From 693f39d0a4877b501c75f9287a72be0e4c68abd7 Mon Sep 17 00:00:00 2001
From: Andy Boughton <abought@gmail.com>
Date: Thu, 7 Mar 2024 15:02:39 -0500
Subject: [PATCH 1/5] Bump AWS provider (step 1) to 4.0, for use in consuming
 module

---
 modules/imputation-iam/versions.tf                  | 2 +-
 modules/imputation-lb/versions.tf                   | 2 +-
 modules/imputation-security-group-rules/versions.tf | 2 +-
 modules/imputation-server/versions.tf               | 2 +-
 versions.tf                                         | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/modules/imputation-iam/versions.tf b/modules/imputation-iam/versions.tf
index ec15da7..7be5ffb 100644
--- a/modules/imputation-iam/versions.tf
+++ b/modules/imputation-iam/versions.tf
@@ -7,7 +7,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 3.0"
+      version = "~> 4.0"
     }
   }
 
diff --git a/modules/imputation-lb/versions.tf b/modules/imputation-lb/versions.tf
index ec15da7..7be5ffb 100644
--- a/modules/imputation-lb/versions.tf
+++ b/modules/imputation-lb/versions.tf
@@ -7,7 +7,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 3.0"
+      version = "~> 4.0"
     }
   }
 
diff --git a/modules/imputation-security-group-rules/versions.tf b/modules/imputation-security-group-rules/versions.tf
index ec15da7..7be5ffb 100644
--- a/modules/imputation-security-group-rules/versions.tf
+++ b/modules/imputation-security-group-rules/versions.tf
@@ -7,7 +7,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 3.0"
+      version = "~> 4.0"
     }
   }
 
diff --git a/modules/imputation-server/versions.tf b/modules/imputation-server/versions.tf
index ec15da7..7be5ffb 100644
--- a/modules/imputation-server/versions.tf
+++ b/modules/imputation-server/versions.tf
@@ -7,7 +7,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 3.0"
+      version = "~> 4.0"
     }
   }
 
diff --git a/versions.tf b/versions.tf
index 4d6974e..003cc8a 100644
--- a/versions.tf
+++ b/versions.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 3.0"
+      version = "~> 4.0"
     }
   }
 

From f64b35be5d7fd23658873e1f44d3dac06a28c178 Mon Sep 17 00:00:00 2001
From: Andy Boughton <abought@gmail.com>
Date: Fri, 8 Mar 2024 15:07:42 -0500
Subject: [PATCH 2/5] Bump AWS provider (step 2) to 5.x, for use in consuming
 module

Also updates VPC module, which is only used in example but would otherwise throw errors
---
 main.tf                                             | 2 +-
 modules/imputation-iam/versions.tf                  | 2 +-
 modules/imputation-lb/versions.tf                   | 2 +-
 modules/imputation-security-group-rules/versions.tf | 2 +-
 modules/imputation-server/versions.tf               | 2 +-
 versions.tf                                         | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/main.tf b/main.tf
index 5653608..df0d286 100644
--- a/main.tf
+++ b/main.tf
@@ -16,7 +16,7 @@ data "aws_region" "current" {}
 
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "3.1.0"
+  version = "5.0.0"
 
   name = "imputation-example-vpc"
   cidr = "10.120.0.0/16"
diff --git a/modules/imputation-iam/versions.tf b/modules/imputation-iam/versions.tf
index 7be5ffb..33e5fe6 100644
--- a/modules/imputation-iam/versions.tf
+++ b/modules/imputation-iam/versions.tf
@@ -7,7 +7,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 4.0"
+      version = "~> 5.0"
     }
   }
 
diff --git a/modules/imputation-lb/versions.tf b/modules/imputation-lb/versions.tf
index 7be5ffb..33e5fe6 100644
--- a/modules/imputation-lb/versions.tf
+++ b/modules/imputation-lb/versions.tf
@@ -7,7 +7,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 4.0"
+      version = "~> 5.0"
     }
   }
 
diff --git a/modules/imputation-security-group-rules/versions.tf b/modules/imputation-security-group-rules/versions.tf
index 7be5ffb..33e5fe6 100644
--- a/modules/imputation-security-group-rules/versions.tf
+++ b/modules/imputation-security-group-rules/versions.tf
@@ -7,7 +7,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 4.0"
+      version = "~> 5.0"
     }
   }
 
diff --git a/modules/imputation-server/versions.tf b/modules/imputation-server/versions.tf
index 7be5ffb..33e5fe6 100644
--- a/modules/imputation-server/versions.tf
+++ b/modules/imputation-server/versions.tf
@@ -7,7 +7,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 4.0"
+      version = "~> 5.0"
     }
   }
 
diff --git a/versions.tf b/versions.tf
index 003cc8a..890b5c4 100644
--- a/versions.tf
+++ b/versions.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 4.0"
+      version = "~> 5.0"
     }
   }
 

From 8eb8b1d9aa610b75d2507ecc8e90c5b6e8da6379 Mon Sep 17 00:00:00 2001
From: Andy Boughton <abought@gmail.com>
Date: Tue, 12 Mar 2024 17:08:32 -0400
Subject: [PATCH 3/5] Update ELB security policies to newest recommended; make
 consistent across instances.

