diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index a6cd3694..776bc243 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
repos:
- repo: https://github.com/antonbabenko/pre-commit-terraform
- rev: v1.96.1
+ rev: v1.99.4
hooks:
- id: terraform_fmt
- id: terraform_docs
diff --git a/README.md b/README.md
index c0c0a24f..b37f34e7 100644
--- a/README.md
+++ b/README.md
@@ -210,7 +210,8 @@ module "atlantis" {
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.0 |
+| [terraform](#requirement\_terraform) | >= 1.10 |
+| [aws](#requirement\_aws) | >= 6.4 |
## Providers
@@ -220,11 +221,11 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [acm](#module\_acm) | terraform-aws-modules/acm/aws | 5.0.0 |
-| [alb](#module\_alb) | terraform-aws-modules/alb/aws | 9.1.0 |
-| [ecs\_cluster](#module\_ecs\_cluster) | terraform-aws-modules/ecs/aws//modules/cluster | 5.11.0 |
-| [ecs\_service](#module\_ecs\_service) | terraform-aws-modules/ecs/aws//modules/service | 5.11.0 |
-| [efs](#module\_efs) | terraform-aws-modules/efs/aws | 1.3.1 |
+| [acm](#module\_acm) | terraform-aws-modules/acm/aws | 6.1.0 |
+| [alb](#module\_alb) | terraform-aws-modules/alb/aws | 9.17.0 |
+| [ecs\_cluster](#module\_ecs\_cluster) | terraform-aws-modules/ecs/aws//modules/cluster | 6.1.1 |
+| [ecs\_service](#module\_ecs\_service) | terraform-aws-modules/ecs/aws//modules/service | 6.1.1 |
+| [efs](#module\_efs) | terraform-aws-modules/efs/aws | 1.7.0 |
## Resources
diff --git a/examples/github-complete/README.md b/examples/github-complete/README.md
index 6d1c2613..5a0975b3 100644
--- a/examples/github-complete/README.md
+++ b/examples/github-complete/README.md
@@ -19,8 +19,8 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.0 |
+| [terraform](#requirement\_terraform) | >= 1.10 |
+| [aws](#requirement\_aws) | >= 6.4 |
| [github](#requirement\_github) | >= 5.0 |
| [random](#requirement\_random) | >= 3.0 |
@@ -28,7 +28,7 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.0 |
+| [aws](#provider\_aws) | >= 6.4 |
| [random](#provider\_random) | >= 3.0 |
## Modules
@@ -37,8 +37,8 @@ Note that this example may create resources which cost money. Run `terraform des
|------|--------|---------|
| [atlantis](#module\_atlantis) | ../../ | n/a |
| [github\_repository\_webhooks](#module\_github\_repository\_webhooks) | ../../modules/github-repository-webhook | n/a |
-| [secrets\_manager](#module\_secrets\_manager) | terraform-aws-modules/secrets-manager/aws | ~> 1.0 |
-| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 |
+| [secrets\_manager](#module\_secrets\_manager) | terraform-aws-modules/secrets-manager/aws | 1.3.1 |
+| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 6.0.1 |
## Resources
diff --git a/examples/github-complete/main.tf b/examples/github-complete/main.tf
index cb387c72..fdffcb82 100644
--- a/examples/github-complete/main.tf
+++ b/examples/github-complete/main.tf
@@ -125,7 +125,7 @@ resource "random_password" "webhook_secret" {
module "secrets_manager" {
source = "terraform-aws-modules/secrets-manager/aws"
- version = "~> 1.0"
+ version = "1.3.1"
for_each = {
github-token = {
@@ -146,7 +146,7 @@ module "secrets_manager" {
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
- version = "~> 5.0"
+ version = "~> 6.0"
name = local.name
cidr = local.vpc_cidr
diff --git a/examples/github-complete/versions.tf b/examples/github-complete/versions.tf
index e759c653..abc07c45 100644
--- a/examples/github-complete/versions.tf
+++ b/examples/github-complete/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 1.0"
+ required_version = ">= 1.10"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.0"
+ version = ">= 6.4"
}
github = {
diff --git a/examples/github-separate/README.md b/examples/github-separate/README.md
index 15115f61..71d6d29e 100644
