Merge pull request #90 from pablo19sc/main

flow logs default update & required_provider 1.3.0

.header.md

@@ -2,7 +2,7 @@
 
 This module can be used to deploy a pragmatic VPC with various subnets types in # AZs. Common deployment examples can be found in [examples/](https://github.com/aws-ia/terraform-aws-vpc/tree/main/examples). Subnet CIDRs can be explicitly set via list of string argument `cidrs` or set via a number `netmask` argument.
 
-_Note: For information regarding the 2.0 upgrade see our [upgrade guide](https://github.com/aws-ia/terraform-aws-vpc/blob/main/UPGRADE-GUIDE-2.0.md)._
+_Note: For information regarding the 3.0 upgrade see our [upgrade guide](https://github.com/aws-ia/terraform-aws-vpc/blob/main/UPGRADE-GUIDE-3.0.md)._
 
 ## Usage
 

README.md

@@ -3,7 +3,7 @@
 
 This module can be used to deploy a pragmatic VPC with various subnets types in # AZs. Common deployment examples can be found in [examples/](https://github.com/aws-ia/terraform-aws-vpc/tree/main/examples). Subnet CIDRs can be explicitly set via list of string argument `cidrs` or set via a number `netmask` argument.
 
-\_Note: For information regarding the 2.0 upgrade see our [upgrade guide](https://github.com/aws-ia/terraform-aws-vpc/blob/main/UPGRADE-GUIDE-2.0.md).\_
+\_Note: For information regarding the 3.0 upgrade see our [upgrade guide](https://github.com/aws-ia/terraform-aws-vpc/blob/main/UPGRADE-GUIDE-3.0.md).\_
 
 ## Usage
 
@@ -216,7 +216,7 @@ Please see our [developer documentation](https://github.com/aws-ia/terraform-aws
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.73.0 |
 | <a name="requirement_awscc"></a> [awscc](#requirement\_awscc) | >= 0.15.0 |
 
@@ -277,7 +277,7 @@ Please see our [developer documentation](https://github.com/aws-ia/terraform-aws
 | <a name="input_transit_gateway_routes"></a> [transit\_gateway\_routes](#input\_transit\_gateway\_routes) | Configuration of route(s) to transit gateway.<br>For each `public` and/or `private` subnets named in the `subnets` variable,<br>Optionally create routes from the subnet to transit gateway. Specify the CIDR range or a prefix-list-id that you want routed to the transit gateway.<br>Example:<pre>transit_gateway_routes = {<br>  public  = "10.0.0.0/8"<br>  private = "pl-123"<br>}</pre> | `any` | `{}` | no |
 | <a name="input_vpc_enable_dns_hostnames"></a> [vpc\_enable\_dns\_hostnames](#input\_vpc\_enable\_dns\_hostnames) | Indicates whether the instances launched in the VPC get DNS hostnames. If enabled, instances in the VPC get DNS hostnames; otherwise, they do not. Disabled by default for nondefault VPCs. | `bool` | `true` | no |
 | <a name="input_vpc_enable_dns_support"></a> [vpc\_enable\_dns\_support](#input\_vpc\_enable\_dns\_support) | Indicates whether the DNS resolution is supported for the VPC. If enabled, queries to the Amazon provided DNS server at the 169.254.169.253 IP address, or the reserved IP address at the base of the VPC network range "plus two" succeed. If disabled, the Amazon provided DNS service in the VPC that resolves public DNS hostnames to IP addresses is not enabled. Enabled by default. | `bool` | `true` | no |
-| <a name="input_vpc_flow_logs"></a> [vpc\_flow\_logs](#input\_vpc\_flow\_logs) | Whether or not to create VPC flow logs and which type. Options: "cloudwatch", "s3", "none". By default creates flow logs to `cloudwatch`. Variable overrides null value types for some keys, defined in defaults.tf. | <pre>object({<br>    log_destination = optional(string)<br>    iam_role_arn    = optional(string)<br>    kms_key_id      = optional(string)<br><br>    log_destination_type = string<br>    retention_in_days    = optional(number)<br>    tags                 = optional(map(string))<br>    traffic_type         = optional(string)<br>    destination_options = optional(object({<br>      file_format                = optional(string)<br>      hive_compatible_partitions = optional(bool)<br>      per_hour_partition         = optional(bool)<br>    }))<br>  })</pre> | <pre>{<br>  "log_destination_type": "none"<br>}</pre> | no |
+| <a name="input_vpc_flow_logs"></a> [vpc\_flow\_logs](#input\_vpc\_flow\_logs) | Whether or not to create VPC flow logs and which type. Options: "cloudwatch", "s3", "none". By default creates flow logs to `cloudwatch`. Variable overrides null value types for some keys, defined in defaults.tf. | <pre>object({<br>    log_destination = optional(string)<br>    iam_role_arn    = optional(string)<br>    kms_key_id      = optional(string)<br><br>    log_destination_type = string<br>    retention_in_days    = optional(number)<br>    tags                 = optional(map(string))<br>    traffic_type         = optional(string, "ALL")<br>    destination_options = optional(object({<br>      file_format                = optional(string, "plain-text")<br>      hive_compatible_partitions = optional(bool, false)<br>      per_hour_partition         = optional(bool, false)<br>    }))<br>  })</pre> | <pre>{<br>  "log_destination_type": "none"<br>}</pre> | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC ID to use if not creating VPC. | `string` | `null` | no |
 | <a name="input_vpc_instance_tenancy"></a> [vpc\_instance\_tenancy](#input\_vpc\_instance\_tenancy) | The allowed tenancy of instances launched into the VPC. | `string` | `"default"` | no |
 | <a name="input_vpc_ipv4_ipam_pool_id"></a> [vpc\_ipv4\_ipam\_pool\_id](#input\_vpc\_ipv4\_ipam\_pool\_id) | Set to use IPAM to get CIDR block. | `string` | `null` | no |

