terraform-aws-modules
diff --git a/‎.pre-commit-config.yaml
Lines changed: 2 additions & 2 deletions b/‎.pre-commit-config.yaml
Lines changed: 2 additions & 2 deletions
diff --git a/‎README.md
Lines changed: 6 additions & 6 deletions b/‎README.md
Lines changed: 6 additions & 6 deletions
diff --git a/‎examples/complete/README.md
Lines changed: 9 additions & 8 deletions b/‎examples/complete/README.md
Lines changed: 9 additions & 8 deletions
diff --git a/‎examples/complete/main.tf
Lines changed: 72 additions & 95 deletions b/‎examples/complete/main.tf
Lines changed: 72 additions & 95 deletions
diff --git a/‎examples/complete/versions.tf
Lines changed: 2 additions & 2 deletions b/‎examples/complete/versions.tf
Lines changed: 2 additions & 2 deletions
diff --git a/‎examples/simple/README.md
Lines changed: 3 additions & 3 deletions b/‎examples/simple/README.md
Lines changed: 3 additions & 3 deletions
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.77.1
+    rev: v1.88.0
     hooks:
       - id: terraform_fmt
       - id: terraform_validate
@@ -23,7 +23,7 @@ repos:
           - '--args=--only=terraform_standard_module_structure'
           - '--args=--only=terraform_workspace_remote'
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.4.0
+    rev: v4.5.0
     hooks:
       - id: check-merge-conflict
       - id: end-of-file-fixer
@@ -65,14 +65,14 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.9 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.9 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 |
 
