simple/README.md b/examples/simple/README.md
@@ -17,8 +17,8 @@ Note that this example may create resources which cost money. Run `terraform des
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.51 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |
 
 ## Providers
 

diff --git a/examples/simple/versions.tf b/examples/simple/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 0.12.0"
+  required_version = ">= 1.0"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.51"
+      version = ">= 5.0"
     }
   }
-}
+}
diff --git a/examples/with-cloudwatch-event-rules/README.md b/examples/with-cloudwatch-event-rules/README.md
@@ -18,14 +18,14 @@ Note that this example may create resources which cost money. Run `terraform des
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.51 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.51 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 |
 
 ## Modules
 

diff --git a/examples/with-cloudwatch-event-rules/versions.tf b/examples/with-cloudwatch-event-rules/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 0.12.0"
+  required_version = ">= 1.0"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.51"
+      version = ">= 5.0"
     }
   }
-}
+}
diff --git a/examples/with-cloudwatch-logs-subscription/README.md b/examples/with-cloudwatch-logs-subscription/README.md
@@ -17,8 +17,8 @@ Note that this example may create resources which cost money. Run `terraform des
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.51 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |
 
 ## Providers
 

diff --git a/examples/with-cloudwatch-logs-subscription/versions.tf b/examples/with-cloudwatch-logs-subscription/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 0.12.0"
+  required_version = ">= 1.0"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.51"
+      version = ">= 5.0"
     }
   }
-}
+}