diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 7a1449b..901aa3d 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -3,8 +3,8 @@
default_language_version:
python: python3.8
repos:
- - repo: git://github.com/pre-commit/pre-commit-hooks
- rev: v4.0.1
+ - repo: https://github.com/pre-commit/pre-commit-hooks
+ rev: v4.1.0
hooks:
- id: check-json
- id: check-merge-conflict
@@ -19,22 +19,22 @@ repos:
args:
- --allow-missing-credentials
- id: detect-private-key
- - repo: git://github.com/Lucas-C/pre-commit-hooks
- rev: v1.1.10
+ - repo: https://github.com/Lucas-C/pre-commit-hooks
+ rev: v1.1.13
hooks:
- id: forbid-tabs
exclude_types: [python, javascript, dtd, markdown, makefile, xml]
exclude: binary|\.bin$
- - repo: git://github.com/jameswoolfenden/pre-commit-shell
+ - repo: https://github.com/jameswoolfenden/pre-commit-shell
rev: 0.0.2
hooks:
- id: shell-lint
exclude: template|\.template$
- - repo: git://github.com/igorshubovych/markdownlint-cli
- rev: v0.30.0
+ - repo: https://github.com/igorshubovych/markdownlint-cli
+ rev: v0.31.1
hooks:
- id: markdownlint
- - repo: git://github.com/adrienverge/yamllint
+ - repo: https://github.com/adrienverge/yamllint
rev: v1.26.3
hooks:
- id: yamllint
@@ -43,15 +43,15 @@ repos:
entry: yamllint
language: python
types: [file, yaml]
- - repo: git://github.com/jameswoolfenden/pre-commit
+ - repo: https://github.com/jameswoolfenden/pre-commit
rev: v0.1.46
hooks:
- id: terraform-fmt
language_version: python3.8
- id: tf2docs
language_version: python3.8
- - repo: git://github.com/bridgecrewio/checkov
- rev: 2.0.659
+ - repo: https://github.com/bridgecrewio/checkov
+ rev: 2.0.1005
hooks:
- id: checkov
verbose: true
diff --git a/README.md b/README.md
index 4d34398..f48cb6d 100644
--- a/README.md
+++ b/README.md
@@ -46,14 +46,14 @@ This module does not create any IAM policies for access to session manager. To
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 0.12 |
-| [aws](#requirement\_aws) | >= 1.36.0 |
+| [terraform](#requirement\_terraform) | >=0.14.8 |
+| [aws](#requirement\_aws) | >= 4.6.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 1.36.0 |
+| [aws](#provider\_aws) | >= 4.6.0 |
## Modules
@@ -73,8 +73,17 @@ No modules.
| [aws_kms_key.ssmkey](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
| [aws_s3_bucket.access_log_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
| [aws_s3_bucket.session_logs_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
+| [aws_s3_bucket_acl.access_log_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl) | resource |
+| [aws_s3_bucket_acl.session_logs_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl) | resource |
+| [aws_s3_bucket_lifecycle_configuration.access_log_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_lifecycle_configuration) | resource |
+| [aws_s3_bucket_lifecycle_configuration.session_logs_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_lifecycle_configuration) | resource |
+| [aws_s3_bucket_logging.session_logs_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_logging) | resource |
| [aws_s3_bucket_public_access_block.access_log_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource |
| [aws_s3_bucket_public_access_block.session_logs_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource |
+| [aws_s3_bucket_server_side_encryption_configuration.access_log_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource |
+| [aws_s3_bucket_server_side_encryption_configuration.session_logs_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource |
+| [aws_s3_bucket_versioning.access_log_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning) | resource |
+| [aws_s3_bucket_versioning.session_logs_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning) | resource |
| [aws_security_group.ssm_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
| [aws_ssm_document.session_manager_prefs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_document) | resource |
| [aws_vpc_endpoint.ec2messages](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource |
@@ -110,7 +119,9 @@ No modules.
| [kms\_key\_deletion\_window](#input\_kms\_key\_deletion\_window) | Waiting period for scheduled KMS Key deletion. Can be 7-30 days. | `number` | `7` | no |
| [log\_archive\_days](#input\_log\_archive\_days) | Number of days to wait before archiving to Glacier | `number` | `30` | no |
| [log\_expire\_days](#input\_log\_expire\_days) | Number of days to wait before deleting | `number` | `365` | no |
+| [subnet\_ids](#input\_subnet\_ids) | Subnet Ids to deploy endpoints into | `set(string)` | `[]` | no |
| [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
+| [vpc\_endpoint\_private\_dns\_enabled](#input\_vpc\_endpoint\_private\_dns\_enabled) | Enable private dns for endpoints | `bool` | `true` | no |
| [vpc\_endpoints\_enabled](#input\_vpc\_endpoints\_enabled) | Create VPC Endpoints | `bool` | `false` | no |
| [vpc\_id](#input\_vpc\_id) | VPC ID to deploy endpoints into | `string` | `null` | no |
diff --git a/aws_s3_bucket.access_log_bucket.tf b/aws_s3_bucket.access_log_bucket.tf
index 8edd03b..6e8d6d5 100644
--- a/aws_s3_bucket.access_log_bucket.tf
+++ b/aws_s3_bucket.access_log_bucket.tf
@@ -2,6 +2,7 @@ resource "aws_s3_bucket" "access_log_bucket" {
# checkov:skip=CKV_AWS_144: Cross region replication is overkill
# checkov:skip=CKV_AWS_18:
# checkov:skip=CKV_AWS_52:
+ # checkov:skip=CKV_AWS_145:v4 provider legacy
bucket_prefix = "${var.access_log_bucket_name}-"
force_destroy = true
diff --git a/aws_s3_bucket.session_logs_bucket.tf b/aws_s3_bucket.session_logs_bucket.tf
index a6f034b..f1cd0a2 100644
--- a/aws_s3_bucket.session_logs_bucket.tf
+++ b/aws_s3_bucket.session_logs_bucket.tf
@@ -1,6 +1,7 @@
resource "aws_s3_bucket" "session_logs_bucket" {
# checkov:skip=CKV_AWS_144: Cross region replication overkill
# checkov:skip=CKV_AWS_52:
+ # checkov:skip=CKV_AWS_145:v4 provider legacy
bucket_prefix = "${var.bucket_name}-"
force_destroy = true
tags = var.tags
diff --git a/example/examplea/terraform.tf b/example/examplea/terraform.tf
new file mode 100644
index 0000000..65e92fc
--- /dev/null
+++ b/example/examplea/terraform.tf
@@ -0,0 +1,9 @@
+terraform {
+ required_providers {
+ aws = {
+ version = ">= 4.6.0"
+ source = "hashicorp/aws"
+ }
+ }
+ required_version = ">=0.14.8"
+}
diff --git a/terraform.tf b/terraform.tf
new file mode 100644
index 0000000..65e92fc
--- /dev/null
+++ b/terraform.tf
@@ -0,0 +1,9 @@
+terraform {
+ required_providers {
+ aws = {
+ version = ">= 4.6.0"
+ source = "hashicorp/aws"
+ }
+ }
+ required_version = ">=0.14.8"
+}
diff --git a/versions.tf b/versions.tf
deleted file mode 100644
index 4429ef3..0000000
--- a/versions.tf
+++ /dev/null
@@ -1,7 +0,0 @@
-terraform {
- required_version = ">= 0.12"
-
- required_providers {
- aws = ">= 1.36.0"
- }
-}