 ## Modules
 
@@ -164,7 +164,7 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module
 | <a name="input_log_forwarder_timeout"></a> [log\_forwarder\_timeout](#input\_log\_forwarder\_timeout) | The amount of time the log forwarder lambda has to execute in seconds | `number` | `120` | no |
 | <a name="input_log_forwarder_use_policy_name_prefix"></a> [log\_forwarder\_use\_policy\_name\_prefix](#input\_log\_forwarder\_use\_policy\_name\_prefix) | Whether to use unique name beginning with the specified `policy_name` for the log forwarder policy | `bool` | `false` | no |
 | <a name="input_log_forwarder_use_role_name_prefix"></a> [log\_forwarder\_use\_role\_name\_prefix](#input\_log\_forwarder\_use\_role\_name\_prefix) | Whether to use unique name beginning with the specified `role_name` for the log forwarder role | `bool` | `false` | no |
-| <a name="input_log_forwarder_version"></a> [log\_forwarder\_version](#input\_log\_forwarder\_version) | Forwarder version - see https://github.com/DataDog/datadog-serverless-functions/releases | `string` | `"3.73.0"` | no |
+| <a name="input_log_forwarder_version"></a> [log\_forwarder\_version](#input\_log\_forwarder\_version) | Forwarder version - see https://github.com/DataDog/datadog-serverless-functions/releases | `string` | `"3.103.0"` | no |
 | <a name="input_log_forwarder_vpce_policy"></a> [log\_forwarder\_vpce\_policy](#input\_log\_forwarder\_vpce\_policy) | Policy to attach to the log forwarder endpoint that controls access to the service. Defaults to full access | `any` | `null` | no |
 | <a name="input_log_forwarder_vpce_security_group_ids"></a> [log\_forwarder\_vpce\_security\_group\_ids](#input\_log\_forwarder\_vpce\_security\_group\_ids) | IDs of security groups to attach to log forwarder endpoint | `list(string)` | `[]` | no |
 | <a name="input_log_forwarder_vpce_subnet_ids"></a> [log\_forwarder\_vpce\_subnet\_ids](#input\_log\_forwarder\_vpce\_subnet\_ids) | IDs of subnets to associate with log forwarder endpoint | `list(string)` | `[]` | no |
@@ -204,7 +204,7 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module
 | <a name="input_rds_em_forwarder_timeout"></a> [rds\_em\_forwarder\_timeout](#input\_rds\_em\_forwarder\_timeout) | The amount of time the RDS enhanced monitoring forwarder lambda has to execute in seconds | `number` | `10` | no |
 | <a name="input_rds_em_forwarder_use_policy_name_prefix"></a> [rds\_em\_forwarder\_use\_policy\_name\_prefix](#input\_rds\_em\_forwarder\_use\_policy\_name\_prefix) | Whether to use unique name beginning with the specified `rds_em_forwarder_policy_name` for the RDS enhanced monitoring forwarder role | `bool` | `false` | no |
 | <a name="input_rds_em_forwarder_use_role_name_prefix"></a> [rds\_em\_forwarder\_use\_role\_name\_prefix](#input\_rds\_em\_forwarder\_use\_role\_name\_prefix) | Whether to use unique name beginning with the specified `rds_em_forwarder_role_name` for the RDS enhanced monitoring forwarder role | `bool` | `false` | no |
-| <a name="input_rds_em_forwarder_version"></a> [rds\_em\_forwarder\_version](#input\_rds\_em\_forwarder\_version) | RDS enhanced monitoring lambda version - see https://github.com/DataDog/datadog-serverless-functions/releases | `string` | `"3.73.0"` | no |
+| <a name="input_rds_em_forwarder_version"></a> [rds\_em\_forwarder\_version](#input\_rds\_em\_forwarder\_version) | RDS enhanced monitoring lambda version - see https://github.com/DataDog/datadog-serverless-functions/releases | `string` | `"3.103.0"` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to use on all resources | `map(string)` | `{}` | no |
 | <a name="input_traces_vpce_policy"></a> [traces\_vpce\_policy](#input\_traces\_vpce\_policy) | Policy to attach to the traces endpoint that controls access to the service. Defaults to full access | `any` | `null` | no |
 | <a name="input_traces_vpce_security_group_ids"></a> [traces\_vpce\_security\_group\_ids](#input\_traces\_vpce\_security\_group\_ids) | IDs of security groups to attach to traces endpoint | `list(string)` | `[]` | no |
@@ -239,7 +239,7 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module
 | <a name="input_vpc_fl_forwarder_timeout"></a> [vpc\_fl\_forwarder\_timeout](#input\_vpc\_fl\_forwarder\_timeout) | The amount of time the VPC flow log forwarder lambda has to execute in seconds | `number` | `10` | no |
 | <a name="input_vpc_fl_forwarder_use_policy_name_prefix"></a> [vpc\_fl\_forwarder\_use\_policy\_name\_prefix](#input\_vpc\_fl\_forwarder\_use\_policy\_name\_prefix) | Whether to use unique name beginning with the specified `vpc_fl_forwarder_policy_name` for the VPC flow log forwarder role | `bool` | `false` | no |
 | <a name="input_vpc_fl_forwarder_use_role_name_prefix"></a> [vpc\_fl\_forwarder\_use\_role\_name\_prefix](#input\_vpc\_fl\_forwarder\_use\_role\_name\_prefix) | Whether to use unique name beginning with the specified `vpc_fl_forwarder_role_name` for the VPC flow log forwarder role | `bool` | `false` | no |
-| <a name="input_vpc_fl_forwarder_version"></a> [vpc\_fl\_forwarder\_version](#input\_vpc\_fl\_forwarder\_version) | VPC flow log lambda version - see https://github.com/DataDog/datadog-serverless-functions/releases | `string` | `"3.73.0"` | no |
+| <a name="input_vpc_fl_forwarder_version"></a> [vpc\_fl\_forwarder\_version](#input\_vpc\_fl\_forwarder\_version) | VPC flow log lambda version - see https://github.com/DataDog/datadog-serverless-functions/releases | `string` | `"3.103.0"` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | ID of VPC to provision endpoints within | `string` | `null` | no |
 
 ## Outputs
 
@@ -23,27 +23,27 @@ Note that this example may create resources which will incur monetary charges on
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.9 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |
 | <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.9 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 |
 | <a name="provider_random"></a> [random](#provider\_random) | >= 2.0 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_default"></a> [default](#module\_default) | ../../ | n/a |
-| <a name="module_log_bucket_1"></a> [log\_bucket\_1](#module\_log\_bucket\_1) | terraform-aws-modules/s3-bucket/aws | ~> 3.0 |
-| <a name="module_log_bucket_2"></a> [log\_bucket\_2](#module\_log\_bucket\_2) | terraform-aws-modules/s3-bucket/aws | ~> 3.0 |
-| <a name="module_security_group"></a> [security\_group](#module\_security\_group) | terraform-aws-modules/security-group/aws | ~> 4.0 |
-| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 |
-| <a name="module_vpc_endpoints"></a> [vpc\_endpoints](#module\_vpc\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | ~> 3.0 |
+| <a name="module_log_bucket_1"></a> [log\_bucket\_1](#module\_log\_bucket\_1) | terraform-aws-modules/s3-bucket/aws | ~> 4.0 |
+| <a name="module_log_bucket_2"></a> [log\_bucket\_2](#module\_log\_bucket\_2) | terraform-aws-modules/s3-bucket/aws | ~> 4.0 |
+| <a name="module_security_group"></a> [security\_group](#module\_security\_group) | terraform-aws-modules/security-group/aws | ~> 5.0 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 |
+| <a name="module_vpc_endpoints"></a> [vpc\_endpoints](#module\_vpc\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | ~> 5.0 |
 
