Merge pull request #58 from AdharaProjects/terraform0.12

Terraform 0.12 upgrade

Author: Guimove

data.tf

@@ -10,6 +10,7 @@ data "aws_ami" "amazon-linux-2" {
 }
 
 data "aws_subnet" "subnets" {
-  count = "${length(var.elb_subnets)}"
-  id    = "${var.elb_subnets[count.index]}"
+  count = length(var.elb_subnets)
+  id    = var.elb_subnets[count.index]
 }
+

locals.tf

@@ -1,15 +1,16 @@
 locals {
-  tags_asg_format = ["${null_resource.tags_as_list_of_maps.*.triggers}"]
+  tags_asg_format = null_resource.tags_as_list_of_maps.*.triggers
 
-  name_prefix = "${var.bastion_launch_configuration_name}"
+  name_prefix = var.bastion_launch_configuration_name
 }
 
 resource "null_resource" "tags_as_list_of_maps" {
-  count = "${length(keys(var.tags))}"
+  count = length(keys(var.tags))
 
-  triggers = "${map(
-    "key", "${element(keys(var.tags), count.index)}",
-    "value", "${element(values(var.tags), count.index)}",
-    "propagate_at_launch", "true"
-  )}"
+  triggers = {
+    "key"                 = element(keys(var.tags), count.index)
+    "value"               = element(values(var.tags), count.index)
+    "propagate_at_launch" = "true"
+  }
 }
+

main.tf

@@ -1,74 +1,74 @@
 data "template_file" "user_data" {
-  template = "${file("${path.module}/user_data.sh")}"
+  template = file("${path.module}/user_data.sh")
 
-  vars {
-    aws_region  = "${var.region}"
-    bucket_name = "${var.bucket_name}"
+  vars = {
+    aws_region  = var.region
+    bucket_name = var.bucket_name
   }
 }
 
 resource "aws_s3_bucket" "bucket" {
-  bucket = "${var.bucket_name}"
+  bucket = var.bucket_name
   acl    = "bucket-owner-full-control"
 
-  force_destroy = "${var.bucket_force_destroy}"
+  force_destroy = var.bucket_force_destroy
 
   versioning {
-    enabled = "${var.bucket_versioning}"
+    enabled = var.bucket_versioning
   }
 
   lifecycle_rule {
     id      = "log"
-    enabled = "${var.log_auto_clean}"
+    enabled = var.log_auto_clean
 
     prefix = "logs/"
 
-    tags {
-      "rule"      = "log"
-      "autoclean" = "${var.log_auto_clean}"
+    tags = {
+      rule      = "log"
+      autoclean = var.log_auto_clean
     }
 
     transition {
-      days          = "${var.log_standard_ia_days}"
+      days          = var.log_standard_ia_days
       storage_class = "STANDARD_IA"
     }
 
     transition {
-      days          = "${var.log_glacier_days}"
+      days          = var.log_glacier_days
       storage_class = "GLACIER"
     }
 
     expiration {
-      days = "${var.log_expiry_days}"
+      days = var.log_expiry_days
     }
   }
 
-  tags = "${merge(var.tags)}"
+  tags = merge(var.tags)
 }
 
 resource "aws_s3_bucket_object" "bucket_public_keys_readme" {
-  bucket  = "${aws_s3_bucket.bucket.id}"
+  bucket  = aws_s3_bucket.bucket.id
   key     = "public-keys/README.txt"
   content = "Drop here the ssh public keys of the instances you want to control"
 }
 
 resource "aws_security_group" "bastion_host_security_group" {
   description = "Enable SSH access to the bastion host from external via SSH port"
   name        = "${local.name_prefix}-host"
-  vpc_id      = "${var.vpc_id}"
+  vpc_id      = var.vpc_id
 
-  tags = "${merge(var.tags)}"
+  tags = merge(var.tags)
 }
 
 resource "aws_security_group_rule" "ingress_bastion" {
   description = "Incoming traffic to bastion"
   type        = "ingress"
-  from_port   = "${var.public_ssh_port}"
-  to_port     = "${var.public_ssh_port}"
+  from_port   = var.public_ssh_port
+  to_port     = var.public_ssh_port
   protocol    = "TCP"
-  cidr_blocks = ["${concat(data.aws_subnet.subnets.*.cidr_block, var.cidrs)}"]
+  cidr_blocks = concat(data.aws_subnet.subnets.*.cidr_block, var.cidrs)
 
-  security_group_id = "${aws_security_group.bastion_host_security_group.id}"
+  security_group_id = aws_security_group.bastion_host_security_group.id
 }
 
 resource "aws_security_group_rule" "egress_bastion" {
@@ -79,27 +79,27 @@ resource "aws_security_group_rule" "egress_bastion" {
   protocol    = "-1"
   cidr_blocks = ["0.0.0.0/0"]
 
