v4 aws provider compatible

bridgecrewio · Mar 29, 2022 · 826d291 · 826d291
1 parent a2514ed
commit 826d291
Show file tree

Hide file tree

Showing 7 changed files with 45 additions and 21 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -3,8 +3,8 @@
 default_language_version:
   python: python3.8
 repos:
-  - repo: git://github.com/pre-commit/pre-commit-hooks
-    rev: v4.0.1
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.1.0
     hooks:
       - id: check-json
       - id: check-merge-conflict
@@ -19,22 +19,22 @@ repos:
         args:
           - --allow-missing-credentials
       - id: detect-private-key
-  - repo: git://github.com/Lucas-C/pre-commit-hooks
-    rev: v1.1.10
+  - repo: https://github.com/Lucas-C/pre-commit-hooks
+    rev: v1.1.13
     hooks:
       - id: forbid-tabs
         exclude_types: [python, javascript, dtd, markdown, makefile, xml]
         exclude: binary|\.bin$
-  - repo: git://github.com/jameswoolfenden/pre-commit-shell
+  - repo: https://github.com/jameswoolfenden/pre-commit-shell
     rev: 0.0.2
     hooks:
       - id: shell-lint
         exclude: template|\.template$
-  - repo: git://github.com/igorshubovych/markdownlint-cli
-    rev: v0.30.0
+  - repo: https://github.com/igorshubovych/markdownlint-cli
+    rev: v0.31.1
     hooks:
       - id: markdownlint
-  - repo: git://github.com/adrienverge/yamllint
+  - repo: https://github.com/adrienverge/yamllint
     rev: v1.26.3
     hooks:
       - id: yamllint
@@ -43,15 +43,15 @@ repos:
         entry: yamllint
         language: python
         types: [file, yaml]
-  - repo: git://github.com/jameswoolfenden/pre-commit
+  - repo: https://github.com/jameswoolfenden/pre-commit
     rev: v0.1.46
     hooks:
       - id: terraform-fmt
         language_version: python3.8
       - id: tf2docs
         language_version: python3.8
-  - repo: git://github.com/bridgecrewio/checkov
-    rev: 2.0.659
+  - repo: https://github.com/bridgecrewio/checkov
+    rev: 2.0.1005
     hooks:
       - id: checkov
         verbose: true

diff --git a/README.md b/README.md
@@ -46,14 +46,14 @@ This module does not create any IAM policies for access to session manager.  To
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 1.36.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >=0.14.8 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.6.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 1.36.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.6.0 |
 
 ## Modules
 
@@ -73,8 +73,17 @@ No modules.
 | [aws_kms_key.ssmkey](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
 | [aws_s3_bucket.access_log_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
 | [aws_s3_bucket.session_logs_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
+| [aws_s3_bucket_acl.access_log_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl) | resource |
+| [aws_s3_bucket_acl.session_logs_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl) | resource |
+| [aws_s3_bucket_lifecycle_configuration.access_log_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_lifecycle_configuration) | resource |
+| [aws_s3_bucket_lifecycle_configuration.session_logs_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_lifecycle_configuration) | resource |
+| [aws_s3_bucket_logging.session_logs_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_logging) | resource |
 | [aws_s3_bucket_public_access_block.access_log_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource |
 | [aws_s3_bucket_public_access_block.session_logs_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource |
+| [aws_s3_bucket_server_side_encryption_configuration.access_log_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource |
+| [aws_s3_bucket_server_side_encryption_configuration.session_logs_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource |
+| [aws_s3_bucket_versioning.access_log_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning) | resource |
+| [aws_s3_bucket_versioning.session_logs_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning) | resource |
 | [aws_security_group.ssm_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
 | [aws_ssm_document.session_manager_prefs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_document) | resource |
 | [aws_vpc_endpoint.ec2messages](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource |
@@ -110,7 +119,9 @@ No modules.
 | <a name="input_kms_key_deletion_window"></a> [kms\_key\_deletion\_window](#input\_kms\_key\_deletion\_window) | Waiting period for scheduled KMS Key deletion.  Can be 7-30 days. | `number` | `7` | no |
 | <a name="input_log_archive_days"></a> [log\_archive\_days](#input\_log\_archive\_days) | Number of days to wait before archiving to Glacier | `number` | `30` | no |
 | <a name="input_log_expire_days"></a> [log\_expire\_days](#input\_log\_expire\_days) | Number of days to wait before deleting | `number` | `365` | no |
+| <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | Subnet Ids to deploy endpoints into | `set(string)` | `[]` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
+| <a name="input_vpc_endpoint_private_dns_enabled"></a> [vpc\_endpoint\_private\_dns\_enabled](#input\_vpc\_endpoint\_private\_dns\_enabled) | Enable private dns for endpoints | `bool` | `true` | no |
 | <a name="input_vpc_endpoints_enabled"></a> [vpc\_endpoints\_enabled](#input\_vpc\_endpoints\_enabled) | Create VPC Endpoints | `bool` | `false` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC ID to deploy endpoints into | `string` | `null` | no |
 

diff --git a/aws_s3_bucket.access_log_bucket.tf b/aws_s3_bucket.access_log_bucket.tf
@@ -2,6 +2,7 @@ resource "aws_s3_bucket" "access_log_bucket" {
   # checkov:skip=CKV_AWS_144: Cross region replication is overkill
   # checkov:skip=CKV_AWS_18:
   # checkov:skip=CKV_AWS_52:
+  # checkov:skip=CKV_AWS_145:v4 provider legacy
   bucket_prefix = "${var.access_log_bucket_name}-"
   force_destroy = true
 

diff --git a/aws_s3_bucket.session_logs_bucket.tf b/aws_s3_bucket.session_logs_bucket.tf
@@ -1,6 +1,7 @@
 resource "aws_s3_bucket" "session_logs_bucket" {
   # checkov:skip=CKV_AWS_144: Cross region replication overkill
   # checkov:skip=CKV_AWS_52:
+  # checkov:skip=CKV_AWS_145:v4 provider legacy
   bucket_prefix = "${var.bucket_name}-"
   force_destroy = true
   tags          = var.tags

diff --git a/example/examplea/terraform.tf b/example/examplea/terraform.tf
@@ -0,0 +1,9 @@
+terraform {
+  required_providers {
+    aws = {
+      version = ">= 4.6.0"
+      source  = "hashicorp/aws"
+    }
+  }
+  required_version = ">=0.14.8"
+}
diff --git a/terraform.tf b/terraform.tf
@@ -0,0 +1,9 @@
+terraform {
+  required_providers {
+    aws = {
+      version = ">= 4.6.0"
+      source  = "hashicorp/aws"
+    }
+  }
+  required_version = ">=0.14.8"
+}
diff --git a/versions.tf b/versions.tf