feat!: Upgrade AWS provider and min required Terraform version to 6.0 and 1.10 respectively

Author: bryantbiggs

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.98.0
+    rev: v1.99.4
     hooks:
       - id: terraform_fmt
       - id: terraform_wrapper_module_for_each

README.md

@@ -19,14 +19,14 @@ Note that this example may create resources which can cost money. Run `terraform
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.66 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.10 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.66 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.0 |
 
 ## Modules
 
@@ -44,8 +44,8 @@ Note that this example may create resources which can cost money. Run `terraform
 | <a name="module_ec2_t2_unlimited"></a> [ec2\_t2\_unlimited](#module\_ec2\_t2\_unlimited) | ../../ | n/a |
 | <a name="module_ec2_t3_unlimited"></a> [ec2\_t3\_unlimited](#module\_ec2\_t3\_unlimited) | ../../ | n/a |
 | <a name="module_ec2_targeted_capacity_reservation"></a> [ec2\_targeted\_capacity\_reservation](#module\_ec2\_targeted\_capacity\_reservation) | ../../ | n/a |
-| <a name="module_security_group"></a> [security\_group](#module\_security\_group) | terraform-aws-modules/security-group/aws | ~> 4.0 |
-| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 |
+| <a name="module_security_group"></a> [security\_group](#module\_security\_group) | terraform-aws-modules/security-group/aws | ~> 5.0 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 6.0 |
 
 ## Resources
 
@@ -57,7 +57,6 @@ Note that this example may create resources which can cost money. Run `terraform
 | [aws_network_interface.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface) | resource |
 | [aws_placement_group.web](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/placement_group) | resource |
 | [aws_ami.amazon_linux](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |
-| [aws_ami.amazon_linux_23](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |
 | [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
 
 ## Inputs

examples/complete/README.md

@@ -59,8 +59,8 @@ module "ec2_complete" {
     threads_per_core = 1
   }
   enable_volume_tags = false
-  root_block_device = [
-    {
+  root_block_device = {
+    main = {
       encrypted   = true
       volume_type = "gp3"
       throughput  = 200
@@ -69,11 +69,10 @@ module "ec2_complete" {
         Name = "my-root-block"
       }
     },
-  ]
+  }
 
-  ebs_block_device = [
-    {
-      device_name = "/dev/sdf"
+  ebs_volumes = {
+    "/dev/sdf" = {
       volume_type = "gp3"
       volume_size = 5
       throughput  = 200
@@ -83,7 +82,7 @@ module "ec2_complete" {
         MountPoint = "/mnt/data"
       }
     }
-  ]
+  }
 
   tags = local.tags
 }
@@ -93,13 +92,12 @@ module "ec2_network_interface" {
 
   name = "${local.name}-network-interface"
 
-  network_interface = [
-    {
-      device_index          = 0
+  network_interface = {
+    0 = {
       network_interface_id  = aws_network_interface.this.id
       delete_on_termination = false
     }
-  ]
+  }
 
   tags = local.tags
 }
@@ -109,8 +107,7 @@ module "ec2_metadata_options" {
 
   name = "${local.name}-metadata-options"
 
-  subnet_id              = element(module.vpc.private_subnets, 0)
-  vpc_security_group_ids = [module.security_group.security_group_id]
+  subnet_id = element(module.vpc.private_subnets, 0)
 
   metadata_options = {
     http_endpoint               = "enabled"
@@ -130,7 +127,6 @@ module "ec2_t2_unlimited" {
   instance_type               = "t2.micro"
   cpu_credits                 = "unlimited"
   subnet_id                   = element(module.vpc.private_subnets, 0)
-  vpc_security_group_ids      = [module.security_group.security_group_id]
   associate_public_ip_address = true
 
   maintenance_options = {
@@ -148,7 +144,6 @@ module "ec2_t3_unlimited" {
   instance_type               = "t3.micro"
   cpu_credits                 = "unlimited"
   subnet_id                   = element(module.vpc.private_subnets, 0)
-  vpc_security_group_ids      = [module.security_group.security_group_id]
   associate_public_ip_address = true
 
   tags = local.tags
@@ -171,11 +166,10 @@ module "ec2_ignore_ami_changes" {
 
   ignore_ami_changes = true
 
-  ami                    = data.aws_ami.amazon_linux.id
-  instance_type          = "t2.micro"
-  availability_zone      = element(module.vpc.azs, 0)
-  subnet_id              = element(module.vpc.private_subnets, 0)
-  vpc_security_group_ids = [module.security_group.security_group_id]
+  ami               = data.aws_ami.amazon_linux.id
+  instance_type     = "t2.micro"
+  availability_zone = element(module.vpc.azs, 0)
+  subnet_id         = element(module.vpc.private_subnets, 0)
 
   tags = local.tags
 }
@@ -190,8 +184,8 @@ locals {
       instance_type     = "t3.micro"
       availability_zone = element(module.vpc.azs, 0)
       subnet_id         = element(module.vpc.private_subnets, 0)
-      root_block_device = [
-        {
+      root_block_device = {
+        main = {
           encrypted   = true
           volume_type = "gp3"
           throughput  = 200
@@ -200,19 +194,19 @@ locals {
             Name = "my-root-block"
           }
         }
-      ]
+      }
     }
     two = {
       instance_type     = "t3.small"
       availability_zone = element(module.vpc.azs, 1)
       subnet_id         = element(module.vpc.private_subnets, 1)
-      root_block_device = [
-        {
+      root_block_device = {
+        main = {
           encrypted   = true
           volume_type = "gp2"
           volume_size = 50
         }
-      ]
+      }
     }
     three = {
       instance_type     = "t3.medium"
@@ -229,13 +223,12 @@ module "ec2_multiple" {
 
   name = "${local.name}-multi-${each.key}"
 
