From bce6ca20fb8813db320b8b0e9ba1066c063948ac Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 27 Jun 2022 23:29:41 +0000
Subject: [PATCH] chore(deps): update Terraform cloudposse/lb-s3-bucket/aws to
v0.16.0 (#111)
* chore(deps): update Terraform cloudposse/lb-s3-bucket/aws to v0.16.0
* Auto Format
* Use non deprecated inputs and deprecate other inputs
* Auto Format
* Add output, add force destroy, better readme, fix tests
* Auto Format
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>
Co-authored-by: nitrocode <7775707+nitrocode@users.noreply.github.com>
---
README.md | 179 +++++++++++---------
README.yaml | 153 ++++++++++-------
docs/terraform.md | 27 +--
examples/complete/fixtures.us-east-2.tfvars | 2 +
examples/complete/main.tf | 53 +++---
examples/complete/variables.tf | 13 ++
examples/complete/versions.tf | 14 +-
main.tf | 22 ++-
outputs.tf | 5 +
variables-deprecated.tf | 44 +++++
variables.tf | 70 ++++----
versions.tf | 14 +-
12 files changed, 347 insertions(+), 249 deletions(-)
create mode 100644 variables-deprecated.tf
diff --git a/README.md b/README.md
index 60d809e..df64194 100644
--- a/README.md
+++ b/README.md
@@ -98,71 +98,87 @@ For a complete example, see [examples/complete](examples/complete).
For automated test of the complete example using `bats` and `Terratest`, see [test](test).
```hcl
- provider "aws" {
- region = var.region
- }
-
- module "vpc" {
- source = "git::https://github.com/cloudposse/terraform-aws-vpc.git?ref=tags/0.8.1"
- namespace = var.namespace
- stage = var.stage
- name = var.name
- delimiter = var.delimiter
- attributes = var.attributes
- cidr_block = var.vpc_cidr_block
- tags = var.tags
- }
-
- module "subnets" {
- source = "git::https://github.com/cloudposse/terraform-aws-dynamic-subnets.git?ref=tags/0.16.1"
- availability_zones = var.availability_zones
- namespace = var.namespace
- stage = var.stage
- name = var.name
- attributes = var.attributes
- delimiter = var.delimiter
- vpc_id = module.vpc.vpc_id
- igw_id = module.vpc.igw_id
- cidr_block = module.vpc.vpc_cidr_block
- nat_gateway_enabled = false
- nat_instance_enabled = false
- tags = var.tags
- }
-
- module "alb" {
- source = "cloudposse/alb/aws"
- # Cloud Posse recommends pinning every module to a specific version
- # version = "x.x.x"
- namespace = var.namespace
- stage = var.stage
- name = var.name
- attributes = var.attributes
- delimiter = var.delimiter
- vpc_id = module.vpc.vpc_id
- security_group_ids = [module.vpc.vpc_default_security_group_id]
- subnet_ids = module.subnets.public_subnet_ids
- internal = var.internal
- http_enabled = var.http_enabled
- http_redirect = var.http_redirect
- access_logs_enabled = var.access_logs_enabled
- alb_access_logs_s3_bucket_force_destroy = var.alb_access_logs_s3_bucket_force_destroy
- cross_zone_load_balancing_enabled = var.cross_zone_load_balancing_enabled
- http2_enabled = var.http2_enabled
- idle_timeout = var.idle_timeout
- ip_address_type = var.ip_address_type
- deletion_protection_enabled = var.deletion_protection_enabled
- deregistration_delay = var.deregistration_delay
- health_check_path = var.health_check_path
- health_check_timeout = var.health_check_timeout
- health_check_healthy_threshold = var.health_check_healthy_threshold
- health_check_unhealthy_threshold = var.health_check_unhealthy_threshold
- health_check_interval = var.health_check_interval
- health_check_matcher = var.health_check_matcher
- target_group_port = var.target_group_port
- target_group_target_type = var.target_group_target_type
- stickiness = var.stickiness
- tags = var.tags
- }
+provider "aws" {
+ region = var.region
+}
+
+module "vpc" {
+ source = "cloudposse/vpc/aws"
+ # Cloud Posse recommends pinning every module to a specific version
+ # version = "x.x.x"
+
+ namespace = var.namespace
+ stage = var.stage
+ name = var.name
+ delimiter = var.delimiter
+ attributes = var.attributes
+
+ ipv4_primary_cidr_block = "10.0.0.0/16"
+ assign_generated_ipv6_cidr_block = true
+
+ tags = var.tags
+}
+
+module "subnets" {
+ source = "cloudposse/dynamic-subnets/aws"
+ # Cloud Posse recommends pinning every module to a specific version
+ # version = "x.x.x"
+
+ namespace = var.namespace
+ stage = var.stage
+ name = var.name
+ attributes = var.attributes
+ delimiter = var.delimiter
+
+ availability_zones = var.availability_zones
+ vpc_id = module.vpc.vpc_id
+ igw_id = module.vpc.igw_id
+ cidr_block = module.vpc.vpc_cidr_block
+ nat_gateway_enabled = false
+ nat_instance_enabled = false
+
+ tags = var.tags
+}
+
+module "alb" {
+ source = "cloudposse/alb/aws"
+ # Cloud Posse recommends pinning every module to a specific version
+ # version = "x.x.x"
+
+ namespace = var.namespace
+ stage = var.stage
+ name = var.name
+ attributes = var.attributes
+ delimiter = var.delimiter
+
+ vpc_id = module.vpc.vpc_id
+ security_group_ids = [module.vpc.vpc_default_security_group_id]
+ subnet_ids = module.subnets.public_subnet_ids
+ internal = var.internal
+ http_enabled = var.http_enabled
+ http_redirect = var.http_redirect
+ access_logs_enabled = var.access_logs_enabled
+ cross_zone_load_balancing_enabled = var.cross_zone_load_balancing_enabled
+ http2_enabled = var.http2_enabled
+ idle_timeout = var.idle_timeout
+ ip_address_type = var.ip_address_type
+ deletion_protection_enabled = var.deletion_protection_enabled
+ deregistration_delay = var.deregistration_delay
+ health_check_path = var.health_check_path
+ health_check_timeout = var.health_check_timeout
+ health_check_healthy_threshold = var.health_check_healthy_threshold
+ health_check_unhealthy_threshold = var.health_check_unhealthy_threshold
+ health_check_interval = var.health_check_interval
+ health_check_matcher = var.health_check_matcher
+ target_group_port = var.target_group_port
+ target_group_target_type = var.target_group_target_type
+ stickiness = var.stickiness
+
+ alb_access_logs_s3_bucket_force_destroy = var.alb_access_logs_s3_bucket_force_destroy
+ alb_access_logs_s3_bucket_force_destroy_enabled = var.alb_access_logs_s3_bucket_force_destroy_enabled
+
+ tags = var.tags
+}
```
@@ -187,22 +203,20 @@ Available targets:
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 0.13.0 |
-| [aws](#requirement\_aws) | >= 3.27, != 4.0.0, != 4.1.0, != 4.2.0, != 4.3.0, != 4.4.0, != 4.5.0, != 4.6.0, != 4.7.0, != 4.8.0 |
