Support AWS Provider V5 (#167)

* Support AWS Provider V5

* Support AWS Provider V5

* updates

.github/renovate.json

@@ -1,13 +1,14 @@
 {
   "extends": [
     "config:base",
-    ":preserveSemverRanges"
+    ":preserveSemverRanges",
+    ":rebaseStalePrs"
   ],
-  "baseBranches": ["main", "master", "/^release\\/v\\d{1,2}$/"],
+  "baseBranches": ["main"],
   "labels": ["auto-update"],
   "dependencyDashboardAutoclose": true,
   "enabledManagers": ["terraform"],
   "terraform": {
-    "ignorePaths": ["**/context.tf", "examples/**"]
+    "ignorePaths": ["**/context.tf"]
   }
 }

.github/workflows/release-branch.yml

@@ -10,6 +10,7 @@ on:
       - 'docs/**'
       - 'examples/**'
       - 'test/**'
+      - 'README.*'
 
 permissions:
   contents: write

.github/workflows/release-published.yml

@@ -11,4 +11,4 @@ permissions:
 
 jobs:
   terraform-module:
-    uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release.yml@main
+    uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release-published.yml@main

README.md

@@ -102,10 +102,6 @@ We highly recommend that in your code you pin the version to the exact version y
 using so that your infrastructure remains stable, and update versions in a
 systematic way so that they do not catch you by surprise.
 