 ## Resources
 
@@ -53,6 +53,7 @@ Note that this example may create resources which will incur monetary charges on
 | [aws_kms_alias.datadog](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource |
 | [aws_kms_key.datadog](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
 | [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_iam_policy_document.custom](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.datadog_cmk](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 
@@ -2,14 +2,20 @@ provider "aws" {
   region = local.region
 }
 
+data "aws_caller_identity" "current" {}
+data "aws_availability_zones" "available" {}
+
 locals {
   region = "us-east-1"
-  name   = "datadog-fwd-ex-${replace(basename(path.cwd), "_", "-")}"
+  name   = "datadog-fwd-ex-${basename(path.cwd)}"
+
+  vpc_cidr = "10.0.0.0/16"
+  azs      = slice(data.aws_availability_zones.available.names, 0, 3)
 
   tags = {
-    Name       = local.name
     Example    = local.name
-    Repository = "https://github.com/terraform-aws-modules/terraform-aws-datadog-forwarders"
+    GithubRepo = "terraform-aws-datadog-forwarders"
+    GithubOrg  = "terraform-aws-modules"
   }
 }
 
@@ -19,61 +25,10 @@ data "aws_secretsmanager_secret" "datadog_api_key" {
   name = "datadog/api_key"
 }
 
-data "aws_caller_identity" "current" {}
-
 ################################################################################
 # Module
 ################################################################################
 
-data "aws_iam_policy_document" "custom" {
-  statement {
-    sid = "AnyResourceAccess"
-    actions = [
-      "logs:CreateLogGroup",
-      "logs:CreateLogStream",
-      "tag:GetResources",
-      "logs:PutLogEvents",
-      "ec2:CreateNetworkInterface",
-      "ec2:DescribeNetworkInterfaces",
-      "ec2:DeleteNetworkInterface"
-    ]
-    resources = ["*"]
-  }
-
-  statement {
-    sid = "DatadogBucketFullAccess"
-    actions = [
-      "s3:GetObject",
-      "s3:PutObject",
-      "s3:DeleteObject",
-      "s3:ListBucket",
-    ]
-    resources = [
-      module.log_bucket_1.s3_bucket_arn,
-      "${module.log_bucket_1.s3_bucket_arn}/*"
-    ]
-  }
-
-  statement {
-    sid = "GetApiKeySecret"
-    actions = [
-      "secretsmanager:GetSecretValue",
-    ]
-    resources = [
-      data.aws_secretsmanager_secret.datadog_api_key.arn
-    ]
-  }
-}
-
-resource "aws_iam_policy" "custom" {
-  name        = "custom-datadog-log-forwarder"
-  path        = "/"
-  description = "Lambda function to push logs, metrics, and traces to Datadog"
-  policy      = data.aws_iam_policy_document.custom.json
-
-  tags = local.tags
-}
-
 module "default" {
   source = "../../"
 
@@ -200,6 +155,55 @@ module "default" {
 # Supporting Resources
 ################################################################################
 
+data "aws_iam_policy_document" "custom" {
+  statement {
+    sid = "AnyResourceAccess"
+    actions = [
+      "logs:CreateLogGroup",
+      "logs:CreateLogStream",
+      "tag:GetResources",
+      "logs:PutLogEvents",
+      "ec2:CreateNetworkInterface",
+      "ec2:DescribeNetworkInterfaces",
+      "ec2:DeleteNetworkInterface"
+    ]
+    resources = ["*"]
+  }
+
+  statement {
+    sid = "DatadogBucketFullAccess"
+    actions = [
+      "s3:GetObject",
+      "s3:PutObject",
+      "s3:DeleteObject",
+      "s3:ListBucket",
+    ]
+    resources = [
+      module.log_bucket_1.s3_bucket_arn,
+      "${module.log_bucket_1.s3_bucket_arn}/*"
+    ]
+  }
+
+  statement {
+    sid = "GetApiKeySecret"
+    actions = [
+      "secretsmanager:GetSecretValue",
+    ]
+    resources = [
+      data.aws_secretsmanager_secret.datadog_api_key.arn
+    ]
+  }
+}
+
+resource "aws_iam_policy" "custom" {
+  name        = "custom-datadog-log-forwarder"
+  path        = "/"
+  description = "Lambda function to push logs, metrics, and traces to Datadog"
+  policy      = data.aws_iam_policy_document.custom.json
+
+  tags = local.tags
+}
+
 resource "random_pet" "this" {
   length = 2
 }
@@ -233,40 +237,23 @@ resource "aws_kms_alias" "datadog" {
 