-| [local](#requirement\_local) | >= 1.3 |
-| [null](#requirement\_null) | >= 2.0 |
+| [terraform](#requirement\_terraform) | >= 1.0.0 |
+| [aws](#requirement\_aws) | >= 4.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 3.27, != 4.0.0, != 4.1.0, != 4.2.0, != 4.3.0, != 4.4.0, != 4.5.0, != 4.6.0, != 4.7.0, != 4.8.0 |
+| [aws](#provider\_aws) | >= 4.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
-| [access\_logs](#module\_access\_logs) | cloudposse/lb-s3-bucket/aws | 0.14.1 |
+| [access\_logs](#module\_access\_logs) | cloudposse/lb-s3-bucket/aws | 0.16.0 |
| [default\_load\_balancer\_label](#module\_default\_load\_balancer\_label) | cloudposse/label/null | 0.25.0 |
| [default\_target\_group\_label](#module\_default\_target\_group\_label) | cloudposse/label/null | 0.25.0 |
| [this](#module\_this) | cloudposse/label/null | 0.25.0 |
@@ -232,6 +246,7 @@ Available targets:
| [additional\_certs](#input\_additional\_certs) | A list of additonal certs to add to the https listerner | `list(string)` | `[]` | no |
| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no |
| [alb\_access\_logs\_s3\_bucket\_force\_destroy](#input\_alb\_access\_logs\_s3\_bucket\_force\_destroy) | A boolean that indicates all objects should be deleted from the ALB access logs S3 bucket so that the bucket can be destroyed without error | `bool` | `false` | no |
+| [alb\_access\_logs\_s3\_bucket\_force\_destroy\_enabled](#input\_alb\_access\_logs\_s3\_bucket\_force\_destroy\_enabled) | When `true`, permits `force_destroy` to be set to `true`.
This is an extra safety precaution to reduce the chance that Terraform will destroy and recreate
your S3 bucket, causing COMPLETE LOSS OF ALL DATA even if it was stored in Glacier.
WARNING: Upgrading this module from a version prior to 0.27.0 to this version
will cause Terraform to delete your existing S3 bucket CAUSING COMPLETE DATA LOSS
unless you follow the upgrade instructions on the Wiki [here](https://github.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.27.0-(POTENTIAL-DATA-LOSS)).
See additional instructions for upgrading from v0.27.0 to v0.28.0 [here](https://github.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.28.0-and-AWS-provider-v4-(POTENTIAL-DATA-LOSS)). | `bool` | `false` | no |
| [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no |
| [certificate\_arn](#input\_certificate\_arn) | The ARN of the default SSL certificate for HTTPS listener | `string` | `""` | no |
| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | {
"additional_tag_map": {},
"attributes": [],
"delimiter": null,
"descriptor_formats": {},
"enabled": true,
"environment": null,
"id_length_limit": null,
"label_key_case": null,
"label_order": [],
"label_value_case": null,
"labels_as_tags": [
"unset"
],
"name": null,
"namespace": null,
"regex_replace_chars": null,
"stage": null,
"tags": {},
"tenant": null
} | no |
@@ -242,11 +257,11 @@ Available targets:
| [deregistration\_delay](#input\_deregistration\_delay) | The amount of time to wait in seconds before changing the state of a deregistering target to unused | `number` | `15` | no |
| [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
`{
format = string
labels = list(string)
}`
(Type is `any` so the map values can later be enhanced to provide additional options.)
`format` is a Terraform format string to be passed to the `format()` function.
`labels` is a list of labels, in order, to pass to `format()` function.
Label values will be normalized before being passed to `format()` so they will be
identical to how they appear in `id`.
Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no |
| [drop\_invalid\_header\_fields](#input\_drop\_invalid\_header\_fields) | Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). | `bool` | `false` | no |
-| [enable\_glacier\_transition](#input\_enable\_glacier\_transition) | Enables the transition of lb logs to AWS Glacier | `bool` | `true` | no |
+| [enable\_glacier\_transition](#input\_enable\_glacier\_transition) | (Deprecated, use `lifecycle_configuration_rules` instead)
Enables the transition to AWS Glacier which can cause unnecessary costs for huge amount of small files | `bool` | `true` | no |
| [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
| [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
-| [expiration\_days](#input\_expiration\_days) | Number of days after which to expunge s3 logs | `number` | `90` | no |
-| [glacier\_transition\_days](#input\_glacier\_transition\_days) | Number of days after which to move s3 logs to the glacier storage tier | `number` | `60` | no |
+| [expiration\_days](#input\_expiration\_days) | (Deprecated, use `lifecycle_configuration_rules` instead)
Number of days after which to expunge the objects | `number` | `90` | no |
+| [glacier\_transition\_days](#input\_glacier\_transition\_days) | (Deprecated, use `lifecycle_configuration_rules` instead)
Number of days after which to move the data to the Glacier Flexible Retrieval storage tier | `number` | `60` | no |
| [health\_check\_healthy\_threshold](#input\_health\_check\_healthy\_threshold) | The number of consecutive health checks successes required before considering an unhealthy target healthy | `number` | `2` | no |
| [health\_check\_interval](#input\_health\_check\_interval) | The duration in seconds in between health checks | `number` | `15` | no |
| [health\_check\_matcher](#input\_health\_check\_matcher) | The HTTP response codes to indicate a healthy check | `string` | `"200-399"` | no |
@@ -274,21 +289,22 @@ Available targets:
| [label\_order](#input\_label\_order) | The order in which the labels (ID elements) appear in the `id`.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. | `list(string)` | `null` | no |
| [label\_value\_case](#input\_label\_value\_case) | Controls the letter case of ID elements (labels) as included in `id`,
set as tag values, and output by this module individually.
Does not affect values of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs.
Default value: `lower`. | `string` | `null` | no |
| [labels\_as\_tags](#input\_labels\_as\_tags) | Set of labels (ID elements) to include as tags in the `tags` output.
Default is to include all labels.
