diff --git a/.github/labeler.yaml b/.github/labeler.yaml
index 30da008..3977b4a 100644
--- a/.github/labeler.yaml
+++ b/.github/labeler.yaml
@@ -1,7 +1,4 @@
# Modules
-":floppy_disk: msk-cluster":
-- modules/msk-cluster/**/*
-
":floppy_disk: resource-group":
- modules/resource-group/**/*
diff --git a/.github/labels.yaml b/.github/labels.yaml
index b2de133..1272df1 100644
--- a/.github/labels.yaml
+++ b/.github/labels.yaml
@@ -40,9 +40,6 @@
name: "size/XL"
# Modules
-- color: "fbca04"
- description: "This issue or pull request is related to msk-cluster module."
- name: ":floppy_disk: msk-cluster"
- color: "fbca04"
description: "This issue or pull request is related to resource-group module."
name: ":floppy_disk: resource-group"
diff --git a/.github/workflows/integration.yaml b/.github/workflows/integration.yaml
deleted file mode 100644
index e915d59..0000000
--- a/.github/workflows/integration.yaml
+++ /dev/null
@@ -1,101 +0,0 @@
-name: Integration
-
-on:
- push:
- branches:
- - main
- pull_request: {}
-
-concurrency:
- group: integration-${{ github.ref }}
- cancel-in-progress: true
-
-jobs:
- changed:
- runs-on: ubuntu-latest
-
- outputs:
- terraform_modules_changed: ${{ steps.filter-terraform-modules.outputs.changed }}
- terraform_modules_files: ${{ steps.filter-terraform-modules.outputs.files }}
- terraform_modules_dirs: ${{ steps.filter-terraform-modules.outputs.dirs }}
- yaml_changed: ${{ steps.filter-yaml.outputs.changed }}
- yaml_files: ${{ steps.filter-yaml.outputs.files }}
-
- steps:
- - name: Checkout
- uses: actions/checkout@v3
- with:
- fetch-depth: 0
-
- - name: Get Changed Files
- id: changed-files
- uses: dorny/paths-filter@v2
- with:
- list-files: json
- filters: |
- modules:
- - 'modules/**'
- yaml:
- - '**/*.yaml'
- - '**/*.yml'
-
- - name: Filter changed Terraform Modules files to outputs
- id: filter-terraform-modules
- run: |
- dirs=$(echo '${{ steps.changed-files.outputs.modules_files }}' | jq '[.[] | match("modules/[^/]+").string] | unique')
- echo ::set-output name=changed::${{ steps.changed-files.outputs.modules }}
- echo ::set-output name=files::${{ steps.changed-files.outputs.modules_files }}
- echo ::set-output name=dirs::$dirs
-
- - name: Filter changed YAML files to outputs
- id: filter-yaml
- run: |
- echo ::set-output name=changed::${{ steps.changed-files.outputs.yaml }}
- echo ::set-output name=files::${{ steps.changed-files.outputs.yaml_files }}
-
-
- terraform:
- needs:
- - changed
- if: ${{ needs.changed.outputs.terraform_modules_changed != 'false' }}
- runs-on: ubuntu-latest
-
- strategy:
- matrix:
- path: ${{ fromJson(needs.changed.outputs.terraform_modules_dirs) }}
-
- steps:
- - name: Checkout
- uses: actions/checkout@v3
-
- - name: Set-up terraform
- uses: hashicorp/setup-terraform@v2
-
- - name: Terraform fmt
- id: terraform-fmt
- working-directory: ${{ matrix.path }}
- run: terraform fmt -check
- continue-on-error: true
-
- - name: Terraform Validate
- id: terraform-validate
- working-directory: ${{ matrix.path }}
- run: |
- terraform init -backend=false
- terraform validate -no-color
-
-
- yaml:
- needs:
- - changed
- if: ${{ needs.changed.outputs.yaml_changed != 'false' }}
- runs-on: ubuntu-latest
-
- steps:
- - name: Checkout
- uses: actions/checkout@v3
-
- - name: Lint YAML Files
- id: yaml-lint
- run: |
- yamllint .
diff --git a/.github/workflows/terraform.integration.yaml b/.github/workflows/terraform.integration.yaml
new file mode 100644
index 0000000..8cfe55e
--- /dev/null
+++ b/.github/workflows/terraform.integration.yaml
@@ -0,0 +1,108 @@
+name: Integration (Terraform)
+
+on:
+ push:
+ branches:
+ - main
+ pull_request: {}
+
+concurrency:
+ group: terraform-integration-${{ github.ref }}
+ cancel-in-progress: true
+
+jobs:
+ changed:
+ name: Filter Changed Files and Directories
+ runs-on: ubuntu-latest
+
+ outputs:
+ changed: ${{ steps.set-outputs.outputs.changed }}
+ modified: ${{ steps.set-outputs.outputs.modified }}
+ changed_files: ${{ steps.set-outputs.outputs.changed_files }}
+ modified_files: ${{ steps.set-outputs.outputs.modified_files }}
+ changed_directories: ${{ steps.set-outputs.outputs.changed_directories }}
+ modified_directories: ${{ steps.set-outputs.outputs.modified_directories }}
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v3
+ with:
+ fetch-depth: 0
+
+ - name: Get Changed Files
+ id: changed-files
+ uses: tj-actions/changed-files@v38
+ with:
+ files: |
+ modules/**
+ examples/**
+ json: true
+
+ - name: Get Changed Directories
+ id: changed-directories
+ uses: tj-actions/changed-files@v38
+ with:
+ files: |
+ modules/**
+ examples/**
+ dir_names: "true"
+ dir_names_max_depth: 2
+ json: true
+
+ - name: Set outputs
+ id: set-outputs
+ run: |
+ echo "changed=${{ steps.changed-directories.outputs.any_changed }}" >> $GITHUB_OUTPUT
+ echo "modified=${{ steps.changed-directories.outputs.any_modified }}" >> $GITHUB_OUTPUT
+
+ echo "changed_files=${{ steps.changed-files.outputs.all_changed_files }}" >> $GITHUB_OUTPUT
+ echo "modified_files=${{ steps.changed-files.outputs.all_modified_files }}" >> $GITHUB_OUTPUT
+
+ echo "changed_directories=${{ steps.changed-directories.outputs.all_changed_files }}" >> $GITHUB_OUTPUT
+ echo "modified_directories=${{ steps.changed-directories.outputs.all_modified_files }}" >> $GITHUB_OUTPUT
+
+
+ terraform:
