Skip to content

chore: Update to use current upstream modules #422

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 18 commits into
base: master
Choose a base branch
from
Open

chore: Update to use current upstream modules #422

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
d0cbbc4
Add logic to name EFS Uniquely
Andrews-repo Jan 5, 2024
8f906d5
Merge branch 'master' into master
bryantbiggs Jan 18, 2024
ab0b80f
Merge remote-tracking branch 'origin'
Andrews-repo Jul 29, 2025
39bde8e
update module
Andrews-repo Jul 29, 2025
4f54395
update module
Andrews-repo Jul 29, 2025
e4f1bec
update module
Andrews-repo Jul 29, 2025
23b17eb
update module
Andrews-repo Jul 29, 2025
345f4cf
update module
Andrews-repo Jul 29, 2025
d48a2d7
update module
Andrews-repo Jul 29, 2025
7c34027
update module
Andrews-repo Jul 29, 2025
1aafa48
update module
Andrews-repo Jul 29, 2025
c5628d8
update module
Andrews-repo Jul 29, 2025
337bac9
update module
Andrews-repo Jul 30, 2025
af15df2
update module
Andrews-repo Jul 30, 2025
67ef71c
update module
Andrews-repo Jul 30, 2025
b33e105
update module
Andrews-repo Jul 30, 2025
4f3449b
Update examples/github-separate/main.tf
Andrews-repo Aug 5, 2025
18bab4d
Update examples/github-complete/main.tf
Andrews-repo Aug 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .pre-commit-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
repos:
- repo: https://github.com/antonbabenko/pre-commit-terraform
rev: v1.96.1
rev: v1.99.4
hooks:
- id: terraform_fmt
- id: terraform_docs
Expand Down
13 changes: 7 additions & 6 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -210,7 +210,8 @@ module "atlantis" {

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.10 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.4 |

## Providers

Expand All @@ -220,11 +221,11 @@ No providers.

| Name | Source | Version |
|------|--------|---------|
| <a name="module_acm"></a> [acm](#module\_acm) | terraform-aws-modules/acm/aws | 5.0.0 |
| <a name="module_alb"></a> [alb](#module\_alb) | terraform-aws-modules/alb/aws | 9.1.0 |
| <a name="module_ecs_cluster"></a> [ecs\_cluster](#module\_ecs\_cluster) | terraform-aws-modules/ecs/aws//modules/cluster | 5.11.0 |
| <a name="module_ecs_service"></a> [ecs\_service](#module\_ecs\_service) | terraform-aws-modules/ecs/aws//modules/service | 5.11.0 |
| <a name="module_efs"></a> [efs](#module\_efs) | terraform-aws-modules/efs/aws | 1.3.1 |
| <a name="module_acm"></a> [acm](#module\_acm) | terraform-aws-modules/acm/aws | 6.1.0 |
| <a name="module_alb"></a> [alb](#module\_alb) | terraform-aws-modules/alb/aws | 9.17.0 |
| <a name="module_ecs_cluster"></a> [ecs\_cluster](#module\_ecs\_cluster) | terraform-aws-modules/ecs/aws//modules/cluster | 6.1.1 |
| <a name="module_ecs_service"></a> [ecs\_service](#module\_ecs\_service) | terraform-aws-modules/ecs/aws//modules/service | 6.1.1 |
| <a name="module_efs"></a> [efs](#module\_efs) | terraform-aws-modules/efs/aws | 1.7.0 |

## Resources

Expand Down
10 changes: 5 additions & 5 deletions examples/github-complete/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,16 +19,16 @@ Note that this example may create resources which cost money. Run `terraform des

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.10 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.4 |
| <a name="requirement_github"></a> [github](#requirement\_github) | >= 5.0 |
| <a name="requirement_random"></a> [random](#requirement\_random) | >= 3.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.4 |
| <a name="provider_random"></a> [random](#provider\_random) | >= 3.0 |