Tags with empty values will not be included in the `tags` output.
Set to `[]` to suppress all generated tags.
**Notes:**
The value of the `name` tag, if included, will be the `id`, not the `name`.
Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be
changed in later chained modules. Attempts to change it will be silently ignored. | `set(string)` | [
"default"
]
| no |
-| [lifecycle\_rule\_enabled](#input\_lifecycle\_rule\_enabled) | A boolean that indicates whether the s3 log bucket lifecycle rule should be enabled. | `bool` | `false` | no |
+| [lifecycle\_configuration\_rules](#input\_lifecycle\_configuration\_rules) | A list of S3 bucket v2 lifecycle rules, as specified in [terraform-aws-s3-bucket](https://github.com/cloudposse/terraform-aws-s3-bucket)"
These rules are not affected by the deprecated `lifecycle_rule_enabled` flag.
**NOTE:** Unless you also set `lifecycle_rule_enabled = false` you will also get the default deprecated rules set on your bucket. | list(object({
enabled = bool
id = string
abort_incomplete_multipart_upload_days = number
# `filter_and` is the `and` configuration block inside the `filter` configuration.
# This is the only place you should specify a prefix.
filter_and = any
expiration = any
transition = list(any)
noncurrent_version_expiration = any
noncurrent_version_transition = list(any)
})) | `[]` | no |
+| [lifecycle\_rule\_enabled](#input\_lifecycle\_rule\_enabled) | DEPRECATED: Defaults to `false`, use `lifecycle_configuration_rules` instead.
When `true`, configures lifecycle events on this bucket using individual (now deprecated) variables." | `bool` | `false` | no |
| [listener\_http\_fixed\_response](#input\_listener\_http\_fixed\_response) | Have the HTTP listener return a fixed response for the default action. | object({
content_type = string
message_body = string
status_code = string
}) | `null` | no |
| [listener\_https\_fixed\_response](#input\_listener\_https\_fixed\_response) | Have the HTTPS listener return a fixed response for the default action. | object({
content_type = string
message_body = string
status_code = string
}) | `null` | no |
| [load\_balancer\_name](#input\_load\_balancer\_name) | The name for the default load balancer, uses a module label name if left empty | `string` | `""` | no |
| [load\_balancer\_name\_max\_length](#input\_load\_balancer\_name\_max\_length) | The max length of characters for the load balancer. | `number` | `32` | no |
| [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a `tag`.
The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no |
| [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
-| [noncurrent\_version\_expiration\_days](#input\_noncurrent\_version\_expiration\_days) | Specifies when noncurrent s3 log versions expire | `number` | `90` | no |
-| [noncurrent\_version\_transition\_days](#input\_noncurrent\_version\_transition\_days) | Specifies when noncurrent s3 log versions transition | `number` | `30` | no |
+| [noncurrent\_version\_expiration\_days](#input\_noncurrent\_version\_expiration\_days) | (Deprecated, use `lifecycle_configuration_rules` instead)
Specifies when non-current object versions expire (in days) | `number` | `90` | no |
+| [noncurrent\_version\_transition\_days](#input\_noncurrent\_version\_transition\_days) | (Deprecated, use `lifecycle_configuration_rules` instead)
Specifies (in days) when noncurrent object versions transition to Glacier Flexible Retrieval | `number` | `30` | no |
| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
| [security\_group\_enabled](#input\_security\_group\_enabled) | Enables the security group | `bool` | `true` | no |
| [security\_group\_ids](#input\_security\_group\_ids) | A list of additional security group IDs to allow access to ALB | `list(string)` | `[]` | no |
| [slow\_start](#input\_slow\_start) | The amount of time (30-900 seconds) until a healthy target receives its full share of requests from the load balancer. 0 to disable. | `number` | `null` | no |
| [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
-| [standard\_transition\_days](#input\_standard\_transition\_days) | Number of days to persist logs in standard storage tier before moving to the infrequent access tier | `number` | `30` | no |
+| [standard\_transition\_days](#input\_standard\_transition\_days) | (Deprecated, use `lifecycle_configuration_rules` instead)
Number of days to persist in the standard storage tier before moving to the infrequent access tier | `number` | `30` | no |
| [stickiness](#input\_stickiness) | Target group sticky configuration | object({
cookie_duration = number
enabled = bool
}) | `null` | no |
| [subnet\_ids](#input\_subnet\_ids) | A list of subnet IDs to associate with ALB | `list(string)` | n/a | yes |
| [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |
@@ -313,6 +329,7 @@ Available targets:
| [alb\_name](#output\_alb\_name) | The ARN suffix of the ALB |
| [alb\_zone\_id](#output\_alb\_zone\_id) | The ID of the zone which ALB is provisioned |
| [default\_target\_group\_arn](#output\_default\_target\_group\_arn) | The default target group ARN |
+| [default\_target\_group\_arn\_suffix](#output\_default\_target\_group\_arn\_suffix) | The default target group ARN suffix |
| [http\_listener\_arn](#output\_http\_listener\_arn) | The ARN of the HTTP forwarding listener |
| [http\_redirect\_listener\_arn](#output\_http\_redirect\_listener\_arn) | The ARN of the HTTP to HTTPS redirect listener |
| [https\_listener\_arn](#output\_https\_listener\_arn) | The ARN of the HTTPS listener |
@@ -465,8 +482,8 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply
### Contributors
-| [![Erik Osterman][osterman_avatar]][osterman_homepage]
[Erik Osterman][osterman_homepage] | [![Igor Rodionov][goruha_avatar]][goruha_homepage]
[Igor Rodionov][goruha_homepage] | [![Andriy Knysh][aknysh_avatar]][aknysh_homepage]
[Andriy Knysh][aknysh_homepage] | [![Sarkis Varozian][sarkis_avatar]][sarkis_homepage]
[Sarkis Varozian][sarkis_homepage] | [![Adam Crews][adamcrews_avatar]][adamcrews_homepage]
[Adam Crews][adamcrews_homepage] |
-|---|---|---|---|---|
+| [![Erik Osterman][osterman_avatar]][osterman_homepage]
[Erik Osterman][osterman_homepage] | [![Igor Rodionov][goruha_avatar]][goruha_homepage]
[Igor Rodionov][goruha_homepage] | [![Andriy Knysh][aknysh_avatar]][aknysh_homepage]
[Andriy Knysh][aknysh_homepage] | [![Sarkis Varozian][sarkis_avatar]][sarkis_homepage]
[Sarkis Varozian][sarkis_homepage] | [![Adam Crews][adamcrews_avatar]][adamcrews_homepage]
[Adam Crews][adamcrews_homepage] | [![RB][nitrocode_avatar]][nitrocode_homepage]
[RB][nitrocode_homepage] |
+|---|---|---|---|---|---|
[osterman_homepage]: https://github.com/osterman
@@ -479,6 +496,8 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply
[sarkis_avatar]: https://img.cloudposse.com/150x150/https://github.com/sarkis.png
[adamcrews_homepage]: https://github.com/adamcrews
[adamcrews_avatar]: https://img.cloudposse.com/150x150/https://github.com/adamcrews.png
+ [nitrocode_homepage]: https://github.com/nitrocode
+ [nitrocode_avatar]: https://img.cloudposse.com/150x150/https://github.com/nitrocode.png
[![README Footer][readme_footer_img]][readme_footer_link]
[![Beacon][beacon]][website]
diff --git a/README.yaml b/README.yaml
index 1116c29..fe12d20 100644
--- a/README.yaml
+++ b/README.yaml
@@ -8,90 +8,111 @@ badges:
- name: Slack Community
image: https://slack.cloudposse.com/badge.svg
url: https://slack.cloudposse.com
+
related:
- name: terraform-aws-alb-ingress
description:
Terraform module to provision an HTTP style ingress rule based on hostname
and path for an ALB
url: https://github.com/cloudposse/terraform-aws-alb-ingress
+
description:
Terraform module to create an ALB, default ALB listener(s), and a default
ALB target and related security groups.
