feat: Raise MSV of Terraform

Author: bryantbiggs

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.96.1
+    rev: v1.99.4
     hooks:
       - id: terraform_fmt
       - id: terraform_wrapper_module_for_each

README.md

@@ -146,14 +146,14 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.00 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5.7 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.00 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.0 |
 
 ## Modules
 

examples/complete/README.md

@@ -24,14 +24,14 @@ Note that this example may create resources which will incur monetary charges on
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.49 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5.7 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.49 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.0 |
 
 ## Modules
 
@@ -62,8 +62,6 @@ Note that this example may create resources which will incur monetary charges on
 |------|------|
 | [aws_iam_role.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
-| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
-| [aws_region.replica](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 
 ## Inputs
 

examples/complete/main.tf

@@ -2,10 +2,14 @@ provider "aws" {
   region = local.region
 }
 
+data "aws_caller_identity" "current" {}
+
 locals {
-  region           = "us-east-1"
-  replica_region   = "eu-west-1"
-  name             = "kms-ex-${replace(basename(path.cwd), "_", "-")}"
+  region         = "us-east-1"
+  replica_region = "eu-west-1"
+  name           = "kms-ex-${replace(basename(path.cwd), "_", "-")}"
+
+  account_id       = data.aws_caller_identity.current.account_id
   current_identity = data.aws_caller_identity.current.arn
 
   tags = {
@@ -15,12 +19,6 @@ locals {
   }
 }
 
-data "aws_caller_identity" "current" {}
-data "aws_region" "current" {}
-data "aws_region" "replica" {
-  region = local.region
-}
-
 ################################################################################
 # KMS Module
 ################################################################################
@@ -41,7 +39,7 @@ module "kms_complete" {
   key_administrators                     = [local.current_identity]
   key_users                              = [local.current_identity]
   key_service_users                      = [local.current_identity]
-  key_service_roles_for_autoscaling      = ["arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling"]
+  key_service_roles_for_autoscaling      = ["arn:aws:iam::${local.account_id}:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling"]
   key_symmetric_encryption_users         = [local.current_identity]
   key_hmac_users                         = [local.current_identity]
   key_asymmetric_public_encryption_users = [local.current_identity]
@@ -61,7 +59,7 @@ module "kms_complete" {
       principals = [
         {
           type        = "Service"
-          identifiers = ["logs.${data.aws_region.current.region}.amazonaws.com"]
+          identifiers = ["logs.${local.region}.amazonaws.com"]
         }
       ]
 
@@ -70,7 +68,7 @@ module "kms_complete" {
           test     = "ArnLike"
           variable = "kms:EncryptionContext:aws:logs:arn"
           values = [
-            "arn:aws:logs:${local.region}:${data.aws_caller_identity.current.account_id}:log-group:*",
+            "arn:aws:logs:${local.region}:${local.account_id}:log-group:*",
           ]
         }
       ]
@@ -124,7 +122,7 @@ module "kms_complete_other_region" {
   key_administrators                     = [local.current_identity]
   key_users                              = [local.current_identity]
   key_service_users                      = [local.current_identity]
-  key_service_roles_for_autoscaling      = ["arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling"]
+  key_service_roles_for_autoscaling      = ["arn:aws:iam::${local.account_id}:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling"]
   key_symmetric_encryption_users         = [local.current_identity]
   key_hmac_users                         = [local.current_identity]
   key_asymmetric_public_encryption_users = [local.current_identity]
@@ -144,7 +142,7 @@ module "kms_complete_other_region" {
       principals = [
         {
           type        = "Service"
-          identifiers = ["logs.${data.aws_region.replica.region}.amazonaws.com"]
+          identifiers = ["logs.${local.replica_region}.amazonaws.com"]
         }
       ]
 
@@ -153,7 +151,7 @@ module "kms_complete_other_region" {
           test     = "ArnLike"
           variable = "kms:EncryptionContext:aws:logs:arn"
           values = [
-            "arn:aws:logs:${local.replica_region}:${data.aws_caller_identity.current.account_id}:log-group:*",
+            "arn:aws:logs:${local.replica_region}:${local.account_id}:log-group:*",
           ]
         }
       ]
@@ -231,8 +229,8 @@ module "kms_dnssec_signing" {
   enable_key_rotation   = false
   route53_dnssec_sources = [
     {
-      accounts_ids    = [data.aws_caller_identity.current.account_id] # can ommit if using current account ID which is default
-      hosted_zone_arn = "arn:aws:route53:::hostedzone/*"              # can ommit, this is default value
+      accounts_ids    = [local.account_id]               # can ommit if using current account ID which is default
+      hosted_zone_arn = "arn:aws:route53:::hostedzone/*" # can ommit, this is default value
     }
   ]
 
