diff --git a/.github/workflows/release-branch.yml b/.github/workflows/release-branch.yml
index 3f8fe62..b30901e 100644
--- a/.github/workflows/release-branch.yml
+++ b/.github/workflows/release-branch.yml
@@ -10,6 +10,7 @@ on:
- 'docs/**'
- 'examples/**'
- 'test/**'
+ - 'README.*'
permissions:
contents: write
diff --git a/.github/workflows/release-published.yml b/.github/workflows/release-published.yml
index f86352b..b31232b 100644
--- a/.github/workflows/release-published.yml
+++ b/.github/workflows/release-published.yml
@@ -11,4 +11,4 @@ permissions:
jobs:
terraform-module:
- uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release.yml@main
+ uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release-published.yml@main
diff --git a/README.md b/README.md
index 3a78017..af54f53 100644
--- a/README.md
+++ b/README.md
@@ -216,7 +216,7 @@ Available targets:
| Name | Source | Version |
|------|--------|---------|
-| [access\_logs](#module\_access\_logs) | cloudposse/lb-s3-bucket/aws | 0.16.0 |
+| [access\_logs](#module\_access\_logs) | cloudposse/lb-s3-bucket/aws | 0.18.0 |
| [default\_load\_balancer\_label](#module\_default\_load\_balancer\_label) | cloudposse/label/null | 0.25.0 |
| [default\_target\_group\_label](#module\_default\_target\_group\_label) | cloudposse/label/null | 0.25.0 |
| [this](#module\_this) | cloudposse/label/null | 0.25.0 |
@@ -246,7 +246,6 @@ Available targets:
| [additional\_certs](#input\_additional\_certs) | A list of additonal certs to add to the https listerner | `list(string)` | `[]` | no |
| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no |
| [alb\_access\_logs\_s3\_bucket\_force\_destroy](#input\_alb\_access\_logs\_s3\_bucket\_force\_destroy) | A boolean that indicates all objects should be deleted from the ALB access logs S3 bucket so that the bucket can be destroyed without error | `bool` | `false` | no |
-| [alb\_access\_logs\_s3\_bucket\_force\_destroy\_enabled](#input\_alb\_access\_logs\_s3\_bucket\_force\_destroy\_enabled) | When `true`, permits `force_destroy` to be set to `true`.
This is an extra safety precaution to reduce the chance that Terraform will destroy and recreate
your S3 bucket, causing COMPLETE LOSS OF ALL DATA even if it was stored in Glacier.
WARNING: Upgrading this module from a version prior to 0.27.0 to this version
will cause Terraform to delete your existing S3 bucket CAUSING COMPLETE DATA LOSS
unless you follow the upgrade instructions on the Wiki [here](https://github.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.27.0-(POTENTIAL-DATA-LOSS)).
See additional instructions for upgrading from v0.27.0 to v0.28.0 [here](https://github.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.28.0-and-AWS-provider-v4-(POTENTIAL-DATA-LOSS)). | `bool` | `false` | no |
| [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no |
| [certificate\_arn](#input\_certificate\_arn) | The ARN of the default SSL certificate for HTTPS listener | `string` | `""` | no |
| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | {
"additional_tag_map": {},
"attributes": [],
"delimiter": null,
"descriptor_formats": {},
"enabled": true,
"environment": null,
"id_length_limit": null,
"label_key_case": null,
"label_order": [],
"label_value_case": null,
"labels_as_tags": [
"unset"
],
"name": null,
"namespace": null,
"regex_replace_chars": null,
"stage": null,
"tags": {},
"tenant": null
} | no |
diff --git a/docs/terraform.md b/docs/terraform.md
index e8ee3db..79cb2c5 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -16,7 +16,7 @@
| Name | Source | Version |
|------|--------|---------|
-| [access\_logs](#module\_access\_logs) | cloudposse/lb-s3-bucket/aws | 0.16.0 |
+| [access\_logs](#module\_access\_logs) | cloudposse/lb-s3-bucket/aws | 0.18.0 |
| [default\_load\_balancer\_label](#module\_default\_load\_balancer\_label) | cloudposse/label/null | 0.25.0 |
| [default\_target\_group\_label](#module\_default\_target\_group\_label) | cloudposse/label/null | 0.25.0 |
| [this](#module\_this) | cloudposse/label/null | 0.25.0 |
@@ -46,7 +46,6 @@
| [additional\_certs](#input\_additional\_certs) | A list of additonal certs to add to the https listerner | `list(string)` | `[]` | no |
| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no |
| [alb\_access\_logs\_s3\_bucket\_force\_destroy](#input\_alb\_access\_logs\_s3\_bucket\_force\_destroy) | A boolean that indicates all objects should be deleted from the ALB access logs S3 bucket so that the bucket can be destroyed without error | `bool` | `false` | no |
-| [alb\_access\_logs\_s3\_bucket\_force\_destroy\_enabled](#input\_alb\_access\_logs\_s3\_bucket\_force\_destroy\_enabled) | When `true`, permits `force_destroy` to be set to `true`.