+
usage: |-
For a complete example, see [examples/complete](examples/complete).
For automated test of the complete example using `bats` and `Terratest`, see [test](test).
```hcl
- provider "aws" {
- region = var.region
- }
-
- module "vpc" {
- source = "git::https://github.com/cloudposse/terraform-aws-vpc.git?ref=tags/0.8.1"
- namespace = var.namespace
- stage = var.stage
- name = var.name
- delimiter = var.delimiter
- attributes = var.attributes
- cidr_block = var.vpc_cidr_block
- tags = var.tags
- }
-
- module "subnets" {
- source = "git::https://github.com/cloudposse/terraform-aws-dynamic-subnets.git?ref=tags/0.16.1"
- availability_zones = var.availability_zones
- namespace = var.namespace
- stage = var.stage
- name = var.name
- attributes = var.attributes
- delimiter = var.delimiter
- vpc_id = module.vpc.vpc_id
- igw_id = module.vpc.igw_id
- cidr_block = module.vpc.vpc_cidr_block
- nat_gateway_enabled = false
- nat_instance_enabled = false
- tags = var.tags
- }
-
- module "alb" {
- source = "cloudposse/alb/aws"
- # Cloud Posse recommends pinning every module to a specific version
- # version = "x.x.x"
- namespace = var.namespace
- stage = var.stage
- name = var.name
- attributes = var.attributes
- delimiter = var.delimiter
- vpc_id = module.vpc.vpc_id
- security_group_ids = [module.vpc.vpc_default_security_group_id]
- subnet_ids = module.subnets.public_subnet_ids
- internal = var.internal
- http_enabled = var.http_enabled
- http_redirect = var.http_redirect
- access_logs_enabled = var.access_logs_enabled
- alb_access_logs_s3_bucket_force_destroy = var.alb_access_logs_s3_bucket_force_destroy
- cross_zone_load_balancing_enabled = var.cross_zone_load_balancing_enabled
- http2_enabled = var.http2_enabled
- idle_timeout = var.idle_timeout
- ip_address_type = var.ip_address_type
- deletion_protection_enabled = var.deletion_protection_enabled
- deregistration_delay = var.deregistration_delay
- health_check_path = var.health_check_path
- health_check_timeout = var.health_check_timeout
- health_check_healthy_threshold = var.health_check_healthy_threshold
- health_check_unhealthy_threshold = var.health_check_unhealthy_threshold
- health_check_interval = var.health_check_interval
- health_check_matcher = var.health_check_matcher
- target_group_port = var.target_group_port
- target_group_target_type = var.target_group_target_type
- stickiness = var.stickiness
- tags = var.tags
- }
+ provider "aws" {
+ region = var.region
+ }
+
+ module "vpc" {
+ source = "cloudposse/vpc/aws"
+ # Cloud Posse recommends pinning every module to a specific version
+ # version = "x.x.x"
+
+ namespace = var.namespace
+ stage = var.stage
+ name = var.name
+ delimiter = var.delimiter
+ attributes = var.attributes
+
+ ipv4_primary_cidr_block = "10.0.0.0/16"
+ assign_generated_ipv6_cidr_block = true
+
+ tags = var.tags
+ }
+
+ module "subnets" {
+ source = "cloudposse/dynamic-subnets/aws"
+ # Cloud Posse recommends pinning every module to a specific version
+ # version = "x.x.x"
+
+ namespace = var.namespace
+ stage = var.stage
+ name = var.name
+ attributes = var.attributes
+ delimiter = var.delimiter
+
+ availability_zones = var.availability_zones
+ vpc_id = module.vpc.vpc_id
+ igw_id = module.vpc.igw_id
+ cidr_block = module.vpc.vpc_cidr_block
+ nat_gateway_enabled = false
+ nat_instance_enabled = false
+
+ tags = var.tags
+ }
+
+ module "alb" {
+ source = "cloudposse/alb/aws"
+ # Cloud Posse recommends pinning every module to a specific version
+ # version = "x.x.x"
+
+ namespace = var.namespace
+ stage = var.stage
+ name = var.name
+ attributes = var.attributes
+ delimiter = var.delimiter
+
+ vpc_id = module.vpc.vpc_id
+ security_group_ids = [module.vpc.vpc_default_security_group_id]
+ subnet_ids = module.subnets.public_subnet_ids
+ internal = var.internal
+ http_enabled = var.http_enabled
+ http_redirect = var.http_redirect
+ access_logs_enabled = var.access_logs_enabled
+ cross_zone_load_balancing_enabled = var.cross_zone_load_balancing_enabled
+ http2_enabled = var.http2_enabled
+ idle_timeout = var.idle_timeout
+ ip_address_type = var.ip_address_type
+ deletion_protection_enabled = var.deletion_protection_enabled
+ deregistration_delay = var.deregistration_delay
+ health_check_path = var.health_check_path
+ health_check_timeout = var.health_check_timeout
+ health_check_healthy_threshold = var.health_check_healthy_threshold
+ health_check_unhealthy_threshold = var.health_check_unhealthy_threshold
+ health_check_interval = var.health_check_interval
+ health_check_matcher = var.health_check_matcher
+ target_group_port = var.target_group_port
+ target_group_target_type = var.target_group_target_type
+ stickiness = var.stickiness
+
+ alb_access_logs_s3_bucket_force_destroy = var.alb_access_logs_s3_bucket_force_destroy
+ alb_access_logs_s3_bucket_force_destroy_enabled = var.alb_access_logs_s3_bucket_force_destroy_enabled
+
+ tags = var.tags
+ }
```
+
include:
- docs/targets.md
- docs/terraform.md
+
contributors:
- name: Erik Osterman
github: osterman
@@ -103,3 +124,5 @@ contributors:
github: sarkis
- name: Adam Crews
github: adamcrews
+ - name: RB
+ github: nitrocode
diff --git a/docs/terraform.md b/docs/terraform.md
index 38bfbb5..507430f 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -3,22 +3,20 @@
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 0.13.0 |
-| [aws](#requirement\_aws) | >= 3.27, != 4.0.0, != 4.1.0, != 4.2.0, != 4.3.0, != 4.4.0, != 4.5.0, != 4.6.0, != 4.7.0, != 4.8.0 |
-| [local](#requirement\_local) | >= 1.3 |
-| [null](#requirement\_null) | >= 2.0 |
+| [terraform](#requirement\_terraform) | >= 1.0.0 |
