terraform-aws-modules · antonbabenko · Jun 27, 2025 · Jun 24, 2025 · Jun 27, 2025
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.96.1
+    rev: v1.99.4
     hooks:
       - id: terraform_fmt
       - id: terraform_wrapper_module_for_each

diff --git a/README.md b/README.md
@@ -143,14 +143,14 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.90 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.10 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.90 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.0 |
 
 ## Modules
 
@@ -215,6 +215,7 @@ No modules.
 | <a name="input_off_peak_window_options"></a> [off\_peak\_window\_options](#input\_off\_peak\_window\_options) | Configuration to add Off Peak update options | `any` | <pre>{<br/>  "enabled": true,<br/>  "off_peak_window": {<br/>    "hours": 7<br/>  }<br/>}</pre> | no |
 | <a name="input_outbound_connections"></a> [outbound\_connections](#input\_outbound\_connections) | Map of AWS OpenSearch outbound connections to create | `any` | `{}` | no |
 | <a name="input_package_associations"></a> [package\_associations](#input\_package\_associations) | Map of package association IDs to associate with the domain | `map(string)` | `{}` | no |
+| <a name="input_region"></a> [region](#input\_region) | Region where this resource will be managed. Defaults to the Region set in the provider configuration | `string` | `null` | no |
 | <a name="input_saml_options"></a> [saml\_options](#input\_saml\_options) | SAML authentication options for an AWS OpenSearch Domain | `any` | `{}` | no |
 | <a name="input_security_group_description"></a> [security\_group\_description](#input\_security\_group\_description) | Description of the security group created | `string` | `null` | no |
 | <a name="input_security_group_name"></a> [security\_group\_name](#input\_security\_group\_name) | Name to use on security group created | `string` | `null` | no |

diff --git a/examples/collection/README.md b/examples/collection/README.md
@@ -19,14 +19,14 @@ Note that this example may create resources which will incur monetary charges on
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.90 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.10 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.90 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.0 |
 
 ## Modules
 
@@ -35,7 +35,7 @@ Note that this example may create resources which will incur monetary charges on
 | <a name="module_opensearch_collection_disabled"></a> [opensearch\_collection\_disabled](#module\_opensearch\_collection\_disabled) | ../../modules/collection | n/a |
 | <a name="module_opensearch_collection_private"></a> [opensearch\_collection\_private](#module\_opensearch\_collection\_private) | ../../modules/collection | n/a |
 | <a name="module_opensearch_collection_public"></a> [opensearch\_collection\_public](#module\_opensearch\_collection\_public) | ../../modules/collection | n/a |
-| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 6.0 |
 
 ## Resources
 

diff --git a/examples/collection/main.tf b/examples/collection/main.tf
@@ -67,7 +67,7 @@ module "opensearch_collection_disabled" {
 
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 5.0"
+  version = "~> 6.0"
 
   name = local.name
   cidr = local.vpc_cidr

diff --git a/examples/collection/versions.tf b/examples/collection/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = ">= 1.10"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.90"
+      version = ">= 6.0"
     }
   }
 }
diff --git a/examples/complete/README.md b/examples/complete/README.md
@@ -25,22 +25,22 @@ Note that this example may create resources which will incur monetary charges on
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.90 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.10 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.90 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.0 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_opensearch"></a> [opensearch](#module\_opensearch) | ../.. | n/a |
 | <a name="module_opensearch_disabled"></a> [opensearch\_disabled](#module\_opensearch\_disabled) | ../.. | n/a |
-| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 6.0 |
 
 ## Resources
 

diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -175,7 +175,7 @@ module "opensearch_disabled" {
 
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 5.0"
+  version = "~> 6.0"
 
   name = local.name
   cidr = local.vpc_cidr

diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = ">= 1.10"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.90"
+      version = ">= 6.0"
     }
   }
 }
diff --git a/main.tf b/main.tf
@@ -15,7 +15,7 @@ data "aws_iam_session_context" "current" {
 locals {
   account_id = try(data.aws_caller_identity.current[0].account_id, "")
   partition  = try(data.aws_partition.current[0].partition, "")
-  region     = try(data.aws_region.current[0].name, "")
+  region     = try(data.aws_region.current[0].region, "")
 
   static_domain_arn = "arn:${local.partition}:es:${local.region}:${local.account_id}:domain/${var.domain_name}"
 
@@ -226,6 +226,8 @@ resource "aws_opensearch_domain" "this" {
     }
   }
 
+  region = var.region
+
   dynamic "software_update_options" {
     for_each = length(var.software_update_options) > 0 ? [var.software_update_options] : []
 
