NRL-1188 terraform linting and glue python version update

Author: jackleary

terraform/account-wide-infrastructure/dev/athena.tf

@@ -1,4 +1,4 @@
 module "dev-athena" {
   source      = "../modules/athena"
   name_prefix = "nhsd-nrlf--dev"
-}
+}

terraform/account-wide-infrastructure/dev/glue.tf

@@ -1,5 +1,5 @@
 module "dev-glue" {
-  source      = "../modules/glue"
-  name_prefix = "nhsd-nrlf--dev"
-  python_version = "3"
-}
+  source         = "../modules/glue"
+  name_prefix    = "nhsd-nrlf--dev"
+  python_version = "3.12.2"
+}

terraform/account-wide-infrastructure/modules/athena/athena.tf

@@ -3,10 +3,10 @@ resource "aws_athena_database" "reporting-db" {
 
   bucket = aws_s3_bucket.target-data-bucket.bucket
 
-#   encryption_configuration {
-#     encryption_option = "SSE_KMS"
-#     kms_key           = aws_kms_key.athena.arn
-#   }
+  #   encryption_configuration {
+  #     encryption_option = "SSE_KMS"
+  #     kms_key           = aws_kms_key.athena.arn
+  #   }
 
   force_destroy = true
 }
@@ -28,4 +28,4 @@ resource "aws_athena_workgroup" "athena" {
     }
   }
 
-}
+}

terraform/account-wide-infrastructure/modules/athena/kms.tf

@@ -4,4 +4,4 @@ resource "aws_kms_key" "athena" {
 resource "aws_kms_alias" "athena" {
   name          = "alias/${var.prefix}-athena"
   target_key_id = aws_kms_key.athena.key_id
-}
+}

terraform/account-wide-infrastructure/modules/athena/outputs.tf

@@ -8,4 +8,4 @@ output "bucket" {
 
 output "database" {
   value = aws_athena_database.reporting-db
-}
+}

terraform/account-wide-infrastructure/modules/athena/s3.tf

@@ -12,4 +12,4 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "athena" {
     }
   }
 
-}
+}

terraform/account-wide-infrastructure/modules/athena/vars.tf

@@ -1,9 +1,9 @@
 variable "database" {
-    description = "What the db will be called"
-    default     = "NRL-Reporting"
+  description = "What the db will be called"
+  default     = "NRL-Reporting"
 }
 
 variable "name_prefix" {
   type        = string
   description = "The prefix to apply to all resources in the module."
-}
+}

terraform/account-wide-infrastructure/modules/glue/glue.tf

@@ -16,13 +16,13 @@ resource "aws_glue_crawler" "raw_log_crawler" {
     delete_behavior = "LOG"
   }
   configuration = jsonencode({
-    "Version":1.0,
-    "Grouping": {
-        "TableGroupingPolicy": "CombineCompatibleSchemas"
+    "Version" : 1.0,
+    "Grouping" : {
+      "TableGroupingPolicy" : "CombineCompatibleSchemas"
     }
   })
 }
-resource "aws_glue_trigger""raw_log_trigger" {
+resource "aws_glue_trigger" "raw_log_trigger" {
   name = "org-report-trigger"
   type = "ON_DEMAND"
   actions {
@@ -46,12 +46,17 @@ resource "aws_glue_job" "glue_job" {
   }
 
   default_arguments = {
-    "--enable-auto-scaling"             = "true""--enable-continous-cloudwatch-log" = "true""--datalake-formats"                = "delta""--source-path"                     = "s3://${aws_s3_bucket.dc-source-data-bucket.id}/" # Specify the source S3 path
+    "--enable-auto-scaling"             = "true"
+    "--enable-continous-cloudwatch-log" = "true"
+    "--datalake-formats"                = "delta"
+    "--source-path"                     = "s3://${aws_s3_bucket.source-data-bucket.id}/" # Specify the source S3 path
     "--destination-path"                = "s3://${aws_s3_bucket.target-data-bucket.id}/" # Specify the destination S3 path
-    "--job-name"                        = "poc-glue-job""--enable-continuous-log-filter"    = "true""--enable-metrics"                  = "true"
+    "--job-name"                        = "poc-glue-job"
+    "--enable-continuous-log-filter"    = "true"
+    "--enable-metrics"                  = "true"
   }
 }
 
 output "glue_crawler_name" {
   value = "s3//${aws_s3_bucket.source-data-bucket.id}/"
-}
+}

terraform/account-wide-infrastructure/modules/glue/iam.tf

@@ -1,93 +1,93 @@
-resource "aws_iam_role""glue_service_role" {
+resource "aws_iam_role" "glue_service_role" {
   name = "glue_service_role"
 
   assume_role_policy = jsonencode({
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-        "Effect": "Allow",
-        "Principal": {
-            "Service": "glue.amazonaws.com"
+    "Version" : "2012-10-17",
+    "Statement" : [
+      {
+        "Effect" : "Allow",
+        "Principal" : {
+          "Service" : "glue.amazonaws.com"
         },
-        "Action": "sts:AssumeRole"
-        }
+        "Action" : "sts:AssumeRole"
+      }
     ]
-    })
+  })
 }
 