+| [aws](#requirement\_aws) | >= 4.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 3.27, != 4.0.0, != 4.1.0, != 4.2.0, != 4.3.0, != 4.4.0, != 4.5.0, != 4.6.0, != 4.7.0, != 4.8.0 |
+| [aws](#provider\_aws) | >= 4.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
-| [access\_logs](#module\_access\_logs) | cloudposse/lb-s3-bucket/aws | 0.14.1 |
+| [access\_logs](#module\_access\_logs) | cloudposse/lb-s3-bucket/aws | 0.16.0 |
| [default\_load\_balancer\_label](#module\_default\_load\_balancer\_label) | cloudposse/label/null | 0.25.0 |
| [default\_target\_group\_label](#module\_default\_target\_group\_label) | cloudposse/label/null | 0.25.0 |
| [this](#module\_this) | cloudposse/label/null | 0.25.0 |
@@ -48,6 +46,7 @@
| [additional\_certs](#input\_additional\_certs) | A list of additonal certs to add to the https listerner | `list(string)` | `[]` | no |
| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no |
| [alb\_access\_logs\_s3\_bucket\_force\_destroy](#input\_alb\_access\_logs\_s3\_bucket\_force\_destroy) | A boolean that indicates all objects should be deleted from the ALB access logs S3 bucket so that the bucket can be destroyed without error | `bool` | `false` | no |
+| [alb\_access\_logs\_s3\_bucket\_force\_destroy\_enabled](#input\_alb\_access\_logs\_s3\_bucket\_force\_destroy\_enabled) | When `true`, permits `force_destroy` to be set to `true`.
This is an extra safety precaution to reduce the chance that Terraform will destroy and recreate
your S3 bucket, causing COMPLETE LOSS OF ALL DATA even if it was stored in Glacier.
WARNING: Upgrading this module from a version prior to 0.27.0 to this version
will cause Terraform to delete your existing S3 bucket CAUSING COMPLETE DATA LOSS
unless you follow the upgrade instructions on the Wiki [here](https://github.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.27.0-(POTENTIAL-DATA-LOSS)).
See additional instructions for upgrading from v0.27.0 to v0.28.0 [here](https://github.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.28.0-and-AWS-provider-v4-(POTENTIAL-DATA-LOSS)). | `bool` | `false` | no |
| [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no |
| [certificate\_arn](#input\_certificate\_arn) | The ARN of the default SSL certificate for HTTPS listener | `string` | `""` | no |
| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | {
"additional_tag_map": {},
"attributes": [],
"delimiter": null,
"descriptor_formats": {},
"enabled": true,
"environment": null,
"id_length_limit": null,
"label_key_case": null,
"label_order": [],
"label_value_case": null,
"labels_as_tags": [
"unset"
],
"name": null,
"namespace": null,
"regex_replace_chars": null,
"stage": null,
"tags": {},
"tenant": null
} | no |
@@ -58,11 +57,11 @@
| [deregistration\_delay](#input\_deregistration\_delay) | The amount of time to wait in seconds before changing the state of a deregistering target to unused | `number` | `15` | no |
| [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
`{
format = string
labels = list(string)
}`
(Type is `any` so the map values can later be enhanced to provide additional options.)
`format` is a Terraform format string to be passed to the `format()` function.
`labels` is a list of labels, in order, to pass to `format()` function.
Label values will be normalized before being passed to `format()` so they will be
identical to how they appear in `id`.
Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no |
| [drop\_invalid\_header\_fields](#input\_drop\_invalid\_header\_fields) | Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). | `bool` | `false` | no |
-| [enable\_glacier\_transition](#input\_enable\_glacier\_transition) | Enables the transition of lb logs to AWS Glacier | `bool` | `true` | no |
+| [enable\_glacier\_transition](#input\_enable\_glacier\_transition) | (Deprecated, use `lifecycle_configuration_rules` instead)
Enables the transition to AWS Glacier which can cause unnecessary costs for huge amount of small files | `bool` | `true` | no |
| [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
| [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
-| [expiration\_days](#input\_expiration\_days) | Number of days after which to expunge s3 logs | `number` | `90` | no |
-| [glacier\_transition\_days](#input\_glacier\_transition\_days) | Number of days after which to move s3 logs to the glacier storage tier | `number` | `60` | no |
+| [expiration\_days](#input\_expiration\_days) | (Deprecated, use `lifecycle_configuration_rules` instead)
Number of days after which to expunge the objects | `number` | `90` | no |
+| [glacier\_transition\_days](#input\_glacier\_transition\_days) | (Deprecated, use `lifecycle_configuration_rules` instead)
Number of days after which to move the data to the Glacier Flexible Retrieval storage tier | `number` | `60` | no |
| [health\_check\_healthy\_threshold](#input\_health\_check\_healthy\_threshold) | The number of consecutive health checks successes required before considering an unhealthy target healthy | `number` | `2` | no |
| [health\_check\_interval](#input\_health\_check\_interval) | The duration in seconds in between health checks | `number` | `15` | no |
| [health\_check\_matcher](#input\_health\_check\_matcher) | The HTTP response codes to indicate a healthy check | `string` | `"200-399"` | no |
@@ -90,21 +89,22 @@
| [label\_order](#input\_label\_order) | The order in which the labels (ID elements) appear in the `id`.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. | `list(string)` | `null` | no |
| [label\_value\_case](#input\_label\_value\_case) | Controls the letter case of ID elements (labels) as included in `id`,
set as tag values, and output by this module individually.