## Modules
Expand All @@ -37,8 +37,8 @@ Note that this example may create resources which cost money. Run `terraform des
|------|--------|---------|
| <a name="module_atlantis"></a> [atlantis](#module\_atlantis) | ../../ | n/a |
| <a name="module_github_repository_webhooks"></a> [github\_repository\_webhooks](#module\_github\_repository\_webhooks) | ../../modules/github-repository-webhook | n/a |
| <a name="module_secrets_manager"></a> [secrets\_manager](#module\_secrets\_manager) | terraform-aws-modules/secrets-manager/aws | ~> 1.0 |
| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 |
| <a name="module_secrets_manager"></a> [secrets\_manager](#module\_secrets\_manager) | terraform-aws-modules/secrets-manager/aws | 1.3.1 |
| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 6.0.1 |

## Resources

Expand Down
4 changes: 2 additions & 2 deletions examples/github-complete/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,7 @@ resource "random_password" "webhook_secret" {

module "secrets_manager" {
source = "terraform-aws-modules/secrets-manager/aws"
version = "~> 1.0"
version = "1.3.1"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in examples we don't pin to a specific version, so lets revert changes like this


for_each = {
github-token = {
Expand All @@ -146,7 +146,7 @@ module "secrets_manager" {

module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "~> 5.0"
version = "~> 6.0"

name = local.name
cidr = local.vpc_cidr
Expand Down
4 changes: 2 additions & 2 deletions examples/github-complete/versions.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
terraform {
required_version = ">= 1.0"
required_version = ">= 1.10"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we are only raising to 1.5.7 at this time unless there is a strong reason for going higher - this should be carried throughout

Suggested change
required_version = ">= 1.10"
required_version = ">= 1.5.7"


required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 5.0"
version = ">= 6.4"
}

github = {
Expand Down
14 changes: 7 additions & 7 deletions examples/github-separate/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,29 +19,29 @@ Note that this example may create resources which cost money. Run `terraform des

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.10 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.4 |
| <a name="requirement_github"></a> [github](#requirement\_github) | >= 5.0 |
| <a name="requirement_random"></a> [random](#requirement\_random) | >= 3.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.4 |
| <a name="provider_random"></a> [random](#provider\_random) | >= 3.0 |

## Modules

| Name | Source | Version |
|------|--------|---------|
| <a name="module_alb"></a> [alb](#module\_alb) | terraform-aws-modules/alb/aws | 9.1.0 |
| <a name="module_alb"></a> [alb](#module\_alb) | terraform-aws-modules/alb/aws | 9.17.0 |
| <a name="module_atlantis"></a> [atlantis](#module\_atlantis) | ../../ | n/a |
| <a name="module_atlantis_disabled"></a> [atlantis\_disabled](#module\_atlantis\_disabled) | ../../ | n/a |
| <a name="module_ecs_cluster"></a> [ecs\_cluster](#module\_ecs\_cluster) | terraform-aws-modules/ecs/aws//modules/cluster | 5.6.0 |
| <a name="module_ecs_cluster"></a> [ecs\_cluster](#module\_ecs\_cluster) | terraform-aws-modules/ecs/aws//modules/cluster | 6.1.1 |
| <a name="module_github_repository_webhooks"></a> [github\_repository\_webhooks](#module\_github\_repository\_webhooks) | ../../modules/github-repository-webhook | n/a |
| <a name="module_secrets_manager"></a> [secrets\_manager](#module\_secrets\_manager) | terraform-aws-modules/secrets-manager/aws | ~> 1.0 |
| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 |
| <a name="module_secrets_manager"></a> [secrets\_manager](#module\_secrets\_manager) | terraform-aws-modules/secrets-manager/aws | 1.3.1 |
| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 6.0.1 |

## Resources

Expand Down
14 changes: 7 additions & 7 deletions examples/github-separate/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,21 +105,21 @@ module "atlantis_disabled" {

module "ecs_cluster" {
source = "terraform-aws-modules/ecs/aws//modules/cluster"
version = "5.6.0"
version = "6.1.1"