-  security_group_id = "${aws_security_group.bastion_host_security_group.id}"
+  security_group_id = aws_security_group.bastion_host_security_group.id
 }
 
 resource "aws_security_group" "private_instances_security_group" {
   description = "Enable SSH access to the Private instances from the bastion via SSH port"
   name        = "${local.name_prefix}-priv-instances"
-  vpc_id      = "${var.vpc_id}"
+  vpc_id      = var.vpc_id
 
-  tags = "${merge(var.tags)}"
+  tags = merge(var.tags)
 }
 
 resource "aws_security_group_rule" "ingress_instances" {
   description = "Incoming traffic from bastion"
   type        = "ingress"
-  from_port   = "${var.public_ssh_port}"
-  to_port     = "${var.public_ssh_port}"
+  from_port   = var.public_ssh_port
+  to_port     = var.public_ssh_port
   protocol    = "TCP"
 
-  source_security_group_id = "${aws_security_group.bastion_host_security_group.id}"
+  source_security_group_id = aws_security_group.bastion_host_security_group.id
 
-  security_group_id = "${aws_security_group.private_instances_security_group.id}"
+  security_group_id = aws_security_group.private_instances_security_group.id
 }
 
 resource "aws_iam_role" "bastion_host_role" {
@@ -123,10 +123,11 @@ resource "aws_iam_role" "bastion_host_role" {
   ]
 }
 EOF
+
 }
 
 resource "aws_iam_role_policy" "bastion_host_role_policy" {
-  role = "${aws_iam_role.bastion_host_role.id}"
+  role = aws_iam_role.bastion_host_role.id
 
   policy = <<EOF
 {
@@ -158,78 +159,77 @@ resource "aws_iam_role_policy" "bastion_host_role_policy" {
   ]
 }
 EOF
+
 }
 
 resource "aws_route53_record" "bastion_record_name" {
-  name    = "${var.bastion_record_name}"
-  zone_id = "${var.hosted_zone_name}"
+  name    = var.bastion_record_name
+  zone_id = var.hosted_zone_name
   type    = "A"
-  count   = "${var.create_dns_record}"
+  count   = var.create_dns_record ? 1 : 0
 
   alias {
     evaluate_target_health = true
-    name                   = "${aws_lb.bastion_lb.dns_name}"
-    zone_id                = "${aws_lb.bastion_lb.zone_id}"
+    name                   = aws_lb.bastion_lb.dns_name
+    zone_id                = aws_lb.bastion_lb.zone_id
   }
 }
 
 resource "aws_lb" "bastion_lb" {
-  internal = "${var.is_lb_private}"
+  internal = var.is_lb_private
   name     = "${local.name_prefix}-lb"
 
-  subnets = [
-    "${var.elb_subnets}",
-  ]
+  subnets = var.elb_subnets
 
   load_balancer_type = "network"
-  tags               = "${merge(var.tags)}"
+  tags               = merge(var.tags)
 }
 
 resource "aws_lb_target_group" "bastion_lb_target_group" {
   name        = "${local.name_prefix}-lb-target"
-  port        = "${var.public_ssh_port}"
+  port        = var.public_ssh_port
   protocol    = "TCP"
-  vpc_id      = "${var.vpc_id}"
+  vpc_id      = var.vpc_id
   target_type = "instance"
 
   health_check {
     port     = "traffic-port"
     protocol = "TCP"
   }
 
-  tags = "${merge(var.tags)}"
+  tags = merge(var.tags)
 }
 
 resource "aws_lb_listener" "bastion_lb_listener_22" {
-  "default_action" {
-    target_group_arn = "${aws_lb_target_group.bastion_lb_target_group.arn}"
+  default_action {
+    target_group_arn = aws_lb_target_group.bastion_lb_target_group.arn
     type             = "forward"
   }
 