Does not affect values of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs.
Default value: `lower`. | `string` | `null` | no |
| [labels\_as\_tags](#input\_labels\_as\_tags) | Set of labels (ID elements) to include as tags in the `tags` output.
Default is to include all labels.
Tags with empty values will not be included in the `tags` output.
Set to `[]` to suppress all generated tags.
**Notes:**
The value of the `name` tag, if included, will be the `id`, not the `name`.
Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be
changed in later chained modules. Attempts to change it will be silently ignored. | `set(string)` | [
"default"
]
| no |
-| [lifecycle\_rule\_enabled](#input\_lifecycle\_rule\_enabled) | A boolean that indicates whether the s3 log bucket lifecycle rule should be enabled. | `bool` | `false` | no |
+| [lifecycle\_configuration\_rules](#input\_lifecycle\_configuration\_rules) | A list of S3 bucket v2 lifecycle rules, as specified in [terraform-aws-s3-bucket](https://github.com/cloudposse/terraform-aws-s3-bucket)"
These rules are not affected by the deprecated `lifecycle_rule_enabled` flag.
**NOTE:** Unless you also set `lifecycle_rule_enabled = false` you will also get the default deprecated rules set on your bucket. | list(object({
enabled = bool
id = string
abort_incomplete_multipart_upload_days = number
# `filter_and` is the `and` configuration block inside the `filter` configuration.
# This is the only place you should specify a prefix.
filter_and = any
expiration = any
transition = list(any)
noncurrent_version_expiration = any
noncurrent_version_transition = list(any)
})) | `[]` | no |
+| [lifecycle\_rule\_enabled](#input\_lifecycle\_rule\_enabled) | DEPRECATED: Defaults to `false`, use `lifecycle_configuration_rules` instead.
When `true`, configures lifecycle events on this bucket using individual (now deprecated) variables." | `bool` | `false` | no |
| [listener\_http\_fixed\_response](#input\_listener\_http\_fixed\_response) | Have the HTTP listener return a fixed response for the default action. | object({
content_type = string
message_body = string
status_code = string
}) | `null` | no |
| [listener\_https\_fixed\_response](#input\_listener\_https\_fixed\_response) | Have the HTTPS listener return a fixed response for the default action. | object({
content_type = string
message_body = string
status_code = string
}) | `null` | no |
| [load\_balancer\_name](#input\_load\_balancer\_name) | The name for the default load balancer, uses a module label name if left empty | `string` | `""` | no |
| [load\_balancer\_name\_max\_length](#input\_load\_balancer\_name\_max\_length) | The max length of characters for the load balancer. | `number` | `32` | no |
| [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a `tag`.
The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no |
| [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
-| [noncurrent\_version\_expiration\_days](#input\_noncurrent\_version\_expiration\_days) | Specifies when noncurrent s3 log versions expire | `number` | `90` | no |
-| [noncurrent\_version\_transition\_days](#input\_noncurrent\_version\_transition\_days) | Specifies when noncurrent s3 log versions transition | `number` | `30` | no |
+| [noncurrent\_version\_expiration\_days](#input\_noncurrent\_version\_expiration\_days) | (Deprecated, use `lifecycle_configuration_rules` instead)
Specifies when non-current object versions expire (in days) | `number` | `90` | no |
+| [noncurrent\_version\_transition\_days](#input\_noncurrent\_version\_transition\_days) | (Deprecated, use `lifecycle_configuration_rules` instead)
Specifies (in days) when noncurrent object versions transition to Glacier Flexible Retrieval | `number` | `30` | no |
| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
| [security\_group\_enabled](#input\_security\_group\_enabled) | Enables the security group | `bool` | `true` | no |
| [security\_group\_ids](#input\_security\_group\_ids) | A list of additional security group IDs to allow access to ALB | `list(string)` | `[]` | no |
| [slow\_start](#input\_slow\_start) | The amount of time (30-900 seconds) until a healthy target receives its full share of requests from the load balancer. 0 to disable. | `number` | `null` | no |
| [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
-| [standard\_transition\_days](#input\_standard\_transition\_days) | Number of days to persist logs in standard storage tier before moving to the infrequent access tier | `number` | `30` | no |
+| [standard\_transition\_days](#input\_standard\_transition\_days) | (Deprecated, use `lifecycle_configuration_rules` instead)
Number of days to persist in the standard storage tier before moving to the infrequent access tier | `number` | `30` | no |
| [stickiness](#input\_stickiness) | Target group sticky configuration | object({
cookie_duration = number
enabled = bool
}) | `null` | no |
| [subnet\_ids](#input\_subnet\_ids) | A list of subnet IDs to associate with ALB | `list(string)` | n/a | yes |
| [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |
@@ -129,6 +129,7 @@
| [alb\_name](#output\_alb\_name) | The ARN suffix of the ALB |
| [alb\_zone\_id](#output\_alb\_zone\_id) | The ID of the zone which ALB is provisioned |
| [default\_target\_group\_arn](#output\_default\_target\_group\_arn) | The default target group ARN |
+| [default\_target\_group\_arn\_suffix](#output\_default\_target\_group\_arn\_suffix) | The default target group ARN suffix |
| [http\_listener\_arn](#output\_http\_listener\_arn) | The ARN of the HTTP forwarding listener |
| [http\_redirect\_listener\_arn](#output\_http\_redirect\_listener\_arn) | The ARN of the HTTP to HTTPS redirect listener |
| [https\_listener\_arn](#output\_https\_listener\_arn) | The ARN of the HTTPS listener |
diff --git a/examples/complete/fixtures.us-east-2.tfvars b/examples/complete/fixtures.us-east-2.tfvars
index 1de35a1..bd26670 100644
--- a/examples/complete/fixtures.us-east-2.tfvars
+++ b/examples/complete/fixtures.us-east-2.tfvars
@@ -20,6 +20,8 @@ access_logs_enabled = true
alb_access_logs_s3_bucket_force_destroy = true
+alb_access_logs_s3_bucket_force_destroy_enabled = true
+
cross_zone_load_balancing_enabled = false
http2_enabled = true
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 48c2cb2..3f96f72 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -22,29 +22,32 @@ module "subnets" {
}
module "alb" {
- source = "../.."
