DEVOPS-3240 AWS Provider 6.0 compatibility

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
 - repo: https://github.com/pre-commit/pre-commit-hooks
-  rev: v4.4.0
+  rev: v5.0.0
   hooks:
   - id: check-added-large-files
     args: ['--maxkb=500']
@@ -17,7 +17,7 @@ repos:
     args: ['--allow-missing-credentials']
   - id: trailing-whitespace
 - repo: https://github.com/antonbabenko/pre-commit-terraform
-  rev: v1.81.0
+  rev: v1.100.0
   hooks:
   - id: terraform_fmt
   - id: terraform_docs

CHANGELOG.md

@@ -7,6 +7,18 @@ All notable changes to this project will be documented in this file.
 
 
 
+<a name="2.6.1"></a>
+## [2.6.1] - 2023-08-07
+
+- Fixes README example to use public_subnets ([#25](https://github.com/umotif-public/terraform-aws-bastion/issues/25))
+
+
+<a name="2.6.0"></a>
+## [2.6.0] - 2023-07-19
+
+- Added new ebs features ([#24](https://github.com/umotif-public/terraform-aws-bastion/issues/24))
+
+
 <a name="2.5.0"></a>
 ## [2.5.0] - 2023-07-17
 
@@ -155,7 +167,9 @@ All notable changes to this project will be documented in this file.
 - Initial commit
 
 
-[Unreleased]: https://github.com/umotif-public/terraform-aws-bastion/compare/2.5.0...HEAD
+[Unreleased]: https://github.com/umotif-public/terraform-aws-bastion/compare/2.6.1...HEAD
+[2.6.1]: https://github.com/umotif-public/terraform-aws-bastion/compare/2.6.0...2.6.1
+[2.6.0]: https://github.com/umotif-public/terraform-aws-bastion/compare/2.5.0...2.6.0
 [2.5.0]: https://github.com/umotif-public/terraform-aws-bastion/compare/2.4.3...2.5.0
 [2.4.3]: https://github.com/umotif-public/terraform-aws-bastion/compare/2.4.2...2.4.3
 [2.4.2]: https://github.com/umotif-public/terraform-aws-bastion/compare/2.4.1...2.4.2