-  instance_type          = each.value.instance_type
-  availability_zone      = each.value.availability_zone
-  subnet_id              = each.value.subnet_id
-  vpc_security_group_ids = [module.security_group.security_group_id]
+  instance_type     = each.value.instance_type
+  availability_zone = each.value.availability_zone
+  subnet_id         = each.value.subnet_id
 
   enable_volume_tags = false
-  root_block_device  = lookup(each.value, "root_block_device", [])
+  root_block_device  = try(each.value.root_block_device, null)
 
   tags = local.tags
 }
@@ -256,10 +249,9 @@ module "ec2_spot_instance" {
   associate_public_ip_address = true
 
   # Spot request specific attributes
-  spot_price                          = "0.1"
-  spot_wait_for_fulfillment           = true
-  spot_type                           = "persistent"
-  spot_instance_interruption_behavior = "terminate"
+  spot_price                = "0.1"
+  spot_wait_for_fulfillment = true
+  spot_type                 = "persistent"
   # End spot request specific attributes
 
   user_data_base64 = base64encode(local.user_data)
@@ -270,28 +262,27 @@ module "ec2_spot_instance" {
   }
 
   enable_volume_tags = false
-  root_block_device = [
-    {
+  root_block_device = {
+    main = {
       encrypted   = true
       volume_type = "gp3"
       throughput  = 200
       volume_size = 50
       tags = {
         Name = "my-root-block"
       }
-    },
-  ]
+    }
+  }
 
-  ebs_block_device = [
-    {
-      device_name = "/dev/sdf"
+  ebs_volumes = {
+    "/dev/sdf" = {
       volume_type = "gp3"
       volume_size = 5
       throughput  = 200
       encrypted   = true
       # kms_key_id  = aws_kms_key.this.arn # you must grant the AWSServiceRoleForEC2Spot service-linked role access to any custom KMS keys
     }
-  ]
+  }
 
   tags = local.tags
 }
@@ -305,10 +296,8 @@ module "ec2_open_capacity_reservation" {
 
   name = "${local.name}-open-capacity-reservation"
 
-  ami                         = data.aws_ami.amazon_linux.id
   instance_type               = "t3.micro"
   subnet_id                   = element(module.vpc.private_subnets, 0)
-  vpc_security_group_ids      = [module.security_group.security_group_id]
   associate_public_ip_address = false
 
   capacity_reservation_specification = {
@@ -325,10 +314,8 @@ module "ec2_targeted_capacity_reservation" {
 
   name = "${local.name}-targeted-capacity-reservation"
 
-  ami                         = data.aws_ami.amazon_linux.id
   instance_type               = "t3.micro"
   subnet_id                   = element(module.vpc.private_subnets, 0)
-  vpc_security_group_ids      = [module.security_group.security_group_id]
   associate_public_ip_address = false
 
   capacity_reservation_specification = {
@@ -365,11 +352,9 @@ module "ec2_cpu_options" {
 
   name = "${local.name}-cpu-options"
 
-  ami                         = data.aws_ami.amazon_linux_23.id
   instance_type               = "c6a.xlarge" # used to set core count below and test amd_sev_snp attribute
   availability_zone           = element(module.vpc.azs, 0)
   subnet_id                   = element(module.vpc.private_subnets, 0)
-  vpc_security_group_ids      = [module.security_group.security_group_id]
   placement_group             = aws_placement_group.web.id
   associate_public_ip_address = true
   disable_api_stop            = false
@@ -389,22 +374,20 @@ module "ec2_cpu_options" {
     amd_sev_snp      = "enabled"
   }
   enable_volume_tags = false
-  root_block_device = [
-    {
+  root_block_device = {
+    main = {
       encrypted   = true
       volume_type = "gp3"
       throughput  = 200
       volume_size = 50
       tags = {
         Name = "my-root-block"
       }
-    },
-  ]
+    }
+  }
 
-  ebs_block_device = [
-    {
-      device_name = "/dev/sdf"
-      volume_type = "gp3"
+  ebs_volumes = {
+    "/dev/sdf" = {
       volume_size = 5
       throughput  = 200
       encrypted   = true
@@ -413,7 +396,7 @@ module "ec2_cpu_options" {
         MountPoint = "/mnt/data"
       }
     }
-  ]
+  }
 
   instance_tags = { Persistence = "09:00-18:00" }
 
@@ -426,7 +409,7 @@ module "ec2_cpu_options" {
 
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 5.0"
+  version = "~> 6.0"
 
   name = local.name
   cidr = local.vpc_cidr
@@ -441,34 +424,19 @@ module "vpc" {
 data "aws_ami" "amazon_linux" {
   most_recent = true
   owners      = ["amazon"]
-
-  filter {
-    name   = "name"
-    values = ["amzn-ami-hvm-*-x86_64-gp2"]
-  }
-}
-
-data "aws_ami" "amazon_linux_23" {
-  most_recent = true
-  owners      = ["amazon"]
-
-  filter {
-    name   = "name"
-    values = ["al2023-ami-2023*-x86_64"]
-  }
+  name_regex  = "^al2023-ami-2023.*-x86_64"
 }
 
 module "security_group" {
   source  = "terraform-aws-modules/security-group/aws"
-  version = "~> 4.0"
+  version = "~> 5.0"
 
   name        = local.name
   description = "Security group for example usage with EC2 instance"
   vpc_id      = module.vpc.vpc_id
 
   ingress_cidr_blocks = ["0.0.0.0/0"]
   ingress_rules       = ["http-80-tcp", "all-icmp"]
-  egress_rules        = ["all-all"]
 
   tags = local.tags
 }

examples/complete/main.tf

@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = ">= 1.10"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.66"
+      version = ">= 6.0"
     }
   }
 }