Upgrade to terraform 0.12

riboseinc · Feb 25, 2021 · b4ab4a1 · b4ab4a1
1 parent d81449b
commit b4ab4a1
Show file tree

Hide file tree

Showing 7 changed files with 50 additions and 38 deletions.
diff --git a/cloudfront.tf b/cloudfront.tf
@@ -4,12 +4,12 @@
 # }
 
 resource "aws_cloudfront_distribution" "main" {
-  provider = "aws.cloudfront"
+  provider     = aws.cloudfront
   http_version = "http2"
 
   origin {
     origin_id   = "origin-${var.fqdn}"
-    domain_name = "${aws_s3_bucket.main.website_endpoint}"
+    domain_name = aws_s3_bucket.main.website_endpoint
 
     # https://docs.aws.amazon.com/AmazonCloudFront/latest/
     # DeveloperGuide/distribution-web-values-specify.html
@@ -20,13 +20,13 @@ resource "aws_cloudfront_distribution" "main" {
       # doesn't support HTTPS connections for website endpoints."
       origin_protocol_policy = "http-only"
 
-      http_port = "80"
+      http_port  = "80"
       https_port = "443"
 
       # TODO: given the origin_protocol_policy set to `http-only`,
       # not sure what this does...
       # "If the origin is an Amazon S3 bucket, CloudFront always uses TLSv1.2."
-      origin_ssl_protocols   = ["TLSv1.2"]
+      origin_ssl_protocols = ["TLSv1.2"]
     }
 
     # s3_origin_config is not compatible with S3 website hosting, if this
@@ -39,14 +39,13 @@ resource "aws_cloudfront_distribution" "main" {
     # Not the best, but...
     custom_header {
       name  = "User-Agent"
-      value = "${var.refer_secret}"
+      value = var.refer_secret
     }
-
   }
 
   enabled = true
 
-  aliases = ["${var.fqdn}"]
+  aliases = [var.fqdn]
 
   price_class = "PriceClass_100"
 
@@ -77,10 +76,11 @@ resource "aws_cloudfront_distribution" "main" {
   }
 
   viewer_certificate {
-    acm_certificate_arn      = "${var.ssl_certificate_arn}"
+    acm_certificate_arn      = var.ssl_certificate_arn
     ssl_support_method       = "sni-only"
     minimum_protocol_version = "TLSv1"
   }
 
-  web_acl_id = "${var.web_acl_id}"
+  web_acl_id = var.web_acl_id
 }
+
diff --git a/data.tf b/data.tf
@@ -1,3 +1,4 @@
 data "aws_region" "main" {
-  provider = "aws.main"
+  provider = aws.main
 }
+
diff --git a/outputs.tf b/outputs.tf
@@ -1,5 +1,5 @@
 output "s3_bucket_id" {
-  value = "${aws_s3_bucket.main.id}"
+  value = aws_s3_bucket.main.id
 }
 
 output "s3_website_endpoint" {
@@ -11,17 +11,18 @@ output "s3_website_endpoint" {
 }
 
 output "s3_hosted_zone_id" {
-  value = "${aws_s3_bucket.main.hosted_zone_id}"
+  value = aws_s3_bucket.main.hosted_zone_id
 }
 
 output "cf_domain_name" {
-  value = "${aws_cloudfront_distribution.main.domain_name}"
+  value = aws_cloudfront_distribution.main.domain_name
 }
 
 output "cf_hosted_zone_id" {
-  value = "${aws_cloudfront_distribution.main.hosted_zone_id}"
+  value = aws_cloudfront_distribution.main.hosted_zone_id
 }
 
 output "cf_distribution_id" {
-  value = "${aws_cloudfront_distribution.main.id}"
-}
+  value = aws_cloudfront_distribution.main.id
+}
+
diff --git a/provider.tf b/provider.tf
@@ -1,11 +1,12 @@
 provider "aws" {
-  alias = "main"
+  alias   = "main"
   version = "~> 2.9"
   # description = "AWS Region for S3 and other resources"
 }
 
 provider "aws" {
-  alias = "cloudfront"
+  alias   = "cloudfront"
   version = "~> 2.9"
   # description = "AWS Region for Cloudfront (ACM certs only supports us-east-1)"
 }
+
diff --git a/s3.tf b/s3.tf
@@ -1,26 +1,31 @@
 resource "aws_s3_bucket" "main" {
-  provider = "aws.main"
-  bucket   = "${var.fqdn}"
+  provider = aws.main
+  bucket   = var.fqdn
   acl      = "private"
-  policy   = "${data.aws_iam_policy_document.bucket_policy.json}"
+  policy   = data.aws_iam_policy_document.bucket_policy.json
 
   website {
-    redirect_all_requests_to = "${var.redirect_target}"
+    redirect_all_requests_to = var.redirect_target
   }
 
-  force_destroy = "${var.force_destroy}"
+  force_destroy = var.force_destroy
 
-  tags = "${merge("${var.tags}",map("Name", "${var.fqdn}"))}"
+  tags = merge(
+    var.tags,
+    {
+      "Name" = var.fqdn
+    },
+  )
 }
 
 data "aws_iam_policy_document" "bucket_policy" {
-  provider = "aws.main"
+  provider = aws.main
 
   statement {
     sid = "AllowCFOriginAccess"
 
     actions = [
-      "s3:GetObject"
+      "s3:GetObject",
     ]
 
     resources = [
@@ -32,15 +37,14 @@ data "aws_iam_policy_document" "bucket_policy" {
       variable = "aws:UserAgent"
 
       values = [
-        "${var.refer_secret}"
+        var.refer_secret,
       ]
     }
 
     principals {
-      type = "*"
+      type        = "*"
       identifiers = ["*"]
     }
-
   }
-
 }
+
diff --git a/variables.tf b/variables.tf
@@ -1,38 +1,39 @@
 variable "fqdn" {
-  type        = "string"
+  type        = string
   description = "The FQDN of the website and also name of the S3 bucket"
 }
 
 variable "redirect_target" {
-  type        = "string"
+  type        = string
   description = "The FQDN to redirect to"
 }
 
 variable "force_destroy" {
-  type        = "string"
+  type        = string
   description = "The force_destroy argument of the S3 bucket"
   default     = "false"
 }
 
 variable "ssl_certificate_arn" {
-  type        = "string"
+  type        = string
   description = "ARN of the certificate covering var.fqdn"
 }
 
 variable "web_acl_id" {
-  type        = "string"
+  type        = string
   description = "WAF Web ACL ID to attach to the CloudFront distribution, optional"
   default     = ""
 }
 
 variable "refer_secret" {
-  type        = "string"
+  type        = string
   description = "A secret string to authenticate CF requests to S3"
-  default    = "345-VERY-SECRET-678"
+  default     = "345-VERY-SECRET-678"
 }
 
 variable "tags" {
-  type        = "map"
+  type        = map(string)
   description = "Tags"
   default     = {}
 }
+
diff --git a/versions.tf b/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+  required_version = ">= 0.12"
+}