# Cluster
cluster_name = local.name
cluster_settings = {
name = local.name
setting = [{
name = "containerInsights"
value = "enabled"
}
}]

tags = local.tags
}

module "alb" {
source = "terraform-aws-modules/alb/aws"
version = "9.1.0"
version = "~> 9.0"

name = local.name

Expand Down Expand Up @@ -192,7 +192,7 @@ resource "random_password" "webhook_secret" {

module "secrets_manager" {
source = "terraform-aws-modules/secrets-manager/aws"
version = "~> 1.0"
version = "1.3.1"

for_each = {
github-token = {
Expand All @@ -213,7 +213,7 @@ module "secrets_manager" {

module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "~> 5.0"
version = "6.0.1"

name = local.name
cidr = local.vpc_cidr
Expand Down
4 changes: 2 additions & 2 deletions examples/github-separate/versions.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
terraform {
required_version = ">= 1.0"
required_version = ">= 1.10"

required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 5.0"
version = ">= 6.4"
}

github = {
Expand Down
69 changes: 37 additions & 32 deletions main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ locals {

module "alb" {
source = "terraform-aws-modules/alb/aws"
version = "9.1.0"
version = "9.17.0"

create = var.create && var.create_alb

Expand Down Expand Up @@ -168,7 +168,7 @@ module "alb" {

module "acm" {
source = "terraform-aws-modules/acm/aws"
version = "5.0.0"
version = "6.1.0"

create_certificate = var.create && var.create_certificate && var.create_alb

Expand Down Expand Up @@ -199,18 +199,19 @@ locals {

module "ecs_cluster" {
source = "terraform-aws-modules/ecs/aws//modules/cluster"
version = "5.11.0"
version = "6.1.1"

create = var.create && var.create_cluster

# Cluster
cluster_name = try(var.cluster.name, var.name)
cluster_configuration = try(var.cluster.configuration, {})
cluster_settings = try(var.cluster.settings, {
name = "containerInsights"
value = "enabled"
name = try(var.cluster.name, var.name)
configuration = try(var.cluster.configuration, {})
setting = try(var.cluster.settings, [
{
name = "containerInsights"
value = "enabled"
}
)
])

# Cloudwatch log group
create_cloudwatch_log_group = try(var.cluster.create_cloudwatch_log_group, true)
Expand All @@ -219,20 +220,20 @@ module "ecs_cluster" {
cloudwatch_log_group_tags = try(var.cluster.cloudwatch_log_group_tags, {})

# Capacity providers
fargate_capacity_providers = try(var.cluster.fargate_capacity_providers, {})
default_capacity_provider_strategy = try(var.cluster.default_capacity_provider_strategy, {})

tags = var.tags
}

module "ecs_service" {
source = "terraform-aws-modules/ecs/aws//modules/service"
version = "5.11.0"
version = "6.1.1"

create = var.create

# Service
ignore_task_definition_changes = try(var.service.ignore_task_definition_changes, false)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

with the variable optional attributes, a lot of these try(() blocks should be removed

alarms = try(var.service.alarms, {})
alarms = try(var.service.alarms, { alarm_names = [] })
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why this change?

capacity_provider_strategy = try(var.service.capacity_provider_strategy, {})
cluster_arn = var.create_cluster && var.create ? module.ecs_cluster.arn : var.cluster_arn
deployment_controller = try(var.service.deployment_controller, {})
Expand Down Expand Up @@ -264,7 +265,7 @@ module "ecs_service" {
propagate_tags = try(var.service.propagate_tags, null)
scheduling_strategy = try(var.service.scheduling_strategy, null)
service_connect_configuration = lookup(var.service, "service_connect_configuration", {})
service_registries = lookup(var.service, "service_registries", {})
service_registries = try(var.service.service_registries, null)
timeouts = try(var.service.timeouts, {})
triggers = try(var.service.triggers, {})
wait_for_steady_state = try(var.service.wait_for_steady_state, null)
Expand All @@ -278,7 +279,7 @@ module "ecs_service" {
iam_role_description = try(var.service.iam_role_description, null)
iam_role_permissions_boundary = try(var.service.iam_role_permissions_boundary, null)
iam_role_tags = try(var.service.iam_role_tags, {})
iam_role_statements = lookup(var.service, "iam_role_statements", {})
iam_role_statements = lookup(var.service, "iam_role_statements", [])

# Task definition
create_task_definition = try(var.service.create_task_definition, true)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the container definition input values are now camelCased - so most of these below are incorrect

