Merge pull request #18 from samstav/0.12upgrade-part2

0.12 upgrade

main.tf

@@ -29,57 +29,53 @@
  *
  */
 
-terraform {
-  required_version = ">= 0.9.0"
+data "aws_caller_identity" "current" {
 }
 
-data "aws_caller_identity" "current" {}
-
 resource "aws_dynamodb_table" "tf_backend_state_lock_table" {
-  count = "${var.dynamodb_lock_table_enabled ? 1 : 0}"
-  name           = "${var.dynamodb_lock_table_name}"
-  read_capacity  = "${var.lock_table_read_capacity}"
-  write_capacity = "${var.lock_table_write_capacity}"
-  hash_key       = "LockID"
-  stream_enabled = "${var.dynamodb_lock_table_stream_enabled}"
-  stream_view_type = "${var.dynamodb_lock_table_stream_enabled ? var.dynamodb_lock_table_stream_view_type : ""}"
+  count            = var.dynamodb_lock_table_enabled ? 1 : 0
+  name             = var.dynamodb_lock_table_name
+  read_capacity    = var.lock_table_read_capacity
+  write_capacity   = var.lock_table_write_capacity
+  hash_key         = "LockID"
+  stream_enabled   = var.dynamodb_lock_table_stream_enabled
+  stream_view_type = var.dynamodb_lock_table_stream_enabled ? var.dynamodb_lock_table_stream_view_type : ""
 
   attribute {
     name = "LockID"
     type = "S"
   }
-  tags {
-    Description = "Terraform state locking table for account ${data.aws_caller_identity.current.account_id}."
+  tags = {
+    Description        = "Terraform state locking table for account ${data.aws_caller_identity.current.account_id}."
     ManagedByTerraform = "true"
-    TerraformModule = "terraform-aws-backend"
+    TerraformModule    = "terraform-aws-backend"
   }
 
   lifecycle {
     prevent_destroy = true
   }
-
 }
 
 resource "aws_s3_bucket" "tf_backend_bucket" {
-  bucket = "${var.backend_bucket}"
-  acl = "private"
+  bucket = var.backend_bucket
+  acl    = "private"
   versioning {
     enabled = true
   }
   logging {
-    target_bucket = "${aws_s3_bucket.tf_backend_logs_bucket.id}"
+    target_bucket = aws_s3_bucket.tf_backend_logs_bucket.id
     target_prefix = "log/"
   }
-  tags {
-    Description = "Terraform S3 Backend bucket which stores the terraform state for account ${data.aws_caller_identity.current.account_id}."
+  tags = {
+    Description        = "Terraform S3 Backend bucket which stores the terraform state for account ${data.aws_caller_identity.current.account_id}."
     ManagedByTerraform = "true"
-    TerraformModule = "terraform-aws-backend"
+    TerraformModule    = "terraform-aws-backend"
   }
   server_side_encryption_configuration {
     rule {
       apply_server_side_encryption_by_default {
-        kms_master_key_id = "${var.kms_key_id}"
-        sse_algorithm     = "${var.kms_key_id == "" ? "AES256" : "aws:kms"}"
+        kms_master_key_id = var.kms_key_id
+        sse_algorithm     = var.kms_key_id == "" ? "AES256" : "aws:kms"
       }
     }
   }
@@ -90,68 +86,68 @@ resource "aws_s3_bucket" "tf_backend_bucket" {
 
 data "aws_iam_policy_document" "tf_backend_bucket_policy" {
   statement {
-    sid = "RequireEncryptedTransport"
+    sid    = "RequireEncryptedTransport"
     effect = "Deny"
     actions = [
       "s3:*",
     ]
     resources = [
-      "${aws_s3_bucket.tf_backend_bucket.arn}/*"
+      "${aws_s3_bucket.tf_backend_bucket.arn}/*",
     ]
     condition {
-      test = "Bool"
+      test     = "Bool"
       variable = "aws:SecureTransport"
       values = [
         false,
       ]
     }
     principals {
-      type = "*"
+      type        = "*"
       identifiers = ["*"]
     }
   }
 
   statement {
-    sid = "RequireEncryptedStorage"
+    sid    = "RequireEncryptedStorage"
     effect = "Deny"
     actions = [
       "s3:PutObject",
     ]
     resources = [
-      "${aws_s3_bucket.tf_backend_bucket.arn}/*"
+      "${aws_s3_bucket.tf_backend_bucket.arn}/*",
     ]
     condition {
-      test = "StringNotEquals"
+      test     = "StringNotEquals"
       variable = "s3:x-amz-server-side-encryption"
       values = [
-        "${var.kms_key_id == "" ? "AES256" : "aws:kms" }"
+        var.kms_key_id == "" ? "AES256" : "aws:kms",
       ]
     }
     principals {
-      type = "*"
+      type        = "*"
       identifiers = ["*"]
     }
   }
 }
 