@@ -260,6 +262,7 @@ resource "aws_opensearch_package_association" "this" {
 
   package_id  = try(each.value.package_id, each.key)
   domain_name = aws_opensearch_domain.this[0].domain_name
+  region      = try(each.value.region, var.region)
 }
 
 ################################################################################
@@ -270,6 +273,7 @@ resource "aws_opensearch_vpc_endpoint" "this" {
   for_each = { for k, v in var.vpc_endpoints : k => v if var.create }
 
   domain_arn = aws_opensearch_domain.this[0].arn
+  region     = try(each.value.region, var.region)
 
   vpc_options {
     security_group_ids = try(each.value.security_group_ids, null)
@@ -290,6 +294,7 @@ resource "aws_opensearch_domain_policy" "this" {
 
   domain_name     = aws_opensearch_domain.this[0].domain_name
   access_policies = local.create_access_policy ? data.aws_iam_policy_document.this[0].json : var.access_policies
+  region          = var.region
 }
 
 data "aws_iam_policy_document" "this" {
@@ -350,6 +355,7 @@ resource "aws_opensearch_domain_saml_options" "this" {
   count = var.create && var.create_saml_options ? 1 : 0
 
   domain_name = aws_opensearch_domain.this[0].domain_name
+  region      = var.region
 
   dynamic "saml_options" {
     for_each = length(var.saml_options) > 0 ? [var.saml_options] : []
@@ -385,6 +391,7 @@ resource "aws_opensearch_outbound_connection" "this" {
   accept_connection = try(each.value.accept_connection, null)
   connection_alias  = try(each.value.connection_alias, each.key)
   connection_mode   = each.value.connection_mode
+  region            = try(each.value.region, var.region)
 
   dynamic "connection_properties" {
     for_each = try([each.value.connection_properties], [])
@@ -429,6 +436,7 @@ resource "aws_cloudwatch_log_group" "this" {
   kms_key_id        = try(each.value.log_group_kms_key_id, var.cloudwatch_log_group_kms_key_id)
   skip_destroy      = try(each.value.log_group_skip_destroy, var.cloudwatch_log_group_skip_destroy)
   log_group_class   = try(each.value.log_group_class, var.cloudwatch_log_group_class)
+  region            = try(each.value.region, var.region)
 
   tags = merge(local.tags, try(each.value.log_group_tags, {}))
 }
@@ -471,6 +479,7 @@ resource "aws_cloudwatch_log_resource_policy" "this" {
 
   policy_document = data.aws_iam_policy_document.cloudwatch[0].json
   policy_name     = coalesce(var.cloudwatch_log_resource_policy_name, "opensearch-${var.domain_name}")
+  region          = var.region
 }
 
 ################################################################################
@@ -495,6 +504,7 @@ resource "aws_security_group" "this" {
   name_prefix            = var.security_group_use_name_prefix ? "${local.security_group_name}-" : null
   description            = var.security_group_description
   vpc_id                 = data.aws_subnet.this[0].vpc_id
+  region                 = var.region
   revoke_rules_on_delete = true
 
   tags = merge(local.tags, var.security_group_tags)
@@ -519,6 +529,7 @@ resource "aws_vpc_security_group_ingress_rule" "this" {
   prefix_list_id               = lookup(each.value, "prefix_list_id", null)
   referenced_security_group_id = lookup(each.value, "referenced_security_group_id", null)
   to_port                      = try(each.value.to_port, 443)
+  region                       = try(each.value.region, var.region)
 
   tags = merge(local.tags, var.security_group_tags, try(each.value.tags, {}))
 }
@@ -538,6 +549,7 @@ resource "aws_vpc_security_group_egress_rule" "this" {
   prefix_list_id               = lookup(each.value, "prefix_list_id", null)
   referenced_security_group_id = lookup(each.value, "referenced_security_group_id", null)
   to_port                      = try(each.value.to_port, null)
+  region                       = try(each.value.region, var.region)
 
   tags = merge(local.tags, var.security_group_tags, try(each.value.tags, {}))
 }
diff --git a/modules/collection/README.md b/modules/collection/README.md
@@ -41,14 +41,14 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.90 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.10 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.90 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.0 |
 