+ name: Lint (terraform)
+ needs:
+ - changed
+ if: ${{ needs.changed.outputs.modified == 'true' }}
+ uses: tedilabs/.github/.github/workflows/terraform.terraform.yaml@main
+
+ strategy:
+ matrix:
+ path: ${{ fromJson(needs.changed.outputs.modified_directories) }}
+
+ with:
+ terraform_target_dir: ${{ matrix.path }}
+ terraform_version: latest
+ terraform_host: app.terraform.io
+ secrets:
+ gh_token: ${{ secrets.GITHUB_TOKEN }}
+ token: ${{ secrets.GITHUB_TOKEN }}
+ terraform_token: ${{ secrets.TERRAFORM_TOKEN }}
+
+
+ tflint:
+ name: Lint (tflint)
+ needs:
+ - changed
+ if: ${{ needs.changed.outputs.modified == 'true' }}
+ uses: tedilabs/.github/.github/workflows/terraform.tflint.yaml@main
+
+ strategy:
+ matrix:
+ path: ${{ fromJson(needs.changed.outputs.modified_directories) }}
+
+ with:
+ tflint_version: latest
+ tflint_config_file: .tflint.hcl
+ tflint_target_dir: ${{ matrix.path }}
+ tflint_recursive_enabled: false
+ tflint_terraform_init_enabled: true
+ terraform_version: latest
+ terraform_host: app.terraform.io
+ secrets:
+ gh_token: ${{ secrets.GITHUB_TOKEN }}
+ token: ${{ secrets.GITHUB_TOKEN }}
+ terraform_token: ${{ secrets.TERRAFORM_TOKEN }}
diff --git a/.github/workflows/yaml.integration.yaml b/.github/workflows/yaml.integration.yaml
new file mode 100644
index 0000000..5149a2d
--- /dev/null
+++ b/.github/workflows/yaml.integration.yaml
@@ -0,0 +1,60 @@
+name: Integration (YAML)
+
+on:
+ push:
+ branches:
+ - main
+ pull_request: {}
+
+concurrency:
+ group: yaml-integration-${{ github.ref }}
+ cancel-in-progress: true
+
+jobs:
+ changed:
+ name: Filter Changed Files and Directories
+ runs-on: ubuntu-latest
+
+ outputs:
+ changed: ${{ steps.set-outputs.outputs.changed }}
+ modified: ${{ steps.set-outputs.outputs.modified }}
+ changed_files: ${{ steps.set-outputs.outputs.changed_files }}
+ modified_files: ${{ steps.set-outputs.outputs.modified_files }}
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v3
+ with:
+ fetch-depth: 0
+
+ - name: Get Changed Files
+ id: changed-files
+ uses: tj-actions/changed-files@v38
+ with:
+ files: |
+ **/*.yaml
+ **/*.yml
+ json: true
+
+ - name: Set outputs
+ id: set-outputs
+ run: |
+ echo "changed=${{ steps.changed-files.outputs.any_changed }}" >> $GITHUB_OUTPUT
+ echo "modified=${{ steps.changed-files.outputs.any_modified }}" >> $GITHUB_OUTPUT
+
+ echo "changed_files=${{ steps.changed-files.outputs.all_changed_files }}" >> $GITHUB_OUTPUT
+ echo "modified_files=${{ steps.changed-files.outputs.all_modified_files }}" >> $GITHUB_OUTPUT
+
+ lint:
+ name: Lint (yamllint)
+ needs:
+ - changed
+ if: ${{ needs.changed.outputs.modified == 'true' }}
+ uses: tedilabs/.github/.github/workflows/yaml.yamllint.yaml@main
+
+ with:
+ yamllint_version: latest
+ yamllint_config_file: .yamllint.yaml
+ yamllint_target_dir: ./
+ secrets:
+ token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index aa33d01..10bde48 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,8 +1,22 @@
repos:
- repo: https://github.com/antonbabenko/pre-commit-terraform
- rev: v1.70.1
+ rev: v1.81.0
hooks:
- id: terraform_fmt
+ args:
+ - --args=-diff
- id: terraform_validate
+ args:
+ - --tf-init-args=-upgrade
+ - --hook-config=--retry-once-with-cleanup=true
+ - id: terraform_tflint
+ args:
+ - --args=--config=__GIT_WORKING_DIR__/.tflint.hcl
+ files: ^modules/
- id: terraform_docs
args: ["--args=--sort-by required"]
+
+- repo: https://github.com/adrienverge/yamllint
+ rev: v1.32.0
+ hooks:
+ - id: yamllint
diff --git a/.tflint.hcl b/.tflint.hcl
new file mode 100644
index 0000000..0788789
--- /dev/null
+++ b/.tflint.hcl
@@ -0,0 +1,77 @@
+config {
+ plugin_dir = "~/.tflint.d/plugins"
+
+ format = "compact"
+ module = true
+ force = false
+ disabled_by_default = false
+
+ ignore_module = {}
+}
+
+
+###################################################
+# Rule Sets - Terraform
+###################################################
+
+plugin "terraform" {
+ enabled = true
+ preset = "recommended"
+}
+
+rule "terraform_comment_syntax" {
+ enabled = true
+}
+
+rule "terraform_documented_variables" {
+ enabled = true
+}
+
+rule "terraform_documented_outputs" {
+ enabled = true
+}
+
+rule "terraform_naming_convention" {
+ enabled = true
+ format = "snake_case"
+
+ custom_formats = {
+ extended_snake_case = {
+ description = "Extended snake_case Format which allows double underscore like `a__b`."
+ regex = "^[a-z][a-z0-9]+([_]{1,2}[a-z0-9]+)*$"
+ }
+ }
+
+ module {
+ format = "extended_snake_case"
+ }
+
+ resource {
+ format = "extended_snake_case"
+ }
+
+ data {
+ format = "extended_snake_case"
+ }
+}
+
+rule "terraform_unused_declarations" {
+ enabled = false
+}
+
+rule "terraform_unused_required_providers" {
+ enabled = true
+}
+
+
+###################################################
+# Rule Sets - AWS
+###################################################
+
+plugin "aws" {
+ source = "github.com/terraform-linters/tflint-ruleset-aws"
+ version = "0.21.1"
+
+ enabled = true
+ deep_check = false
+}
diff --git a/README.md b/README.md
index 7ab0281..980fdc3 100644
--- a/README.md
+++ b/README.md
@@ -16,4 +16,4 @@ Like this project? Follow the repository on [GitHub](https://github.com/tedilabs
Provided under the terms of the [Apache License](LICENSE).
-Copyright © 2021-2022, [Byungjin Park](https://www.posquit0.com).