Expand Down Expand Up @@ -355,17 +356,15 @@ module "ecs_service" {
},
lookup(var.service, "container_definitions", {})
)
container_definition_defaults = lookup(var.service, "container_definition_defaults", {})
cpu = try(var.service.cpu, 1024)
ephemeral_storage = try(var.service.ephemeral_storage, {})
ephemeral_storage = try(var.service.ephemeral_storage, null)
family = try(var.service.family, null)
inference_accelerator = try(var.service.inference_accelerator, {})
ipc_mode = try(var.service.ipc_mode, null)
memory = try(var.service.memory, 2048)
network_mode = try(var.service.network_mode, "awsvpc")
pid_mode = try(var.service.pid_mode, null)
task_definition_placement_constraints = try(var.service.task_definition_placement_constraints, {})
proxy_configuration = try(var.service.proxy_configuration, {})
proxy_configuration = try(var.service.proxy_configuration, null)
requires_compatibilities = try(var.service.requires_compatibilities, ["FARGATE"])
runtime_platform = try(var.service.runtime_platform, {
operating_system_family = "LINUX"
Expand Down Expand Up @@ -405,7 +404,7 @@ module "ecs_service" {
create_task_exec_policy = try(var.service.create_task_exec_policy, true)
task_exec_ssm_param_arns = try(var.service.task_exec_ssm_param_arns, ["arn:aws:ssm:*:*:parameter/*"])
task_exec_secret_arns = try(var.service.task_exec_secret_arns, ["arn:aws:secretsmanager:*:*:secret:*"])
task_exec_iam_statements = lookup(var.service, "task_exec_iam_statements", {})
task_exec_iam_statements = lookup(var.service, "task_exec_iam_statements", [])

# Tasks - IAM role
create_tasks_iam_role = try(var.service.create_tasks_iam_role, true)
Expand All @@ -417,7 +416,7 @@ module "ecs_service" {
tasks_iam_role_permissions_boundary = try(var.service.tasks_iam_role_permissions_boundary, null)
tasks_iam_role_tags = try(var.service.tasks_iam_role_tags, {})
tasks_iam_role_policies = lookup(var.service, "tasks_iam_role_policies", {})
tasks_iam_role_statements = lookup(var.service, "tasks_iam_role_statements", {})
tasks_iam_role_statements = lookup(var.service, "tasks_iam_role_statements", [])

# Task set
external_id = try(var.service.external_id, null)
Expand All @@ -438,26 +437,32 @@ module "ecs_service" {
security_group_name = try(var.service.security_group_name, null)
security_group_use_name_prefix = try(var.service.security_group_use_name_prefix, true)
security_group_description = try(var.service.security_group_description, null)
security_group_rules = merge(
security_group_ingress_rules = merge(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what is the plan for an upgrade guide for these disruptive/breaking changes?

{
atlantis = {
type = "ingress"
from_port = local.atlantis_port
to_port = local.atlantis_port
protocol = "tcp"
source_security_group_id = var.create_alb ? module.alb.security_group_id : var.alb_security_group_id
description = "Allow traffic from ALB to Atlantis"
from_port = local.atlantis_port
to_port = local.atlantis_port
ip_protocol = "tcp"
referenced_security_group_id = var.create_alb ? module.alb.security_group_id : var.alb_security_group_id
}
},
lookup(var.service, "security_group_rules", {
lookup(var.service, "security_group_ingress_rules", {})
)

security_group_egress_rules = merge(
{
egress = {
type = "egress"
description = "Allow all outbound traffic"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ip_protocol = "-1"
cidr_ipv4 = "0.0.0.0/0"
}
})
},
lookup(var.service, "security_group_egress_rules", {})
)

security_group_tags = try(var.service.security_group_tags, {})

tags = var.tags
Expand All @@ -469,7 +474,7 @@ module "ecs_service" {

module "efs" {
source = "terraform-aws-modules/efs/aws"
version = "1.3.1"
version = "1.7.0"

create = var.create && var.enable_efs
name = try(var.efs.name, var.name)
Expand Down
2 changes: 1 addition & 1 deletion modules/github-repository-webhook/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.10 |
| <a name="requirement_github"></a> [github](#requirement\_github) | >= 5.0 |

## Providers
Expand Down
2 changes: 1 addition & 1 deletion modules/github-repository-webhook/versions.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 1.0"
required_version = ">= 1.10"

required_providers {
github = {
Expand Down
2 changes: 1 addition & 1 deletion modules/gitlab-repository-webhook/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.1 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.10 |
| <a name="requirement_gitlab"></a> [gitlab](#requirement\_gitlab) | >= 16.0 |

## Providers
Expand Down
Loading
Loading