This is an extra safety precaution to reduce the chance that Terraform will destroy and recreate
your S3 bucket, causing COMPLETE LOSS OF ALL DATA even if it was stored in Glacier.
WARNING: Upgrading this module from a version prior to 0.27.0 to this version
will cause Terraform to delete your existing S3 bucket CAUSING COMPLETE DATA LOSS
unless you follow the upgrade instructions on the Wiki [here](https://github.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.27.0-(POTENTIAL-DATA-LOSS)).
See additional instructions for upgrading from v0.27.0 to v0.28.0 [here](https://github.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.28.0-and-AWS-provider-v4-(POTENTIAL-DATA-LOSS)). | `bool` | `false` | no |
| [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no |
| [certificate\_arn](#input\_certificate\_arn) | The ARN of the default SSL certificate for HTTPS listener | `string` | `""` | no |
| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | {
"additional_tag_map": {},
"attributes": [],
"delimiter": null,
"descriptor_formats": {},
"enabled": true,
"environment": null,
"id_length_limit": null,
"label_key_case": null,
"label_order": [],
"label_value_case": null,
"labels_as_tags": [
"unset"
],
"name": null,
"namespace": null,
"regex_replace_chars": null,
"stage": null,
"tags": {},
"tenant": null
} | no |
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 3f96f72..461920d 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -3,19 +3,19 @@ provider "aws" {
}
module "vpc" {
- source = "cloudposse/vpc/aws"
- version = "0.28.1"
- cidr_block = var.vpc_cidr_block
- context = module.this.context
+ source = "cloudposse/vpc/aws"
+ version = "2.1.0"
+ ipv4_primary_cidr_block = var.vpc_cidr_block
+ context = module.this.context
}
module "subnets" {
source = "cloudposse/dynamic-subnets/aws"
- version = "0.39.8"
+ version = "2.3.0"
availability_zones = var.availability_zones
vpc_id = module.vpc.vpc_id
- igw_id = module.vpc.igw_id
- cidr_block = module.vpc.vpc_cidr_block
+ igw_id = [module.vpc.igw_id]
+ ipv4_cidr_block = [module.vpc.vpc_cidr_block]
nat_gateway_enabled = false
nat_instance_enabled = false
context = module.this.context
@@ -46,8 +46,7 @@ module "alb" {
target_group_target_type = var.target_group_target_type
stickiness = var.stickiness
- alb_access_logs_s3_bucket_force_destroy = var.alb_access_logs_s3_bucket_force_destroy
- alb_access_logs_s3_bucket_force_destroy_enabled = var.alb_access_logs_s3_bucket_force_destroy_enabled
+ alb_access_logs_s3_bucket_force_destroy = var.alb_access_logs_s3_bucket_force_destroy
context = module.this.context
}
diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
index bbbb570..9e7c2e9 100644
--- a/examples/complete/variables.tf
+++ b/examples/complete/variables.tf
@@ -98,19 +98,6 @@ variable "alb_access_logs_s3_bucket_force_destroy" {
description = "A boolean that indicates all objects should be deleted from the ALB access logs S3 bucket so that the bucket can be destroyed without error"
}
-variable "alb_access_logs_s3_bucket_force_destroy_enabled" {
- type = bool
- description = <<-EOT
- When `true`, permits `force_destroy` to be set to `true`.
- This is an extra safety precaution to reduce the chance that Terraform will destroy and recreate
- your S3 bucket, causing COMPLETE LOSS OF ALL DATA even if it was stored in Glacier.
- WARNING: Upgrading this module from a version prior to 0.27.0 to this version
- will cause Terraform to delete your existing S3 bucket CAUSING COMPLETE DATA LOSS
- unless you follow the upgrade instructions on the Wiki [here](https://github.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.27.0-(POTENTIAL-DATA-LOSS)).
- See additional instructions for upgrading from v0.27.0 to v0.28.0 [here](https://github.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.28.0-and-AWS-provider-v4-(POTENTIAL-DATA-LOSS)).