-
 resource "aws_s3_bucket_policy" "tf_backend_bucket_policy" {
-  bucket = "${aws_s3_bucket.tf_backend_bucket.id}"
-  policy = "${data.aws_iam_policy_document.tf_backend_bucket_policy.json}"
+  bucket = aws_s3_bucket.tf_backend_bucket.id
+  policy = data.aws_iam_policy_document.tf_backend_bucket_policy.json
 }
 
 resource "aws_s3_bucket" "tf_backend_logs_bucket" {
   bucket = "${var.backend_bucket}-logs"
-  acl = "log-delivery-write"
+  acl    = "log-delivery-write"
   versioning {
     enabled = true
   }
-  tags {
-    Purpose = "Logging bucket for ${var.backend_bucket}"
+  tags = {
+    Purpose            = "Logging bucket for ${var.backend_bucket}"
     ManagedByTerraform = "true"
-    TerraformModule = "terraform-aws-backend"
+    TerraformModule    = "terraform-aws-backend"
   }
   lifecycle {
     prevent_destroy = true
   }
 }
+

outputs.tf

@@ -12,21 +12,26 @@
  */
 
 output "s3_backend_bucket_name" {
-  value = "${ join("", aws_s3_bucket.tf_backend_bucket.*.id, aws_s3_bucket.tf_backend_bucket.*.id)}"
+  value = join(
+    "",
+    aws_s3_bucket.tf_backend_bucket.*.id,
+    aws_s3_bucket.tf_backend_bucket.*.id,
+  )
 }
 
 output "dynamodb_lock_table_name" {
-  value = "${aws_dynamodb_table.tf_backend_state_lock_table.*.id}"
+  value = aws_dynamodb_table.tf_backend_state_lock_table.*.id
 }
 
 output "dynamodb_lock_table_arn" {
-  value = "${aws_dynamodb_table.tf_backend_state_lock_table.*.arn}"
+  value = aws_dynamodb_table.tf_backend_state_lock_table.*.arn
 }
 
 output "dynamodb_lock_stream_arn" {
-  value = "${aws_dynamodb_table.tf_backend_state_lock_table.*.stream_arn}"
+  value = aws_dynamodb_table.tf_backend_state_lock_table.*.stream_arn
 }
 
 output "dynamodb_lock_stream_label" {
-  value = "${aws_dynamodb_table.tf_backend_state_lock_table.*.stream_label}"
+  value = aws_dynamodb_table.tf_backend_state_lock_table.*.stream_label
 }
+

variables.tf

@@ -1,12 +1,15 @@
-variable "backend_bucket" {}
+variable "backend_bucket" {
+}
 
 variable "dynamodb_lock_table_enabled" {
-  default = 1
+  type        = bool
+  default     = true
   description = "Affects terraform-aws-backend module behavior. Set to false or 0 to prevent this module from creating the DynamoDB table to use for terraform state locking and consistency. More info on locking for aws/s3 backends: https://www.terraform.io/docs/backends/types/s3.html. More information about how terraform handles booleans here: https://www.terraform.io/docs/configuration/variables.html"
 }
 
 variable "dynamodb_lock_table_stream_enabled" {
-  default = 0
+  type        = bool
+  default     = false
   description = "Affects terraform-aws-backend module behavior. Set to false or 0 to disable DynamoDB Streams for the table. More info on DynamoDB streams: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.html. More information about how terraform handles booleans here: https://www.terraform.io/docs/configuration/variables.html"
 }
 
@@ -19,15 +22,18 @@ variable "dynamodb_lock_table_name" {
 }
 
 variable "lock_table_read_capacity" {
+  type    = number
   default = 1
 }
 
 variable "lock_table_write_capacity" {
+  type    = number
   default = 1
 }
 
 variable "kms_key_id" {
   # Default to absent/blank to use the default aws/s3 aws kms master key
-  default = ""
+  default     = ""
   description = "The AWS KMS master key ID used for the SSE-KMS encryption on the tf state s3 bucket. If the kms_key_id is specified, the bucket default encryption key management method will be set to aws-kms. If the kms_key_id is not specified (the default), then the default encryption key management method will be set to aes-256 (also known as aws-s3 key management). The default aws/s3 AWS KMS master key is used if this element is absent (the default)."
 }
+

versions.tf

@@ -0,0 +1,4 @@
+
+terraform {
+  required_version = ">= 0.12"
+}