README.md

@@ -45,7 +45,7 @@ module "bastion" {
 
 Module managed by [uMotif](https://github.com/umotif-public).
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -93,27 +93,27 @@ No modules.
 | <a name="input_asg_scale_up_max_size"></a> [asg\_scale\_up\_max\_size](#input\_asg\_scale\_up\_max\_size) | Auto Scalling Group value for maximum capacity of bastion hosts. Scale up action. | `number` | `1` | no |
 | <a name="input_asg_scale_up_min_size"></a> [asg\_scale\_up\_min\_size](#input\_asg\_scale\_up\_min\_size) | Auto Scalling Group value for minimum capacity of bastion hosts. Scale up action. | `number` | `1` | no |
 | <a name="input_asg_scale_up_recurrence"></a> [asg\_scale\_up\_recurrence](#input\_asg\_scale\_up\_recurrence) | The time when recurring future actions will start. Start time is specified by the user following the Unix cron syntax format. Scale up action. | `string` | `"0 9 * * MON-FRI"` | no |
-| <a name="input_bastion_instance_types"></a> [bastion\_instance\_types](#input\_bastion\_instance\_types) | Bastion instance types used for spot instances. | `list(string)` | <pre>[<br>  "t4g.nano",<br>  "t4g.micro",<br>  "t4g.small"<br>]</pre> | no |
-| <a name="input_block_device_mappings"></a> [block\_device\_mappings](#input\_block\_device\_mappings) | Specify volumes to attach to the instance besides the volumes specified by the AMI | <pre>list(object({<br>    device_name  = string<br>    no_device    = optional(string)<br>    virtual_name = optional(string)<br>    ebs = optional(object({<br>      delete_on_termination = optional(bool, true)<br>      encrypted             = optional(bool, true)<br>      iops                  = optional(number)<br>      kms_key_id            = optional(string)<br>      snapshot_id           = optional(string)<br>      volume_size           = optional(number)<br>      volume_type           = optional(string)<br>      throughput            = optional(number)<br>    }))<br>  }))</pre> | `[]` | no |
+| <a name="input_bastion_instance_types"></a> [bastion\_instance\_types](#input\_bastion\_instance\_types) | Bastion instance types used for spot instances. | `list(string)` | <pre>[<br/>  "t4g.nano",<br/>  "t4g.micro",<br/>  "t4g.small"<br/>]</pre> | no |
+| <a name="input_block_device_mappings"></a> [block\_device\_mappings](#input\_block\_device\_mappings) | Specify volumes to attach to the instance besides the volumes specified by the AMI | <pre>list(object({<br/>    device_name  = string<br/>    no_device    = optional(string)<br/>    virtual_name = optional(string)<br/>    ebs = optional(object({<br/>      delete_on_termination = optional(bool, true)<br/>      encrypted             = optional(bool, true)<br/>      iops                  = optional(number)<br/>      kms_key_id            = optional(string)<br/>      snapshot_id           = optional(string)<br/>      volume_size           = optional(number)<br/>      volume_type           = optional(string)<br/>      throughput            = optional(number)<br/>    }))<br/>  }))</pre> | `[]` | no |
 | <a name="input_desired_capacity"></a> [desired\_capacity](#input\_desired\_capacity) | Auto Scalling Group value for desired capacity of bastion hosts. | `number` | `1` | no |
 | <a name="input_ebs_optimized"></a> [ebs\_optimized](#input\_ebs\_optimized) | If true, the launched EC2 instance will be EBS-optimized | `bool` | `null` | no |
-| <a name="input_egress_cidr_blocks"></a> [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of CIDR ranges to allow outbound traffic at security group level. Defaults to 0.0.0.0/0 | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
-| <a name="input_egress_ipv6_cidr_blocks"></a> [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to allow outbound traffic at security group level. Defaults to ::/0 | `list(string)` | <pre>[<br>  "::/0"<br>]</pre> | no |
+| <a name="input_egress_cidr_blocks"></a> [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of CIDR ranges to allow outbound traffic at security group level. Defaults to 0.0.0.0/0 | `list(string)` | <pre>[<br/>  "0.0.0.0/0"<br/>]</pre> | no |
+| <a name="input_egress_ipv6_cidr_blocks"></a> [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to allow outbound traffic at security group level. Defaults to ::/0 | `list(string)` | <pre>[<br/>  "::/0"<br/>]</pre> | no |
 | <a name="input_enable_asg_scale_down"></a> [enable\_asg\_scale\_down](#input\_enable\_asg\_scale\_down) | n/a | `bool` | `false` | no |
 | <a name="input_enable_asg_scale_up"></a> [enable\_asg\_scale\_up](#input\_enable\_asg\_scale\_up) | n/a | `bool` | `false` | no |
 | <a name="input_hosted_zone_id"></a> [hosted\_zone\_id](#input\_hosted\_zone\_id) | Hosted zone id where A record will be added for bastion host/s. | `string` | `""` | no |
-| <a name="input_ingress_cidr_blocks"></a> [ingress\_cidr\_blocks](#input\_ingress\_cidr\_blocks) | List of CIDR ranges to allow ssh access at security group level. Defaults to 0.0.0.0/0 | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
-| <a name="input_ingress_ipv6_cidr_blocks"></a> [ingress\_ipv6\_cidr\_blocks](#input\_ingress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to allow ssh access at security group level. Defaults to ::/0 | `list(string)` | <pre>[<br>  "::/0"<br>]</pre> | no |