+Copyright © 2021-2023, [Byungjin Park](https://www.posquit0.com).
diff --git a/VERSION b/VERSION
index 5712157..d9df1bb 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-0.10.1
+0.11.0
diff --git a/modules/msk-cluster/README.md b/modules/msk-cluster/README.md
deleted file mode 100644
index 37deaa0..0000000
--- a/modules/msk-cluster/README.md
+++ /dev/null
@@ -1,108 +0,0 @@
-# msk-cluster
-
-This module creates following resources.
-
-- `aws_msk_cluster`
-- `aws_msk_configuration`
-- `aws_msk_scram_secret_association` (optional)
-- `aws_security_group` (optional)
-- `aws_security_group_rule` (optional)
-- `aws_secretsmanager_secret` (optional)
-
-
-## Requirements
-
-| Name | Version |
-|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.2 |
-| [aws](#requirement\_aws) | >= 4.22 |
-| [random](#requirement\_random) | >= 3.3 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| [aws](#provider\_aws) | 4.22.0 |
-| [random](#provider\_random) | 3.3.2 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| [secret](#module\_secret) | tedilabs/secret/aws//modules/secrets-manager-secret | ~> 0.2.0 |
-| [security\_group](#module\_security\_group) | tedilabs/network/aws//modules/security-group | 0.26.0 |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_msk_cluster.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_cluster) | resource |
-| [aws_msk_configuration.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_configuration) | resource |
-| [aws_msk_scram_secret_association.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_scram_secret_association) | resource |
-| [aws_resourcegroups_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/resourcegroups_group) | resource |
-| [random_password.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
-| [aws_msk_broker_nodes.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/msk_broker_nodes) | data source |
-| [aws_subnet.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| [broker\_size](#input\_broker\_size) | (Required) The desired total number of broker nodes in the kafka cluster. It must be a multiple of the number of specified client subnets. | `number` | n/a | yes |
-| [broker\_subnets](#input\_broker\_subnets) | (Required) A list of subnet IDs to place ENIs of the MSK cluster broker nodes within. | `list(string)` | n/a | yes |
-| [name](#input\_name) | (Required) Name of the MSK cluster. | `string` | n/a | yes |
-| [auth\_sasl\_iam\_enabled](#input\_auth\_sasl\_iam\_enabled) | (Optional) Enables IAM client authentication. | `bool` | `false` | no |
-| [auth\_sasl\_scram\_enabled](#input\_auth\_sasl\_scram\_enabled) | (Optional) Enables SCRAM client authentication via AWS Secrets Manager. | `bool` | `false` | no |
-| [auth\_sasl\_scram\_kms\_key](#input\_auth\_sasl\_scram\_kms\_key) | (Optional) The ARN of a KMS key to encrypt AWS SeecretsManager Secret resources for storing SASL/SCRAM authentication data. Only required when the MSK cluster has SASL/SCRAM authentication enabled. The Username/Password Authentication based on SASL/SCRAM needs to create a Secret resource in AWS SecretsManager with a custom AWS KMS Key. A secret created with the default AWS KMS key cannot be used with an Amazon MSK cluster. | `string` | `null` | no |
-| [auth\_sasl\_scram\_users](#input\_auth\_sasl\_scram\_users) | (Optional) A list of usernames to be allowed for SASL/SCRAM authentication to the MSK cluster. The password for each username is randomly generated and stored in AWS SecretsManager secret. | `set(string)` | `[]` | no |
-| [auth\_tls\_acm\_ca\_arns](#input\_auth\_tls\_acm\_ca\_arns) | (Optional) List of ACM Certificate Authority Amazon Resource Names (ARNs). | `list(string)` | `[]` | no |
-| [auth\_tls\_enabled](#input\_auth\_tls\_enabled) | (Optional) Enables TLS client authentication. | `bool` | `false` | no |
-| [auth\_unauthenticated\_access\_enabled](#input\_auth\_unauthenticated\_access\_enabled) | (Optional) Enables unauthenticated access. Defaults to `true`. | `bool` | `true` | no |
-| [broker\_additional\_security\_groups](#input\_broker\_additional\_security\_groups) | (Optional) A list of security group IDs to associate with ENIs to control who can communicate with the cluster. | `list(string)` | `[]` | no |
-| [broker\_allowed\_ingress\_cidrs](#input\_broker\_allowed\_ingress\_cidrs) | (Optional) A list of CIDR for MSK ingress access. | `list(string)` | `[]` | no |
-| [broker\_instance\_type](#input\_broker\_instance\_type) | (Optional) The instance type to use for the kafka brokers. | `string` | `"kafka.m5.large"` | no |
-| [broker\_public\_access\_enabled](#input\_broker\_public\_access\_enabled) | (Optional) Whether to allow public access to MSK brokers. | `bool` | `false` | no |
-| [broker\_volume\_provisioned\_throughput](#input\_broker\_volume\_provisioned\_throughput) | (Optional) Throughput value of the EBS volumes for the data drive on each kafka broker node in MiB per second. The minimum value is `250`. The maximum value varies between broker type. | `number` | `null` | no |
-| [broker\_volume\_provisioned\_throughput\_enabled](#input\_broker\_volume\_provisioned\_throughput\_enabled) | (Optional) Whether provisioned throughput is enabled or not. You can specify the provisioned throughput rate in MiB per second for clusters whose brokers are of type `kafka.m5.4xlarge` or larger and if the storage volume is 10 GiB or greater. Defaults to `false`. | `bool` | `false` | no |
-| [broker\_volume\_size](#input\_broker\_volume\_size) | (Optional) The size in GiB of the EBS volume for the data drive on each broker node. Minimum value of `1` and maximum value of `16384`. Defaults to `1000`. | `number` | `1000` | no |
-| [encryption\_at\_rest\_kms\_key](#input\_encryption\_at\_rest\_kms\_key) | (Optional) Specify a KMS key short ID or ARN (it will always output an ARN) to use for encrypting your data at rest. If no key is specified, an AWS managed KMS ('aws/msk' managed service) key will be used for encrypting the data at rest. | `string` | `""` | no |
-| [encryption\_in\_transit\_client\_mode](#input\_encryption\_in\_transit\_client\_mode) | (Optional) Encryption setting for data in transit between clients and brokers. `TLS`, `TLS_PLAINTEXT`, `PLAINTEXT` are available. | `string` | `"TLS_PLAINTEXT"` | no |