examples/ipam/main.tf

@@ -1,6 +1,6 @@
 module "vpc" {
   source  = "aws-ia/vpc/aws"
-  version = ">= 3.0.0"
+  version = ">= 3.0.1"
 
   name     = "ipam-vpc"
   az_count = 3

examples/public_private_flow_logs/main.tf

@@ -2,9 +2,9 @@ data "aws_availability_zones" "current" {}
 
 module "vpc" {
   source  = "aws-ia/vpc/aws"
-  version = ">= 2.0.0"
+  version = ">= 3.0.1"
 
-  name       = "public-private-flowlogs"
+  name       = "flowlogs"
   cidr_block = "10.0.0.0/20"
   az_count   = 2
 

examples/public_private_flow_logs/providers.tf

@@ -1,6 +1,5 @@
 terraform {
-  required_version = ">= 0.15.0"
-  experiments      = [module_variable_optional_attrs]
+  required_version = ">= 1.3.0"
   required_providers {
     aws = {
       source  = "hashicorp/aws"

examples/secondary_cidr/main.tf

@@ -2,7 +2,7 @@ data "aws_region" "current" {}
 
 module "secondary" {
   source  = "aws-ia/vpc/aws"
-  version = ">= 2.0.0"
+  version = ">= 3.0.1"
 
   name       = "secondary-cidr"
   az_count   = 2

examples/transit_gateway/main.tf

@@ -2,7 +2,7 @@ data "aws_availability_zones" "current" {}
 
 module "vpc" {
   source  = "aws-ia/vpc/aws"
-  version = ">= 3.0.0"
+  version = ">= 3.0.1"
 
   name               = "tgw"
   cidr_block         = "10.0.0.0/16"

main.tf

@@ -255,9 +255,8 @@ module "flow_logs" {
 
   source = "./modules/flow_logs"
 
-  name = var.name
-  # see defaults.tf for local definition
-  flow_log_defintion = local.flow_logs_definition
-  vpc_id             = local.vpc.id
-  tags               = module.tags.tags_aws
+  name                = var.name
+  flow_log_definition = var.vpc_flow_logs
+  vpc_id              = local.vpc.id
+  tags                = module.tags.tags_aws
 }

modules/calculate_subnets/providers.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 0.15.0"
+  required_version = ">= 1.3.0"
   required_providers {
     aws = {
       source  = "hashicorp/aws"

modules/flow_logs/main.tf

@@ -1,34 +1,34 @@
 locals {
   # does log destination need to be created?
-  create_flow_log_destination = (var.flow_log_defintion.log_destination == null && var.flow_log_defintion.log_destination_type != "none") ? true : false
+  create_flow_log_destination = (var.flow_log_definition.log_destination == null && var.flow_log_definition.log_destination_type != "none") ? true : false
 
