fix: add module version constraints (#7)

* fix: add module version constraints

This commit adds version constraints to the modules sourced from the
Terraform registry.

This commit also includes some minor changes like removing the `join`
function in favor of using
[`one`](https://www.terraform.io/docs/language/functions/one.html).

Fixes #6

* chore: remove patch version from VPC module

Author: jasonwalsh

.pre-commit-config.yaml

@@ -2,4 +2,4 @@ repos:
   - hooks:
       - id: terraform_docs
     repo: "https://github.com/antonbabenko/pre-commit-terraform.git"
-    rev: v1.43.0
+    rev: v1.51.0

.terraform.lock.hcl

@@ -86,6 +86,7 @@ As always, thanks for using this module!
 
 | Name | Version |
 |------|---------|
+| terraform | ~> 1.0 |
 | terraform | >= 0.13 |
 
 ## Providers

README.md

@@ -1,3 +1,7 @@
+terraform {
+  required_version = "~> 1.0"
+}
+
 locals {
   image_id = data.aws_ami.boundary.id
 
@@ -80,7 +84,8 @@ module "workers" {
 }
 
 module "vpc" {
-  source = "terraform-aws-modules/vpc/aws"
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 3.7"
 
   azs                = data.aws_availability_zones.available.names
   cidr               = var.cidr_block

main.tf

@@ -1,7 +1,9 @@
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
-No requirements.
+| Name | Version |
+|------|---------|
+| aws | ~> 3.0 |
 
 ## Providers
 

modules/boundary/README.md

@@ -1,3 +1,12 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 3.0"
+    }
+  }
+}
+
 locals {
   desired_capacity = max(var.desired_capacity, var.min_size)
 
@@ -40,27 +49,40 @@ locals {
 }
 
 module "autoscaling" {
-  source = "terraform-aws-modules/autoscaling/aws"
+  source  = "terraform-aws-modules/autoscaling/aws"
+  version = "~> 4.6"
+
+  create_lt                = true
+  desired_capacity         = local.desired_capacity
+  health_check_type        = "EC2"
+  iam_instance_profile_arn = var.iam_instance_profile
+  image_id                 = var.image_id
 
-  desired_capacity             = local.desired_capacity
-  health_check_type            = "EC2"
-  iam_instance_profile         = var.iam_instance_profile
-  image_id                     = var.image_id
-  instance_type                = var.instance_type
-  key_name                     = var.key_name
-  max_size                     = var.max_size
-  min_size                     = var.min_size
-  name                         = var.auto_scaling_group_name
-  recreate_asg_when_lc_changes = true
-  security_groups              = var.security_groups
-  tags_as_map                  = var.tags
-  target_group_arns            = var.target_group_arns
+  instance_refresh = {
+    preferences = {
+      min_healthy_percentage = 80
+    }
 
-  user_data = <<EOF
+    strategy = "Rolling"
+  }
+
+  instance_type          = var.instance_type
+  key_name               = var.key_name
+  max_size               = var.max_size
+  min_size               = var.min_size
+  name                   = var.auto_scaling_group_name
+  security_groups        = var.security_groups
+  tags_as_map            = var.tags
+  target_group_arns      = var.target_group_arns
+  update_default_version = true
+  use_lt                 = true
+
+  user_data_base64 = base64encode(<<EOF
 ## template: jinja
 #cloud-config
 ${yamlencode(local.user_data)}
 EOF
+  )
 
   vpc_zone_identifier = var.vpc_zone_identifier
 }

modules/boundary/main.tf

@@ -1,4 +1,4 @@
 output "auto_scaling_group_name" {
   description = "The name of the controller Auto Scaling group"
-  value       = module.autoscaling.this_autoscaling_group_name
+  value       = module.autoscaling.autoscaling_group_name
 }

modules/boundary/outputs.tf

@@ -1,13 +1,15 @@
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
-No requirements.
+| Name | Version |
+|------|---------|
+| aws | ~> 3.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| aws | n/a |
+| aws | ~> 3.0 |
 | random | n/a |
 
 ## Inputs

modules/controller/README.md

@@ -1,14 +1,23 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 3.0"
+    }
+  }
+}
+
 locals {
   configuration = templatefile(
     "${path.module}/templates/configuration.hcl.tpl",
     {
       # Database URL for PostgreSQL
       database_url = format(
         "postgresql://%s:%s@%s/%s",
-        module.postgresql.this_db_instance_username,
-        module.postgresql.this_db_instance_password,
-        module.postgresql.this_db_instance_endpoint,
-        module.postgresql.this_db_instance_name
+        module.postgresql.db_instance_username,
+        module.postgresql.db_instance_password,
+        module.postgresql.db_instance_endpoint,
+        module.postgresql.db_instance_name
       )
 
       keys = [
@@ -80,7 +89,7 @@ resource "aws_security_group_rule" "ssh" {
   from_port                = 22
   protocol                 = "TCP"
   security_group_id        = aws_security_group.controller.id
-  source_security_group_id = join("", aws_security_group.bastion[*].id)
+  source_security_group_id = one(aws_security_group.bastion[*].id)
   to_port                  = 22
   type                     = "ingress"
 }
@@ -116,7 +125,8 @@ resource "aws_security_group" "postgresql" {
 }
 
 module "alb" {
-  source = "terraform-aws-modules/alb/aws"
+  source  = "terraform-aws-modules/alb/aws"
+  version = "~> 6.5"
 
   http_tcp_listeners = [
     {
@@ -148,7 +158,8 @@ resource "random_password" "postgresql" {
 }
 
 module "postgresql" {
-  source = "terraform-aws-modules/rds/aws"
+  source  = "terraform-aws-modules/rds/aws"
+  version = "~> 3.4"
 
   allocated_storage       = 5
   backup_retention_period = 0
@@ -321,5 +332,5 @@ resource "aws_instance" "bastion" {
   key_name                    = var.key_name
   subnet_id                   = var.public_subnets[0]
   tags                        = merge(var.tags, { Name = "Boundary Bastion" })
-  vpc_security_group_ids      = [join("", aws_security_group.bastion[*].id)]
+  vpc_security_group_ids      = [one(aws_security_group.bastion[*].id)]
 }

modules/controller/main.tf

@@ -1,11 +1,11 @@
 output "bastion_security_group" {
   description = "The ID of the bastion security group"
-  value       = join("", aws_security_group.bastion[*].id)
+  value       = one(aws_security_group.bastion[*].id)
 }
 
 output "dns_name" {
   description = "The public DNS name of the load balancer"
-  value       = module.alb.this_lb_dns_name
+  value       = module.alb.lb_dns_name
 }
 
 output "ip_addresses" {

modules/controller/outputs.tf

@@ -1,13 +1,15 @@
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
-No requirements.
+| Name | Version |
+|------|---------|
+| aws | ~> 3.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| aws | n/a |
+| aws | ~> 3.0 |
 
 ## Inputs
 

modules/worker/README.md

@@ -1,3 +1,12 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 3.0"
+    }
+  }
+}
+
 locals {
   configuration = templatefile(
     "${path.module}/templates/configuration.hcl.tpl",