-| [encryption\_in\_transit\_in\_cluster\_enabled](#input\_encryption\_in\_transit\_in\_cluster\_enabled) | (Optional) Whether data communication among broker nodes is encrypted. | `bool` | `true` | no |
-| [kafka\_server\_properties](#input\_kafka\_server\_properties) | (Optional) Contents of the `server.properties` file for configuration of Kafka. | `map(string)` | `{}` | no |
-| [kafka\_version](#input\_kafka\_version) | (Optional) Kafka version to use for the MSK cluster. | `string` | `"2.8.0"` | no |
-| [logging\_cloudwatch\_enabled](#input\_logging\_cloudwatch\_enabled) | (Optional) Indicates whether you want to enable or disable streaming broker logs to Cloudwatch Logs. | `bool` | `false` | no |
-| [logging\_cloudwatch\_log\_group](#input\_logging\_cloudwatch\_log\_group) | (Optional) The name of log group on CloudWatch Logs to deliver logs to. | `string` | `""` | no |
-| [logging\_firehose\_delivery\_stream](#input\_logging\_firehose\_delivery\_stream) | (Optional) Name of the Kinesis Data Firehose delivery stream to deliver logs to. | `string` | `""` | no |
-| [logging\_firehose\_enabled](#input\_logging\_firehose\_enabled) | (Optional) Indicates whether you want to enable or disable streaming broker logs to Kinesis Data Firehose. | `bool` | `false` | no |
-| [logging\_s3\_bucket](#input\_logging\_s3\_bucket) | (Optional) The name of the S3 bucket to deliver logs to. | `string` | `""` | no |
-| [logging\_s3\_enabled](#input\_logging\_s3\_enabled) | (Optional) Indicates whether you want to enable or disable streaming broker logs to S3. | `bool` | `false` | no |
-| [logging\_s3\_prefix](#input\_logging\_s3\_prefix) | (Optional) The prefix to append to the folder name. | `string` | `""` | no |
-| [module\_tags\_enabled](#input\_module\_tags\_enabled) | (Optional) Whether to create AWS Resource Tags for the module informations. | `bool` | `true` | no |
-| [monitoring\_cloudwatch\_level](#input\_monitoring\_cloudwatch\_level) | (Optional) The desired enhanced MSK CloudWatch monitoring level. `DEFAULT`, `PER_BROKER`, `PER_TOPIC_PER_BROKER`, `PER_TOPIC_PER_PARTITION` are available. | `string` | `"DEFAULT"` | no |
-| [monitoring\_prometheus\_jmx\_exporter\_enabled](#input\_monitoring\_prometheus\_jmx\_exporter\_enabled) | (Optional) Indicates whether you want to enable or disable the JMX Exporter. | `bool` | `false` | no |
-| [monitoring\_prometheus\_node\_exporter\_enabled](#input\_monitoring\_prometheus\_node\_exporter\_enabled) | (Optional) Indicates whether you want to enable or disable the Node Exporter. | `bool` | `false` | no |
-| [resource\_group\_description](#input\_resource\_group\_description) | (Optional) The description of Resource Group. | `string` | `"Managed by Terraform."` | no |
-| [resource\_group\_enabled](#input\_resource\_group\_enabled) | (Optional) Whether to create Resource Group to find and group AWS resources which are created by this module. | `bool` | `true` | no |
-| [resource\_group\_name](#input\_resource\_group\_name) | (Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with `AWS` or `aws`. | `string` | `""` | no |
-| [tags](#input\_tags) | (Optional) A map of tags to add to all resources. | `map(string)` | `{}` | no |
-| [timeouts](#input\_timeouts) | (Optional) How long to wait for the MSK cluster to be created/updated/deleted. | `map(string)` | {
"create": "120m",
"delete": "120m",
"update": "120m"
} | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| [arn](#output\_arn) | The ARN of the MSK cluster. |
-| [auth](#output\_auth) | A configuration for authentication of the Kafka cluster. |
-| [bootstrap\_brokers](#output\_bootstrap\_brokers) | A configuration for connecting to the Kafka cluster.
`plaintext` - A comma separated list of one or more hostname:port pairs of kafka brokers suitable to boostrap connectivity to the kafka cluster. Only contains value if `client_encryption_in_transit_mode` is set to PLAINTEXT or TLS\_PLAINTEXT. AWS may not always return all endpoints so the values may not be stable across applies.
`sasl_iam` - A comma separated list of one or more DNS names (or IPs) and SASL IAM port pairs. Only contains value if `client_encryption_in_transit_mode` is set to TLS\_PLAINTEXT or TLS. AWS may not always return all endpoints so the values may not be stable across applies.
`sasl_scram` - A comma separated list of one or more DNS names (or IPs) and SASL SCRAM port pairs. Only contains value if `client_encryption_in_transit_mode` is set to TLS\_PLAINTEXT or TLS. AWS may not always return all endpoints so the values may not be stable across applies.
`tls` - A comma separated list of one or more DNS names (or IPs) and TLS port pairs kafka brokers suitable to boostrap connectivity to the kafka cluster. Only contains value if `client_encryption_in_transit_mode is set to TLS_PLAINTEXT or TLS. AWS may not always return all endpoints so the values may not be stable across applies.
`public\_sasl\_iam` - A comma separated list of one or more DNS names (or IPs) and SASL IAM port pairs. Only contains value if `client\_encryption\_in\_transit\_mode` is set to TLS_PLAINTEXT or TLS and `auth\_sasl\_iam\_enabled` is `true` and `broker\_public\_access\_enabled` is `true`. AWS may not always return all endpoints so the values may not be stable across applies.
`public\_sasl\_scram` - A comma separated list of one or more DNS names (or IPs) and SASL SCRAM port pairs. Only contains value if `client\_encryption\_in\_transit\_mode` is set to TLS_PLAINTEXT or TLS and `auth\_sasl\_scram\_enabled` is `true` and `broker\_public\_access\_enabled` is `true`. AWS may not always return all endpoints so the values may not be stable across applies.
`public\_tls` - A comma separated list of one or more DNS names (or IPs) and TLS port pairs. Only contains value if `client\_encryption\_in\_transit\_mode` is set to TLS_PLAINTEXT or TLS and `broker\_public\_access\_enabled` is `true`. AWS may not always return all endpoints so the values may not be stable across applies.
` |
-| [broker](#output\_broker) | A configuration for brokers of the Kafka cluster.
`size` - The number of broker nodes in the kafka cluster.
`instance_type` - The instance type used by the kafka brokers.
`public_access_enabled` - Whether public access to MSK brokers is enabled.
`security_groups` - A list of the security groups associated with the MSK cluster.