@@ -253,8 +251,8 @@ module "kms_dnssec_signing_other_region" {
   enable_key_rotation   = false
   route53_dnssec_sources = [
     {
-      accounts_ids    = [data.aws_caller_identity.current.account_id] # can ommit if using current account ID which is default
-      hosted_zone_arn = "arn:aws:route53:::hostedzone/*"              # can ommit, this is default value
+      accounts_ids    = [local.account_id]               # can ommit if using current account ID which is default
+      hosted_zone_arn = "arn:aws:route53:::hostedzone/*" # can ommit, this is default value
     }
   ]
   region = local.replica_region

examples/complete/versions.tf

@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.3"
+  required_version = ">= 1.5.7"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.49"
+      version = ">= 6.0"
     }
   }
 }

main.tf

@@ -18,6 +18,8 @@ locals {
 resource "aws_kms_key" "this" {
   count = var.create && !var.create_external && !var.create_replica && !var.create_replica_external ? 1 : 0
 
+  region = var.region
+
   bypass_policy_lockout_safety_check = var.bypass_policy_lockout_safety_check
   customer_master_key_spec           = var.customer_master_key_spec
   custom_key_store_id                = var.custom_key_store_id
@@ -26,7 +28,6 @@ resource "aws_kms_key" "this" {
   enable_key_rotation                = var.enable_key_rotation
   is_enabled                         = var.is_enabled
   key_usage                          = var.key_usage
-  region                             = var.region
   multi_region                       = var.multi_region
   policy                             = coalesce(var.policy, data.aws_iam_policy_document.this[0].json)
   rotation_period_in_days            = var.rotation_period_in_days
@@ -41,12 +42,13 @@ resource "aws_kms_key" "this" {
 resource "aws_kms_external_key" "this" {
   count = var.create && var.create_external && !var.create_replica && !var.create_replica_external ? 1 : 0
 
+  region = var.region
+
   bypass_policy_lockout_safety_check = var.bypass_policy_lockout_safety_check
   deletion_window_in_days            = var.deletion_window_in_days
   description                        = var.description
   enabled                            = var.is_enabled
   key_material_base64                = var.key_material_base64
-  region                             = var.region
   multi_region                       = var.multi_region
   policy                             = coalesce(var.policy, data.aws_iam_policy_document.this[0].json)
   valid_to                           = var.valid_to
@@ -61,13 +63,14 @@ resource "aws_kms_external_key" "this" {
 resource "aws_kms_replica_key" "this" {
   count = var.create && var.create_replica && !var.create_external && !var.create_replica_external ? 1 : 0
 
+  region = var.region
+
   bypass_policy_lockout_safety_check = var.bypass_policy_lockout_safety_check
   deletion_window_in_days            = var.deletion_window_in_days
   description                        = var.description
   primary_key_arn                    = var.primary_key_arn
   enabled                            = var.is_enabled
   policy                             = coalesce(var.policy, data.aws_iam_policy_document.this[0].json)
-  region                             = var.region
 
   tags = var.tags
 }
@@ -79,6 +82,8 @@ resource "aws_kms_replica_key" "this" {
 resource "aws_kms_replica_external_key" "this" {
   count = var.create && !var.create_replica && !var.create_external && var.create_replica_external ? 1 : 0
 
+  region = var.region
+
   bypass_policy_lockout_safety_check = var.bypass_policy_lockout_safety_check
   deletion_window_in_days            = var.deletion_window_in_days
   description                        = var.description
@@ -87,7 +92,6 @@ resource "aws_kms_replica_external_key" "this" {
   policy                             = coalesce(var.policy, data.aws_iam_policy_document.this[0].json)
   primary_key_arn                    = var.primary_external_key_arn
   valid_to                           = var.valid_to
-  region                             = var.region
 
   tags = var.tags
 }
@@ -457,10 +461,11 @@ locals {
 resource "aws_kms_alias" "this" {
   for_each = { for k, v in merge(local.aliases, var.computed_aliases) : k => v if var.create }
 
+  region = var.region
+
   name          = var.aliases_use_name_prefix ? null : "alias/${each.value.name}"
   name_prefix   = var.aliases_use_name_prefix ? "alias/${each.value.name}-" : null
   target_key_id = try(aws_kms_key.this[0].key_id, aws_kms_external_key.this[0].id, aws_kms_replica_key.this[0].key_id, aws_kms_replica_external_key.this[0].key_id)
-  region        = var.region
 }
 
 ################################################################################
@@ -470,11 +475,12 @@ resource "aws_kms_alias" "this" {
 resource "aws_kms_grant" "this" {
   for_each = { for k, v in var.grants : k => v if var.create }
 
+  region = var.region
+
   name              = try(each.value.name, each.key)
   key_id            = try(aws_kms_key.this[0].key_id, aws_kms_external_key.this[0].id, aws_kms_replica_key.this[0].key_id, aws_kms_replica_external_key.this[0].key_id)
   grantee_principal = each.value.grantee_principal
   operations        = each.value.operations
-  region            = var.region
 
   dynamic "constraints" {
     for_each = length(lookup(each.value, "constraints", {})) == 0 ? [] : [each.value.constraints]

versions.tf

@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.3"
+  required_version = ">= 1.5.7"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 6.00"
+      version = ">= 6.0"
     }
   }
 }

wrappers/versions.tf

@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.3"
+  required_version = ">= 1.5.7"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 6.00"
+      version = ">= 6.0"
     }
   }
 }