- context = module.this.context
- vpc_id = module.vpc.vpc_id
- security_group_ids = [module.vpc.vpc_default_security_group_id]
- subnet_ids = module.subnets.public_subnet_ids
- internal = var.internal
- http_enabled = var.http_enabled
- http_redirect = var.http_redirect
- access_logs_enabled = var.access_logs_enabled
- alb_access_logs_s3_bucket_force_destroy = var.alb_access_logs_s3_bucket_force_destroy
- cross_zone_load_balancing_enabled = var.cross_zone_load_balancing_enabled
- http2_enabled = var.http2_enabled
- idle_timeout = var.idle_timeout
- ip_address_type = var.ip_address_type
- deletion_protection_enabled = var.deletion_protection_enabled
- deregistration_delay = var.deregistration_delay
- health_check_path = var.health_check_path
- health_check_timeout = var.health_check_timeout
- health_check_healthy_threshold = var.health_check_healthy_threshold
- health_check_unhealthy_threshold = var.health_check_unhealthy_threshold
- health_check_interval = var.health_check_interval
- health_check_matcher = var.health_check_matcher
- target_group_port = var.target_group_port
- target_group_target_type = var.target_group_target_type
- stickiness = var.stickiness
+ source = "../.."
+ vpc_id = module.vpc.vpc_id
+ security_group_ids = [module.vpc.vpc_default_security_group_id]
+ subnet_ids = module.subnets.public_subnet_ids
+ internal = var.internal
+ http_enabled = var.http_enabled
+ http_redirect = var.http_redirect
+ access_logs_enabled = var.access_logs_enabled
+ cross_zone_load_balancing_enabled = var.cross_zone_load_balancing_enabled
+ http2_enabled = var.http2_enabled
+ idle_timeout = var.idle_timeout
+ ip_address_type = var.ip_address_type
+ deletion_protection_enabled = var.deletion_protection_enabled
+ deregistration_delay = var.deregistration_delay
+ health_check_path = var.health_check_path
+ health_check_timeout = var.health_check_timeout
+ health_check_healthy_threshold = var.health_check_healthy_threshold
+ health_check_unhealthy_threshold = var.health_check_unhealthy_threshold
+ health_check_interval = var.health_check_interval
+ health_check_matcher = var.health_check_matcher
+ target_group_port = var.target_group_port
+ target_group_target_type = var.target_group_target_type
+ stickiness = var.stickiness
+
+ alb_access_logs_s3_bucket_force_destroy = var.alb_access_logs_s3_bucket_force_destroy
+ alb_access_logs_s3_bucket_force_destroy_enabled = var.alb_access_logs_s3_bucket_force_destroy_enabled
+
+ context = module.this.context
}
diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
index 9e7c2e9..bbbb570 100644
--- a/examples/complete/variables.tf
+++ b/examples/complete/variables.tf
@@ -98,6 +98,19 @@ variable "alb_access_logs_s3_bucket_force_destroy" {
description = "A boolean that indicates all objects should be deleted from the ALB access logs S3 bucket so that the bucket can be destroyed without error"
}
+variable "alb_access_logs_s3_bucket_force_destroy_enabled" {
+ type = bool
+ description = <<-EOT
+ When `true`, permits `force_destroy` to be set to `true`.
+ This is an extra safety precaution to reduce the chance that Terraform will destroy and recreate
+ your S3 bucket, causing COMPLETE LOSS OF ALL DATA even if it was stored in Glacier.
+ WARNING: Upgrading this module from a version prior to 0.27.0 to this version
+ will cause Terraform to delete your existing S3 bucket CAUSING COMPLETE DATA LOSS
+ unless you follow the upgrade instructions on the Wiki [here](https://github.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.27.0-(POTENTIAL-DATA-LOSS)).
+ See additional instructions for upgrading from v0.27.0 to v0.28.0 [here](https://github.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.28.0-and-AWS-provider-v4-(POTENTIAL-DATA-LOSS)).
+ EOT
+}
+
variable "target_group_port" {
type = number
description = "The port for the default target group"
diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf
index 41d4fad..1c72c84 100644
--- a/examples/complete/versions.tf
+++ b/examples/complete/versions.tf
@@ -1,18 +1,10 @@
terraform {
- required_version = ">= 0.13.0"
+ required_version = ">= 1.0.0"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 2.0"
- }
- null = {
- source = "hashicorp/null"
- version = ">= 2.0"
- }
- local = {
- source = "hashicorp/local"
- version = ">= 1.3"
+ version = ">= 4.0"
}
}
-}
+}
\ No newline at end of file
diff --git a/main.tf b/main.tf
index 3cc9c95..72be5f1 100644
--- a/main.tf
+++ b/main.tf
@@ -39,10 +39,18 @@ resource "aws_security_group_rule" "https_ingress" {
}
module "access_logs" {
- source = "cloudposse/lb-s3-bucket/aws"
- version = "0.14.1"
- enabled = module.this.enabled && var.access_logs_enabled && var.access_logs_s3_bucket_id == null
- attributes = compact(concat(module.this.attributes, ["alb", "access", "logs"]))
+ source = "cloudposse/lb-s3-bucket/aws"
+ version = "0.16.0"
+
+ enabled = module.this.enabled && var.access_logs_enabled && var.access_logs_s3_bucket_id == null
+
+ attributes = compact(concat(module.this.attributes, ["alb", "access", "logs"]))
+
+ force_destroy = var.alb_access_logs_s3_bucket_force_destroy
+ force_destroy_enabled = var.alb_access_logs_s3_bucket_force_destroy_enabled
+ lifecycle_configuration_rules = var.lifecycle_configuration_rules
+
+ # TODO: deprecate these inputs in favor of `lifecycle_configuration_rules`
lifecycle_rule_enabled = var.lifecycle_rule_enabled
enable_glacier_transition = var.enable_glacier_transition
expiration_days = var.expiration_days
@@ -50,8 +58,8 @@ module "access_logs" {
noncurrent_version_expiration_days = var.noncurrent_version_expiration_days
noncurrent_version_transition_days = var.noncurrent_version_transition_days
standard_transition_days = var.standard_transition_days
- force_destroy = var.alb_access_logs_s3_bucket_force_destroy
- context = module.this.context
+
+ context = module.this.context
}
module "default_load_balancer_label" {
@@ -208,4 +216,4 @@ resource "aws_lb_listener_certificate" "https_sni" {
count = module.this.enabled && var.https_enabled && var.additional_certs != [] ? length(var.additional_certs) : 0
listener_arn = join("", aws_lb_listener.https.*.arn)
certificate_arn = var.additional_certs[count.index]
-}
+}
\ No newline at end of file
diff --git a/outputs.tf b/outputs.tf
index 18bb3cb..d65c6d0 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -33,6 +33,11 @@ output "default_target_group_arn" {
value = join("", aws_lb_target_group.default.*.arn)
}
+output "default_target_group_arn_suffix" {
+ description = "The default target group ARN suffix"
+ value = join("", aws_lb_target_group.default.*.arn_suffix)
+}
+
output "http_listener_arn" {
description = "The ARN of the HTTP forwarding listener"
value = join("", aws_lb_listener.http_forward.*.arn)
diff --git a/variables-deprecated.tf b/variables-deprecated.tf
new file mode 100644
index 0000000..a9bfe56
--- /dev/null
+++ b/variables-deprecated.tf
@@ -0,0 +1,44 @@
+variable "lifecycle_rule_enabled" {
+ type = bool
+ default = false
+ description = <<-EOF
+ DEPRECATED: Defaults to `false`, use `lifecycle_configuration_rules` instead.