 ## Modules
 
@@ -92,6 +92,7 @@ No modules.
 | <a name="input_network_policy"></a> [network\_policy](#input\_network\_policy) | Network policy to apply to the collection | `any` | `{}` | no |
 | <a name="input_network_policy_description"></a> [network\_policy\_description](#input\_network\_policy\_description) | Description of the network policy | `string` | `null` | no |
 | <a name="input_network_policy_name"></a> [network\_policy\_name](#input\_network\_policy\_name) | Name of the network policy | `string` | `null` | no |
+| <a name="input_region"></a> [region](#input\_region) | Region where this resource will be managed. Defaults to the Region set in the provider configuration | `string` | `null` | no |
 | <a name="input_standby_replicas"></a> [standby\_replicas](#input\_standby\_replicas) | Indicates whether standby replicas should be used for a collection. One of ENABLED or DISABLED. Defaults to ENABLED. | `string` | `null` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
 | <a name="input_timeouts"></a> [timeouts](#input\_timeouts) | Create and delete timeout configurations for the collection | `map(string)` | `{}` | no |

diff --git a/modules/collection/main.tf b/modules/collection/main.tf
@@ -15,6 +15,7 @@ resource "aws_opensearchserverless_collection" "this" {
 
   description      = var.description
   name             = var.name
+  region           = var.region
   type             = var.type
   standby_replicas = var.standby_replicas
 
@@ -54,7 +55,8 @@ resource "aws_opensearchserverless_security_policy" "encryption" {
     var.encryption_policy
   ))
 
-  type = "encryption"
+  region = var.region
+  type   = "encryption"
 }
 
 ################################################################################
@@ -83,7 +85,8 @@ resource "aws_opensearchserverless_security_policy" "network" {
     var.network_policy
   )])
 
-  type = "network"
+  region = var.region
+  type   = "network"
 }
 
 ################################################################################
@@ -113,7 +116,9 @@ resource "aws_opensearchserverless_access_policy" "this" {
     },
     var.access_policy
   )])
-  type = "data"
+
+  region = var.region
+  type   = "data"
 }
 
 ################################################################################
@@ -138,5 +143,7 @@ resource "aws_opensearchserverless_lifecycle_policy" "this" {
       ]
     }
   )
-  type = "retention"
+
+  region = var.region
+  type   = "retention"
 }
diff --git a/modules/collection/variables.tf b/modules/collection/variables.tf
@@ -4,6 +4,12 @@ variable "create" {
   default     = true
 }
 
+variable "region" {
+  description = "Region where this resource will be managed. Defaults to the Region set in the provider configuration"
+  type        = string
+  default     = null
+}
+
 variable "tags" {
   description = "A map of tags to add to all resources"
   type        = map(string)

diff --git a/modules/collection/versions.tf b/modules/collection/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = ">= 1.10"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.90"
+      version = ">= 6.0"
     }
   }
 }
diff --git a/variables.tf b/variables.tf
@@ -125,6 +125,12 @@ variable "off_peak_window_options" {
   }
 }
 
+variable "region" {
+  description = "Region where this resource will be managed. Defaults to the Region set in the provider configuration"
+  type        = string
+  default     = null
+}
+
 variable "software_update_options" {
   description = "Software update options for the domain"
   type        = any

diff --git a/versions.tf b/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = ">= 1.10"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.90"
+      version = ">= 6.0"
     }
   }
 }
diff --git a/wrappers/collection/main.tf b/wrappers/collection/main.tf
@@ -26,6 +26,7 @@ module "wrapper" {
   network_policy                          = try(each.value.network_policy, var.defaults.network_policy, {})
   network_policy_description              = try(each.value.network_policy_description, var.defaults.network_policy_description, null)
   network_policy_name                     = try(each.value.network_policy_name, var.defaults.network_policy_name, null)
+  region                                  = try(each.value.region, var.defaults.region, null)
   standby_replicas                        = try(each.value.standby_replicas, var.defaults.standby_replicas, null)
   tags                                    = try(each.value.tags, var.defaults.tags, {})
   timeouts                                = try(each.value.timeouts, var.defaults.timeouts, {})

diff --git a/wrappers/collection/versions.tf b/wrappers/collection/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = ">= 1.10"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.90"
+      version = ">= 6.0"
     }
   }
 }
diff --git a/wrappers/main.tf b/wrappers/main.tf
@@ -62,6 +62,7 @@ module "wrapper" {
   })
   outbound_connections           = try(each.value.outbound_connections, var.defaults.outbound_connections, {})
   package_associations           = try(each.value.package_associations, var.defaults.package_associations, {})
+  region                         = try(each.value.region, var.defaults.region, null)
   saml_options                   = try(each.value.saml_options, var.defaults.saml_options, {})
   security_group_description     = try(each.value.security_group_description, var.defaults.security_group_description, null)
   security_group_name            = try(each.value.security_group_name, var.defaults.security_group_name, null)

diff --git a/wrappers/versions.tf b/wrappers/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = ">= 1.10"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.90"
+      version = ">= 6.0"
     }
   }
 }