- EOT
-}
-
variable "target_group_port" {
type = number
description = "The port for the default target group"
diff --git a/main.tf b/main.tf
index 5e8e38d..c08da48 100644
--- a/main.tf
+++ b/main.tf
@@ -13,7 +13,7 @@ resource "aws_security_group_rule" "egress" {
to_port = "0"
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
- security_group_id = join("", aws_security_group.default.*.id)
+ security_group_id = one(aws_security_group.default[*].id)
}
resource "aws_security_group_rule" "http_ingress" {
@@ -24,7 +24,7 @@ resource "aws_security_group_rule" "http_ingress" {
protocol = "tcp"
cidr_blocks = var.http_ingress_cidr_blocks
prefix_list_ids = var.http_ingress_prefix_list_ids
- security_group_id = join("", aws_security_group.default.*.id)
+ security_group_id = one(aws_security_group.default[*].id)
}
resource "aws_security_group_rule" "https_ingress" {
@@ -35,22 +35,20 @@ resource "aws_security_group_rule" "https_ingress" {
protocol = "tcp"
cidr_blocks = var.https_ingress_cidr_blocks
prefix_list_ids = var.https_ingress_prefix_list_ids
- security_group_id = join("", aws_security_group.default.*.id)
+ security_group_id = one(aws_security_group.default[*].id)
}
module "access_logs" {
source = "cloudposse/lb-s3-bucket/aws"
- version = "0.16.0"
+ version = "0.18.0"
enabled = module.this.enabled && var.access_logs_enabled && var.access_logs_s3_bucket_id == null
attributes = compact(concat(module.this.attributes, ["alb", "access", "logs"]))
force_destroy = var.alb_access_logs_s3_bucket_force_destroy
- force_destroy_enabled = var.alb_access_logs_s3_bucket_force_destroy_enabled
lifecycle_configuration_rules = var.lifecycle_configuration_rules
- # TODO: deprecate these inputs in favor of `lifecycle_configuration_rules`
lifecycle_rule_enabled = var.lifecycle_rule_enabled
enable_glacier_transition = var.enable_glacier_transition
expiration_days = var.expiration_days
@@ -79,7 +77,7 @@ resource "aws_lb" "default" {
load_balancer_type = "application"
security_groups = compact(
- concat(var.security_group_ids, [join("", aws_security_group.default.*.id)]),
+ concat(var.security_group_ids, [one(aws_security_group.default[*].id)]),
)
subnets = var.subnet_ids
@@ -152,13 +150,13 @@ resource "aws_lb_listener" "http_forward" {
#bridgecrew:skip=BC_AWS_GENERAL_43 - Skipping Ensure that load balancer is using TLS 1.2.
#bridgecrew:skip=BC_AWS_NETWORKING_29 - Skipping Ensure ALB Protocol is HTTPS
count = module.this.enabled && var.http_enabled && var.http_redirect != true ? 1 : 0
- load_balancer_arn = join("", aws_lb.default.*.arn)
+ load_balancer_arn = one(aws_lb.default[*].arn)
port = var.http_port
protocol = "HTTP"
tags = merge(module.this.tags, var.listener_additional_tags)
default_action {
- target_group_arn = var.listener_http_fixed_response != null ? null : join("", aws_lb_target_group.default.*.arn)
+ target_group_arn = var.listener_http_fixed_response != null ? null : one(aws_lb_target_group.default[*].arn)
type = var.listener_http_fixed_response != null ? "fixed-response" : "forward"
dynamic "fixed_response" {
@@ -174,13 +172,13 @@ resource "aws_lb_listener" "http_forward" {
resource "aws_lb_listener" "http_redirect" {
count = module.this.enabled && var.http_enabled && var.http_redirect == true ? 1 : 0
- load_balancer_arn = join("", aws_lb.default.*.arn)
+ load_balancer_arn = one(aws_lb.default[*].arn)
port = var.http_port
protocol = "HTTP"
tags = merge(module.this.tags, var.listener_additional_tags)
default_action {
- target_group_arn = join("", aws_lb_target_group.default.*.arn)
+ target_group_arn = one(aws_lb_target_group.default[*].arn)
type = "redirect"
redirect {
@@ -194,7 +192,7 @@ resource "aws_lb_listener" "http_redirect" {
resource "aws_lb_listener" "https" {
#bridgecrew:skip=BC_AWS_GENERAL_43 - Skipping Ensure that load balancer is using TLS 1.2.