-Also, because of a bug in the Terraform registry ([hashicorp/terraform#21417](https://github.com/hashicorp/terraform/issues/21417)),
-the registry shows many of our inputs as required when in fact they are optional.
-The table below correctly indicates which inputs are required.
-
 
 
 ```hcl
@@ -166,7 +162,7 @@ Available targets:
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.35.0 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | >= 2.0 |
 

docs/terraform.md

@@ -3,7 +3,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.35.0 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | >= 2.0 |
 

examples/basic/versions.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.3"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.0"
+    }
+  }
+}

examples/complete/main.tf

@@ -4,21 +4,21 @@ provider "aws" {
 
 module "vpc" {
   source  = "cloudposse/vpc/aws"
-  version = "0.18.2"
+  version = "2.1.0"
 
-  cidr_block = "172.16.0.0/16"
+  ipv4_primary_cidr_block = "172.16.0.0/16"
 
   context = module.this.context
 }
 
 module "subnets" {
   source  = "cloudposse/dynamic-subnets/aws"
-  version = "0.34.0"
+  version = "2.4.1"
 
   availability_zones   = var.availability_zones
   vpc_id               = module.vpc.vpc_id
-  igw_id               = module.vpc.igw_id
-  cidr_block           = module.vpc.vpc_cidr_block
+  igw_id               = [module.vpc.igw_id]
+  ipv4_cidr_block      = [module.vpc.vpc_cidr_block]
   nat_gateway_enabled  = false
   nat_instance_enabled = false
 

examples/complete/versions.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 0.13.0"
+  required_version = ">= 1.3"
 
   required_providers {
     aws = {

examples/docs/versions.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.3"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.0"
+    }
+  }
+}

examples/non_vpc/versions.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.3"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.0"
+    }
+  }
+}

main.tf

@@ -36,7 +36,7 @@ resource "aws_security_group_rule" "ingress_security_groups" {
   to_port                  = var.ingress_port_range_end
   protocol                 = "tcp"
   source_security_group_id = var.security_groups[count.index]
-  security_group_id        = join("", aws_security_group.default.*.id)
+  security_group_id        = join("", aws_security_group.default[*].id)
 }
 
 resource "aws_security_group_rule" "ingress_cidr_blocks" {
@@ -47,7 +47,7 @@ resource "aws_security_group_rule" "ingress_cidr_blocks" {
   to_port           = var.ingress_port_range_end
   protocol          = "tcp"
   cidr_blocks       = var.allowed_cidr_blocks
-  security_group_id = join("", aws_security_group.default.*.id)
+  security_group_id = join("", aws_security_group.default[*].id)
 }
 
 resource "aws_security_group_rule" "egress" {
@@ -58,7 +58,7 @@ resource "aws_security_group_rule" "egress" {
   to_port           = 65535
   protocol          = "tcp"
   cidr_blocks       = ["0.0.0.0/0"]
-  security_group_id = join("", aws_security_group.default.*.id)
+  security_group_id = join("", aws_security_group.default[*].id)
 }
 
 # https://github.com/terraform-providers/terraform-provider-aws/issues/5218
@@ -72,7 +72,7 @@ resource "aws_iam_service_linked_role" "default" {
 resource "aws_iam_role" "elasticsearch_user" {
   count              = module.this.enabled && var.create_elasticsearch_user_role && (length(var.iam_authorizing_role_arns) > 0 || length(var.iam_role_arns) > 0) ? 1 : 0
   name               = module.user_label.id
-  assume_role_policy = join("", data.aws_iam_policy_document.assume_role.*.json)
+  assume_role_policy = join("", data.aws_iam_policy_document.assume_role[*].json)
   description        = "IAM Role to assume to access the Elasticsearch ${module.this.id} cluster"
   tags               = module.user_label.tags
 
@@ -192,7 +192,7 @@ resource "aws_elasticsearch_domain" "default" {
     for_each = var.vpc_enabled ? [true] : []
 
     content {
-      security_group_ids = var.create_security_group ? [join("", aws_security_group.default.*.id)] : var.security_groups
+      security_group_ids = var.create_security_group ? [join("", aws_security_group.default[*].id)] : var.security_groups
       subnet_ids         = var.subnet_ids
     }
   }
@@ -249,8 +249,8 @@ data "aws_iam_policy_document" "default" {
     actions = distinct(compact(var.iam_actions))
 
     resources = [
-      join("", aws_elasticsearch_domain.default.*.arn),
-      "${join("", aws_elasticsearch_domain.default.*.arn)}/*"
+      join("", aws_elasticsearch_domain.default[*].arn),
+      "${join("", aws_elasticsearch_domain.default[*].arn)}/*"
     ]
 
     principals {
@@ -263,15 +263,15 @@ data "aws_iam_policy_document" "default" {
   # https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-ac.html#es-ac-types-ip
   # https://aws.amazon.com/premiumsupport/knowledge-center/anonymous-not-authorized-elasticsearch/
   dynamic "statement" {
-    for_each = length(var.allowed_cidr_blocks) > 0 && ! var.vpc_enabled ? [true] : []
+    for_each = length(var.allowed_cidr_blocks) > 0 && !var.vpc_enabled ? [true] : []
     content {
       effect = "Allow"
 
       actions = distinct(compact(var.iam_actions))
 
       resources = [
-        join("", aws_elasticsearch_domain.default.*.arn),
-        "${join("", aws_elasticsearch_domain.default.*.arn)}/*"
+        join("", aws_elasticsearch_domain.default[*].arn),
+        "${join("", aws_elasticsearch_domain.default[*].arn)}/*"
       ]
 
       principals {
@@ -291,7 +291,7 @@ data "aws_iam_policy_document" "default" {
 resource "aws_elasticsearch_domain_policy" "default" {
   count           = module.this.enabled && (length(var.iam_authorizing_role_arns) > 0 || length(var.iam_role_arns) > 0) ? 1 : 0
   domain_name     = module.this.id
-  access_policies = join("", data.aws_iam_policy_document.default.*.json)
+  access_policies = join("", data.aws_iam_policy_document.default[*].json)
 }
 
 module "domain_hostname" {
@@ -302,7 +302,7 @@ module "domain_hostname" {
   dns_name = var.elasticsearch_subdomain_name == "" ? module.this.id : var.elasticsearch_subdomain_name
   ttl      = 60
   zone_id  = var.dns_zone_id
-  records  = [join("", aws_elasticsearch_domain.default.*.endpoint)]
+  records  = [join("", aws_elasticsearch_domain.default[*].endpoint)]
 
   context = module.this.context
 }
@@ -318,7 +318,7 @@ module "kibana_hostname" {
   # Note: kibana_endpoint is not just a domain name, it includes a path component,
   # and as such is not suitable for a DNS record. The plain endpoint is the
   # hostname portion and should be used for DNS.
-  records = [join("", aws_elasticsearch_domain.default.*.endpoint)]
+  records = [join("", aws_elasticsearch_domain.default[*].endpoint)]
 
   context = module.this.context
 }

outputs.tf

@@ -1,30 +1,30 @@
 output "security_group_id" {
-  value       = join("", aws_security_group.default.*.id)
+  value       = join("", aws_security_group.default[*].id)
   description = "Security Group ID to control access to the Elasticsearch domain"
 }
 
 output "domain_arn" {
-  value       = join("", aws_elasticsearch_domain.default.*.arn)
+  value       = join("", aws_elasticsearch_domain.default[*].arn)
   description = "ARN of the Elasticsearch domain"
 }
 
 output "domain_id" {
-  value       = join("", aws_elasticsearch_domain.default.*.domain_id)
+  value       = join("", aws_elasticsearch_domain.default[*].domain_id)
   description = "Unique identifier for the Elasticsearch domain"
 }
 
 output "domain_name" {
-  value       = join("", aws_elasticsearch_domain.default.*.domain_name)
+  value       = join("", aws_elasticsearch_domain.default[*].domain_name)
   description = "Name of the Elasticsearch domain"
 }
 
 output "domain_endpoint" {
-  value       = join("", aws_elasticsearch_domain.default.*.endpoint)
+  value       = join("", aws_elasticsearch_domain.default[*].endpoint)
   description = "Domain-specific endpoint used to submit index, search, and data upload requests"
 }
 
 output "kibana_endpoint" {
-  value       = join("", aws_elasticsearch_domain.default.*.kibana_endpoint)
+  value       = join("", aws_elasticsearch_domain.default[*].kibana_endpoint)
   description = "Domain-specific endpoint for Kibana without https scheme"
 }
 
@@ -39,11 +39,11 @@ output "kibana_hostname" {
 }
 
 output "elasticsearch_user_iam_role_name" {
-  value       = join(",", aws_iam_role.elasticsearch_user.*.name)
+  value       = join(",", aws_iam_role.elasticsearch_user[*].name)
   description = "The name of the IAM role to allow access to Elasticsearch cluster"
 }
 
 output "elasticsearch_user_iam_role_arn" {
-  value       = join(",", aws_iam_role.elasticsearch_user.*.arn)
+  value       = join(",", aws_iam_role.elasticsearch_user[*].arn)
   description = "The ARN of the IAM role to allow access to Elasticsearch cluster"
 }

versions.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 0.13.0"
+  required_version = ">= 1.3"
 
   required_providers {
     aws = {