`volume` - A EBS volume information for MSK brokers. |
-| [broker\_nodes](#output\_broker\_nodes) | The information of broker nodes in the kafka cluster. |
-| [broker\_security\_group\_id](#output\_broker\_security\_group\_id) | The id of security group that were created for the MSK cluster. |
-| [encryption](#output\_encryption) | A configuration for encryption of the Kafka cluster.
`at_rest` - The configuration for encryption at rest.
`in_transit` - The configuration for encryption in transit. |
-| [kafka\_config](#output\_kafka\_config) | The MSK configuration. |
-| [kafka\_version](#output\_kafka\_version) | The MSK cluster version. |
-| [logging](#output\_logging) | A configuration for logging of the Kafka cluster.
`cloudwatch` - The configuration for MSK broker logs to CloudWatch Logs.
`firehose` - The configuration for MSK broker logs to Kinesis Firehose.
`s3` - The configuration for MSK broker logs to S3 Bucket. |
-| [monitoring](#output\_monitoring) | A configuration for monitoring of the Kafka cluster.
`cloudwatch` - The configuration for MSK CloudWatch Metrics.
`prometheus` - The configuration for Prometheus open monitoring. |
-| [name](#output\_name) | The MSK cluster name. |
-| [version](#output\_version) | Current version of the MSK Cluster used for updates. |
-| [zookeeper\_connections](#output\_zookeeper\_connections) | A configuration for connecting to the Apache Zookeeper cluster.
`tcp` - A comma separated list of one or more IP:port pairs to use to connect to the Apache Zookeeper cluster.
`tls` - A comma separated list of one or more IP:port pairs to use to connect to the Apache Zookeeper cluster via TLS. |
-
diff --git a/modules/msk-cluster/cluster.tf b/modules/msk-cluster/cluster.tf
deleted file mode 100644
index c174a1b..0000000
--- a/modules/msk-cluster/cluster.tf
+++ /dev/null
@@ -1,172 +0,0 @@
-locals {
- metadata = {
- package = "terraform-aws-misc"
- version = trimspace(file("${path.module}/../../VERSION"))
- module = basename(path.module)
- name = var.name
- }
- module_tags = var.module_tags_enabled ? {
- "module.terraform.io/package" = local.metadata.package
- "module.terraform.io/version" = local.metadata.version
- "module.terraform.io/name" = local.metadata.module
- "module.terraform.io/full-name" = "${local.metadata.package}/${local.metadata.module}"
- "module.terraform.io/instance" = local.metadata.name
- } : {}
-}
-
-
-###################################################
-# Configuration for MSK Cluster
-###################################################
-
-locals {
- server_properties = < 0 ? 1 : 0
-
- cluster_arn = aws_msk_cluster.this.arn
- secret_arn_list = values(module.secret).*.arn
-}
diff --git a/modules/msk-cluster/security-group.tf b/modules/msk-cluster/security-group.tf
deleted file mode 100644
index be49bf1..0000000
--- a/modules/msk-cluster/security-group.tf
+++ /dev/null
@@ -1,124 +0,0 @@
-data "aws_subnet" "this" {
- id = var.broker_subnets[0]
-}
-
-locals {
- vpc_id = data.aws_subnet.this.vpc_id
-}
-
-
-###################################################
-# Security Group
-###################################################
-
-module "security_group" {
- source = "tedilabs/network/aws//modules/security-group"
- version = "0.26.0"
-
- count = length(var.broker_allowed_ingress_cidrs) > 0 ? 1 : 0
-
- name = var.name
- description = "Security group for MSK Cluster."
- vpc_id = local.vpc_id
-
- ingress_rules = [
- {
- id = "broker-plaintext/cidrs"
- description = "Allow CIDRs to communicate with Kafka brokers in plaintext."
- protocol = "tcp"
- from_port = 9092
- to_port = 9092
-
- cidr_blocks = var.broker_allowed_ingress_cidrs
- },
- {
- id = "broker-tls/cidrs"
- description = "Allow CIDRs to communicate with Kafka brokers in tls."
- protocol = "tcp"
- from_port = 9094
- to_port = 9094
-
- cidr_blocks = var.broker_allowed_ingress_cidrs
- },
- {
- id = "broker-sasl-scram/cidrs"
- description = "Allow CIDRs to communicate with Kafka brokers in SASL SCRAM."
- protocol = "tcp"
- from_port = 9096
- to_port = 9096
-
- cidr_blocks = var.broker_allowed_ingress_cidrs
- },
- {
- id = "broker-sasl-iam/cidrs"
- description = "Allow CIDRs to communicate with Kafka brokers in SASL IAM."
- protocol = "tcp"
- from_port = 9098
- to_port = 9098
-
- cidr_blocks = var.broker_allowed_ingress_cidrs
- },
- {
- id = "broker-public-tls/cidrs"
- description = "Allow CIDRs to communicate with Kafka brokers in tls (public)."
- protocol = "tcp"
- from_port = 9194
- to_port = 9194
-
- cidr_blocks = var.broker_allowed_ingress_cidrs
- },
- {
- id = "broker-public-sasl-scram/cidrs"
- description = "Allow CIDRs to communicate with Kafka brokers in SASL SCRAM (public)."
- protocol = "tcp"
- from_port = 9196
- to_port = 9196
-
- cidr_blocks = var.broker_allowed_ingress_cidrs
- },
- {
- id = "broker-public-sasl-iam/cidrs"
- description = "Allow CIDRs to communicate with Kafka brokers in SASL IAM (public)."
- protocol = "tcp"
- from_port = 9198
- to_port = 9198
-
- cidr_blocks = var.broker_allowed_ingress_cidrs
- },
- {
- id = "zookeeper/cidrs"
- description = "Allow CIDRs to communicate with Kafka zookeepers."
- protocol = "tcp"
- from_port = 2181
- to_port = 2181
-
- cidr_blocks = var.broker_allowed_ingress_cidrs
- },
- {
- id = "prometheus-jmx-exporter/cidrs"
- description = "Allow CIDRs to communicate with Prometheus JMX Exporter."
- protocol = "tcp"
- from_port = 11001
- to_port = 11001
-
- cidr_blocks = var.broker_allowed_ingress_cidrs
- },
- {
- id = "prometheus-node-exporter/cidrs"
- description = "Allow CIDRs to communicate with Prometheus Node Exporter."