count = module.this.enabled && var.https_enabled ? 1 : 0
- load_balancer_arn = join("", aws_lb.default.*.arn)
+ load_balancer_arn = one(aws_lb.default[*].arn)
port = var.https_port
protocol = "HTTPS"
@@ -203,7 +201,7 @@ resource "aws_lb_listener" "https" {
tags = merge(module.this.tags, var.listener_additional_tags)
default_action {
- target_group_arn = var.listener_https_fixed_response != null ? null : join("", aws_lb_target_group.default.*.arn)
+ target_group_arn = var.listener_https_fixed_response != null ? null : one(aws_lb_target_group.default[*].arn)
type = var.listener_https_fixed_response != null ? "fixed-response" : "forward"
dynamic "fixed_response" {
@@ -218,7 +216,7 @@ resource "aws_lb_listener" "https" {
}
resource "aws_lb_listener_certificate" "https_sni" {
- count = module.this.enabled && var.https_enabled && var.additional_certs != [] ? length(var.additional_certs) : 0
- listener_arn = join("", aws_lb_listener.https.*.arn)
+ count = module.this.enabled && var.https_enabled && length(var.additional_certs) > 0 ? length(var.additional_certs) : 0
+ listener_arn = one(aws_lb_listener.https[*].arn)
certificate_arn = var.additional_certs[count.index]
}
diff --git a/outputs.tf b/outputs.tf
index d65c6d0..2118793 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -1,62 +1,62 @@
output "alb_name" {
description = "The ARN suffix of the ALB"
- value = join("", aws_lb.default.*.name)
+ value = one(aws_lb.default[*].name)
}
output "alb_arn" {
description = "The ARN of the ALB"
- value = join("", aws_lb.default.*.arn)
+ value = one(aws_lb.default[*].arn)
}
output "alb_arn_suffix" {
description = "The ARN suffix of the ALB"
- value = join("", aws_lb.default.*.arn_suffix)
+ value = one(aws_lb.default[*].arn_suffix)
}
output "alb_dns_name" {
description = "DNS name of ALB"
- value = join("", aws_lb.default.*.dns_name)
+ value = one(aws_lb.default[*].dns_name)
}
output "alb_zone_id" {
description = "The ID of the zone which ALB is provisioned"
- value = join("", aws_lb.default.*.zone_id)
+ value = one(aws_lb.default[*].zone_id)
}
output "security_group_id" {
description = "The security group ID of the ALB"
- value = join("", aws_security_group.default.*.id)
+ value = one(aws_security_group.default[*].id)
}
output "default_target_group_arn" {
description = "The default target group ARN"
- value = join("", aws_lb_target_group.default.*.arn)
+ value = one(aws_lb_target_group.default[*].arn)
}
output "default_target_group_arn_suffix" {
description = "The default target group ARN suffix"
- value = join("", aws_lb_target_group.default.*.arn_suffix)
+ value = one(aws_lb_target_group.default[*].arn_suffix)
}
output "http_listener_arn" {
description = "The ARN of the HTTP forwarding listener"
- value = join("", aws_lb_listener.http_forward.*.arn)
+ value = one(aws_lb_listener.http_forward[*].arn)
}
output "http_redirect_listener_arn" {
description = "The ARN of the HTTP to HTTPS redirect listener"
- value = join("", aws_lb_listener.http_redirect.*.arn)
+ value = one(aws_lb_listener.http_redirect[*].arn)
}
output "https_listener_arn" {
description = "The ARN of the HTTPS listener"
- value = join("", aws_lb_listener.https.*.arn)
+ value = one(aws_lb_listener.https[*].arn)
}
output "listener_arns" {
description = "A list of all the listener ARNs"
value = compact(
- concat(aws_lb_listener.http_forward.*.arn, aws_lb_listener.http_redirect.*.arn, aws_lb_listener.https.*.arn)
+ concat(aws_lb_listener.http_forward[*].arn, aws_lb_listener.http_redirect[*].arn, aws_lb_listener.https[*].arn)
)
}
diff --git a/variables.tf b/variables.tf
index 2f27040..a709371 100644
--- a/variables.tf
+++ b/variables.tf
@@ -206,20 +206,6 @@ variable "alb_access_logs_s3_bucket_force_destroy" {
description = "A boolean that indicates all objects should be deleted from the ALB access logs S3 bucket so that the bucket can be destroyed without error"
}
-variable "alb_access_logs_s3_bucket_force_destroy_enabled" {
- type = bool
- default = false
- description = <<-EOT
- When `true`, permits `force_destroy` to be set to `true`.
- This is an extra safety precaution to reduce the chance that Terraform will destroy and recreate
- your S3 bucket, causing COMPLETE LOSS OF ALL DATA even if it was stored in Glacier.
- WARNING: Upgrading this module from a version prior to 0.27.0 to this version
- will cause Terraform to delete your existing S3 bucket CAUSING COMPLETE DATA LOSS
- unless you follow the upgrade instructions on the Wiki [here](https://github.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.27.0-(POTENTIAL-DATA-LOSS)).
- See additional instructions for upgrading from v0.27.0 to v0.28.0 [here](https://github.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.28.0-and-AWS-provider-v4-(POTENTIAL-DATA-LOSS)).
- EOT
-}
-
variable "target_group_port" {
type = number
default = 80