+| <a name="input_ingress_cidr_blocks"></a> [ingress\_cidr\_blocks](#input\_ingress\_cidr\_blocks) | List of CIDR ranges to allow ssh access at security group level. Defaults to 0.0.0.0/0 | `list(string)` | <pre>[<br/>  "0.0.0.0/0"<br/>]</pre> | no |
+| <a name="input_ingress_ipv6_cidr_blocks"></a> [ingress\_ipv6\_cidr\_blocks](#input\_ingress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to allow ssh access at security group level. Defaults to ::/0 | `list(string)` | <pre>[<br/>  "::/0"<br/>]</pre> | no |
 | <a name="input_max_size"></a> [max\_size](#input\_max\_size) | Auto Scalling Group value for maximum capacity of bastion hosts. | `number` | `1` | no |
 | <a name="input_min_size"></a> [min\_size](#input\_min\_size) | Auto Scalling Group value for minimum capacity of bastion hosts. | `number` | `1` | no |
 | <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | A prefix used for naming resources. | `string` | n/a | yes |
 | <a name="input_on_demand_base_capacity"></a> [on\_demand\_base\_capacity](#input\_on\_demand\_base\_capacity) | Auto Scalling Group value for desired capacity for instance lifecycle type on-demand of bastion hosts. | `number` | `0` | no |
 | <a name="input_public_subnets"></a> [public\_subnets](#input\_public\_subnets) | Classless Inter-Domain Routing ranges for public subnets. | `list(string)` | n/a | yes |
 | <a name="input_ssh_key_name"></a> [ssh\_key\_name](#input\_ssh\_key\_name) | SSH key used to connect to the bastion host | `string` | n/a | yes |
 | <a name="input_ssh_port"></a> [ssh\_port](#input\_ssh\_port) | SSH port used to access a bastion host. | `number` | `22` | no |
-| <a name="input_tag_specifications"></a> [tag\_specifications](#input\_tag\_specifications) | The tags to apply to the resources during launch. You can tag instances, volumes, elastic GPUs and spot instance requests. | `list(string)` | <pre>[<br>  "instance",<br>  "volume",<br>  "network-interface",<br>  "spot-instances-request"<br>]</pre> | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | Default tags attached to all resources. | `map(string)` | <pre>{<br>  "ServiceType": "ceng-eks"<br>}</pre> | no |
-| <a name="input_termination_policies"></a> [termination\_policies](#input\_termination\_policies) | A list of policies to decide how the instances in the auto scale group should be terminated. The allowed values are OldestInstance, NewestInstance, OldestLaunchConfiguration, ClosestToNextInstanceHour, OldestLaunchTemplate, AllocationStrategy. | `list(string)` | <pre>[<br>  "OldestInstance"<br>]</pre> | no |
+| <a name="input_tag_specifications"></a> [tag\_specifications](#input\_tag\_specifications) | The tags to apply to the resources during launch. You can tag instances, volumes, elastic GPUs and spot instance requests. | `list(string)` | <pre>[<br/>  "instance",<br/>  "volume",<br/>  "network-interface",<br/>  "spot-instances-request"<br/>]</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | Default tags attached to all resources. | `map(string)` | <pre>{<br/>  "ServiceType": "ceng-eks"<br/>}</pre> | no |
+| <a name="input_termination_policies"></a> [termination\_policies](#input\_termination\_policies) | A list of policies to decide how the instances in the auto scale group should be terminated. The allowed values are OldestInstance, NewestInstance, OldestLaunchConfiguration, ClosestToNextInstanceHour, OldestLaunchTemplate, AllocationStrategy. | `list(string)` | <pre>[<br/>  "OldestInstance"<br/>]</pre> | no |
 | <a name="input_time_zone"></a> [time\_zone](#input\_time\_zone) | Used for ASG Scale Up/Down. Valid values are the canonical names of the IANA time zones (such as Etc/GMT+9 or London/Europe) | `string` | `"Etc/UTC"` | no |
 | <a name="input_userdata_file_content"></a> [userdata\_file\_content](#input\_userdata\_file\_content) | The user data to provide when launching the instance. | `string` | `""` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC ID where bastion hosts and security groups will be created. | `string` | n/a | yes |
@@ -130,7 +130,7 @@ No modules.
 | <a name="output_launch_template_arn"></a> [launch\_template\_arn](#output\_launch\_template\_arn) | The ARN of the bastion's launch template. |
 | <a name="output_launch_template_id"></a> [launch\_template\_id](#output\_launch\_template\_id) | The ID of the bastion's launch template. |
 | <a name="output_security_group_id"></a> [security\_group\_id](#output\_security\_group\_id) | The ID of the bastion's security group. |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
 
 ## License
 

examples/core/main.tf

@@ -33,9 +33,17 @@ module "bastion" {
   enable_asg_scale_down = true
   enable_asg_scale_up   = true
 
-  delete_on_termination = true
-  volume_size           = 10
-  encrypted             = true
+  block_device_mappings = [
+    {
+      device_name = "/dev/xvda"
+      ebs = {
+        delete_on_termination = true
+        volume_size           = 10
+        encrypted             = true
+        volume_type           = "gp3"
+      }
+    }
+  ]
 
   userdata_file_content = templatefile("./custom-userdata.sh", {}) # if you want to use default one, simply remove this line
 

examples/core/versions.tf

@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.12.0"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 5"
+      version = "~> 6"
     }
   }
 }