--- a/examples/github-separate/README.md
+++ b/examples/github-separate/README.md
@@ -19,8 +19,8 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.0 |
+| [terraform](#requirement\_terraform) | >= 1.10 |
+| [aws](#requirement\_aws) | >= 6.4 |
| [github](#requirement\_github) | >= 5.0 |
| [random](#requirement\_random) | >= 3.0 |
@@ -28,20 +28,20 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.0 |
+| [aws](#provider\_aws) | >= 6.4 |
| [random](#provider\_random) | >= 3.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
-| [alb](#module\_alb) | terraform-aws-modules/alb/aws | 9.1.0 |
+| [alb](#module\_alb) | terraform-aws-modules/alb/aws | 9.17.0 |
| [atlantis](#module\_atlantis) | ../../ | n/a |
| [atlantis\_disabled](#module\_atlantis\_disabled) | ../../ | n/a |
-| [ecs\_cluster](#module\_ecs\_cluster) | terraform-aws-modules/ecs/aws//modules/cluster | 5.6.0 |
+| [ecs\_cluster](#module\_ecs\_cluster) | terraform-aws-modules/ecs/aws//modules/cluster | 6.1.1 |
| [github\_repository\_webhooks](#module\_github\_repository\_webhooks) | ../../modules/github-repository-webhook | n/a |
-| [secrets\_manager](#module\_secrets\_manager) | terraform-aws-modules/secrets-manager/aws | ~> 1.0 |
-| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 |
+| [secrets\_manager](#module\_secrets\_manager) | terraform-aws-modules/secrets-manager/aws | 1.3.1 |
+| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 6.0.1 |
## Resources
diff --git a/examples/github-separate/main.tf b/examples/github-separate/main.tf
index 4d25ea28..ae166792 100644
--- a/examples/github-separate/main.tf
+++ b/examples/github-separate/main.tf
@@ -105,21 +105,21 @@ module "atlantis_disabled" {
module "ecs_cluster" {
source = "terraform-aws-modules/ecs/aws//modules/cluster"
- version = "5.6.0"
+ version = "6.1.1"
# Cluster
- cluster_name = local.name
- cluster_settings = {
+ name = local.name
+ setting = [{
name = "containerInsights"
value = "enabled"
- }
+ }]
tags = local.tags
}
module "alb" {
source = "terraform-aws-modules/alb/aws"
- version = "9.1.0"
+ version = "~> 9.0"
name = local.name
@@ -192,7 +192,7 @@ resource "random_password" "webhook_secret" {
module "secrets_manager" {
source = "terraform-aws-modules/secrets-manager/aws"
- version = "~> 1.0"
+ version = "1.3.1"
for_each = {
github-token = {
@@ -213,7 +213,7 @@ module "secrets_manager" {
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
- version = "~> 5.0"
+ version = "6.0.1"
name = local.name
cidr = local.vpc_cidr
diff --git a/examples/github-separate/versions.tf b/examples/github-separate/versions.tf
index e759c653..abc07c45 100644
--- a/examples/github-separate/versions.tf
+++ b/examples/github-separate/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 1.0"
+ required_version = ">= 1.10"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.0"
+ version = ">= 6.4"
}
github = {
diff --git a/main.tf b/main.tf
index 84317650..adad815c 100644
--- a/main.tf
+++ b/main.tf
@@ -29,7 +29,7 @@ locals {
module "alb" {
source = "terraform-aws-modules/alb/aws"
- version = "9.1.0"
+ version = "9.17.0"
create = var.create && var.create_alb
@@ -168,7 +168,7 @@ module "alb" {
module "acm" {
source = "terraform-aws-modules/acm/aws"
- version = "5.0.0"
+ version = "6.1.0"
create_certificate = var.create && var.create_certificate && var.create_alb
@@ -199,18 +199,19 @@ locals {
module "ecs_cluster" {
source = "terraform-aws-modules/ecs/aws//modules/cluster"
- version = "5.11.0"
+ version = "6.1.1"
create = var.create && var.create_cluster
# Cluster
- cluster_name = try(var.cluster.name, var.name)
- cluster_configuration = try(var.cluster.configuration, {})
- cluster_settings = try(var.cluster.settings, {
- name = "containerInsights"
- value = "enabled"
+ name = try(var.cluster.name, var.name)
+ configuration = try(var.cluster.configuration, {})