- protocol = "tcp"
- from_port = 11002
- to_port = 11002
-
- cidr_blocks = var.broker_allowed_ingress_cidrs
- },
- ]
-
- resource_group_enabled = false
- module_tags_enabled = false
-
- tags = merge(
- local.module_tags,
- var.tags,
- )
-}
diff --git a/modules/msk-cluster/variables.tf b/modules/msk-cluster/variables.tf
deleted file mode 100644
index 634de59..0000000
--- a/modules/msk-cluster/variables.tf
+++ /dev/null
@@ -1,278 +0,0 @@
-variable "name" {
- description = "(Required) Name of the MSK cluster."
- type = string
-}
-
-variable "kafka_version" {
- description = "(Optional) Kafka version to use for the MSK cluster."
- type = string
- default = "2.8.0"
- nullable = false
-}
-
-variable "kafka_server_properties" {
- description = "(Optional) Contents of the `server.properties` file for configuration of Kafka."
- type = map(string)
- default = {}
- nullable = false
-}
-
-variable "broker_size" {
- description = "(Required) The desired total number of broker nodes in the kafka cluster. It must be a multiple of the number of specified client subnets."
- type = number
-}
-
-variable "broker_instance_type" {
- description = "(Optional) The instance type to use for the kafka brokers."
- type = string
- default = "kafka.m5.large"
- nullable = false
-}
-
-variable "broker_volume_size" {
- description = "(Optional) The size in GiB of the EBS volume for the data drive on each broker node. Minimum value of `1` and maximum value of `16384`. Defaults to `1000`."
- type = number
- default = 1000
- nullable = false
-
- validation {
- condition = alltrue([
- var.broker_volume_size >= 1,
- var.broker_volume_size <= 16384,
- ])
- error_message = "Valid value for `broker_volume_size` is between `1` and `16384`."
- }
-}
-
-variable "broker_volume_provisioned_throughput_enabled" {
- description = "(Optional) Whether provisioned throughput is enabled or not. You can specify the provisioned throughput rate in MiB per second for clusters whose brokers are of type `kafka.m5.4xlarge` or larger and if the storage volume is 10 GiB or greater. Defaults to `false`."
- type = bool
- default = false
- nullable = false
-}
-
-variable "broker_volume_provisioned_throughput" {
- description = "(Optional) Throughput value of the EBS volumes for the data drive on each kafka broker node in MiB per second. The minimum value is `250`. The maximum value varies between broker type."
- type = number
- default = null
-}
-
-variable "broker_subnets" {
- description = "(Required) A list of subnet IDs to place ENIs of the MSK cluster broker nodes within."
- type = list(string)
-}
-
-variable "broker_public_access_enabled" {
- description = "(Optional) Whether to allow public access to MSK brokers."
- type = bool
- default = false
- nullable = false
-}
-
-variable "broker_allowed_ingress_cidrs" {
- description = "(Optional) A list of CIDR for MSK ingress access."
- type = list(string)
- default = []
-}
-
-variable "broker_additional_security_groups" {
- description = "(Optional) A list of security group IDs to associate with ENIs to control who can communicate with the cluster."
- type = list(string)
- default = []
-}
-
-variable "auth_unauthenticated_access_enabled" {
- description = "(Optional) Enables unauthenticated access. Defaults to `true`."
- type = bool
- default = true
- nullable = false
-}
-
-variable "auth_sasl_iam_enabled" {
- description = "(Optional) Enables IAM client authentication."
- type = bool
- default = false
- nullable = false
-}
-
-variable "auth_sasl_scram_enabled" {
- description = "(Optional) Enables SCRAM client authentication via AWS Secrets Manager."
- type = bool
- default = false
- nullable = false
-}
-
-variable "auth_sasl_scram_kms_key" {
- description = "(Optional) The ARN of a KMS key to encrypt AWS SeecretsManager Secret resources for storing SASL/SCRAM authentication data. Only required when the MSK cluster has SASL/SCRAM authentication enabled. The Username/Password Authentication based on SASL/SCRAM needs to create a Secret resource in AWS SecretsManager with a custom AWS KMS Key. A secret created with the default AWS KMS key cannot be used with an Amazon MSK cluster."
- type = string
- default = null
-}
-
-variable "auth_sasl_scram_users" {
- description = "(Optional) A list of usernames to be allowed for SASL/SCRAM authentication to the MSK cluster. The password for each username is randomly generated and stored in AWS SecretsManager secret."
- type = set(string)
- default = []
- nullable = false
-}
-
-variable "auth_tls_enabled" {
- description = "(Optional) Enables TLS client authentication."
- type = bool
- default = false
- nullable = false
-}
-
-variable "auth_tls_acm_ca_arns" {
- description = "(Optional) List of ACM Certificate Authority Amazon Resource Names (ARNs)."
- type = list(string)
- default = []
- nullable = false
-}
-
-variable "encryption_at_rest_kms_key" {
- description = "(Optional) Specify a KMS key short ID or ARN (it will always output an ARN) to use for encrypting your data at rest. If no key is specified, an AWS managed KMS ('aws/msk' managed service) key will be used for encrypting the data at rest."
- type = string
- default = ""
-}
-
-variable "encryption_in_transit_in_cluster_enabled" {
- description = "(Optional) Whether data communication among broker nodes is encrypted."
- type = bool
- default = true
- nullable = false
-}
-
-variable "encryption_in_transit_client_mode" {
- description = "(Optional) Encryption setting for data in transit between clients and brokers. `TLS`, `TLS_PLAINTEXT`, `PLAINTEXT` are available."
- type = string
- default = "TLS_PLAINTEXT"
- nullable = false
-
- validation {
- condition = contains(["TLS", "TLS_PLAINTEXT", "PLAINTEXT"], var.encryption_in_transit_client_mode)
- error_message = "Valid values are `TLS`, `TLS_PLAINTEXT`, `PLAINTEXT`."
- }
-}
-
-variable "logging_cloudwatch_enabled" {
- description = "(Optional) Indicates whether you want to enable or disable streaming broker logs to Cloudwatch Logs."
- type = bool
- default = false
- nullable = false
-}
-
-variable "logging_cloudwatch_log_group" {
- description = "(Optional) The name of log group on CloudWatch Logs to deliver logs to."
- type = string
- default = ""
- nullable = false
-}
-
-variable "logging_firehose_enabled" {
- description = "(Optional) Indicates whether you want to enable or disable streaming broker logs to Kinesis Data Firehose."
- type = bool
- default = false
- nullable = false
-}
-
-variable "logging_firehose_delivery_stream" {
- description = "(Optional) Name of the Kinesis Data Firehose delivery stream to deliver logs to."
- type = string
- default = ""
- nullable = false
-}
-
-variable "logging_s3_enabled" {
- description = "(Optional) Indicates whether you want to enable or disable streaming broker logs to S3."