See:
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html
---
 modules/imputation-lb/variables.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/imputation-lb/variables.tf b/modules/imputation-lb/variables.tf
index 0202fb3..443e1c0 100644
--- a/modules/imputation-lb/variables.tf
+++ b/modules/imputation-lb/variables.tf
@@ -69,7 +69,7 @@ variable "port" {
 
 variable "ssl_policy" {
   description = "The name of the SSL Policy for the listener"
-  default     = "ELBSecurityPolicy-2016-08"
+  default     = "ELBSecurityPolicy-TLS13-1-2-2021-06"
   type        = string
 }
 

From d9af20cb031864c96e2822f6512cd09b9d1269dd Mon Sep 17 00:00:00 2001
From: Andy Boughton <abought@gmail.com>
Date: Wed, 13 Mar 2024 18:09:12 -0400
Subject: [PATCH 4/5] Update EMR policies to v2 and add required tags

---
 main.tf                                | 2 +-
 modules/imputation-iam/main.tf         | 3 ++-
 modules/imputation-server/variables.tf | 4 +++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/main.tf b/main.tf
index df0d286..5564054 100644
--- a/main.tf
+++ b/main.tf
@@ -16,7 +16,7 @@ data "aws_region" "current" {}
 
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "5.0.0"
+  version = "5.5.3"
 
   name = "imputation-example-vpc"
   cidr = "10.120.0.0/16"
diff --git a/modules/imputation-iam/main.tf b/modules/imputation-iam/main.tf
index e48f3b3..41b4a4a 100644
--- a/modules/imputation-iam/main.tf
+++ b/modules/imputation-iam/main.tf
@@ -50,7 +50,7 @@ resource "aws_iam_role" "emr" {
 
 resource "aws_iam_role_policy_attachment" "emr" {
   role       = aws_iam_role.emr.name
-  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole"
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEMRServicePolicy_v2"
 }
 
 resource "aws_iam_role" "ec2" {
@@ -62,6 +62,7 @@ resource "aws_iam_role" "ec2" {
 
 resource "aws_iam_role_policy_attachment" "ec2" {
   role       = aws_iam_role.ec2.name
+  # NOTE: Deprecated, but with no replacement policy; we'd need to develop our own
   policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role"
 }
 
diff --git a/modules/imputation-server/variables.tf b/modules/imputation-server/variables.tf
index 181b751..119a20a 100644
--- a/modules/imputation-server/variables.tf
+++ b/modules/imputation-server/variables.tf
@@ -154,7 +154,9 @@ variable "ec2_iam_role_tags" {
 
 variable "emr_cluster_tags" {
   description = "Tags to be applied to the EMR cluster"
-  default     = {}
+  default     = {
+    "for-use-with-amazon-emr-managed-policies": true
+  }
   type        = map(string)
 }
 

From 5a84913ed33b7ac5d71d9957796344e2d0586816 Mon Sep 17 00:00:00 2001
From: Andy Boughton <abought@gmail.com>
Date: Wed, 13 Mar 2024 18:12:05 -0400
Subject: [PATCH 5/5] Appease linter

---
 modules/imputation-iam/main.tf         | 2 +-
 modules/imputation-server/variables.tf | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/modules/imputation-iam/main.tf b/modules/imputation-iam/main.tf
index 41b4a4a..dde819c 100644
--- a/modules/imputation-iam/main.tf
+++ b/modules/imputation-iam/main.tf
@@ -61,7 +61,7 @@ resource "aws_iam_role" "ec2" {
 }
 
 resource "aws_iam_role_policy_attachment" "ec2" {
-  role       = aws_iam_role.ec2.name
+  role = aws_iam_role.ec2.name
   # NOTE: Deprecated, but with no replacement policy; we'd need to develop our own
   policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role"
 }
diff --git a/modules/imputation-server/variables.tf b/modules/imputation-server/variables.tf
index 119a20a..c30ae18 100644
--- a/modules/imputation-server/variables.tf
+++ b/modules/imputation-server/variables.tf
@@ -154,10 +154,10 @@ variable "ec2_iam_role_tags" {
 
 variable "emr_cluster_tags" {
   description = "Tags to be applied to the EMR cluster"
-  default     = {
-    "for-use-with-amazon-emr-managed-policies": true
+  default = {
+    "for-use-with-amazon-emr-managed-policies" : true
   }
-  type        = map(string)
+  type = map(string)
 }
 
 variable "emr_iam_role_tags" {