   # which log destination to use
   log_destination = local.create_flow_log_destination ? (
-    var.flow_log_defintion.log_destination_type == "cloud-watch-logs" ? module.cloudwatch_log_group[0].log_group.arn : module.s3_log_bucket[0].bucket_flow_logs_attributes.arn # change to s3 when implemented
-  ) : var.flow_log_defintion.log_destination
+    var.flow_log_definition.log_destination_type == "cloud-watch-logs" ? module.cloudwatch_log_group[0].log_group.arn : module.s3_log_bucket[0].bucket_flow_logs_attributes.arn # change to s3 when implemented
+  ) : var.flow_log_definition.log_destination
 
   # Use IAM from submodule if if not passed
   iam_role_arn = local.create_flow_log_destination ? (
-    var.flow_log_defintion.log_destination_type == "cloud-watch-logs" ? module.cloudwatch_log_group[0].iam_role.arn : null # s3: unnecessary, svc creates its own bucket policy
-  ) : var.flow_log_defintion.iam_role_arn
+    var.flow_log_definition.log_destination_type == "cloud-watch-logs" ? module.cloudwatch_log_group[0].iam_role.arn : null # s3: unnecessary, svc creates its own bucket policy
+  ) : var.flow_log_definition.iam_role_arn
 }
 
 module "cloudwatch_log_group" {
   # if create destination and type = cloud-watch-logs
-  count   = (local.create_flow_log_destination && var.flow_log_defintion.log_destination_type == "cloud-watch-logs") ? 1 : 0
+  count   = (local.create_flow_log_destination && var.flow_log_definition.log_destination_type == "cloud-watch-logs") ? 1 : 0
   source  = "aws-ia/cloudwatch-log-group/aws"
   version = "1.0.0"
 
   name                  = var.name
-  retention_in_days     = var.flow_log_defintion.retention_in_days == null ? 180 : var.flow_log_defintion.retention_in_days
-  kms_key_id            = var.flow_log_defintion.kms_key_id
+  retention_in_days     = var.flow_log_definition.retention_in_days == null ? 180 : var.flow_log_definition.retention_in_days
+  kms_key_id            = var.flow_log_definition.kms_key_id
   aws_service_principal = "vpc-flow-logs.amazonaws.com"
   tags                  = var.tags
 }
 
 module "s3_log_bucket" {
   # if create destination and type = s3
-  count  = (local.create_flow_log_destination && var.flow_log_defintion.log_destination_type == "s3") ? 1 : 0
+  count  = (local.create_flow_log_destination && var.flow_log_definition.log_destination_type == "s3") ? 1 : 0
   source = "./modules/s3_log_bucket"
 
   name = var.name
@@ -37,17 +37,17 @@ module "s3_log_bucket" {
 resource "aws_flow_log" "main" {
   log_destination      = local.log_destination
   iam_role_arn         = local.iam_role_arn
-  log_destination_type = var.flow_log_defintion.log_destination_type
-  traffic_type         = var.flow_log_defintion.traffic_type
+  log_destination_type = var.flow_log_definition.log_destination_type
+  traffic_type         = var.flow_log_definition.traffic_type
   vpc_id               = var.vpc_id
 
   dynamic "destination_options" {
-    for_each = var.flow_log_defintion.log_destination_type == "s3" ? [true] : []
+    for_each = var.flow_log_definition.log_destination_type == "s3" ? [true] : []
 
     content {
-      file_format                = var.flow_log_defintion.destination_options.file_format
-      per_hour_partition         = var.flow_log_defintion.destination_options.per_hour_partition
-      hive_compatible_partitions = var.flow_log_defintion.destination_options.hive_compatible_partitions
+      file_format                = var.flow_log_definition.destination_options.file_format
+      per_hour_partition         = var.flow_log_definition.destination_options.per_hour_partition
+      hive_compatible_partitions = var.flow_log_definition.destination_options.hive_compatible_partitions
     }
   }
 