-  load_balancer_arn = "${aws_lb.bastion_lb.arn}"
-  port              = "${var.public_ssh_port}"
+  load_balancer_arn = aws_lb.bastion_lb.arn
+  port              = var.public_ssh_port
   protocol          = "TCP"
 }
 
 resource "aws_iam_instance_profile" "bastion_host_profile" {
-  role = "${aws_iam_role.bastion_host_role.name}"
+  role = aws_iam_role.bastion_host_role.name
   path = "/"
 }
 
 resource "aws_launch_configuration" "bastion_launch_configuration" {
-  name_prefix                 = "${var.bastion_launch_configuration_name}"
-  image_id                    = "${data.aws_ami.amazon-linux-2.id}"
+  name_prefix                 = var.bastion_launch_configuration_name
+  image_id                    = data.aws_ami.amazon-linux-2.id
   instance_type               = "t2.nano"
-  associate_public_ip_address = "${var.associate_public_ip_address}"
+  associate_public_ip_address = var.associate_public_ip_address
   enable_monitoring           = true
-  iam_instance_profile        = "${aws_iam_instance_profile.bastion_host_profile.name}"
-  key_name                    = "${var.bastion_host_key_pair}"
+  iam_instance_profile        = aws_iam_instance_profile.bastion_host_profile.name
+  key_name                    = var.bastion_host_key_pair
 
   security_groups = [
-    "${aws_security_group.bastion_host_security_group.id}",
+    aws_security_group.bastion_host_security_group.id,
   ]
 
-  user_data = "${data.template_file.user_data.rendered}"
+  user_data = data.template_file.user_data.rendered
 
   lifecycle {
     create_before_destroy = true
@@ -238,33 +238,32 @@ resource "aws_launch_configuration" "bastion_launch_configuration" {
 
 resource "aws_autoscaling_group" "bastion_auto_scaling_group" {
   name                 = "ASG-${aws_launch_configuration.bastion_launch_configuration.name}"
-  launch_configuration = "${aws_launch_configuration.bastion_launch_configuration.name}"
-  max_size             = "${var.bastion_instance_count}"
-  min_size             = "${var.bastion_instance_count}"
-  desired_capacity     = "${var.bastion_instance_count}"
+  launch_configuration = aws_launch_configuration.bastion_launch_configuration.name
+  max_size             = var.bastion_instance_count
+  min_size             = var.bastion_instance_count
+  desired_capacity     = var.bastion_instance_count
 
-  vpc_zone_identifier = [
-    "${var.auto_scaling_group_subnets}",
-  ]
+  vpc_zone_identifier = var.auto_scaling_group_subnets
 
   default_cooldown          = 180
   health_check_grace_period = 180
   health_check_type         = "EC2"
 
   target_group_arns = [
-    "${aws_lb_target_group.bastion_lb_target_group.arn}",
+    aws_lb_target_group.bastion_lb_target_group.arn,
   ]
 
   termination_policies = [
     "OldestLaunchConfiguration",
   ]
 
-  tags = ["${concat(
-      list(map("key", "Name", "value", "ASG-${aws_launch_configuration.bastion_launch_configuration.name}", "propagate_at_launch", true)),
-      local.tags_asg_format
-   )}"]
+  tags = concat(
+    list(map("key", "Name", "value", "ASG-${aws_launch_configuration.bastion_launch_configuration.name}", "propagate_at_launch", true)),
+    local.tags_asg_format
+  )
 
   lifecycle {
     create_before_destroy = true
   }
 }
+

outputs.tf

@@ -1,15 +1,16 @@
 output "bucket_name" {
-  value = "${aws_s3_bucket.bucket.bucket}"
+  value = aws_s3_bucket.bucket.bucket
 }
 
 output "elb_ip" {
-  value = "${aws_lb.bastion_lb.dns_name}"
+  value = aws_lb.bastion_lb.dns_name
 }
 
 output "bastion_host_security_group" {
-  value = "${aws_security_group.bastion_host_security_group.id}"
+  value = aws_security_group.bastion_host_security_group.id
 }
 
 output "private_instances_security_group" {
-  value = "${aws_security_group.private_instances_security_group.id}"
+  value = aws_security_group.private_instances_security_group.id
 }
+

variables.tf

@@ -15,14 +15,15 @@ variable "bucket_force_destroy" {
 variable "tags" {
   description = "A mapping of tags to assign"
   default     = {}
-  type        = "map"
+  type        = map(string)
 }
 
-variable "region" {}
+variable "region" {
+}
 
 variable "cidrs" {
   description = "List of CIDRs than can access to the bastion. Default : 0.0.0.0/0"
-  type        = "list"
+  type        = list(string)
 
   default = [
     "0.0.0.0/0",
@@ -57,12 +58,12 @@ variable "bastion_launch_configuration_name" {
 }
 
 variable "elb_subnets" {
-  type        = "list"
+  type        = list(string)
   description = "List of subnet were the ELB will be deployed"
 }
 
 variable "auto_scaling_group_subnets" {
-  type        = "list"
+  type        = list(string)
   description = "List of subnet were the Auto Scalling Group will deploy the instances"
 }
 
@@ -107,3 +108,4 @@ variable "private_ssh_port" {
   description = "Set the SSH port to use between the bastion and private instance"
   default     = 22
 }
+