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 3.0"
+  version = "~> 5.0"
 
   name = local.name
-  cidr = "10.0.0.0/16"
-
-  azs             = ["us-east-1a", "us-east-1c", "us-east-1d"]
-  private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
-  public_subnets  = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
-
-  enable_nat_gateway      = false # not required, using private VPC endpoint
-  single_nat_gateway      = true
-  map_public_ip_on_launch = false
+  cidr = local.vpc_cidr
 
-  manage_default_security_group  = true
-  default_security_group_ingress = []
-  default_security_group_egress  = []
+  azs             = local.azs
+  private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)]
+  public_subnets  = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
 
-  enable_flow_log                      = true
-  flow_log_destination_type            = "cloud-watch-logs"
-  create_flow_log_cloudwatch_log_group = true
-  create_flow_log_cloudwatch_iam_role  = true
-  flow_log_max_aggregation_interval    = 60
-  flow_log_log_format                  = "$${version} $${account-id} $${interface-id} $${srcaddr} $${dstaddr} $${srcport} $${dstport} $${protocol} $${packets} $${bytes} $${start} $${end} $${action} $${log-status} $${vpc-id} $${subnet-id} $${instance-id} $${tcp-flags} $${type} $${pkt-srcaddr} $${pkt-dstaddr} $${region} $${az-id} $${sublocation-type} $${sublocation-id}"
-
-  # Required for VPC Endpoints
-  enable_dns_hostnames = true
-  enable_dns_support   = true
+  enable_nat_gateway = false
 
   tags = local.tags
 }
 
 module "vpc_endpoints" {
   source  = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints"
-  version = "~> 3.0"
+  version = "~> 5.0"
 
   vpc_id             = module.vpc.vpc_id
   security_group_ids = [module.security_group.security_group_id]
@@ -287,7 +274,7 @@ module "vpc_endpoints" {
 
 module "security_group" {
   source  = "terraform-aws-modules/security-group/aws"
-  version = "~> 4.0"
+  version = "~> 5.0"
 
   name        = local.name
   description = "Example security group"
@@ -318,20 +305,15 @@ module "security_group" {
 
 module "log_bucket_1" {
   source  = "terraform-aws-modules/s3-bucket/aws"
-  version = "~> 3.0"
+  version = "~> 4.0"
 
-  bucket        = "logs-1-${random_pet.this.id}"
+  bucket_prefix = "logs-1-"
   force_destroy = true
 
-  acl                                   = "log-delivery-write"
+  control_object_ownership              = true
   attach_elb_log_delivery_policy        = true
   attach_deny_insecure_transport_policy = true
 
-  block_public_acls       = true
-  block_public_policy     = true
-  ignore_public_acls      = true
-  restrict_public_buckets = true
-
   server_side_encryption_configuration = {
     rule = {
       apply_server_side_encryption_by_default = {
@@ -345,20 +327,15 @@ module "log_bucket_1" {
 
 module "log_bucket_2" {
   source  = "terraform-aws-modules/s3-bucket/aws"
-  version = "~> 3.0"
+  version = "~> 4.0"
 
-  bucket        = "logs-2-${random_pet.this.id}"
+  bucket_prefix = "logs-2-"
   force_destroy = true
 
-  acl                                   = "log-delivery-write"
+  control_object_ownership              = true
   attach_elb_log_delivery_policy        = true
   attach_deny_insecure_transport_policy = true
 
-  block_public_acls       = true
-  block_public_policy     = true
-  ignore_public_acls      = true
-  restrict_public_buckets = true
-
   server_side_encryption_configuration = {
     rule = {
       apply_server_side_encryption_by_default = {
 
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 0.13.1"
+  required_version = ">= 1.3"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.9"
+      version = ">= 5.0"
     }
     random = {
       source  = "hashicorp/random"
 
@@ -19,15 +19,15 @@ Note that this example may create resources which will incur monetary charges on
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.9 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |
 | <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.9 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 |
 | <a name="provider_random"></a> [random](#provider\_random) | >= 2.0 |
 
 ## Modules