modules/flow_logs/providers.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 0.15.0"
+  required_version = ">= 1.3.0"
   required_providers {
     aws = {
       source  = "hashicorp/aws"

modules/flow_logs/variables.tf

@@ -3,7 +3,7 @@ variable "name" {
   type        = string
 }
 
-variable "flow_log_defintion" {
+variable "flow_log_definition" {
   description = "Definition of the Flow Logs (FL) to create. Can define pre-existing log_destination / iam_role_arn or theyll be created, default is Cloud Watch."
   type        = any
 }

providers.tf

@@ -1,6 +1,5 @@
 terraform {
-  required_version = ">= 0.15.0"
-  experiments      = [module_variable_optional_attrs]
+  required_version = ">= 1.3.0"
   required_providers {
     aws = {
       source  = "hashicorp/aws"

test/examples_ipam_test.go

@@ -9,9 +9,6 @@ import (
 func TestExamplesIPAM(t *testing.T) {
 	terraformOptions := &terraform.Options{
 		TerraformDir: "../examples/ipam",
-		Vars: map[string]interface{}{
-			"ipam_pool_id": "test",
-		},
 	}
 
 	defer terraform.Destroy(t, terraformOptions)

test/hcl_fixtures/ipam_base/main.tf

@@ -2,7 +2,7 @@ data "aws_region" "current" {}
 
 module "ipam" {
   source  = "aws-ia/ipam/aws"
-  version = ">= 1.0.0"
+  version = ">= 1.1.4"
 
   top_cidr = ["172.0.0.0/8"]
 

test/hcl_fixtures/ipam_base/providers.tf

@@ -1,11 +1,9 @@
 terraform {
-  required_version = ">= 0.15.0"
-  experiments      = [module_variable_optional_attrs]
+  required_version = ">= 1.3.0"
   required_providers {
     aws = {
       source  = "hashicorp/aws"
       version = ">= 3.72.0"
     }
   }
-}
-
+}

test/hcl_fixtures/nat_gw_routes/main.tf

@@ -1,5 +1,6 @@
 module "nat_gw_vpc" {
-  source = "../../.."
+  source  = "aws-ia/vpc/aws"
+  version = ">= 3.0.0"
 
   name       = "nat-gw-options-vpc"
   cidr_block = "10.51.0.0/16"

test/hcl_fixtures/secondary_cidr_base/main.tf

@@ -1,7 +1,7 @@
 data "aws_availability_zones" "current" {}
 
 module "vpc" {
-  source     = "../../.."
+  source = "../../.."
 
   name       = "primary-az-vpc"
   cidr_block = "10.0.0.0/16"

test/hcl_fixtures/secondary_cidr_base/providers.tf

@@ -1,6 +1,5 @@
 terraform {
-  required_version = ">= 1.0.7"
-  experiments      = [module_variable_optional_attrs]
+  required_version = ">= 1.3.0"
   required_providers {
     aws = {
       source  = "hashicorp/aws"

test/hcl_fixtures/transit_gateway_base/providers.tf

@@ -1,6 +1,5 @@
 terraform {
-  required_version = ">= 0.15.0"
-  experiments      = [module_variable_optional_attrs]
+  required_version = ">= 1.3.0"
   required_providers {
     aws = {
       source  = "hashicorp/aws"

variables.tf

@@ -183,11 +183,11 @@ variable "vpc_flow_logs" {
     log_destination_type = string
     retention_in_days    = optional(number)
     tags                 = optional(map(string))
-    traffic_type         = optional(string)
+    traffic_type         = optional(string, "ALL")
     destination_options = optional(object({
-      file_format                = optional(string)
-      hive_compatible_partitions = optional(bool)
-      per_hour_partition         = optional(bool)
+      file_format                = optional(string, "plain-text")
+      hive_compatible_partitions = optional(bool, false)
+      per_hour_partition         = optional(bool, false)
     }))
   })