+ setting = try(var.cluster.settings, [
+ {
+ name = "containerInsights"
+ value = "enabled"
}
- )
+ ])
# Cloudwatch log group
create_cloudwatch_log_group = try(var.cluster.create_cloudwatch_log_group, true)
@@ -219,20 +220,20 @@ module "ecs_cluster" {
cloudwatch_log_group_tags = try(var.cluster.cloudwatch_log_group_tags, {})
# Capacity providers
- fargate_capacity_providers = try(var.cluster.fargate_capacity_providers, {})
+ default_capacity_provider_strategy = try(var.cluster.default_capacity_provider_strategy, {})
tags = var.tags
}
module "ecs_service" {
source = "terraform-aws-modules/ecs/aws//modules/service"
- version = "5.11.0"
+ version = "6.1.1"
create = var.create
# Service
ignore_task_definition_changes = try(var.service.ignore_task_definition_changes, false)
- alarms = try(var.service.alarms, {})
+ alarms = try(var.service.alarms, { alarm_names = [] })
capacity_provider_strategy = try(var.service.capacity_provider_strategy, {})
cluster_arn = var.create_cluster && var.create ? module.ecs_cluster.arn : var.cluster_arn
deployment_controller = try(var.service.deployment_controller, {})
@@ -264,7 +265,7 @@ module "ecs_service" {
propagate_tags = try(var.service.propagate_tags, null)
scheduling_strategy = try(var.service.scheduling_strategy, null)
service_connect_configuration = lookup(var.service, "service_connect_configuration", {})
- service_registries = lookup(var.service, "service_registries", {})
+ service_registries = try(var.service.service_registries, null)
timeouts = try(var.service.timeouts, {})
triggers = try(var.service.triggers, {})
wait_for_steady_state = try(var.service.wait_for_steady_state, null)
@@ -278,7 +279,7 @@ module "ecs_service" {
iam_role_description = try(var.service.iam_role_description, null)
iam_role_permissions_boundary = try(var.service.iam_role_permissions_boundary, null)
iam_role_tags = try(var.service.iam_role_tags, {})
- iam_role_statements = lookup(var.service, "iam_role_statements", {})
+ iam_role_statements = lookup(var.service, "iam_role_statements", [])
# Task definition
create_task_definition = try(var.service.create_task_definition, true)
@@ -355,17 +356,15 @@ module "ecs_service" {
},
lookup(var.service, "container_definitions", {})
)
- container_definition_defaults = lookup(var.service, "container_definition_defaults", {})
cpu = try(var.service.cpu, 1024)
- ephemeral_storage = try(var.service.ephemeral_storage, {})
+ ephemeral_storage = try(var.service.ephemeral_storage, null)
family = try(var.service.family, null)
- inference_accelerator = try(var.service.inference_accelerator, {})
ipc_mode = try(var.service.ipc_mode, null)
memory = try(var.service.memory, 2048)
network_mode = try(var.service.network_mode, "awsvpc")
pid_mode = try(var.service.pid_mode, null)
task_definition_placement_constraints = try(var.service.task_definition_placement_constraints, {})
- proxy_configuration = try(var.service.proxy_configuration, {})
+ proxy_configuration = try(var.service.proxy_configuration, null)
requires_compatibilities = try(var.service.requires_compatibilities, ["FARGATE"])
runtime_platform = try(var.service.runtime_platform, {
operating_system_family = "LINUX"
@@ -405,7 +404,7 @@ module "ecs_service" {
create_task_exec_policy = try(var.service.create_task_exec_policy, true)
task_exec_ssm_param_arns = try(var.service.task_exec_ssm_param_arns, ["arn:aws:ssm:*:*:parameter/*"])
task_exec_secret_arns = try(var.service.task_exec_secret_arns, ["arn:aws:secretsmanager:*:*:secret:*"])
- task_exec_iam_statements = lookup(var.service, "task_exec_iam_statements", {})
+ task_exec_iam_statements = lookup(var.service, "task_exec_iam_statements", [])
# Tasks - IAM role
create_tasks_iam_role = try(var.service.create_tasks_iam_role, true)
@@ -417,7 +416,7 @@ module "ecs_service" {