-resource "aws_iam_role_policy""glue_service_role_policy" {
-  name   = "glue_service_role_policy"
-  role   = aws_iam_role.glue_service_role.name
+resource "aws_iam_role_policy" "glue_service_role_policy" {
+  name = "glue_service_role_policy"
+  role = aws_iam_role.glue_service_role.name
   policy = jsonencode({
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-        "Effect": "Allow",
-        "Action": [
-            "glue:*",
-            "s3:GetBucketLocation",
-            "s3:ListBucket",
-            "s3:ListAllMyBuckets",
-            "s3:GetBucketAcl",
-            "ec2:DescribeVpcEndpoints",
-            "ec2:DescribeRouteTables",
-            "ec2:CreateNetworkInterface",
-            "ec2:DeleteNetworkInterface",
-            "ec2:DescribeNetworkInterfaces",
-            "ec2:DescribeSecurityGroups",
-            "ec2:DescribeSubnets",
-            "ec2:DescribeVpcAttribute",
-            "iam:ListRolePolicies",
-            "iam:GetRole",
-            "iam:GetRolePolicy",
-            "cloudwatch:PutMetricData"
+    "Version" : "2012-10-17",
+    "Statement" : [
+      {
+        "Effect" : "Allow",
+        "Action" : [
+          "glue:*",
+          "s3:GetBucketLocation",
+          "s3:ListBucket",
+          "s3:ListAllMyBuckets",
+          "s3:GetBucketAcl",
+          "ec2:DescribeVpcEndpoints",
+          "ec2:DescribeRouteTables",
+          "ec2:CreateNetworkInterface",
+          "ec2:DeleteNetworkInterface",
+          "ec2:DescribeNetworkInterfaces",
+          "ec2:DescribeSecurityGroups",
+          "ec2:DescribeSubnets",
+          "ec2:DescribeVpcAttribute",
+          "iam:ListRolePolicies",
+          "iam:GetRole",
+          "iam:GetRolePolicy",
+          "cloudwatch:PutMetricData"
         ],
-        "Resource": ["*"]
-        },
-        {
-        "Effect": "Allow",
-        "Action": ["s3:CreateBucket"],
-        "Resource": ["arn:aws:s3:::aws-glue-*"]
-        },
-        {
-        "Effect": "Allow",
-        "Action": ["s3:GetObject", "s3:PutObject", "s3:DeleteObject"],
-        "Resource": [
-            "arn:aws:s3:::*/*",
-            "arn:aws:s3:::*/*aws-glue-*/*"
+        "Resource" : ["*"]
+      },
+      {
+        "Effect" : "Allow",
+        "Action" : ["s3:CreateBucket"],
+        "Resource" : ["arn:aws:s3:::aws-glue-*"]
+      },
+      {
+        "Effect" : "Allow",
+        "Action" : ["s3:GetObject", "s3:PutObject", "s3:DeleteObject"],
+        "Resource" : [
+          "arn:aws:s3:::*/*",
+          "arn:aws:s3:::*/*aws-glue-*/*"
         ]
-        },
-        {
-        "Effect": "Allow",
-        "Action": ["s3:GetObject"],
-        "Resource": [
-            "arn:aws:s3:::crawler-public*",
-            "arn:aws:s3:::aws-glue-*"
+      },
+      {
+        "Effect" : "Allow",
+        "Action" : ["s3:GetObject"],
+        "Resource" : [
+          "arn:aws:s3:::crawler-public*",
+          "arn:aws:s3:::aws-glue-*"
         ]
-        },
-        {
-        "Effect": "Allow",
-        "Action": [
-            "logs:CreateLogGroup",
-            "logs:CreateLogStream",
-            "logs:PutLogEvents"
+      },
+      {
+        "Effect" : "Allow",
+        "Action" : [
+          "logs:CreateLogGroup",
+          "logs:CreateLogStream",
+          "logs:PutLogEvents"
         ],
-        "Resource": ["arn:aws:logs:*:*:*:/aws-glue/*"]
-        },
-        {
-        "Effect": "Allow",
-        "Action": ["ec2:CreateTags", "ec2:DeleteTags"],
-        "Condition": {
-            "ForAllValues:StringEquals": {
-            "aws:TagKeys": ["aws-glue-service-resource"]
-            }
+        "Resource" : ["arn:aws:logs:*:*:*:/aws-glue/*"]
+      },
+      {
+        "Effect" : "Allow",
+        "Action" : ["ec2:CreateTags", "ec2:DeleteTags"],
+        "Condition" : {
+          "ForAllValues:StringEquals" : {
+            "aws:TagKeys" : ["aws-glue-service-resource"]
+          }
         },
-        "Resource": [
-            "arn:aws:ec2:*:*:network-interface/*",
-            "arn:aws:ec2:*:*:security-group/*",
-            "arn:aws:ec2:*:*:instance/*"
+        "Resource" : [
+          "arn:aws:ec2:*:*:network-interface/*",
+          "arn:aws:ec2:*:*:security-group/*",
+          "arn:aws:ec2:*:*:instance/*"
         ]
-        }
+      }
     ]
-})
-}
+  })
+}

terraform/account-wide-infrastructure/modules/glue/s3.tf

@@ -14,9 +14,9 @@ resource "aws_s3_bucket" "code-bucket" {
   bucket = "code-bucket"
 }
 
-resource "aws_s3_bucket_object""code-data-object" {
+resource "aws_s3_bucket_object" "code-data-object" {
   bucket = aws_s3_bucket.code-bucket.bucket
   key    = "main.py"
   source = "${path.module}/src/main.py"
-  etag   = "${filemd5("${path.module}/src/main.py")}"
-}
+  etag   = filemd5("${path.module}/src/main.py")
+}