+ When `true`, configures lifecycle events on this bucket using individual (now deprecated) variables."
+ EOF
+}
+
+variable "enable_glacier_transition" {
+ type = bool
+ default = true
+ description = "(Deprecated, use `lifecycle_configuration_rules` instead)\nEnables the transition to AWS Glacier which can cause unnecessary costs for huge amount of small files"
+}
+
+variable "glacier_transition_days" {
+ type = number
+ default = 60
+ description = "(Deprecated, use `lifecycle_configuration_rules` instead)\nNumber of days after which to move the data to the Glacier Flexible Retrieval storage tier"
+}
+
+variable "expiration_days" {
+ type = number
+ default = 90
+ description = "(Deprecated, use `lifecycle_configuration_rules` instead)\nNumber of days after which to expunge the objects"
+}
+
+variable "noncurrent_version_expiration_days" {
+ type = number
+ default = 90
+ description = "(Deprecated, use `lifecycle_configuration_rules` instead)\nSpecifies when non-current object versions expire (in days)"
+}
+
+variable "noncurrent_version_transition_days" {
+ type = number
+ default = 30
+ description = "(Deprecated, use `lifecycle_configuration_rules` instead)\nSpecifies (in days) when noncurrent object versions transition to Glacier Flexible Retrieval"
+}
+
+variable "standard_transition_days" {
+ type = number
+ default = 30
+ description = "(Deprecated, use `lifecycle_configuration_rules` instead)\nNumber of days to persist in the standard storage tier before moving to the infrequent access tier"
+}
\ No newline at end of file
diff --git a/variables.tf b/variables.tf
index 79b34e2..a24feb8 100644
--- a/variables.tf
+++ b/variables.tf
@@ -206,6 +206,20 @@ variable "alb_access_logs_s3_bucket_force_destroy" {
description = "A boolean that indicates all objects should be deleted from the ALB access logs S3 bucket so that the bucket can be destroyed without error"
}
+variable "alb_access_logs_s3_bucket_force_destroy_enabled" {
+ type = bool
+ default = false
+ description = <<-EOT
+ When `true`, permits `force_destroy` to be set to `true`.
+ This is an extra safety precaution to reduce the chance that Terraform will destroy and recreate
+ your S3 bucket, causing COMPLETE LOSS OF ALL DATA even if it was stored in Glacier.
+ WARNING: Upgrading this module from a version prior to 0.27.0 to this version
+ will cause Terraform to delete your existing S3 bucket CAUSING COMPLETE DATA LOSS
+ unless you follow the upgrade instructions on the Wiki [here](https://github.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.27.0-(POTENTIAL-DATA-LOSS)).
+ See additional instructions for upgrading from v0.27.0 to v0.28.0 [here](https://github.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.28.0-and-AWS-provider-v4-(POTENTIAL-DATA-LOSS)).
+ EOT
+}
+
variable "target_group_port" {
type = number
default = 80
@@ -268,46 +282,28 @@ variable "listener_https_fixed_response" {
default = null
}
-variable "lifecycle_rule_enabled" {
- type = bool
- description = "A boolean that indicates whether the s3 log bucket lifecycle rule should be enabled."
- default = false
-}
-
-variable "enable_glacier_transition" {
- type = bool
- description = "Enables the transition of lb logs to AWS Glacier"
- default = true
-}
-
-variable "glacier_transition_days" {
- type = number
- description = "Number of days after which to move s3 logs to the glacier storage tier"
- default = 60
-}
-
-variable "expiration_days" {
- type = number
- description = "Number of days after which to expunge s3 logs"
- default = 90
-}
+variable "lifecycle_configuration_rules" {
+ type = list(object({
+ enabled = bool
+ id = string
-variable "noncurrent_version_expiration_days" {
- type = number
- description = "Specifies when noncurrent s3 log versions expire"
- default = 90
-}
+ abort_incomplete_multipart_upload_days = number
-variable "noncurrent_version_transition_days" {
- type = number
- description = "Specifies when noncurrent s3 log versions transition"
- default = 30
-}
+ # `filter_and` is the `and` configuration block inside the `filter` configuration.
+ # This is the only place you should specify a prefix.
+ filter_and = any
+ expiration = any
+ transition = list(any)
-variable "standard_transition_days" {
- type = number
- description = "Number of days to persist logs in standard storage tier before moving to the infrequent access tier"
- default = 30
+ noncurrent_version_expiration = any
+ noncurrent_version_transition = list(any)
+ }))
+ default = []
+ description = <<-EOT
+ A list of S3 bucket v2 lifecycle rules, as specified in [terraform-aws-s3-bucket](https://github.com/cloudposse/terraform-aws-s3-bucket)"
+ These rules are not affected by the deprecated `lifecycle_rule_enabled` flag.
+ **NOTE:** Unless you also set `lifecycle_rule_enabled = false` you will also get the default deprecated rules set on your bucket.
+ EOT
}
variable "stickiness" {
diff --git a/versions.tf b/versions.tf
index 39d80c7..1c72c84 100644
--- a/versions.tf
+++ b/versions.tf
@@ -1,18 +1,10 @@
terraform {
- required_version = ">= 0.13.0"
+ required_version = ">= 1.0.0"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 3.27, != 4.0.0, != 4.1.0, != 4.2.0, != 4.3.0, != 4.4.0, != 4.5.0, != 4.6.0, != 4.7.0, != 4.8.0"
- }
- local = {
- source = "hashicorp/local"
- version = ">= 1.3"
- }
- null = {
- source = "hashicorp/null"
- version = ">= 2.0"
+ version = ">= 4.0"
}
}
-}
+}
\ No newline at end of file