tasks_iam_role_permissions_boundary = try(var.service.tasks_iam_role_permissions_boundary, null)
tasks_iam_role_tags = try(var.service.tasks_iam_role_tags, {})
tasks_iam_role_policies = lookup(var.service, "tasks_iam_role_policies", {})
- tasks_iam_role_statements = lookup(var.service, "tasks_iam_role_statements", {})
+ tasks_iam_role_statements = lookup(var.service, "tasks_iam_role_statements", [])
# Task set
external_id = try(var.service.external_id, null)
@@ -438,26 +437,32 @@ module "ecs_service" {
security_group_name = try(var.service.security_group_name, null)
security_group_use_name_prefix = try(var.service.security_group_use_name_prefix, true)
security_group_description = try(var.service.security_group_description, null)
- security_group_rules = merge(
+ security_group_ingress_rules = merge(
{
atlantis = {
- type = "ingress"
- from_port = local.atlantis_port
- to_port = local.atlantis_port
- protocol = "tcp"
- source_security_group_id = var.create_alb ? module.alb.security_group_id : var.alb_security_group_id
+ description = "Allow traffic from ALB to Atlantis"
+ from_port = local.atlantis_port
+ to_port = local.atlantis_port
+ ip_protocol = "tcp"
+ referenced_security_group_id = var.create_alb ? module.alb.security_group_id : var.alb_security_group_id
}
},
- lookup(var.service, "security_group_rules", {
+ lookup(var.service, "security_group_ingress_rules", {})
+ )
+
+ security_group_egress_rules = merge(
+ {
egress = {
- type = "egress"
+ description = "Allow all outbound traffic"
from_port = 0
to_port = 0
- protocol = "-1"
- cidr_blocks = ["0.0.0.0/0"]
+ ip_protocol = "-1"
+ cidr_ipv4 = "0.0.0.0/0"
}
- })
+ },
+ lookup(var.service, "security_group_egress_rules", {})
)
+
security_group_tags = try(var.service.security_group_tags, {})
tags = var.tags
@@ -469,7 +474,7 @@ module "ecs_service" {
module "efs" {
source = "terraform-aws-modules/efs/aws"
- version = "1.3.1"
+ version = "1.7.0"
create = var.create && var.enable_efs
name = try(var.efs.name, var.name)
diff --git a/modules/github-repository-webhook/README.md b/modules/github-repository-webhook/README.md
index f7c2fca9..f9c7b16e 100644
--- a/modules/github-repository-webhook/README.md
+++ b/modules/github-repository-webhook/README.md
@@ -5,7 +5,7 @@
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.0 |
+| [terraform](#requirement\_terraform) | >= 1.10 |
| [github](#requirement\_github) | >= 5.0 |
## Providers
diff --git a/modules/github-repository-webhook/versions.tf b/modules/github-repository-webhook/versions.tf
index 51af6b4f..59c89df8 100644
--- a/modules/github-repository-webhook/versions.tf
+++ b/modules/github-repository-webhook/versions.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 1.0"
+ required_version = ">= 1.10"
required_providers {
github = {
diff --git a/modules/gitlab-repository-webhook/README.md b/modules/gitlab-repository-webhook/README.md
index e6ebc843..68ddb267 100644
--- a/modules/gitlab-repository-webhook/README.md
+++ b/modules/gitlab-repository-webhook/README.md
@@ -5,7 +5,7 @@
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.1 |
+| [terraform](#requirement\_terraform) | >= 1.10 |
| [gitlab](#requirement\_gitlab) | >= 16.0 |
## Providers
diff --git a/modules/gitlab-repository-webhook/versions.tf b/modules/gitlab-repository-webhook/versions.tf
index d5e390fe..8700516a 100644
--- a/modules/gitlab-repository-webhook/versions.tf
+++ b/modules/gitlab-repository-webhook/versions.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 1.1"
+ required_version = ">= 1.10"
required_providers {
gitlab = {
diff --git a/versions.tf b/versions.tf
index 7117131f..745d7251 100644
--- a/versions.tf
+++ b/versions.tf
@@ -1,3 +1,10 @@
terraform {
- required_version = ">= 1.0"
+ required_version = ">= 1.10"
+
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = ">= 6.4"
+ }
+ }
}