- type = bool
- default = false
- nullable = false
-}
-
-variable "logging_s3_bucket" {
- description = "(Optional) The name of the S3 bucket to deliver logs to."
- type = string
- default = ""
- nullable = false
-}
-
-variable "logging_s3_prefix" {
- description = "(Optional) The prefix to append to the folder name."
- type = string
- default = ""
- nullable = false
-}
-
-variable "monitoring_cloudwatch_level" {
- description = "(Optional) The desired enhanced MSK CloudWatch monitoring level. `DEFAULT`, `PER_BROKER`, `PER_TOPIC_PER_BROKER`, `PER_TOPIC_PER_PARTITION` are available."
- type = string
- default = "DEFAULT"
- nullable = false
-
- validation {
- condition = contains(["DEFAULT", "PER_BROKER", "PER_TOPIC_PER_BROKER", "PER_TOPIC_PER_PARTITION"], var.monitoring_cloudwatch_level)
- error_message = "Valid values are `DEFAULT`, `PER_BROKER`, `PER_TOPIC_PER_BROKER`, `PER_TOPIC_PER_PARTITION`."
- }
-}
-
-variable "monitoring_prometheus_jmx_exporter_enabled" {
- description = "(Optional) Indicates whether you want to enable or disable the JMX Exporter."
- type = bool
- default = false
- nullable = false
-}
-
-variable "monitoring_prometheus_node_exporter_enabled" {
- description = "(Optional) Indicates whether you want to enable or disable the Node Exporter."
- type = bool
- default = false
- nullable = false
-}
-
-variable "timeouts" {
- description = "(Optional) How long to wait for the MSK cluster to be created/updated/deleted."
- type = map(string)
- default = {
- create = "120m"
- update = "120m"
- delete = "120m"
- }
- nullable = false
-}
-
-variable "tags" {
- description = "(Optional) A map of tags to add to all resources."
- type = map(string)
- default = {}
- nullable = false
-}
-
-variable "module_tags_enabled" {
- description = "(Optional) Whether to create AWS Resource Tags for the module informations."
- type = bool
- default = true
- nullable = false
-}
-
-
-###################################################
-# Resource Group
-###################################################
-
-variable "resource_group_enabled" {
- description = "(Optional) Whether to create Resource Group to find and group AWS resources which are created by this module."
- type = bool
- default = true
-}
-
-variable "resource_group_name" {
- description = "(Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with `AWS` or `aws`."
- type = string
- default = ""
-}
-
-variable "resource_group_description" {
- description = "(Optional) The description of Resource Group."
- type = string
- default = "Managed by Terraform."
-}
diff --git a/modules/msk-cluster/versions.tf b/modules/msk-cluster/versions.tf
deleted file mode 100644
index 583387c..0000000
--- a/modules/msk-cluster/versions.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-terraform {
- required_version = ">= 1.2"
-
- required_providers {
- aws = {
- source = "hashicorp/aws"
- version = ">= 4.22"
- }
- random = {
- source = "hashicorp/random"
- version = ">= 3.3"
- }
- }
-}
diff --git a/modules/resource-group/README.md b/modules/resource-group/README.md
index 348fae5..5cb4712 100644
--- a/modules/resource-group/README.md
+++ b/modules/resource-group/README.md
@@ -9,14 +9,14 @@ This module creates following resources.
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.1 |
+| [terraform](#requirement\_terraform) | >= 1.5 |
| [aws](#requirement\_aws) | >= 4.14 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | 4.16.0 |
+| [aws](#provider\_aws) | 5.15.0 |
## Modules
@@ -35,7 +35,7 @@ No modules.
| [name](#input\_name) | (Required) A name to identify the resource group. A resource group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with `AWS` or `aws`. | `string` | n/a | yes |
| [description](#input\_description) | (Optional) The description of the resource group. | `string` | `"Managed by Terraform."` | no |
| [module\_tags\_enabled](#input\_module\_tags\_enabled) | (Optional) Whether to create AWS Resource Tags for the module informations. | `bool` | `true` | no |
-| [query](#input\_query) | (Optional) A configuration for the actual query used to match against resources. It supports `resource_types` and `resource_tags`. `query` block as defined below.
(Required) `resource_tags` - A map of key/value pairs that are compared to the tags attached to resources.
(Optional) `resource_types` - A list of resource-type specification strings with `AWS::service-id::resource-type` format. Limit the results to only those resource types that match the filter. Specify `AWS::AllSupported` to include resources of any resources that are currently supported by Resource Group. | `any` | `{}` | no |
+| [query](#input\_query) | (Optional) A configuration for the actual query used to match against resources. It supports `resource_types` and `resource_tags`. `query` block as defined below.
(Optional) `resource_tags` - A map of key/value pairs that are compared to the tags attached to resources.
(Optional) `resource_types` - A list of resource-type specification strings with `AWS::service-id::resource-type` format. Limit the results to only those resource types that match the filter. Specify `AWS::AllSupported` to include resources of any resources that are currently supported by Resource Group. | object({
resource_tags = optional(map(string), {})
resource_types = optional(list(string), ["AWS::AllSupported"])
}) | `{}` | no |
| [tags](#input\_tags) | (Optional) A map of tags to add to all resources. | `map(string)` | `{}` | no |
## Outputs
diff --git a/modules/resource-group/main.tf b/modules/resource-group/main.tf
index 1efd8b3..fe9e009 100644
--- a/modules/resource-group/main.tf
+++ b/modules/resource-group/main.tf
@@ -21,14 +21,14 @@ locals {
locals {
filters = [
- for key, value in try(var.query.resource_tags, {}) : {
+ for key, value in var.query.resource_tags : {
"Key" = key
"Values" = flatten([value])
}
]
query = <<-JSON
{
- "ResourceTypeFilters": ${jsonencode(try(var.query.resource_types, ["AWS::AllSupported"]))},
+ "ResourceTypeFilters": ${jsonencode(var.query.resource_types)},
"TagFilters": ${jsonencode(local.filters)}
}
JSON
diff --git a/modules/resource-group/outputs.tf b/modules/resource-group/outputs.tf
index 1e0f6ea..4ddf8a8 100644
--- a/modules/resource-group/outputs.tf
+++ b/modules/resource-group/outputs.tf
@@ -15,10 +15,10 @@ output "description" {
output "resource_types" {
description = "The resource types used by the resource group to query resources."
- value = try(var.query.resource_types, ["AWS::AllSupported"])
+ value = var.query.resource_types
}
output "resource_tags" {
description = "The resource tags used by the resource group to query resources."
- value = try(var.query.resource_tags, {})
+ value = var.query.resource_tags
}
diff --git a/modules/resource-group/variables.tf b/modules/resource-group/variables.tf
index 6ae4201..70b82c2 100644
--- a/modules/resource-group/variables.tf
+++ b/modules/resource-group/variables.tf
@@ -1,32 +1,40 @@
variable "name" {
description = "(Required) A name to identify the resource group. A resource group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with `AWS` or `aws`."
type = string
+ nullable = false
}
variable "description" {
description = "(Optional) The description of the resource group."
type = string
default = "Managed by Terraform."
+ nullable = false
}
variable "query" {
description = < [terraform](#requirement\_terraform) | >= 1.1 |
+| [terraform](#requirement\_terraform) | >= 1.2 |
| [aws](#requirement\_aws) | >= 4.16 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | 4.16.0 |
+| [aws](#provider\_aws) | 4.52.0 |
## Modules
-No modules.
+| Name | Source | Version |
+|------|--------|---------|
+| [resource\_group](#module\_resource\_group) | tedilabs/misc/aws//modules/resource-group | ~> 0.10.0 |
## Resources
| Name | Type |
|------|------|
-| [aws_resourcegroups_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/resourcegroups_group) | resource |
| [aws_s3_bucket.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
| [aws_s3_bucket_accelerate_configuration.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_accelerate_configuration) | resource |
| [aws_s3_bucket_acl.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl) | resource |
diff --git a/modules/s3-archive-bucket/migrations.tf b/modules/s3-archive-bucket/migrations.tf
new file mode 100644
index 0000000..83a0f7e
--- /dev/null
+++ b/modules/s3-archive-bucket/migrations.tf
@@ -0,0 +1,5 @@
+# 2023-02-01
+moved {
+ from = aws_resourcegroups_group.this[0]
+ to = module.resource_group[0].aws_resourcegroups_group.this
+}
diff --git a/modules/s3-archive-bucket/resource-group.tf b/modules/s3-archive-bucket/resource-group.tf
index af108f9..7487ba0 100644
--- a/modules/s3-archive-bucket/resource-group.tf
+++ b/modules/s3-archive-bucket/resource-group.tf
@@ -7,37 +7,24 @@ locals {
replace(local.metadata.name, "/[^a-zA-Z0-9_\\.-]/", "-"),
])
)
- resource_group_filters = [
- for key, value in local.module_tags : {
- "Key" = key
- "Values" = [value]
- }
- ]
- resource_group_query = <<-JSON
- {
- "ResourceTypeFilters": [
- "AWS::AllSupported"
- ],
- "TagFilters": ${jsonencode(local.resource_group_filters)}
- }
- JSON
}
-resource "aws_resourcegroups_group" "this" {
+
+module "resource_group" {
+ source = "tedilabs/misc/aws//modules/resource-group"
+ version = "~> 0.10.0"
+
count = (var.resource_group_enabled && var.module_tags_enabled) ? 1 : 0
name = local.resource_group_name
description = var.resource_group_description
- resource_query {
- type = "TAG_FILTERS_1_0"
- query = local.resource_group_query
+ query = {
+ resource_tags = local.module_tags
}
+ module_tags_enabled = false
tags = merge(
- {
- "Name" = local.resource_group_name
- },
local.module_tags,
var.tags,
)
diff --git a/modules/s3-archive-bucket/versions.tf b/modules/s3-archive-bucket/versions.tf
index 6235d27..5242434 100644
--- a/modules/s3-archive-bucket/versions.tf
+++ b/modules/s3-archive-bucket/versions.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 1.1"
+ required_version = ">= 1.2"
required_providers {
aws = {
diff --git a/modules/sqs-aws-event-queue/README.md b/modules/sqs-aws-event-queue/README.md
index d5f7817..954be30 100644
--- a/modules/sqs-aws-event-queue/README.md
+++ b/modules/sqs-aws-event-queue/README.md
@@ -10,24 +10,25 @@ This module creates following resources.
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 0.15 |
+| [terraform](#requirement\_terraform) | >= 1.2 |
| [aws](#requirement\_aws) | >= 3.45 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | 3.69.0 |
+| [aws](#provider\_aws) | 4.52.0 |
## Modules
-No modules.
+| Name | Source | Version |
+|------|--------|---------|
+| [resource\_group](#module\_resource\_group) | tedilabs/misc/aws//modules/resource-group | ~> 0.10.0 |
## Resources
| Name | Type |
|------|------|
-| [aws_resourcegroups_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/resourcegroups_group) | resource |
| [aws_sqs_queue.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource |
| [aws_sqs_queue_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue_policy) | resource |
| [aws_iam_policy_document.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
diff --git a/modules/sqs-aws-event-queue/resource-group.tf b/modules/sqs-aws-event-queue/resource-group.tf
index af108f9..7487ba0 100644
--- a/modules/sqs-aws-event-queue/resource-group.tf
+++ b/modules/sqs-aws-event-queue/resource-group.tf
@@ -7,37 +7,24 @@ locals {
replace(local.metadata.name, "/[^a-zA-Z0-9_\\.-]/", "-"),
])
)
- resource_group_filters = [
- for key, value in local.module_tags : {
- "Key" = key
- "Values" = [value]
- }
- ]
- resource_group_query = <<-JSON
- {
- "ResourceTypeFilters": [
- "AWS::AllSupported"
- ],
- "TagFilters": ${jsonencode(local.resource_group_filters)}
- }
- JSON
}
-resource "aws_resourcegroups_group" "this" {
+
+module "resource_group" {
+ source = "tedilabs/misc/aws//modules/resource-group"
+ version = "~> 0.10.0"
+
count = (var.resource_group_enabled && var.module_tags_enabled) ? 1 : 0
name = local.resource_group_name
description = var.resource_group_description
- resource_query {
- type = "TAG_FILTERS_1_0"
- query = local.resource_group_query
+ query = {
+ resource_tags = local.module_tags
}
+ module_tags_enabled = false
tags = merge(
- {
- "Name" = local.resource_group_name
- },
local.module_tags,
var.tags,
)
diff --git a/modules/sqs-aws-event-queue/versions.tf b/modules/sqs-aws-event-queue/versions.tf
index 6078ceb..dd959fc 100644
--- a/modules/sqs-aws-event-queue/versions.tf
+++ b/modules/sqs-aws-event-queue/versions.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 0.15"
+ required_version = ">= 1.2"
required_providers {
aws = {